All Adopted ICPs (Updated November 2018)

Public
INSURANCE CORE PRINCIPLES
UPDATED NOVEMBER 2018
Public
Insurance Core Principles – November 2018 Page 1 of 356
The Insurance Core Principles were initially adopted on 1 October 2011.
Since then, amendments have been made to the following ICPs:
• ICP 9 October 2012
• ICP 22 October 2013
• ICPs 4, 5, 7, 8, 23 and (parts of) 25 November 2015
• ICPs 13, 18 and 19 November 2017
• ICP 6 November 2018
About the IAIS
The International Association of Insurance Supervisors (IAIS) is a voluntary membership

organisation of insurance supervisors and regulators from more than 200 jurisdictions. The
mission of the IAIS is to promote effective and globally consistent supervision of the insurance
industry in order to develop and maintain fair, safe and stable insurance markets for the benefit
and protection of policyholders and to contribute to global financial stability.
Established in 1994, the IAIS is the international standard setting body responsible for
developing principles, standards and other supporting material for the supervision of the
insurance sector and assisting in their implementation. The IAIS also provides a forum for
Members to share their experiences and understanding of insurance supervision and
insurance markets.
The IAIS coordinates its work with other international financial policymakers and associations
of supervisors or regulators, and assists in shaping financial systems globally. In particular,
the IAIS is a member of the Financial Stability Board (FSB), member of the Standards Advisory
Council of the International Accounting Standards Board (IASB), and partner in the Access to
Insurance Initiative (A2ii). In recognition of its collective expertise, the IAIS also is routinely
called upon by the G20 leaders and other international standard setting bodies for input on
insurance issues as well as on issues related to the regulation and supervision of the global
financial sector.
This document is available on the IAIS website (www.iaisweb.org).

© International Association of Insurance Supervisors (IAIS), 2018
All rights reserved. Brief excerpts may be reproduced or translated provided the source is
stated.
Public
Insurance Core Principles, Standards, Guidance and
Assessment Methodology
A) Introduction....................................................................................................... 4
B) Assessment Methodology............................................................................... 10
ICP 1 Objectives, Powers and Responsibilities of the Supervisor ............................. 16
ICP 2 Supervisor ...................................................................................................... 18
ICP 3 Information Exchange and Confidentiality Requirements ................................ 22
ICP 4 Licensing ........................................................................................................ 27
ICP 5 Suitability of Persons ...................................................................................... 33
ICP 6 Change of Control and Portfolio Transfers ...................................................... 40
ICP 7 Corporate Governance ................................................................................... 44
ICP 8 Risk Management and Internal Controls ......................................................... 65
ICP 9 Supervisory Review and Reporting ................................................................ 85
ICP 10 Preventive and Corrective Measures .............................................................. 96
ICP 11 Enforcement ................................................................................................... 97
ICP 12 Winding-up and Exit from the Market .............................................................. 99
ICP 13 Reinsurance and Other Forms of Risk Transfer ............................................ 100
ICP 14 Valuation ...................................................................................................... 113
ICP 15 Investment .................................................................................................... 130
ICP 16 Enterprise Risk Management for Solvency Purposes ................................... 143
ICP 17 Capital Adequacy ......................................................................................... 172
ICP 18 Intermediaries............................................................................................... 233
ICP 19 Conduct of Business..................................................................................... 253
ICP 20 Public Disclosure .......................................................................................... 276
ICP 21 Countering Fraud in Insurance ..................................................................... 298
ICP 22 Anti-Money Laundering and Combating the Financing of Terrorism.............. 304
ICP 23 Group-wide Supervision ............................................................................... 312
ICP 24 Macroprudential Surveillance and Insurance Supervision ............................. 319
ICP 25 Supervisory Cooperation and Coordination ................................................. 323
ICP 26 Cross-border Cooperation and Coordination on Crisis Management ............ 354
Public
A) Introduction
1. A sound regulatory and supervisory system is necessary for maintaining a fair, safe and
stable insurance 1 sector for the benefit and protection of the interests of policyholders,
beneficiaries and claimants (collectively referred to as policyholders in this document) as well
as contributing to the stability of the financial system.
2. The insurance industry, like other components of the financial system, is changing in
response to a wide range of social, technological and global economic forces. Insurance
supervisory systems and practices must be continually upgraded to cope with these
developments. Insurance and other financial sector supervisors and regulators should
understand and address financial and systemic stability concerns arising from the insurance
sector as they emerge and their interaction with other financial sectors.
3. The nature of insurance activity - covering risks for the economy, financial and corporate
undertakings and households - has both differences and similarities when compared to the
other financial sectors. Insurance, unlike most financial products, is characterised by the
reversal of the production cycle insofar as premiums are collected when the contract is entered
into and claims arise only if a specified event occurs. Insurers intermediate risks directly. They
manage these risks through diversification and risk pooling enhanced by a range of other
techniques.
4. In addition to business risks, significant risks to insurers are generated on the liability
side of the balance sheet. These risks are referred to as technical risks and relate to the
actuarial and/or statistical calculations used in estimating liabilities, and other risks associated
with such liabilities. Insurers incur market, credit, liquidity and operational risk from their
investments and financial operations, including risks arising from asset-liability mismatches.
Life insurers also offer products of life cover with a savings content and pension products that
are usually managed with a long-term perspective. The regulatory and supervisory system
must address all these risks.
5. Finally, the regulatory and supervisory system must address the increasing presence in
the market of insurance groups and financial conglomerates, as well as financial convergence.
The importance of the insurance sector for financial stability matters has been increasing
which has implications for insurance supervision 2 as it requires more focus on a broad set of
risks. Supervisors at a jurisdictional and international level must collaborate to ensure that
these entities are effectively supervised so that policyholders are protected and financial
markets remain stable; to minimise the risk of contagion from one sector or jurisdiction to
another; and to reduce supervisory gaps and avoid unnecessary supervisory duplication.
1 Insurance refers to the business of insurers and reinsurers, including captives.

2 Supervision refers to both regulation and supervision. Supervisors include regulators.
Public
Scope and coverage of the Insurance Core Principles
6. The Insurance Core Principles (ICPs) provide a globally accepted framework for the
supervision of the insurance sector. The ICP material is presented according to a hierarchy of
supervisory material. The ICP statements are the highest level in the hierarchy and prescribe
the essential elements that must be present in the supervisory regime in order to promote a
financially sound insurance sector and provide an adequate level of policyholder protection.
Standards are the next level in the hierarchy and are linked to specific ICP statements.
Standards set out key high level requirements that are fundamental to the implementation of
the ICP statement and should be met for a supervisory authority to demonstrate observance
with the particular ICP. Guidance material is the lowest level in the hierarchy and typically
supports the ICP statement and/or standards. Guidance material provides detail on how to
implement an ICP statement or standard. Guidance material does not prescribe new
requirements but describes what is meant by the ICP statement or standard and, where
possible, provides examples of ways to implement the requirements.
7. The ICP material is presented in order that the hierarchy can be clearly understood, as
follows:
- ICP statements – numbered and presented in a box with bold font
- Standards – linked to an ICP statement and presented in bold font, with the
number of the applicable principle statement followed by the standard number.
e.g. the second standard under ICP statement 3 appears as 3.2
- Guidance material – linked to a particular ICP statement and/or standard.

Guidance material is presented in regular font, with the number of the ICP
statement and standard followed by the guidance number, e.g. the second
paragraph of guidance under Standard 1.3 appears as 1.3.2.
8 The ICPs apply to insurance supervision in all jurisdictions regardless of the level of
development or sophistication of the insurance markets and the type of insurance products or
services being supervised. Nevertheless, supervisory measures should be appropriate to
attain the supervisory objectives of a jurisdiction and should not go beyond what is necessary
to achieve those objectives. It is recognised that supervisors need to tailor certain supervisory
requirements and actions in accordance with the nature, scale and complexity of individual
insurers. In this regard, supervisors should have the flexibility to tailor supervisory
requirements and actions so that they are commensurate with the risks posed by individual
insurers as well as the potential risks posed by insurers to the insurance sector or the financial
system as a whole. This is provided for in the ICPs and standards where relevant.
9. The ICPs apply to the supervision of all insurers whether private or government-
controlled insurers that compete with private enterprises, wherever their business is
conducted, including through e-commerce. Where the principles do not apply to reinsurers,
this is indicated in the text. The ICPs do not normally apply to the supervision of intermediaries
but where they do, this is specifically indicated.
Public
10. Insurance supervision within an individual jurisdiction may be the responsibility of more
than one authority. For example, the body that sets out the legal framework for insurance
supervision may be different from the body that implements it. The expectation is that the ICPs
are applied within the jurisdiction by all authorities in accordance with their respective
responsibility in relation to the supervision of the insurance sector (referred to as “the
supervisor”) rather than necessarily by only one authority. It is, however, essential that in
situations where multiple authorities exist, coordination arrangements be established between
them to ensure that the implementation of the ICPs within the jurisdiction occurs in an
accountable framework.
11. The supervisor must operate in a transparent and accountable manner. It needs legal
authority to perform its tasks. It should be noted, however, that the possession of legal
authority is not sufficient to demonstrate observance with an ICP: the supervisor should also
demonstrate that it is able to exercise its legal authority in practice. Similarly, it is not sufficient
for the supervisor to set supervisory requirements; it should also ensure that these
requirements are implemented. Having the necessary resources and capacity is essential for
the supervisor to effectively exercise its legal authority and implement supervisory
requirements.
12. The supervisor must recognise that transparency and accountability in all its functions
contribute to its legitimacy and credibility. A critical element of transparency is for the
supervisor to provide the opportunity for meaningful public consultation on the development
of supervisory policies, and in the establishment of new and amended rules and regulations.
To further ensure the proper functioning of the insurance sector and promote transparency
and accountability, the supervisor should establish clear timelines for public consultation and
action, where appropriate.
Application of ICPs and standards to group-wide supervision
13. For the purpose of these ICPs, the term “insurer” means insurance legal entities,
insurance groups and insurance-led financial conglomerates. The ICPs and standards apply
to the supervision of insurance legal entities and, unless otherwise specified, to insurance
groups and insurance-led financial conglomerates, including the head of the insurance group
and/or the head of the insurance-led financial conglomerate. The application may vary and,
where necessary, further guidance is provided.
14. It is recognised that the implementation of the ICPs and standards relevant to group-
wide supervision may vary across jurisdictions depending on the supervisory powers and
structure within a jurisdiction. There are direct and indirect approaches to group-wide
supervision. Under the direct approach, the supervisor has the necessary powers over the
parent and other entities in the insurance group and can impose relevant supervisory
measures directly on such entities, including non-regulated entities. Under the indirect
approach, supervisory powers focus on the insurance legal entities and supervisory measures
are applied to those insurance legal entities to address the group-wide risks posed by other
entities within the group, including non-regulated entities. There may also be different
combinations of elements of the direct and indirect approaches.
Public
15. Regardless of the approach, the supervisor must be able to demonstrate that in effect,
the outcome is similar to having the supervisory requirements applied directly on those entities
within the insurance group from which the risks are emanating. This is to ensure effective
group-wide supervision, which includes ensuring that all relevant group-wide risks impacting
the insurance entities are addressed appropriately.
Implementation and assessment
16. The ICPs can be used to establish or enhance a jurisdiction’s supervisory system. They
can also serve as the basis for assessing the existing supervisory system and in so doing may
identify weaknesses, some of which could affect policyholder protection and market stability.
The Assessment Methodology sets out factors that should be considered when using or
implementing these ICPs and describes how observance should be evaluated.
17. When implementing the ICPs and standards in a jurisdiction, it is important to take into
account the domestic context, industry structure and developmental stage of the financial
system and overall macroeconomic conditions. The methods of implementation will vary
across jurisdictions, and while established implementation practices should be kept in mind,
there is no mandated method of implementation. In the ICPs, the term “legislation” is used to
include both primary legislation (which generally requires full legislative consent) and
secondary and other forms of legislation, including rules and regulations which have the legal
force of law but are usually the responsibility of the supervisor.
18. For an ICP to be regarded as being “observed” by a jurisdiction, the standards must be
met without any significant shortcomings although there may be instances, where one can
demonstrate that the ICPs have been observed through different means other than those
identified in the standards. Conversely, owing to the specific conditions in individual
jurisdictions, the standards identified in this document may not always be sufficient to achieve
the objective of the specific ICP and therefore additional elements may have to be taken into
account.
Preconditions for effective insurance supervision
19. An effective system of insurance supervision needs a number of external elements, or

preconditions, on which to rely as they can have a direct impact on supervision in practice.
The preconditions include:
• sound and sustainable macroeconomic and financial sector policies;
• a well developed public infrastructure;
• effective market discipline in financial markets;
• mechanisms for providing an appropriate level of protection (or public safety
net); and
• efficient financial markets.
Public
20. As these preconditions are normally outside the control or influence of the supervisor,
the supervisor should not be assessed against these preconditions. However, the
preconditions can have a direct impact on the effectiveness of supervision in practice.
Therefore, where shortcomings exist, the supervisor should make the government aware of
these and their actual or potential negative repercussions for the supervisory objectives and
should seek to mitigate the effects of such shortcomings on the effectiveness of supervision.
The supervisor should have the necessary powers to make rules and establish procedures to
address shortcomings. Where the preconditions for effective insurance supervision are not yet
met, the supervisor should have additional powers or adopt other measures to address the
weaknesses.
21. Sound macroeconomic policies must be the foundation of a stable financial system. This
is not within the mandate of supervisors, although they will need to react if they perceive that
existing policies are undermining the safety and soundness of the financial system. In addition,
financial sector supervision needs to be undertaken within a transparent government policy
framework aimed at ensuring financial stability, including effective supervision of the insurance
and other financial sectors.
22. A well developed public infrastructure needs to comprise the following elements, which
if not adequately provided, can contribute to the weakening of financial systems and markets
or frustrate their improvement:
• a system of business laws, including corporate, insolvency, contract, consumer
protection and private property laws, which is consistently enforced and
provides a mechanism for the fair resolution of disputes;
• an efficient and independent judiciary;
• comprehensive and well defined accounting principles and rules that command
wide international acceptance;
• a system of independent audits for companies, to ensure that users of financial
statements, including insurers, have independent assurance that the accounts
provide a true and fair view of the financial position of the company and are
prepared according to established accounting principles, with auditors held
accountable for their work;
• the availability of skilled, competent, independent and experienced actuaries,
accountants and auditors, whose work complies with transparent technical and
ethical standards set and enforced by official or professional bodies in line with
international standards and is subject to appropriate oversight;
• well defined rules governing, and adequate supervision of, other financial
sectors and, where appropriate, their participants;
• a secure payment and clearing system for the settlement of financial
transactions where counterparty risks are controlled; and
• the availability (to the supervisor, financial services and public) of basic
economic, financial and social statistics.
23. Effective market discipline depends, in part, on adequate flows of information to market
participants, appropriate financial incentives to reward well managed institutions, and
arrangements that ensure that investors are not insulated from the consequences of their
decisions. Among the issues to be addressed are the existence of appropriate corporate
governance frameworks and ensuring that accurate, meaningful, transparent and timely
information is provided by borrowers to investors and creditors.
Public
24. In general, deciding on the appropriate level of policyholder protection is a policy
question to be addressed by the relevant authorities, particularly if it may result in a
commitment of public funds. Supervisors will normally have a role to play because of their in-
depth knowledge of the entities involved. They should be prepared, as far as possible, and
equipped to manage crises involving insurers. Such mechanisms of protection could include
a system of policyholder compensation in the event of insolvency of an insurer. Provided such
a system is carefully designed to limit moral hazard, it can contribute to public confidence in
the system.
25. Efficient financial markets are important to provide for both long-term and short-term
investment opportunities for insurers. They facilitate the assessment of the financial and risk
position of insurers and execution of their investment and risk management strategies. When
the financial market loses its efficiency, assessment of financial and risk positions can be more
challenging for both insurers and supervisors. Therefore, supervisors will need to give due
consideration to the impact of financial market efficiency on the effectiveness of their
supervisory measures.
Public
B) Assessment Methodology
Review of preconditions for effective insurance supervision
1. The review of preconditions should include an overview of the preconditions for effective
insurance supervision, as described in paragraphs 19 to 25 of the Introduction:
• sound and sustainable macroeconomic and financial sector policies;
• a well developed public infrastructure;
• effective market discipline in financial markets;
• mechanisms for providing an appropriate level of systemic protection (or public
safety net); and
• efficient financial markets.
2. The review should pay close attention to the adequacy of preconditions and provide a
succinct and well structured factual summary, following the headings indicated in paragraph
1 above. This review should give a clear picture of the interaction of the preconditions with the
assessment of observance with the ICPs which should flag the individual ICPs which are most
likely to be affected by any material weakness in the preconditions.
3. The review should not evaluate a jurisdiction’s observance of the preconditions, as this
is beyond the scope of the assessment of observance with the ICPs. Instead, the objective of
the review of preconditions is to inform the assessment of the ICPs. The report normally should
take up no more than one or two paragraphs for each type of precondition. Assessors may
rely to the extent possible on IMF, World Bank and other official documents that assess the
issues covered by the preconditions 3.
4. In particular, with regard to the presence of sound and sustainable macroeconomic

policies, the report on the preconditions should be descriptive, and should not express an
opinion on the adequacy of policies in these areas, other than through reference to analyses
and recommendations in existing official documents. When relevant, the review should
attempt to include an analysis of the linkages between these factors and the stability of the
insurance sector.
5. The review should also include a review of the relevant government financial sector
policies, including whether there is a clear and published framework assigning responsibility
to different bodies involved in financial stability and supervisory work.
3 In the context of a Financial Sector Assessment Program (FSAP), assessors should rely on IMF and
World Bank documents and should seek to ensure that the description and recommendations are
consistent with other IMF and World Bank positions on the issues.
Public
6. A factual review of the public infrastructure should focus on elements relevant to the
insurance sector.
7. The review of the effectiveness of market discipline could, for instance, cover issues
such as the presence of rules on corporate governance, transparency and audited financial
disclosure, appropriate incentive structures for the hiring and removal of managers and Board
members, protection of shareholders’ and other stakeholders’ rights, adequate availability of
market and consumer information, an effective framework for new entrants, mergers,
takeovers, and acquisition of equity interests, including those involving foreign entities.
8. An overview of the appropriateness of safety nets could, for instance, include the
following elements: an analysis of the functions of the various entities involved such as
supervisors, the policyholder protection fund and, if appropriate, the central bank. The review
should include a review of the extent to which supervisors are prepared and equipped to
manage crises involving one or more insurers, including whether simulation exercises are
undertaken and the availability of appropriate skills and adequate resources. The review
should also include a review of any arrangements for the use of public funds (including central
bank funds) and whether measures are in place to minimise moral hazard.
9. The overview of whether there are efficient financial markets could cover, for example,
the range of instruments and issuers (e.g. is there a spread of public sector issues, index-
linked as well as conventional government bonds) and the spread of available maturities. The
review could take note of how liquidity has been affected in markets in periods of stress. The
review should focus on relevant issues for the carrying on of insurance business, taking into
account the products offered, for example, whether annuities or other long term contracts of
insurance are provided.
Assessment of ICPs
10. The factors that should be considered when carrying out an assessment of a jurisdiction
or authority’s observance of the ICPs and standards are set out below. When carrying out an
assessment of observance, it is important to take into account the domestic context, industry
structure and developmental stage of the financial system and overall macroeconomic
conditions.
11. The IAIS strongly encourages implementation of the framework for effective supervision
described by the ICPs. Assessments can facilitate implementation by identifying the extent
and nature of any weaknesses in a jurisdiction’s supervisory framework – especially those
aspects that could affect policyholder protection and insurance sector stability – as well as
recommending possible remedies.
Public
12. The framework described by the ICPs is general. Supervisors have flexibility in
determining the specific methods for implementation which are tailored to their domestic
context (e.g. legal and market structure). The standards set requirements that are fundamental
to the implementation of each ICP. They also facilitate assessments that are comprehensive,
precise and consistent. While the results of the assessments may not always be made public,
it is still important for their credibility that they are conducted in a broadly uniform manner from
jurisdiction to jurisdiction.
Scope
13. Assessments against the ICPs can be conducted in a number of contexts including:
• self assessments, on either the full set of ICPs or against specific ICPs, performed by
insurance supervisors themselves, sometimes with the assistance of other experts.
Self assessments may be followed by peer review and analysis.
• reviews conducted by third parties
• reviews conducted in the context of the IMF and World Bank Financial Sector
Assessment Program (FSAP).
14. Normally, but not always, the ICPs should be equally applicable to both life and non-life
sectors in order for an overall rating to be assigned. Similarly, it is possible that certain
specialised parts of the insurance sector would have observance with the ICPs differing from
the other insurance business in the jurisdiction. Where the legal or practical position is
materially different between life and non-life insurance or with respect to specialised parts of
the insurance business in the jurisdiction such that it would give rise to a different rating had
the assessments been carried out separately, it is open to the assessor to consider assigning
a level of observance separately for the two parts of the insurance sector for that particular
principle. In such cases, the distinction should be clearly identified in the report.
15. Generally, an assessment should be conducted on a system-wide jurisdictional basis.

However, follow-up assessments could focus on identified weaknesses or areas of particular
risk. Full FSAP reviews are always done with respect to the jurisdiction as a whole. Where
more than one authority is involved in the supervisory process, the interaction of supervisory
roles should be clearly described in the assessment. If an assessment is conducted in the
context of an individual supervisor, a standard may be assessed as not applicable if the
responsibility lies with another authority within the jurisdiction. However, the authority
responsible for the observance of that standard should be indicated in the report.
Conduct of independent assessments - assessment by experts
16. The process of assessing each ICP requires a judgmental weighing of numerous
elements that only qualified assessors with practical and relevant experience can provide.
Assessors not familiar with the insurance sector could come to incorrect or misleading
conclusions due to their lack of sector specific knowledge. Therefore, independent
Public
assessments should only be conducted by those with relevant background and professional
experience.
Conduct of independent assessments - access to information
17. When conducting an independent assessment, prior consent from the relevant local
authorities is required so that assessors can have access to a range of information and people.
The required information may include not only published information such as the legislation
and administrative policies but also non-published information, such as self-assessments,
operational guidelines for insurance supervisors and the like. The information should be
provided as long as it does not violate confidentiality requirements. This information should be
provided and analysed in advance to the extent possible, in order to ensure that subsequent
on-site visits are efficient and derive the most value. The assessor will need to meet with
various individuals and organisations, including the insurance supervisor or supervisors, other
domestic supervisory authorities, any relevant government ministries, insurers and insurance
industry associations, actuaries, auditors, and other financial sector participants.
Assessment Categories
Assessment of standards
18. In making the assessment, each of the standards has to be considered. The standards
should be assessed using five categories: observed, largely observed, partly observed,
not observed, and not applicable.
19. For a standard to be considered observed it is usually necessary that the supervisor
has the legal authority to perform its tasks and that it exercises this authority to a satisfactory
level. Where the supervisor sets requirements it should also ensure that these requirements
are implemented. Having the necessary resources is essential for the supervisor to effectively
implement the requirements. Authority provided in the legislation is insufficient for full
observance to be recorded against a standard except where the standard is specifically limited
in this respect. In the event that the supervisor has a history of using a practice for which it
has no explicit legal authority, the assessment may be considered as observed if the practice
is clearly substantiated as common and generally accepted.
20. Assessments are based solely on the legislation and other supervisory requirements
and practices that are in place at the time. Nevertheless, improvements already proposed by
the supervisor can be noted in the assessment report by way of additional comments so as to
give credit for efforts that are important but at the time the assessment is made, have yet to
be fully implemented. Similarly, legislation that does not meet with a satisfactory level of
observance in practice cannot provide the basis for recording a standard as “observed”. As a
Public
result, it is important to recognise when the assessment is conducted and to record this in the
report.
21. For a standard to be considered as largely observed, it is necessary that only minor
shortcomings exist which do not raise any concerns about the supervisor’s ability to achieve
full observance with the standard. A standard will be considered partly observed whenever,
despite progress, the shortcomings are sufficient to raise doubts about the supervisor’s ability
to achieve observance. A standard will be considered not observed whenever no substantive
progress toward observance has been achieved.
22. A standard would be considered not applicable if the standard does not apply given the
structural, legal and institutional features of a jurisdiction.
Assessment of principles
23. As noted above, the level of observance for each ICP reflects the assessments of its
standards. An ICP will be considered observed whenever all the standards are considered to
be observed or when all the standards are observed except for a number that are considered
not applicable. An ICP will be considered to be not applicable when the standards are
considered to be not applicable.
24. With respect to an assessment of an ICP that is other than observed or not applicable,
similar guidance is to be used as applies to the standards themselves. So, for an ICP to be
considered largely observed, it is necessary that only minor shortcomings exist which do not
raise any concerns about the supervisor’s ability to achieve full observance with the ICP. An
ICP will be considered partly observed whenever, despite progress, the shortcomings are
sufficient to raise doubts about the supervisor’s ability to achieve observance. An ICP will be
considered not observed whenever no substantive progress toward observance has been
achieved.
25. While it is generally expected that full observance of an ICP would be achieved through
the observance of the standards, there may be instances, where a jurisdiction can
demonstrate that observance with an ICP has been achieved through different means.
Conversely, due to specific conditions in a jurisdiction, meeting the standards may not be
sufficient to achieve observance of the objective of an ICP. In these cases, additional
measures are needed in order for observance of the particular ICP to be considered effective.
Reporting
26. The IAIS does not prescribe the precise format or content of reports that result from an
assessment against the ICPs. It does, however, consider that the report should:
Public
• be in writing
• include both the assessment of observance itself and any additional information
referred to in this section
• identify the scope and timing of the assessment
• in the case of an external assessment, identify the assessors
• in the case of an external assessment, refer to the information reviewed and meetings
conducted, and note when any of the necessary information was not provided and the
impact that this may have had on the accuracy of the assessment
• in the case of an external assessment, include prioritised recommendations for
achieving improved observance of the ICPs recognising that the assessment should
not be considered as an end in itself
• in the case of an external assessment, include the formal comments provided by the
supervisors in response to the assessment
• include a review of areas identified in this section as the preconditions to effective
supervision.
27. The question of publication of the results of an assessment is a matter for the local
authorities.
Public
ICP 1 Objectives, Powers and Responsibilities of the Supervisor
The authority (or authorities) responsible for insurance supervision and the
objectives of insurance supervision are clearly defined.
1.1 Primary legislation clearly defines the authority (or authorities) responsible for
insurance supervision.
1.1.1 The authority (or authorities) responsible for insurance supervision
should be clearly identified in primary legislation. Where there are multiple
authorities responsible for insurance supervision (e.g. separate
authorities for prudential and market conduct supervision, for macro and
micro prudential supervision, or for licensing and ongoing supervision), it
is important that the institutional framework and the responsibilities of the
respective authorities are clearly set out in legislation for clarity and to
ensure all the objectives of insurance supervision are met.
1.2 Primary legislation clearly defines the objectives of insurance supervision and the
mandate and responsibilities of the supervisor and gives the supervisor
adequate powers to conduct insurance supervision, including powers to issue
and enforce rules by administrative means and take immediate action.
1.2.1 Publicly defined objectives foster transparency. With this basis, the
public, government, legislatures and other interested bodies can form
expectations about insurance supervision and assess how well the
authority is achieving its mandate and fulfilling its responsibilities.
1.2.2 Being entrenched in primary legislation ensures that the mandate and
functions of the supervisor cannot be changed on an ad-hoc basis. The
process of periodically updating the primary legislation can promote
transparency by way of public discussions on relevant issues; however,
if done too frequently, stakeholders may form the impression that the
policymaking process is unstable. Therefore, it would be prudent to avoid
being overly specific in the primary legislation, which could be
supplemented as needed with updated regulations, for example.
1.2.3 Legislation should be clearly specified and sufficiently extended so that
the objectives of legal entity and group-wide supervision are allowed for
and the supervisor has adequate powers to achieve these objectives.
1.2.4 The objectives of group-wide supervision could be achieved either by
direct means where the supervisor has explicit authority and powers over
entities within the group, including the head of the group, or via the use
of an indirect approach where the supervisor has adequate power and
authority over the regulated insurer to access information in respect of
the head of and other entities in the group and apply relevant
requirements.
1.2.5 As overall coordinator for the supervision of the group, the group-wide
supervisor should have sufficient legal power and authorities in place in
order to practice supervision on a group-wide basis whilst also effecting
coordination and collaboration with other relevant supervisors.
Public
1.2.6 The group-wide supervisor should have sufficient authority and power in
order to coordinate and disseminate the essential information needed for
reviewing and evaluating risks and assessing solvency on a group-wide
basis. A group-wide supervisor ultimately should be responsible for
ensuring effective and efficient group-wide supervision.
1.2.7 At a jurisdictional level, it is important that legislation supports the
supervisor of an insurer which is part of a group to appropriately
contribute to the supervision of that group on a group-wide basis.
1.3 The principal objectives of supervision promote the maintenance of a fair, safe and
stable insurance sector for the benefit and protection of policyholders.
1.3.1 While the precise objectives of supervision may vary by jurisdiction, it is

important that all insurance supervisors are charged with the objective of
protecting the interests of policyholders.
1.3.2 Often the supervisor’s mandate includes several objectives. As financial
markets evolve and depending on current financial conditions, the
emphasis a supervisor places on a particular objective may change and,
where requested, this should be explained.
1.4 Where, in the fulfilment of its objectives, the supervisor identifies conflicts between
legislation and supervisory objectives, the supervisor initiates or proposes
correction in legislation.
1.4.1 As markets evolve, the supervisor may identify changes in the
environment that affect the fairness, safety or stability of the insurance
sector that are not currently addressed by legislation. The supervisor
should initiate or propose changes to legislation to ensure supervisory
objectives can continue to be achieved.
Public
ICP 2 Supervisor
The supervisor, in the exercise of its functions and powers:
• is operationally independent, accountable and transparent
• protects confidential information
• has appropriate legal protection
• has adequate resources
• meets high professional standards.
2.1 The governance structure of the supervisor is clearly defined. Internal governance
procedures, including internal audit arrangements, are in place to ensure the
integrity of supervisory actions. There is effective communication and prompt
escalation of significant issues to appropriate levels within the supervisor. The
decision-making lines of the supervisor are structured in such a way that action
can be taken immediately in the case of an emergency.
2.1.1 Independence should be accompanied by accountability to ensure that
the supervisor performs its functions in accordance with the mandate it is
given in legislation and does not act beyond its powers. Failure by the
supervisor to meet or deviation from its objectives should be explained to
relevant stakeholders. The supervisor is accountable for the actions it
takes in fulfilling its mandate to those who delegated the responsibility -
the government or the legislature - as well as to those it supervises and
the public at large. It should provide the rationale for decisions taken.
2.2 There are explicit procedures regarding the appointment and dismissal of the head
of the supervisor and members of its governing body, if such a governing body
exists. When the head of the supervisor or members of its governing body are
removed from office, the reasons are publicly disclosed.
2.2.1 The “head of the supervisor” refers to the individual who heads the
management team (in some cases referred to as the “management
board”) and exercises full management responsibility for the day-to-day
functioning and decisions of the supervisor, while the “governing body”
would be the body of individuals that exercises oversight of the
management team. The “head of the supervisor” may or may not also be
a member of the “governing body”.
2.3 The institutional relationships between the supervisor and the executive and
judicial authorities are clearly defined and transparent. Circumstances where
executive overrides are allowed are specified.
2.3.1 It is important to define the relationship between the supervisor and the
executive and judicial authorities, including the circumstances and
processes for sharing information, consultation or approval with the
relevant authority and the manner in which the supervisor could be
subject to judicial review. This might include establishing what information
should be provided, how each entity should consult on matters of mutual
interest and when approval from relevant authorities is necessary.
Public
2.4 The supervisor and its staff are free from undue political, governmental and industry
interference in the performance of supervisory responsibilities. The supervisor
is financed in a manner that does not undermine its independence. The
supervisor has discretion to allocate its resources in accordance with its
mandate and objectives and the risks it perceives.
2.4.1 Operational independence of the supervisor includes having the
discretion to allocate its financial and human resources in accordance
with its objectives.
2.4.2 In the ordinary course of business, the supervisor should not manage or
otherwise run the insurers it supervises. A member of the governing body
of the supervisor should exclude him/herself from decisions where he/she
is in a conflict of interest position.
2.5 There are clear and transparent regulatory requirements and supervisory
procedures which are appropriate for the objectives they are intended to meet.
The supervisor applies them consistently and equitably, taking into account the
nature, scale and complexity of insurers. These regulatory requirements and
supervisory procedures are published.
2.6 Regulatory requirements and supervisory procedures are reviewed regularly. All material
changes are normally subject to prior public consultation.
2.6.1 Significant changes to the supervisor’s regulatory requirements and
supervisory procedures should be subject to appropriate consultation
with the public and the insurance industry. This would include not only
substantive rules of general applicability but also policies and
interpretations that are not confidential but that may affect members of
the public. Detailed procedural manuals that are normally internal
documents used to guide staff of the supervisor in the performance of
their day-to-day duties would be excluded.
2.7 The supervisor publishes information on the insurance sector, about its own role
and how it performs its duties.
2.7.1 Unless reliably published by other parties in a timely fashion, the
supervisor publishes information and analysis about the financial
condition of the insurance sector.
2.7.2 Transparency reinforces accountability of supervisors. The supervisor
publishes:
• information on its role and responsibilities;
• a report, at least annually and in a timely manner on the conduct
of its supervision describing its performance in pursuing its
objectives;
• information and analysis about the financial situation of the
insurance sector;
• information about problem or failed insurers, including
information on supervisory actions taken, subject to
confidentiality considerations and in so far as it does not
jeopardise other supervisory objectives; and
• its audited financial statements at least annually.
Public
2.8 There are processes to appeal against supervisory decisions, including using
judicial review. These processes are specific and balanced to preserve
supervisory independence and effectiveness. However, they do not unduly
impede the ability of the supervisor to make timely interventions in order to
protect policyholders’ interests.
2.8.1 The existence of an appeals or review mechanism helps ensure that
regulatory and supervisory decisions are made within the law as
consistently as possible and are well reasoned. However, this should not
unduly impede the ability of the supervisor to exercise its functions and
powers effectively and swiftly.
2.9 The supervisor, including its staff and any individual acting on its behalf (presently
or in the past), are required by legislation to protect the confidentiality of
information in the possession of the supervisor, including confidential
information received from other supervisors. The supervisor maintains
appropriate safeguards for the protection of confidential information. Wrongful
disclosure of confidential information is subject to penalties. The supervisor
denies any request for confidential information, other than when required by law,
or when requested by another supervisor who has a legitimate supervisory
interest and the ability to uphold the confidentiality of the requested information.
2.9.1 The penalties for the wrongful disclosure of confidential information
should be specified in legislation. Such penalties may include disciplinary
actions or criminal proceedings.
2.9.2 All persons (presently or in the past) gaining access to confidential
information should be subject to the penalties for the wrongful disclosure
of that information.
2.9.3 The supervisor takes all actions necessary to preserve, protect and
maintain the confidentiality of information received from another
supervisor.
2.9.4 Confidential information exchanged belongs to, and remains the property
of, the supervisor providing the information.
2.9.5 Safeguards for the protection of information include the restriction of
access by the supervisor to confidential information received from
another supervisor to those persons working for the supervisor or acting
on its behalf who:
• are subject to confidentiality requirements
• are under its direct supervision and control, and
• have a need for such information that is consistent with, and
directly related to, the purposes for which the information was
requested.
2.9.6 Supervisors should identify the data protection requirements attached to
information it receives and retain such information only for as long as
permitted by the data protection requirements.
2.10 The supervisor and its staff have the necessary legal protection against lawsuits
for actions taken in good faith while discharging their duties, provided they have
not acted illegally. They are adequately protected against the costs of defending
their actions while discharging their duties.
Public
2.10.1 Operational independence of the supervisor includes having legal
protection for the actions the supervisor takes in the performance of its
functions.
2.11 The supervisor has adequate resources, financial or otherwise, sufficient to
enable it to conduct effective supervision. Its staffing policies enable it to attract
and retain highly skilled, competent and experienced staff. The supervisor
provides adequate training for its staff. The supervisor has the ability to hire or
contract the services of outside experts when necessary.
2.11.1 As part of its annual resource planning exercise, the supervisor should
take stock of existing skills, experience and projected requirements over
the short to medium term and review and implement measures that could
be taken to bridge any gaps in numbers and/or skill-sets. Such measures
could include more flexible hiring policies, schemes for secondment of
staff to industry, other supervisory authorities within the jurisdiction or
internationally. This effort would be aimed at providing access to
specialist skills on a temporary basis as well as provide opportunities for
supervisory staff to better understand industry practices.
2.11.2 The supervisor should have the ability to undertake the role of a group-
wide supervisor as deemed necessary.
2.12 The supervisor and its staff act with integrity and observe the highest professional
standards, including observing conflict of interest rules.
2.12.1 Strong internal governance (as assessed in Standard 2.1) and
maintenance of high standards of integrity and professional standards
amongst the staff of the supervisor are important elements that contribute
to the credibility of the supervisory process. This includes having a code
of conduct which incorporates rules dealing with conflict of interest.
2.13 Where the supervisor outsources supervisory functions to third parties, the
supervisor sets expectations, assesses their competence and experience,
monitors their performance, and ensures their independence from the insurer or
any other related party. Outside experts hired by the supervisor are subject to
the same confidentiality rules and professional standards as the staff of the
supervisor.
2.13.1 Outsourcing of some supervisory functions to third parties can
complement the supervisor’s resources with valuable expertise.
However, the oversight and control of supervisory functions is the primary
responsibility of the supervisor and the complete outsourcing of
supervisory responsibility to third parties is not an acceptable substitute
for that performed by supervisors.
Public
ICP 3 Information Exchange and Confidentiality Requirements
The supervisor exchanges information with other relevant supervisors and
authorities subject to confidentiality, purpose and use requirements.
3.1 The supervisor has the legal authority and power to obtain and exchange
supervisory information in respect of legal entities and groups, including the
relevant non-regulated entities of such groups.
3.1.1 The legal authority and power to which the supervisor is subject should
enable it to obtain and exchange information when:
• the supervisor considers the information to be necessary for the
supervision of insurance legal entities or groups, or when
another supervisor considers the information to be necessary,
and
• the supervisor is reasonably requested to provide relevant
information by one of the authorities referred to in 3.2.1 below.
3.1.2 Information necessary for the supervision of insurance legal entities or
groups may include, but is not limited to:
• information on the management and operational systems and
controls operated by insurers;
• financial data relating to an insurer;
• objective information on individuals holding positions of
responsibility in insurers (to include owners, shareholders,
directors, managers, employees or contractors);
• objective information on individuals or insurers involved, or
suspected of being involved, in criminal activities;
• information on regulatory investigations and reviews, and on
any restrictions imposed on the business activities of insurers;
• specific information requested and gathered from a supervised
entity (including appropriate customer transactional
information);
• reporting information within groups to meet group supervisory
requirements;
• information on a legal entity and a group-wide basis including,
but not limited to, branches, subsidiaries and non-regulated
holding companies; and
• information on prospective and actual insurer transactions and
prospective and actual transactions of policyholders.
Agreements on the information exchange
Public
3.1.3 Agreements and understandings can be used to establish a framework
between supervisors to facilitate the efficient execution of requests for or
provision of information.
3.1.4 Agreements such as the IAIS Multilateral Memorandum of Understanding
(MMoU) or bilateral Memoranda of Understanding (MoU) facilitate
information exchange because they provide the basis for a two way flow
of information and the basis on which supervisors can rely on the
information they exchange with other supervisors being treated as
confidential.
3.1.5 The IAIS MMoU is an example of a multilateral memorandum of
understanding for cooperation and exchange of information between
insurance supervisors in relation to all issues related to the supervision
of insurers – also covering insurance groups. All signatories to the IAIS
MMoU have to undergo a validation of their laws and regulations to
guarantee compliance with the strict confidentiality regime set forth
therein.
3.1.6 Agreements and understandings are valuable where there is a need to
provide a basis for exchanging information between the supervisors in
two or more jurisdictions, or between supervisors responsible for different
financial sectors.
3.1.7 An agreement or understanding may set out the types of information to
be exchanged, as well as the basis on which information obtained by the
supervisor may be shared.
Supervisory colleges
3.1.8 Information exchange is particularly important for the operation of a

supervisory college. For a supervisory college to be effective there needs
to be mutual trust and confidence between supervisors, particularly in
relation to exchange and protection of confidential information.
3.1.9 It is the responsibility of each supervisor within the supervisory college to
ensure the safe handling of confidential information; there is no global law
or regulation on confidential information. Each member of the supervisory
college should take measures necessary to avoid unintentional
divulgence of information or the unauthorised release of confidential
information. It is vital that appropriate information exchange agreements
or direct arrangements are in place between the members of the
supervisory college to ensure that information can be exchanged in a
secure environment.
3.1.10 There are two principal methods by which this could be achieved:
• Each supervisor involved in the supervisory college establishes
a MoU on a bilateral basis with the other members of a
supervisory college. In many instances such MoUs already
exist.
• The members of the supervisory college are signatories to the
IAIS MMoU which requires the commitment to a strict
confidentiality regime.
Public
3.1.11 Where confidential information exchanged within a supervisory college is
also communicated to other supervisors there should be a formal
mechanism in place with these supervisors to ensure the protection of the
confidential information. Mechanisms could be included in MoUs or via
direct arrangement.
3.2 The supervisor has the legal authority and power, at its sole discretion and
subject to appropriate safeguards, to exchange information with other relevant
supervisors. The existence of an agreement or understanding on information
exchange is not a prerequisite for information exchange.
3.2.1 Other relevant supervisors may include, but are not limited to,:
• other insurance supervisors within the jurisdiction;
• insurance supervisors in other jurisdictions;
• supervisors responsible for banks and other credit institutions
both within the jurisdiction and in other jurisdictions;
• supervisors responsible for investments, securities, financial
markets and other sectors both within the jurisdiction and in
other jurisdictions;
• relevant authorities for anti-money laundering or combating the
financing of terrorism (AML/CFT matters); and/or
• law enforcement agencies.
3.3 The supervisor proactively exchanges material and relevant information with
other supervisors. The supervisor informs any other supervisor in its
jurisdiction and the supervisors of insurance group entities in other jurisdictions
or sectors in advance of taking any action that might reasonably be considered
to affect those group entities. Where prior notification is not possible, the
supervisor informs other relevant supervisors as soon as possible after taking
action.
3.3.1 Relevant proactively provided information includes but is not limited to:
• any information the supervisor considers will facilitate the
effective supervision of groups or entities in the group
• any material changes in the supervisory approach
• any event or series of events that may have a significant bearing
on the operations of group entities operating in the jurisdictions
of other supervisors
• information that may affect the financial system of another
jurisdiction
• information that may affect the financial condition or other
interests of the policyholders of a group entity in another
jurisdiction
• prior notification to another supervisor of any action to be
undertaken which relies on information received from that
supervisor, subject to the compulsory requirements applicable
to the supervisor of criminal justice or other legislation.
Public
3.4 The supervisor has a legitimate interest and a valid purpose related to the fulfilment
of supervisory functions in seeking information from another supervisor.
3.4.1 Valid purposes may include, but are not limited to:
• licensing
• fit and proper criteria
• ongoing supervision, including enforcement action and
sanctions
• supervisory practices
• winding-up, liquidation or bankruptcy
• anti-money laundering or combating the financing of terrorism
(AML/CFT).
3.5 The supervisor assesses each request for information from another supervisor
on a case by case basis.
3.5.1 By way of principle, a supervisor is expected to provide the information
requested by another supervisor. In deciding whether and to what extent
to fulfil a request for information, the supervisor may take into account
matters such as, but not limited to:
• whether it would be contrary to the essential interest of the
jurisdiction of the requested supervisor
• the ability of the recipient supervisor to maintain the
confidentiality of any information exchanged, taking account of
the legal arrangements in each jurisdiction
• relevant legislation in their jurisdiction (in particular those
relating to confidentiality and professional secrecy, data
protection and privacy, and procedural fairness)
• the nature of the information to be exchanged
• the use to which the information will be put (for example, see
Standard 3.4).
3.5.2 Whilst requests for information should normally be made in writing, the
supervisor should not insist on written requests in an emergency
situation, and should not unreasonably delay a response to an oral
request, where the requesting supervisor is known to it.
3.6 The supervisor responds in a timely and comprehensive manner when
exchanging relevant information and in responding to requests from
supervisors seeking information.
3.6.1 Supervisors should consider nominating an individual to act as their main
contact point to facilitate the free flow of information.
3.7 Strict reciprocity in terms of the level, format and detailed characteristics of
information exchanged is not required by the supervisor.
3.7.1 Lack of strict reciprocity should not be used by the supervisor as the
reason for not exchanging information that it would otherwise be
Public
appropriate to exchange – particularly in an emergency or other crisis
situation.
3.8 Before exchanging confidential information, the supervisor ensures that the party
receiving the information is bound by confidentiality requirements.
3.9 The supervisor generally permits the information it exchanged with another
supervisor to be passed on to other relevant supervisors or other bodies in that
jurisdiction, provided that the necessary confidentiality requirements are in
place.
3.9.1 Other parties with whom supervisors may wish to exchange information
may include the authorities listed at Standard 3.2 above or other
authorities such as those with jurisdiction over a supervisor or relevant
courts.
3.9.2 The originating supervisor may attach conditions to the subsequent
exchange of the information to other supervisors or other bodies.
3.9.3 Conditions imposed by the originating supervisor on the exchange of
information should not prevent the receiving supervisor from being able
to use the information for its own purposes in accordance with Standard
3.10.
3.10 The supervisor receiving confidential information from another supervisor uses
it only for the purposes specified when the information was requested. Before
using the information for another purpose, including exchanging it with other
parties, the supervisor obtains agreement of the originating supervisor.
3.10.1 There are specified circumstances within Annex B of the IAIS MMoU
whereby signatories are considered to have provided consent to the
passing on of information where it will assist other IAIS MMoU signatories
in the performance of their supervisory functions and other relevant
domestic bodies (including central banks, law enforcement agencies and
relevant courts).
3.11 In the event that the supervisor is legally compelled to disclose confidential
information it received from another supervisor, the supervisor promptly notifies
the originating supervisor, indicating what information it is compelled to release
and the circumstances surrounding the release. Where consent to passing this
information on is not given, the supervisor uses all reasonable means to resist
the demand and to protect the confidentiality of the information.
3.11.1 Legal compulsion includes but is not limited to a court or parliamentary
order.
Public
ICP 4 Licensing 4
A legal entity which intends to engage in insurance activities must be licensed
before it can operate within a jurisdiction. The requirements and procedures for
licensing must be clear, objective and public, and be consistently applied.
Introductory Guidance
4.0.1 Licensing contributes to efficiency and stability in the insurance sector.

Strict conditions governing the formal approval through licensing of
insurance legal entities are necessary to protect consumers. The relevant
licensing criteria should be applied to prospective entrants consistently to
promote a level playing field at point of admission to the insurance sector.
Licensing requirements and procedures should not be used
inappropriately to prevent or unduly delay access to the market.
4.0.2 The role of the supervisor in licensing is to assess whether insurance
legal entities are able to fulfil their obligations to policyholders on an
ongoing basis. The licensing procedure is the first step towards achieving
this objective.
4.0.3 Licensing is distinct from approval granted in terms of general domestic
company, trade or commercial law. Apart from applying for a supervisory
licence, other requirements pertaining to company, trade or commercial
law should be met (e.g. filing incorporation documents or applying to the
registrar of commerce).
Licensing requirements
4.1 The insurance legislation:

• includes a definition of insurance activities which are subject to
licensing;
• prohibits unauthorised insurance activities;
• defines the permissible legal forms of domestic insurance legal entities;
• allocates the responsibility for issuing licences; and
• sets out the procedure and form of establishment by which foreign
insurers are allowed to conduct insurance activities within the
jurisdiction.
4.1.1 Jurisdictions may decide to exclude some activities from the definition of
insurance activities subject to licensing. Any such activities should be
explicitly stated in the legislation. Jurisdictions may do this for various
reasons, such as:
• the insured sums do not exceed certain amounts;
• losses are compensated by payments in kind;
4 Amended November 2015

Public
• activities are pursued following the idea of solidarity between
policyholders (e.g., small mutuals, cooperatives and other
community-based organisations, especially in the case of
microinsurance); or
• the entities’ activities are limited to a certain geographical area,
limited to a certain number or class of policyholders and/or offer
special types of cover such as products not offered by licensed
domestic insurance legal entities.
4.1.2 Given the principle that all entities engaged in insurance activities must
be licensed, the exclusion of limited insurance activities from licensing
requirements should give due regard to having appropriate alternative
safeguards in place to protect policyholders.
4.1.3 Similarly, jurisdictions may allow a simplified process for non-significant
entities (e.g. limited geographic scope, limited size, and limited lines of
business) for the purposes of licensing. In such situations, the legislation
should state clearly the applicability, requirements and process for such
authorisation.
4.1.4 In jurisdictions where an authority other than the insurance supervisor is
responsible for issuing licences, the insurance supervisor should be able
to give input and recommend conditions or restrictions (including refusal)
on a licence where appropriate to the licensing authority.
4.2 A jurisdiction controls through licensing which entities are allowed to conduct
insurance activities within its jurisdiction.
4.2.1 Entities should neither be allowed to present themselves nor act as
licensed insurance legal entities without or before having been granted a
licence.
4.2.2 Depending on the legal forms that are permitted in a jurisdiction, foreign
insurers may be allowed to conduct insurance activities within the
jurisdiction by way of a local branch or subsidiary or on a cross-border
provision of services basis. A subsidiary is a domestically established
legal entity that needs to be licensed. A branch is not separate from the
insurance legal entity, and can be established in a jurisdiction other than
the insurance legal entity's home jurisdiction. A host jurisdiction may
require that branches of foreign insurance legal entities be licenced or
otherwise authorised by the host supervisor. Cross-border provision of
services does not require a local establishment but may require
authorisation from the host supervisor.
4.2.3 In some regions, a number of jurisdictions have agreed to a system of
passporting as a manner of acknowledging each other’s licences. This
provides the opportunity for insurance legal entities established in one of
the jurisdictions to open branches or provide insurance services across
borders on the basis of their home jurisdiction authorisation to conduct
insurance activities. Where a foreign insurer may be allowed to operate
through a branch or cross-border provision of services without a licence
or other authorisation from the host supervisor, it is important that bilateral
or multilateral agreements are in place which ensure that the insurer:
• is subject to supervision in its home jurisdiction which has been
recognised as adequate by the host jurisdiction; and
Public
• may be subject to sanction or other supervisory measures if it
does not meet the legal provisions of the host jurisdiction. In
such circumstances, the home supervisor should be informed.
4.3 Licensing requirements and procedures are clear, objective and public, and are
consistently applied. At a minimum, the applicant is required to:
• have sound business and financial plans;
• have a corporate or group structure that does not hinder effective
supervision;
• establish that the applicant’s Board Members, both individually and
collectively, Senior Management, Key Persons in Control Functions and
Significant Owners are suitable;
• have an appropriate governance framework; and
• satisfy capital requirements.
4.3.1 In addition to being publicly available, licensing requirements should also
be easily accessible. Supervisors should issue guidelines on how to file
an application for a licence, which include advice on the required format
of documents and the expected time it would take to process an
application upon the receipt of all relevant documents.
4.3.2 Supervisors should assess the applicant’s business and financial plans
to ascertain that the proposed business lines will be soundly managed
and adequately capitalised. Business and financial plans should be
projected for a minimum of three years by the applicant and include
information such as the products to be offered, distribution methods and
channels to be used, risk profile, projected setting-up and development
costs by business line, capital requirements and solvency margins.
Information regarding primary insurance and reinsurance should also be
provided.
4.3.3 Where the applicant is part of a group, the applicant should submit its
corporate and group structure, indicating all of the material entities within
the group (including both insurance legal entities and other entities,
including non-regulated entities). Information on the type of related party
transactions and/or relationships between all material entities within the
group should also be provided.
4.3.4 The applicant should also provide information to demonstrate the
appropriateness of its systems of risk management and internal controls,
including contracts with affiliates, outsourcing arrangements, information
technology systems, policies and procedures.
4.3.5 If applying to be licensed to underwrite both life insurance business and
non-life insurance business (where such is allowed), the applicant should
demonstrate to the satisfaction of the supervisor that its systems of risk
management and internal controls are adequate to manage the risks
separately for each business stream on both a going concern and a gone
concern basis.
4.3.6 Further guidance on suitability, governance and capital requirements can
be found in ICP 5 (Suitability of Persons), ICP 7 (Corporate Governance),
Public
ICP 8 (Risk Management and Internal Controls) and ICP 17 (Capital
Adequacy).
Requirements on the supervisor
4.4 The supervisor assesses applications, makes decisions and informs applicants
of the decision within a reasonable time, which is clearly specified, and without
undue delay.
4.4.1 The supervisor should require an entity to submit an application if it
proposes to conduct insurance activities. The application should include
information on the types of business to be written and contain all the
documents and information required by the legislation to confirm that the
licensing requirements are met.
4.4.2 In instances where the application is deemed not complete, the
supervisor should inform the applicant without delay, and the applicant
should be given the opportunity to provide additional information to
complete the application.
4.4.3 In assessing the application, the supervisor could rely on audits by
external bodies, actuarial reports, or in the case of branches or foreign
subsidiaries on the opinion of other supervisors. Supervisors should
consider the reports or opinions from these various sources carefully and
apply their own judgment in making the final decision on the application.
Before placing reliance on reports from external auditors or actuaries,
supervisors should consider:
• whether the external auditors and actuaries have the necessary
expertise and experience to perform the roles; and
• their independence from the entity and the consideration they
give to the protection of policyholders’ interests.
4.4.4 The supervisor should make its assessment and finalise its decision
within a reasonable timeframe and without undue delay. A time period
should be indicated to the applicant for the assessment procedure,
commencing from the date on which all complete application
documentation has been submitted to the supervisor. Within this period,
the supervisor should decide on the acceptability of the application for a
licence. However, this does not preclude the supervisor from conducting
additional due diligence if necessary. If the supervisor has not come to a
decision within the indicated timeframe and the licence cannot be
granted, the supervisor should communicate the reason for the delay to
the applicant.
4.5 The supervisor refuses to issue a licence where the applicant does not meet the
licensing requirements. Where the supervisor issues a licence, it imposes
additional requirements, conditions or restrictions on an applicant where
appropriate. If the licence is denied, conditional or restricted, the applicant is
provided with an explanation.
4.5.1 In general, requirements, conditions or restrictions that are imposed on
an applicant at the point of issue of the licence deal with the scope of
activities that an insurance legal entity is permitted to conduct or the
nature of its customers (e.g. retail versus sophisticated customers). If
Public
necessary, the supervisor should impose additional requirements,
conditions or restrictions on an applicant not only at the point of issue of
the licence, but also as part of its on-going supervision of the insurance
legal entity. Further standards and guidance on supervisory review and
reporting and on preventive and corrective action can be found in ICP 9
(Supervisory Review and Reporting) and ICP 10 (Preventive and
Corrective Measures).
4.5.2 The denial of a licence or conditions or restrictions on a licence should be
confirmed in writing to the applicant. The explanation should be provided
to the applicant in a transparent manner. Supervisors should convey their
concerns with regard to an applicant’s proposed insurance activities and
explain the reasons for imposing licensing conditions or restrictions.
4.6 A licence clearly states its scope.
4.6.1 A licence should clearly state the classification of insurance activities that
the insurance legal entity is licensed to conduct. Regarding classification,
legislation should categorise insurance business into types and classes
of insurance (at least into life and non-life).
4.6.2 Before adding new classes of insurance to the list of classes already
granted to the insurance legal entity, the supervisor should consider all of
the above mentioned licensing requirements, as applicable.
4.7 The supervisor publishes a complete list of licensed insurance legal entities and
the scope of the licences granted.
4.7.1 The supervisor should publish the complete list of licensed insurance
legal entities and clearly state the scope of licence that has been granted
to each insurance legal entity. This would provide clarity to the public as
to which entities are licensed for specific classes of business.
4.7.2 If the conditions or restrictions to the license would impact the public or
any person dealing with the insurance legal entity, the supervisor should
either publish these conditions or restrictions or require the insurance
legal entity to disclose these conditions or restrictions accordingly.
Conditions or restrictions that would impact the public could include, for
example, the lines or classes of insurance business an insurance legal
entity is permitted to conduct.
Foreign operations
4.8 In deciding whether and if so on what basis, to license or continue to license a

branch or subsidiary of a foreign insurer in its jurisdiction, the supervisor
consults the relevant supervisor(s) as necessary.
4.8.1 As part of the consultation, supervisors should use the modes available
for supervisory cooperation, in particular, the ability to exchange
information relevant for the application (e.g. check of suitability of
directors and owners) with domestic or foreign authorities. The exchange
of information may be governed by law, agreement or memorandum of
understanding, especially if the information is deemed confidential.
Having such arrangements in place is important so as to not unduly delay
the processing of an application.
Public
4.8.2 Before making a decision to grant the licence, the host supervisor should
have an understanding of how the home supervisor and/or the group-
wide supervisor supervise the insurer on an ongoing basis.
4.8.3 Host supervisors should consult home supervisors on relevant aspects of
any licensing proposal, but in any event they should always consider
checking that the home supervisor of the insurance legal entity has no
objection before granting a licence. The home supervisor and/or the
group wide supervisor should assess the risks posed to the insurer of
establishing an insurance legal entity in a foreign jurisdiction and highlight
any material reservations or concerns to the host supervisor as soon as
practicable. The host supervisor should inform the home supervisor of the
scope of the licence, including any restrictions or prohibitions imposed on
the licence.
4.8.4 Host supervisors should reject applications for a licence from foreign
entities which are not subject to regulation and supervision in the home
jurisdiction. In the case of joint ventures, if there is lack of clear parental
responsibility, the supervisor should reject such applications.
4.9 Where an insurance legal entity is seeking to conduct cross-border insurance
activities without a physical presence in the jurisdiction of the host supervisor,
the host supervisor concerned consults the home supervisor, as necessary,
before allowing such activities.
4.9.1 Jurisdictions or regions may have a system or cooperation agreements
in place whereby such consultation is not necessary or required.
4.9.2 Information exchanged as part of a consultation should include:
• confirmation from the home supervisor that the insurance legal
entity is authorised to conduct the proposed types of insurance
activities; and
• confirmation from the home supervisor that the insurance legal
entity meets all the insurance regulatory requirements in the
home jurisdiction.
Public
ICP 5 Suitability of Persons 5
The supervisor requires Board Members, Senior Management, Key Persons in
Control Functions and Significant Owners of an insurer to be and remain suitable to
fulfil their respective roles.
5.1 Legislation identifies which persons are required to meet suitability requirements.
At a minimum, the legislation includes Board Members, Senior Management,
Key Persons in Control Functions and Significant Owners.
5.1.1 Suitability requirements may extend to other individuals (e.g. financial
controllers and treasurers) to account for the roles of such individuals that
may differ depending on the jurisdiction and the legal form and
governance structure of the insurer.
5.2 The supervisor requires that in order to be suitable to fulfil their roles:
• Board Members (individually and collectively), Senior Management and
Key Persons in Control Functions possess competence and integrity;
and
• Significant Owners possess the necessary financial soundness and
integrity.
Suitability requirements for Board Members, Senior Management and Key Persons
in Control Functions
5.2.1 Competence is demonstrated generally through the level of an

individual’s professional or formal qualifications and knowledge, skills and
pertinent experience within the insurance and financial industries or other
businesses. Competence also includes having the appropriate level of
commitment to perform the role. Refer to ICP 7 (Corporate Governance)
with regard to competence and commitment and to ICP 8 (Risk
Management and Internal Controls) with regard to control functions.
5.2.2 Integrity is demonstrated generally through character, personal behaviour
and business conduct.
5.2.3 The supervisor should require the insurer to take the necessary measures
to ensure that these requirements are met by setting high internal
standards of ethics and integrity, promoting sound corporate governance
and requiring that these individuals have pertinent experience, and
maintain a sufficient degree of knowledge and decision making ability.
5.2.4 To ensure an appropriate level of suitability, Board Members, Senior
Management and Key Persons in Control Functions should acquire,
maintain and enhance their knowledge and skills to fulfil their roles, for
example, by participating in induction and ongoing training on relevant
issues. Sufficient time, budget and other resources should be dedicated
for this purpose, including external expertise drawn upon as needed.

Public
More extensive efforts should be made to train those with more limited
financial, regulatory or risk-related experience.
Suitability requirements for Significant Owners
5.2.5 At a minimum, the necessary qualities of a Significant Owner relate to:

• financial soundness demonstrated by sources of
financing/funding and future access to capital; and
• integrity demonstrated in personal or corporate behaviour.
5.3 The supervisor requires the insurer to demonstrate initially and on an ongoing
basis, the suitability of Board Members, Senior Management, Key Persons in
Control Functions and Significant Owners. The suitability requirements and the
extent of review required by the supervisor depend on the person’s role.
5.3.1 The supervisor should assess the suitability of Board Members, Senior
Management, Key Persons in Control Functions and Significant Owners
of an insurance legal entity as part of the licensing procedure before the
insurance legal entity is permitted to operate. See ICP 4 (Licensing).
5.3.2 The supervisor should assess the suitability of Board Members, Senior
Management, Key Persons in Control Functions and Significant Owners
of insurers either prior to changes in the positions or as soon as possible
after appointment. The supervisor should also require the insurer to
perform internal suitability assessments of Board Members, Senior
Management and Key Persons in Control Functions on an ongoing basis,
for example on an annual basis or when there are changes in the
circumstances of the individuals. The supervisor may require the insurer
to certify that it has conducted such assessments and demonstrate how
it reached its conclusions.
5.3.3 With regard to Control Functions, the individual(s) to be assessed should
be the Key Persons in Control Functions.
5.3.4 The supervisor should have sufficient and appropriate information to
assess whether an individual meets suitability requirements. The
information to be collected and the supervisor’s assessment of such
information may differ depending on the role.
5.3.5 For the purpose of the assessment, the supervisor should require the
submission of a résumé or similar indicating the professional
qualifications as well as previous and current positions and experience of
the individual and any information necessary to assist in the assessment,
such as:
• evidence that the individual has sufficient relevant knowledge
and pertinent experience within the insurance and financial
industries or other businesses; and
• evidence that the individual has the appropriate level of
commitment to perform the role.
5.3.6 The application of suitability requirements relating to competence for
Board Members, Senior Management and Key Persons in Control
Functions of an insurer may vary depending on the degree of their
influence and on their roles. It is recognised that an individual considered
Public
competent for a particular position within an insurer may not be
considered competent for another position with different responsibilities
or for a similar position within another insurer. When assessing the
competence of the Board Members, regard should be given to respective
duties allocated to individual members to ensure appropriate diversity of
qualities and to the effective functioning of the Board as a whole.
5.3.7 In assessing the integrity of an individual Board Member, Senior
Management, Key Person in Control Functions and Significant Owner,
the supervisor should consider a variety of indicators such as:
• Legal indicators: These provide information on possible legal
misconduct. Such indicators could include civil liability, criminal
convictions or pending proceedings:
− for breaches of law designed to protect members of the
public from financial loss, e.g. dishonesty, or
misappropriation of assets, embezzlement and other fraud
or other criminal offences (including anti-money laundering
and the combating of the financing of terrorism.
− against the individual in his/her personal capacity;
− against an entity in which the individual is or was a Board
Member, a member of the Senior Management, a Key
Person in Control Functions or a Significant Owner; or
− incurred by the individual as a consequence of unpaid
debts.
• Financial indicators: These provide information on possible
financial misconduct, improper conduct in financial accounting,
or negligence in decision-making. Such indicators could include:
− financial problems or bankruptcy in his/her private
capacity; or
− financial problems, bankruptcy or insolvency proceedings
of an entity in which the individual is or was a Board
Member, a member of the Senior Management or a Key
Person in Control Functions.
• Supervisory indicators: These provide information gathered by
or that comes to the attention of supervisors in the performance
of their supervisory duties. These supervisors could also be
authorities with supervisory responsibility in sectors other than
insurance. Such indicators could include:
− the withholding of information from public authorities or
submission of incorrect financial or other statements;
− conduct of business transgressions;
− prior refusal of regulatory approval for key positions;
− preventive or corrective measures imposed (or pending)
on entities in which the individual is or was a Board
Member, a member of the Senior Management, or a Key
Person in Control Functions; or
Public
− outcome of previous assessments of suitability of an
individual, or sanctions or disciplinary actions taken (or
pending) against that individual by another supervisor.
• Other indicators: These may provide other information that
could reasonably be considered material for the assessment of
the suitability of an individual. Examples include:
− suspension, dismissal or disqualification of the individual
from a position as a Board Member or a member of the
Senior Management of any company or organisation;
− disputes with previous employers concerning incorrect
fulfilment of responsibilities or non-compliance with
internal policies, including code of conduct, employment
law or contract law;
− disciplinary action or measures taken against an individual
by a professional organisation in which the individual is or
was a member (e.g., actuaries, accountants or lawyers);
or
− strength of character, such as the ability and willingness to
challenge, as an indicator of a person’s integrity as well as
competence to perform the respective role.
The presence of any one indicator may, but need not in and of itself,
determine a person’s suitability. All relevant indicators, such as the
pattern of behaviour, should be considered in a suitability assessment.
Consideration should also be taken to the lapse of time since a particular
indicator occurred and its severity, as well as the person’s subsequent
conduct.
5.3.8 For Significant Owners, the supervisor sets out minimum standards of
financial soundness. If the Significant Owner that is to be assessed is a
legal person or a corporate entity, the supervisor should collect sufficient
and appropriate information such as:
• the nature and scope of its business;
• its ownership structure, where relevant;
• its source of finance/funding and future access to capital;
• the group structure, if applicable, and organisation chart; and
• other relevant factors.
5.3.9 In determining the financial soundness of Significant Owners, the
supervisor should assess their source of financing/funding and future
access to capital. To do so, the supervisor may consider financial
indicators such as:
• Financial statements and exhibits. If the Significant Owner is a
legal person, financial statements may include annual financial
statements; for a natural person, it may include financial
information (such as tax accounts or personal wealth
statements) that are reviewed by an independent public
accountant; and
Public
• Transactions and agreements such as: loans; investments;
purchase, sale or exchange of securities or other assets;
dividends and other distributions to shareholders; management
agreements and service contracts; and tax allocation
agreements.
5.3.10 Additionally the supervisor should also consider matters such as, but not
limited to, whether:
• Significant Owners understand their role as potential future
sources of capital, if needed;
• there are any indicators that Significant Owners will not be able
to meet their debts as they fall due;
• appropriate prudential solvency requirements are met if the
Significant Owner is a financial institution;
• Significant Owners have been subject to any legally valid
judgment, debt or order that remains outstanding or has not
been satisfied within a reasonable period;
• Significant Owners have made arrangements with creditors,
filed for bankruptcy or been adjudged bankrupt or had assets
sequestered; and
• Significant Owners have been able to provide the supervisor
with a satisfactory credit reference.
The presence of any one indicator may, but need not in and of itself,
determine a person’s suitability. All relevant indicators, such as the
pattern of behaviour, should be considered in a suitability assessment. If
the Significant Owner is regulated by another supervisor, the suitability
assessment done by the latter may be relied upon to the extent that this
assessment reasonably meets the requirements of this standard.
5.4 The supervisor requires notification by insurers of any changes in Board Members,
Senior Management, Key persons in Control Functions and Significant Owners,
and of any circumstances that may materially adversely affect the suitability of
its Board Members, Senior Management, Key Persons in Control Functions and
Significant Owners.
5.4.1 Insurers should be required to report promptly any information gained
about these persons that may materially affect their suitability, for
example, if a Board Member is convicted of a financial crime. See
guidance under Standard 5.3 for additional examples of indicators of
circumstances that may materially affect the suitability of an individual.
5.5 The supervisor takes appropriate action to rectify the situation when Board
Members, Senior Management and Key Persons in Control Functions or
Significant Owners no longer meet suitability requirements.
5.5.1 The supervisor should impose measures in respect of Board Members,
Senior Management and Key Persons in Control Functions who do not
meet the suitability requirements. Examples of such measures include:
• requesting the insurer to provide additional education, coaching
or the use of external resources in order to achieve compliance
Public
with suitability requirements by an individual in a position as
Board Member, member of the Senior Management or Key
Person in Control Functions;
• preventing, delaying or revoking appointment of an individual in
a position as Board Member, member of the Senior
Management or Key Person in Control Functions;
• suspending, dismissing or disqualifying an individual in a
position as a Board Member, Senior Management or Key
Person in Control Function, either directly or by ordering the
insurer to take these measures;
• requiring the insurer to appoint a different person for the position
in question who does meet the suitability requirements, to
reinforce the sound and proper management and control of the
insurer;
• imposing additional reporting requirements and increasing
solvency monitoring activities; or
• withdrawing or imposing conditions on the business licence,
especially in the case of a major breach of suitability
requirements, taking into account the impact of the breach or
the number of members of the Board, Senior Management or
Key Persons in Control Functions involved.
5.5.2 The supervisor should impose measures of a preventive and corrective
nature in respect of Significant Owners who do not meet suitability
requirements. Examples of such measures include:
• requiring the Significant Owners to dispose of their interests in
the insurer within a prescribed period of time;
• the suspension of the exercise of their corresponding voting
rights; or
• the nullification or annulment of any votes cast by the Significant
Owners.
5.5.3 There can be circumstances where a Board Member, a member of the
Senior Management or a Key Person in Control Functions is unable to
carry out his/her role and a replacement needs to be appointed on short
notice. In jurisdictions where the supervisor approves the post-licensing
appointment of Board Members, Senior Management or Key Persons in
Control Functions, it may be appropriate for the supervisor to permit the
post to be filled temporarily until the successor’s suitability assessment is
affirmed. In such circumstances, a supervisor may require that these
temporary replacements meet certain suitability requirements, depending
on his/her position or responsibilities within the insurer. However, such
assessment should be conducted and concluded in a timely manner.
5.6 The supervisor exchanges information with other authorities inside and outside its
jurisdiction where necessary to check the suitability of Board Members, Senior
Management, Key Persons in Control Functions and Significant Owners of an
insurer.
Public
5.6.1 Supervisors should use the modes available for supervisory cooperation,
in particular, the ability to exchange information relevant to check
suitability with domestic or foreign authorities. Having such arrangements
in place is important so as to not unduly delay relevant supervisory
processes and/or affect the insurers’ ability to satisfy composition
requirements for the Board or make necessary changes to its
management team. For additional information, see ICP 3 (Information
Exchange and Confidentiality Requirements).
5.6.2 The supervisor may use this information as an additional tool to assess
effectively the suitability of, or to obtain information about, a Board
Member, a member of the Senior Management or a Key Person in Control
Functions.
5.6.3 If a Significant Owner that is to be assessed is a legal person or a
corporate entity regulated in another jurisdiction, the supervisor should
seek confirmation from the relevant authority that the entity is in good
standing in that other jurisdiction.
Public
ICP 6 Change of Control and Portfolio Transfers6
The supervisor assesses and decides on proposals:
• to acquire significant ownership of, or an interest in, an insurer that results
in a person (legal or natural), directly or indirectly, alone or with an
associate, exercising control over the insurer; and
• for portfolio transfers.
6.0.1 The supervision of change of control and portfolio transfers supports
supervisory objectives, in particular:
• licensing regimes are not undermined by control being obtained
or retained by those who would not get a licence ordinarily; and
• insurers should continue to be held in corporate or other
arrangements that allow them to be effectively supervised.
6.0.2 To assist in understanding the content of this ICP, it is emphasised that:
• change of control extends beyond the immediate controlling
interest, such as the ownership of equity in an insurer, and
includes other actions that have the potential to change the
exercise of control over the insurer;
• change of control is relevant, both at the insurance legal entity and
intermediate and ultimate beneficial owner levels;
• change of control may take place in a variety of forms, such as
mergers, acquisitions or (de)mutualisations;
• control includes the exercise of influence over decisions including,
but not limited to, decisions on strategic, operating, investing and
financing policies of an insurer. It may also include the power to
appoint or remove members, or otherwise influence the
composition of, the Board or of Board committees;
• control may be exercised by a person individually, or acting in
concert with associates or others, and directly or indirectly through
corporate structures or other mechanisms; and
• significant owners and the transactions that determine or change
control may be outside of a jurisdiction, but the impact on the
ultimate control of the insurer in that jurisdiction means that they
remain relevant to effective supervision of control.
6.0.3 Supervisory requirements and practices regarding change of control and
portfolio transfers may vary, taking into account the nature, scale and
complexity of the transactions and the risk posed to achievement of
supervisory objectives. For example, portfolio transfers between
reinsurers, internal restructuring transactions within a group that does not
change the ultimate beneficial ownership of the entity, and

Public
demutualisation, are different types of transactions. Their nature may
warrant different supervisory approaches and/or different levels of
intensity of supervision.
6.0.4 There may be transactions where a portfolio transfer or a change of
control is cross-border in nature. In such cases, the supervisor should
coordinate and exchange information with the relevant supervisors (see
ICP 3 Information Exchange and Confidentiality Requirements and ICP
25 Supervisory Cooperation and Coordination).
Change of Control
6.1 Legislation addresses change of control of insurers, including:

• having a definition of control; and
• oversight and enforcement of requirements related to change of control.
6.1.1 The definition of "control" should address, at least:
• holding of a defined number or percentage of issued shares or
financial instruments above a designated threshold in an insurer
or its intermediate or ultimate beneficial owner or the head of the
insurance group or head of the financial conglomerate as may be
the case; and/or
• having a defined percentage of voting rights attached to shares or
financial instruments.
6.1.2 Financial instruments other than shares that should be of interest to the
supervisor are those that have the potential to impact the levels of control
over an insurer, including those that may convert in the future into an
interest that leads to a change of control through that conversion.
6.1.3 The definition of a threshold for control is not necessarily the same as the
definition that may apply for accounting consolidation or other purposes.
6.2 The supervisor requires the insurer to provide notification of a proposed change
of control of the insurer. The supervisor assesses and decides on proposals for
change of control.
Notification
6.2.1 The supervisor should require notification of proposals that would lead to
increased (or decreased) control.
6.2.2 The supervisor should establish thresholds for notification. Such
thresholds may improve transparency and compliance with related
requirements while avoiding immaterial notifications. The supervisor
typically establishes lower thresholds (such as between 5 and 10 percent)
for initial notification of acquiring control, and a higher percentage for
approval and for increased control also requiring approval.
6.2.3 The supervisor may also be informed by notifications made to other
authorities such as corporate law supervisors or under rules for publicly
traded companies.
6.2.4 Notifications should be submitted to the supervisor in a reasonable time.
Changes that arise because of actions of the insurer should be subject to
Public
advance notification. Actions of others are usually made “subject to”
relevant approvals so are not effective until approved.
Assessment
6.2.5 The supervisor should assess both actions that lead to new controlling
interests and those that lead to material increases in existing controlling
interests. Material increases may arise, for example, when existing
significant owners increase their interest, when associates increase their
interest, or when a significant owner acquires a new associate who has a
plan to acquire an interest (directly or indirectly) in the insurer.
6.2.6 The supervisor should obtain the information necessary to assess the
change of control. The supervisor may seek such information from the
insurer, its significant owners, shareholders or other relevant persons.
The information obtained should be proportionate to the complexity of the
change of control. Regardless, the supervisor should have sufficient
information to understand the impact of the change of control on the
insurer and be able to identify the ultimate beneficial owner.
6.2.7 When considering whether to approve a change of control that leads to a
new significant owner, the supervisor should verify that the approval
would not lead to a control arrangement that would not have been
approved as part of the jurisdiction’s licensing requirements in similar
circumstances (see ICP 4 Licensing).
6.2.8 The supervisor should assess whether a new significant owner is suitable
to fulfil its role. At a minimum, a significant owner should possess the
necessary qualities relating to financial soundness and integrity (see ICP
5 Suitability of Persons).
6.2.9 The supervisor should be able to deny a change of control when, for
example, it would be prejudicial to the interests of policyholders, the
resulting structure would not allow for effective supervision, or the
ultimate beneficial owner cannot be identified.
(De)Mutualisation
6.3 A change of a mutual company to a stock company, or vice versa, is subject to

the supervisor’s approval.
6.3.1 In jurisdictions where mutual ownership of insurers is possible, legislation
should provide a process for mutual insurers to demutualise at their own
discretion or if directed to do so by the supervisor.
6.3.2 The process for (de)mutualisation may vary by jurisdiction. For example,
the ultimate approval may be provided by authorities other than the
supervisor, such as courts or votes of member policyholders. Regardless,
the supervisor should be consulted and should have the right to object to
a (de)mutualisation.
6.3.3 In assessing a (de)mutualisation, the supervisor should consider the
impact on the financial condition of the insurer and the ongoing
expectations of policyholders, including those that will continue as
participating policyholders. The supervisor should also assess whether
the new governing organisational document of the company adequately
protects current and future policyholders.
Public
Portfolio Transfer
6.4 The supervisor assesses and decides on the transfer of all or a part of an
insurer’s business taking into account at least the financial condition of the
transferee and the transferor and whether the interests of the policyholders of
both the transferee and transferor will be protected.
6.4.1 Insurance policies are legal contracts between an insurer and its
policyholders. As such, an insurer should not be able unilaterally to alter
the terms of a contract by merging with another insurer, (de)mutualising,
or transferring some of its business to another insurer.
6.4.2 In order to protect the interests of policyholders and to safeguard the
financial condition of the insurers involved, legislation should address the
conditions for a portfolio transfer. Policyholders’ benefit expectations and
existing policy values should not normally be lessened as a result of a
portfolio transfer.
6.4.3 The process for a portfolio transfer may vary by jurisdiction. For example,
the ultimate approval may be provided by authorities other than the
supervisor, such as courts. Regardless, the supervisor should be
consulted and should have the right to object to a portfolio transfer.
6.4.4 When assessing a transfer, the supervisor should consider the impact on
the transferring policyholders, as well as on those that are not
transferring, and those that are current policyholders of the company to
which the policyholders are being transferred. This should apply whether
the portfolio transfer is considered a part of normal business, a merger or
part of a resolution where the insurer is no longer viable (see ICP 12 Exit
from the Market and Resolution).
Public
ICP 7 Corporate Governance 7
The supervisor requires insurers to establish and implement a corporate governance
framework which provides for sound and prudent management and oversight of the
insurer’s business and adequately recognises and protects the interests of
policyholders.
7.0.1 The corporate governance framework of an insurer:

• promotes the development, implementation and effective
oversight of policies that clearly define and support the
objectives of the insurer;
• defines the roles and responsibilities of persons accountable for
the management and oversight of an insurer by clarifying who
possesses legal duties and powers to act on behalf of the
insurer and under which circumstances;
• sets requirements relating to how decisions and actions are
taken including documentation of significant or material
decisions, along with their rationale;
• provides sound remuneration practices which promote the
alignment of remuneration policies with the long term interests
of insurers to avoid excessive risk taking;
• provides for communicating with the supervisor, as appropriate,
matters relating to the management and oversight of the insurer;
and
• provides for corrective actions to be taken for non-compliance
or weak oversight, controls or management.
7.0.2 An effective corporate governance framework enables an insurer to be
flexible and transparent; to be responsive to developments affecting its
operations in making timely decisions and to ensure that powers are not
unduly concentrated. The corporate governance framework supports and
enhances the ability of the key players responsible for an insurer’s
corporate governance; i.e. the Board, Senior Management and Key
Persons in Control Functions to manage the insurer’s business soundly
and prudently.
Organisational structures
7.0.3 The insurer should establish a transparent organisational structure which

supports the strategic objectives and operations of the insurer. The board
and senior management should know and understand the structure and
the risks that it poses.

Public
The ways in which an insurer chooses to organise and structure itself can
vary depending on a number of factors such as:
• jurisdictional corporate law, which may allow or require different
board structures (such as one-tier or two-tier Boards);
• organisational structure such as stock companies, mutuals or
co-operatives; and
• group, branches, or solo legal entity operations.
These considerations can affect how an insurer establishes and
implements its corporate governance framework and are explained in
more detail below. It is important for supervisors to understand these
different considerations in order to be able to adequately assess the
effectiveness of an insurer’s corporate governance framework.
7.0.4 The standards on corporate governance are designed with sufficient
flexibility to apply to supervision of insurers regardless of any differences
in the corporate structures and legal systems.
7.0.5 The term Board includes its management and oversight roles, regardless
of Board structure.
Mutuals and co-operatives
7.0.6 Governance of insurers formed as mutuals or co-operatives is different

from that of insurers formed as joint stock companies (i.e., bodies
corporate). These standards are nevertheless sufficiently flexible to be
adapted to mutuals and co-operatives to promote the alignment of actions
and interests of the Board and Senior Management with the broader
interests of policyholders. Where there are references to shareholders or
stakeholders, they should be generally treated as references to
policyholders in mutuals, unless otherwise indicated.
Insurance Groups
7.0.7 Insurance groups should ensure that the corporate governance

framework is appropriate to the structure, business and risks of the
insurance group and its legal entities. The corporate governance
framework should include policies, processes and controls which address
risks across the insurance group and legal entities.
7.0.8 When setting up or evaluating their corporate governance framework,
insurance groups should be aware of the specific challenges which might
arise from the organisational model adopted by a group (e.g. centralised
or decentralised model). The main factors underlying the challenges are:
• the division of authorities and responsibilities between the key
players at the insurance group and legal entity level;
• effective group-wide direction and coordination;
• proper consideration of the legal obligations, governance
responsibilities and risks both at the insurance group and legal
entity level; and
Public
• effective communication within the group and adequate
information at all levels. 8
7.0.9 The supervisor should take the organisational structure of the group into
consideration in evaluating its governance. Particularly when the
management structure differs from the legal entity structure, it is not
sufficient to assess governance only at the legal entity level. In such a
case, it is important that appropriate governance exists across the group
and that the supervisor assesses it on a group-wide basis.
Branch operations
7.0.10 If an insurer is a branch, these standards would generally apply to the

legal entity in its home jurisdiction. However, the host supervisor may
require designated oversight and/or management accountabilities and
structures to be maintained at the branch, including in some cases a
designated representative responsible for the management of the branch.
In such cases, these standards should also apply, as appropriate, to the
oversight and management roles maintained within the branch taking due
account of the governance structures and arrangements as determined
by the host supervisor.
Appropriate allocation of oversight and management responsibilities
7.1 The supervisor requires the insurer’s Board to:

• ensure that the roles and responsibilities allocated to the Board, Senior
Management and Key Persons in Control Functions are clearly defined
so as to promote an appropriate separation of the oversight function
from the management responsibilities; and
• provide oversight of the Senior Management.
7.1.1 The Board should ensure that the insurer has a well-defined governance
structure which provides for the effective separation between oversight
and management functions. The Board is responsible for providing the
overall strategy and direction for the insurer and overseeing its proper
overall management, while leaving the day-to-day management of the
insurer to Senior Management. The separation of the roles of the Chair
of the Board and the Chief Executive Officer (CEO) reinforces a clear
distinction between accountability for oversight and management.
7.1.2 The Board should also ensure that there is a clear allocation of roles and
responsibilities to the Board as a whole, to committees of the Board
where they exist, and to the Senior Management and Key Persons in
Control Functions to ensure proper oversight and sound management of
the insurer. The allocation of roles and responsibilities should clearly
identify the individual and collective accountabilities for the discharge of
the respective roles and responsibilities. The organisational structure of
the insurer and the assignment of responsibilities should enable the
8 See Issues Paper, Approaches to Group Corporate Governance; Impact on Control Functions,
October 2014.
Public
Board and Senior Management to carry out their roles in an adequate and
objective manner and should facilitate effective decision making.
7.1.3 The allocation of responsibilities to individual Board members (for
example the membership of Board committees such as the audit or
remuneration committee) should take due account of whether the
relevant member has the degree of independence and objectivity
required to carry out the functions of the particular committee. The
effective oversight of the executive functions should be performed by the
non-executive members of the Board, because they are not involved in
the day-to-day management of the insurer. Within a group the allocation
and division of the oversight and management responsibilities at different
levels should be transparent, appropriate for, and aligned with, the
organisational model of the group. 9
7.1.4 In order to provide effective oversight of the Senior Management, the
Board should:
• ensure that there are adequate policies and procedures relating
to the appointment, dismissal and succession of the Senior
Management, and be actively involved in such processes;
• ensure that Senior Management’s knowledge and expertise
remain appropriate given the nature of the business and the
insurer's risk profile;
• monitor whether the Senior Management is managing the affairs
of the insurer in accordance with the strategies and policies set
by the Board, and the insurer’s risk appetite, corporate values
and corporate culture;
• set appropriate performance and remuneration standards for
Senior Management consistent with the long-term strategy and
the financial soundness of the insurer and monitor whether the
Senior Management is meeting the performance goals set by
the Board;
• regularly meet with the Senior Management to discuss and
review critically the decisions made, information provided and
any explanations given by the Senior Management relating to
the business and operations of the insurer; and
• have regular interaction with any committee it establishes as
well as with other key functions, proactively request information
from them and challenge that information when necessary.
7.1.5 As a part of its regular monitoring and review of the insurer’s operations,
the Board should review whether the relevant policies and procedures,
as set by the Board, are being properly implemented by Senior
Management and are operating as intended. Particular attention should
be paid as to whether the responsibilities for managing and implementing
the policies of the Board have been effectively discharged by those
responsible. The Board should obtain reports at least annually for this
9 See Issues Paper, Approaches to Group Corporate Governance; impact on control functions, October
2014, para 43-44.

Public
purpose and such reports may include internal or external independent
reports as appropriate.
Corporate culture, business objectives and strategies of the insurer
7.2 The supervisor requires the insurer’s Board to set and oversee the implementation
of the insurer’s corporate culture, business objectives and strategies for
achieving those objectives, in line with the insurer’s long term interests and
viability.
7.2.1 The Board should adopt a rigorous process for setting, approving, and
overseeing the implementation of the insurer’s overall business
objectives and strategies, taking into account the long term financial
safety and soundness of the insurer as a whole, the interests of its
policyholders and other stakeholders, and the fair treatment of customers.
The Board ensures that the Senior Management has adequately
documented and communicated these objectives and strategies to the
Key Persons in Control Functions and all other relevant staff.
7.2.2 The effective implementation of objectives and strategies should be
supported by the corporate culture and by clear and objective
performance goals and measures, taking due account of, among other
things, the insurer’s long term interests and viability and the interests of
policyholders and other stakeholders. The Board should review the
appropriateness of the goals and measures set.
7.2.3 A corporate culture reflects the fundamental corporate values and
includes norms for responsible and ethical behaviour applicable to all
employees of the insurer. The Board should take the lead in setting the
appropriate tone at the top. This includes adherence to the corporate
values by the Board and a strong risk culture avoiding excessive risk
taking. The corporate values, norms and supporting policies should be
communicated throughout the insurer. These are also reflected in the
insurer’s business objectives and strategies, and supported by
professional standards and codes of ethics that set out what the insurer
considers to be acceptable and unacceptable conduct. In this regard, the
Board should take account of the interests of policyholders and other
relevant stakeholders. In setting the tone at the top the Board should
ensure that employees are aware that appropriate disciplinary or other
actions will follow unacceptable behaviours.
7.2.4 The Board should ensure that the corporate culture promotes timely and
frank discussion and escalation of problems to Senior Management or
itself. The Board should set and oversee the implementation of
transparent policies and processes which promote and facilitate that
employees can communicate concerns or information about illegal or
unethical behaviour confidentially and without reprisal directly or indirectly
to the Board (e.g. whistle blower policy). The Board should determine how
and by whom legitimate concerns shall be investigated and addressed
(Senior Management, Board or an external party).
7.2.5 The Board should define and oversee the implementation of norms for
responsible and ethical behaviour. It should not allow behaviour that
would be incompatible with the protection of policyholders and that could
lead to reputational risks or improper or illegal activity, such as financial
Public
misreporting, fraud, money laundering, bribery and corruption. The norms
for responsible and ethical behaviour should also make clear that
employees are expected to conduct themselves ethically in addition to
complying with laws, regulations and the insurer’s policies.
7.2.6 The Board should ensure that the insurer’s corporate governance
framework and overall business objectives and strategies are reviewed
at least annually to ensure that they have been properly implemented and
that they remain appropriate in light of any material changes in the
organisational structure, activities, strategy, and regulatory and other
external factors. The Board should ensure more frequent reviews, for
instance when an insurer embarks on a significant new business initiative
(e.g. a merger or acquisition, or a material change in the direction with
respect to the insurer’s product portfolio, risk or marketing strategies),
upon the introduction of a new type or class of risk or product or a decision
to market products to a new class or category of clients, or following the
occurrence of significant external or internal events which may potentially
have a material impact on the insurer (including its financial condition,
objectives and strategies) or the interests of its policyholders or other
stakeholders.
Structure and governance of the Board
7.3 The supervisor requires the insurer’s Board to have, on an on-going basis:
• an appropriate number and mix of individuals to ensure that there is an
overall adequate level of competence at the Board level commensurate
with the governance structure;
• appropriate internal governance practices and procedures to support the
work of the Board in a manner that promotes the efficient, objective and
independent judgment and decision making by the Board; and
• adequate powers and resources to be able to discharge its duties fully
and effectively.
Board composition
7.3.1 The Board of an insurer should have a sufficient number of members who
have relevant expertise among them as necessary to provide effective
leadership, direction and oversight of the insurer’s business to ensure it
is conducted in a sound and prudent manner. For this purpose, the Board
should collectively and individually have, and continue to maintain,
including through training, necessary skills, knowledge and
understanding of the insurer’s business to be able to fulfil their roles. In
particular, the Board should have, or have access to, knowledge and
understanding of areas such as the lines of insurance underwritten by the
insurer, actuarial and underwriting risks, finance, accounting, the role of
control functions, investment analysis and portfolio management and
obligations relating to fair treatment of customers. While certain areas of
expertise may lie in some, but not all, members, the collective Board
should have an adequate spread and level of relevant competencies and
understanding as appropriate to the insurer's business.
Public
7.3.2 Board members should have the commitment necessary to fulfil their
roles, demonstrated by, for example, a sufficient allocation of time to the
affairs of the insurer and reasonable limits on the number of Board
memberships held within or outside the insurance group.
Board effectiveness
7.3.3 The Board should review, at least annually, its own performance to
ascertain whether members collectively and individually remain effective
in discharging the respective roles and responsibilities assigned to them
and identify opportunities to improve the performance of the Board as a
whole. The Board should implement appropriate measures to address
any identified inadequacies, including any training programmes for Board
members. The Board may also consider the use of external expertise
from time to time to undertake its performance assessment where
appropriate in order to enhance the objectivity and integrity of that
assessment process.
Internal governance
7.3.4 The Board should have appropriate practices and procedures for its own
internal governance, and ensure that these are followed and periodically
reviewed to assess their effectiveness and adequacy. These may be
included in organisational rules or by-laws, and should set out how the
Board will carry out its roles and responsibilities. They should also cover
a formal and documented process for nomination, selection and removal
of Board members, and a specified term of office as appropriate to the
roles and responsibilities of the Board member, particularly to ensure the
objectivity of decision making and judgment. Appropriate succession
planning should also form part of the Board’s internal governance
practices.
Chair of the Board
7.3.5 While the Board as a whole remains collectively responsible for the
stewardship of the insurer, the Chair of the Board has the pivotal role of
providing leadership to the Board for its proper and effective functioning.
The role of the Chair of the Board should generally encompass
responsibilities such as setting the Board’s agenda, ensuring that there is
adequate time allocated for the discussion of agenda items, especially if
they involve strategic or policy decisions of significant importance, and
promoting a culture of openness and debate by facilitating effective
participation of non-executive and executive members and
communication between them and also with the Senior Management and
Key Persons in Control Functions. To promote checks and balances, it is
good practice for the Chair of the Board to be a non-executive Board
member and not serve as chair of any Board committee. In jurisdictions
where the Chair of the Board is permitted to assume executive duties, the
insurer should have measures in place to mitigate any adverse impact on
the insurer's checks and balances.
Board committees
Public
7.3.6 To support the effective discharge of the responsibilities of the Board, the
Board should assess whether the establishment of committees of the
Board is appropriate. Committees that a Board may commonly establish
include audit, remuneration, ethics/compliance, nominations and risk
management committees. Where committees are appointed, they should
have clearly defined mandates and working procedures (including
reporting to the Board), authority to carry out their respective functions,
and a degree of independence and objectivity as appropriate to the role
of the committee. The Board should consider occasional rotation of
members and of the chairs of committees, or tenure limits to serve on a
committee, as this can help to avoid undue concentration of power and
promote fresh perspectives. If the functions of any committees are
combined, the Board should ensure such a combination does not
compromise the integrity and/or effectiveness of the functions combined.
In all cases, the Board remains ultimately responsible for matters
delegated to any such committees.
Independence and objectivity
7.3.7 To promote objectivity in decision making by the Board, the formal and
perceived independence of Board members should be ensured. To that
end, Board members should avoid personal ties or financial or business
interests which conflict with that of the insurer. Where it is not reasonably
possible to avoid conflicts of interests, such conflicts should be effectively
managed. Documented procedures and policies should be in place to
identify and address conflicts of interests which could include disclosure
of potential conflicts of interests, requirements for arm’s length
transactions, abstention of voting and, where appropriate, prior approval
by the Board or shareholders of professional positions or transactions.
7.3.8 Besides policies on conflicts of interests, the insurer should ensure
objectivity in decision making by establishing clear and objective
independence criteria which should be met by an adequate number of
members of the Board (i.e. non-executive Board members). For this
purpose, the independence criteria should also take account of group
structures and other applicable factors. Meeting such criteria is
particularly important for those Board members undertaking specific roles
(such as members of the remuneration and audit committees) in which
conflicts of interests are more likely to arise.
7.3.9 Objectivity in decision making is also promoted by independence of mind
of the individual Board members. This means that a Board member
should act without favour; provide constructive and robust challenge of
proposals and decisions; ask for information when the member judges it
necessary in the light of the issues; and avoid “group-think”.
7.3.10 Board members should also bear in mind the duties of good faith and
loyalty applicable to them at the individual level, as set out in Standard
7.4.
Board powers
Public
7.3.11 To be able to discharge its role and responsibilities properly, the Board
should have well-defined powers, which are clearly set out either in
legislation and/or as part of the constituent documents of the insurer
(such as the constitution, articles of incorporation, by-laws or
internal/organisational rules). These should, at a minimum, include the
power to obtain timely and comprehensive information relating to the
management of the insurer, including direct access to relevant persons
within the organisation for obtaining information, such as Senior
Management and Key Persons in Control Functions.
Access to resources
7.3.12 Adequate resources, such as sufficient funding, staff and facilities, should
be allocated to the Board to enable the Board members to carry out their
respective roles and responsibilities efficiently and effectively. The Board
should have access to services of external consultants or specialists
where necessary or appropriate, subject to criteria (such as
independence) and due procedures for appointment and dismissal of
such consultants or specialists.
Delegations
7.3.13 The Board may delegate some of the activities or tasks associated with
its own roles and responsibilities. (Delegations in this context are
distinguished from outsourcing of business activities by the insurer, which
is dealt with in ICP 8 Risk Management and Internal Controls.)
Notwithstanding such delegations, the Board as a whole retains the
ultimate responsibility for the activities or tasks delegated, and the
decisions made in reliance on any advice or recommendations made by
the persons or committees to whom the tasks were delegated.
7.3.14 Where the Board makes any delegations, it should ensure that:
• the delegation is appropriate. Any delegation that results in the
Board not being able to discharge its own roles and
responsibilities effectively would be an undue or inappropriate
delegation. For example, the duty to oversee the Senior
Management should not be delegated to a Board committee
comprised mostly or solely of executive members of the Board
who are involved in the day-to-day management of the insurer;
• the delegation is made under a clear mandate with well-defined
terms such as those relating to the powers, accountabilities and
procedures relating to the delegation, and is supported by
adequate resources to effectively carry out the delegated
functions;
• there is no undue concentration of powers giving any one
person or group of individuals an unfettered and inappropriate
level of powers capable of influencing the insurer’s business or
management decisions;
• it has the ability to monitor and require reports on whether the
delegated tasks are properly carried out; and
Public
• it retains the ability to withdraw the delegation if it is not
discharged properly and for due purposes by the delegate, and,
for this purpose, have appropriate contingency arrangements in
place.
Duties of individual Board members
7.4 The supervisor requires that an individual member of the Board:

• act in good faith, honestly and reasonably;
• exercise due care and diligence;
• act in the best interests of the insurer and policyholders, putting those
interests ahead of his/her own interests;
• exercise independent judgment and objectivity in his/her decision
making, taking due account of the interests of the insurer and
policyholders; and
• not use his/her position to gain undue personal advantage or cause any
detriment to the insurer.
7.4.1 The specific duties identified above are designed to address conflicts of
interests that arise between the interests of the individual members of the
Board and those of the insurer and policyholders. The insurer should
include these duties as part of the terms of engagement of the individual
Board members.
7.4.2 The supervisor should be satisfied that individual Board members
understand the nature and scope of their duties and how they impact on
the way in which the member discharges his/her respective roles and
responsibilities. A Board member should consider his/her ability to
discharge the roles and responsibilities in a manner as would be expected
of a reasonably prudent person placed in a similar position. He/she
should act on a fully informed basis, and for this purpose continually seek
and acquire information as necessary.
7.4.3 Where a member of the Board of an insurer has common membership on
the Board of any other entity within or outside the insurer’s group, there
should be clear and well defined procedures regarding the member’s duty
of loyalty to the insurer. These may include appropriate disclosure and in
some instances shareholder approval of such overlapping roles. In the
event of a material conflict with the interests of the insurer, the member
should disclose such conflicts promptly to the Board of the insurer and its
stakeholders as appropriate, and be required to decline to vote or take
any decisions in any matters in which he/she has an interest.
Duties related to risk management and internal controls
7.5 The supervisor requires the insurer’s Board to provide oversight in respect of
the design and implementation of risk management and internal controls.
7.5.1 It is the Board’s responsibility to ensure that the insurer has appropriate
systems and functions for risk management and internal controls and to
provide oversight to ensure that these systems and the functions that
oversee them are operating effectively and as intended. The
Public
responsibilities of the Board are described further in ICP 8 (Risk
Management and Internal Controls).
Duties related to remuneration
7.6 The supervisor requires the insurer’s Board to:

• adopt and oversee the effective implementation of a written
remuneration policy for the insurer, which does not induce excessive or
inappropriate risk taking, is in line with the corporate culture, objectives,
strategies, identified risk appetite, and long term interests of the insurer,
and has proper regard to the interests of its policyholders and other
stakeholders; and
• ensure that such a remuneration policy, at a minimum, covers those
individuals who are members of the Board, Senior Management, Key
Persons in Control Functions and other employees whose actions may
have a material impact on the risk exposure of the insurer (major risk–
taking staff).
7.6.1 Sound remuneration policy and practices are part of the corporate
governance of an insurer. This standard and guidance are neither
intended to unduly restrict nor reduce an insurer’s ability to attract and
retain skilled talent by prescribing any particular form or level of individual
remuneration. Rather, they aim to promote the alignment of remuneration
policies with the long term interests of insurers to avoid excessive risk
taking, thereby promoting sound overall governance of insurers and fair
treatment of customers.
Overall remuneration strategy and oversight
7.6.2 As a part of effective risk management, an insurer should adopt and

implement a prudent and effective remuneration policy. Such a policy
should not encourage individuals, particularly members of the Board and
Senior Management, Key Persons in Control Functions and major risk-
taking staff, to take inappropriate or excessive risks, especially where
performance-based variable remuneration is used.
7.6.3 The Board, particularly members of the remuneration committee where
one exists, should collectively have the requisite competencies to make
informed and independent judgments on the suitability of an insurer’s
remuneration policy. Such competencies include skills, such as a
sufficient understanding of the relationship between risk and
remuneration practices. The remuneration committee, where established,
should have an adequate representation of non-executive members to
promote objectivity in decision-making.
7.6.4 In order to satisfy itself about the effectiveness of the remuneration policy
and practices, the Board should consider at least:
• the components of the overall remuneration policy, particularly
the use and balance of fixed and variable components;
• the performance criteria and their application for the purposes
of determining remuneration payments;
Public
• the remuneration of the members of the Board, Senior
Management and major risk-taking staff; and
• any reports or disclosures on the insurer’s remuneration
practices provided to the supervisor or the public.
7.6.5 The Board should ensure that in structuring, implementing and reviewing
the insurer’s remuneration policy, the decision-making process identifies
and manages conflicts of interests and is properly documented. Members
of the Board should not be placed in a position of actual or perceived
conflicts of interests in respect of remuneration decisions.
7.6.6 The Board should also ensure that the relevant Key Persons in Control
Functions are involved in the remuneration policy-setting and monitoring
process to ensure that remuneration practices do not create incentives
for excessive or inappropriate risk taking, are carried out consistently with
established policies and promote alignment of risks and rewards across
the organisation. Similarly, the remuneration and risk management
committees of the Board, if such committees exist, should interact closely
with each other and provide input to the Board on the incentives created
by the remuneration system and their effect on risk-taking behaviour.
7.6.7 The potential for conflicts of interests that may compromise the integrity
and objectivity of the staff involved in control functions should be
mitigated. This can be achieved by a variety of means, such as making
their remuneration:
• predominantly based on the effective achievement of the
objectives appropriate to such control functions. Performance
measures for staff in control functions should represent the right
balance between objective assessments of the control
environment (e.g. the conduct of the relationship between the
control functions and executive management) and outputs
delivered by the control functions, including their impact, quality
and efficiency in supporting the oversight of risks. Such output
measures may include recommendations made and
implemented to reduce risks, reduction in number of compliance
breaches and measures adopted to promptly rectify identified
breaches, results of external quality reviews and losses
recovered or avoided through audits of high risk areas;
• not linked to the performance of any business units which are
subject to their control or oversight. For example, where risk and
compliance functions are embedded in a business unit, a clear
distinction should be drawn between the remuneration policy
applicable to staff undertaking control functions and other staff
in the business unit, such as through the separation of the pools
from which remuneration is paid to the two groups of staff; and
• adequate as an overall package to attract and retain staff with
the requisite skills, knowledge and expertise to discharge those
control functions effectively and to increase their competence
and performance.
Public
7.6.8 Where any control function is outsourced, the remuneration terms under
the agreement with the service provider should be consistent with the
objectives and approved parameters of the insurer’s remuneration policy.
Variable remuneration
7.6.9 Variable remuneration should be performance-based using measures of

individual, unit or group performance that do not create incentives for
inappropriate risk taking.
7.6.10 To better align performance-based incentives with the long term value
creation and the time horizon of risks to which the insurer may be
exposed, due consideration should be given to the following:
• There should be an appropriate mix of fixed and variable
components, with adequate parameters set for allocating cash
versus other forms of remuneration, such as shares. A variable
component linked to performance that is too high relative to the
fixed component may make it difficult for an insurer to reduce or
eliminate variable remuneration in a poor financial year;
• The reward for performance should include an adjustment for
the material current and future risks associated with
performance. Since the time horizon of performance and
associated risks can vary, the measurement of performance
should, where practicable, be set in a multi-year framework to
ensure that the measurement process is based on longer term
performance;
• If the variable component of remuneration is significant, the
major part of it should be deferred for an appropriate specified
period. The deferral period should take account of the time
frame within which risks associated with the relevant
performance (such as the cost of capital required to support
risks taken and associated uncertainties in the timing and the
likelihood of future revenues and expenses) may materialise.
The deferral period applied may vary depending on the level of
seniority or responsibility of the relevant individuals and the
nature of risks to which the insurer is exposed;
• The award of variable remuneration should contain provisions
that enable the insurer, under certain circumstances, to apply
malus or claw back arrangements in the case of subdued or
negative financial performance of the insurer which is attributed
to the excessive risk taking of the staff concerned and when
risks of such performance have manifested after the award of
variable remuneration; and
• Guaranteed variable remuneration should generally not be
offered, as they are not consistent with sound risk management
and performance-based rewards.
7.6.11 The variable component should be subject to prudent limits set under the
remuneration policy that are consistent with the insurer’s capital
management strategy and its ability to maintain a sound capital base
Public
taking account of the internal capital targets or regulatory capital
requirements of the insurer.
7.6.12 The performance criteria applicable to the variable components of
remuneration should promote a complete assessment of risk-adjusted
performance. For this purpose, due consideration should be given to the
need for performance criteria to:
• be clearly defined and be objectively measurable;
• be based not only on financial but also on non-financial criteria
as appropriate (such as compliance with regulation and internal
rules, achievement of risk management goals, adequate and
timely follow up of internal audit recommendations as well as
compliance with market conduct standards and fair treatment of
customers;
• take account of not only the individual’s performance, but also
the performance of the business unit concerned where relevant
and the overall results of the insurer and the group; and
• not treat growth or volume as a criterion in isolation from other
performance criteria.
Share-based components
7.6.13 Where share-based components of variable remuneration (such as

shares, share options or similar instruments) are used, appropriate
safeguards should be implemented to align incentives and the longer-
term interests of the insurer. Such safeguards may include that:
• shares do not vest for a minimum specified period after their
award (“vesting restrictions”);
• share options or other similar rights are not exercisable for a
minimum specified period after their award (“holding
restrictions”); and
• individuals are required to retain an appropriate proportion of the
shares awarded until the end of their employment or other
specified period beyond their employment (“retention
restrictions”).
7.6.14 Subject to any applicable legal restrictions, it is appropriate that future
vesting and holding restrictions for share-based remuneration remain
operative even upon cessation of employment (i.e. there should be no
undue acceleration of the vesting of share-based payments or curtailing
of any holding restrictions).
Severance payments
7.6.15 Where an insurer provides discretionary pay-outs on termination of

employment (“severance payments”, sometimes also referred to as
“golden parachutes”), such payment should be subject to appropriate
governance controls and limits. In any case, such pay-outs should be
aligned with the insurer’s overall financial condition and performance over
an appropriate time horizon. Severance payments should be related to
Public
performance over time; should not reward failure and should not be
payable in the case of failure or threatened failure of the insurer,
particularly to an individual whose actions have contributed to the failure
or potential failure of the insurer.
Reliable and transparent financial reporting
7.7 The supervisor requires the insurer’s Board to ensure there is a reliable financial
reporting process for both public and supervisory purposes that is supported
by clearly defined roles and responsibilities of the Board, Senior Management
and the external auditor.
7.7.1 The Board is responsible for overseeing the insurer’s systems and
controls to ensure that the financial reports of the insurer present a
balanced and accurate assessment of the insurer’s business and its
general financial health and viability as a going concern.
The Board carries out functions including:
• overseeing the financial statements, financial reporting and
disclosure processes;
• monitoring whether accounting policies and practices of the
insurer are operating as intended;
• overseeing the internal audit process (reviews by internal audit
of the insurer’s financial reporting controls) and reviewing the
internal auditor’s plans and material findings; and
• reporting to the supervisor on significant issues concerning the
financial reporting process, including actions taken to address
or mitigate identified financial reporting risks.
7.7.2 The Board should ensure that significant findings and observations
regarding weaknesses in the financial reporting process are promptly
rectified. This should be supported by a formal process for reviewing and
monitoring the implementation of recommendations by the external
auditor.
External Audit
7.8 The supervisor requires the insurer's Board to ensure that there is adequate
governance and oversight of the external audit process.
7.8.1 The Board should ensure that the insurer:
• applies robust processes for approving, or recommending for
approval, the appointment, reappointment, removal and
remuneration of the external auditor;
• applies robust processes for monitoring and assessing the
independence of the external auditor and to ensure that the
appointed external auditor has the necessary knowledge, skills,
expertise, integrity and resources to conduct the audit and meet
any additional regulatory requirements;
Public
• monitors and assesses the effectiveness of the external audit
process throughout the audit cycle;
• investigates circumstances relating to the resignation or
removal of an external auditor, and ensuring prompt actions are
taken to mitigate any identified risks to the integrity of the
financial reporting process, and
• reports to the supervisor on circumstances relating to the
resignation or removal of the external auditor.
7.8.2 The Board should oversee the external audit process and safeguard and
promote an effective relationship with the external auditor. For this
purpose the Board should ensure that:
• the terms of engagement of the external auditor are clear and
appropriate to the scope of the audit and resources required to
conduct the audit and specify the level of audit fees to be paid;
• the auditor undertakes a specific responsibility under the terms
of engagement to perform the audit in accordance with relevant
local and international audit standards;
• the external auditor complies with internationally accepted
ethical and professional standards and, where applicable, the
more stringent requirements applicable to audits of listed
entities and public interest entities;
• there are adequate policies and a process to ensure the
independence of the external auditor, including:
− restrictions and conditions for the provision of non-audit
services which are subject to approval by the Board;
− periodic rotation of members of the audit team and/or audit
firm as appropriate; and
− safeguards to eliminate or reduce to an acceptable level
identified threats to the independence of the external
auditor.
• there is adequate dialogue with the external auditor on the
scope and timing of the audit to understand the issues of risk,
information on the insurer’s operating environment which is
relevant to the audit, and any areas in which the Board may
request for specific procedures to be carried out by the external
auditor, whether as a part or an extension of the audit
engagement; and
• there is unrestricted access by the external auditor to
information and persons within the insurer as necessary to
conduct the audit.
7.8.3 In order to establish the degree of assurance that the Board can draw
from the external auditor’s report, the Board should also understand the
external auditor’s approach to the audit. This includes the assessment of
the external auditor’s ability to:
Public
• identify and assess the risks of material misstatement in the
insurer’s financial statements, taking into consideration the
complexities of insurance activities and the need for insurers to
have a strong control environment;
• respond appropriately to the significant risks of material
misstatement in the insurer’s financial statements; and
• develop appropriate relationships with the internal audit function
and the actuarial function.
The Board should take appropriate actions where doubts arise as to the
reliability of the external audit process.
7.8.4 In order to enable the Board to carry out its oversight responsibilities and
to enhance the quality of the audit, the Board should have an effective
communication with the external auditor. This should include:
• regular meetings between the Board and the external auditor
during the audit cycle, including meetings without management
present; and
• prompt communication of any information regarding internal
control weaknesses or deficiencies of which the external auditor
becomes aware.
The Board should require the external auditor to report to it on all relevant
matters.
7.8.5 The supervisor and the external auditor should have an effective
relationship that includes appropriate communication channels for the
exchange of information relevant to carrying out their respective statutory
responsibilities.
7.8.6 Reports prepared by the external auditor for the insurer (e.g.
management letters) should be made available to the supervisor by the
insurer or the external auditor.
7.8.7 The supervisor should require the external auditor to report matters that
are likely to be of material significance. This would include material fraud,
suspicion of material fraud and regulatory breaches or other significant
audit findings identified in the course of the audit. Such information should
be provided to the supervisor without the need for prior consent of the
insurer and the external auditor should be duly protected from liability for
any information disclosed to the supervisor in good faith.
7.8.8 The supervisor should require a further audit by a different external
auditor where necessary.
Communications
7.9 The supervisor requires the insurer’s Board to have systems and controls to
ensure appropriate, timely and effective communications with the supervisor on
the governance of the insurer.
7.9.1 Communications with the supervisor should promote effective
engagement of the supervisor on the governance of the insurer to enable
Public
informed judgments about the effectiveness of the Board and Senior
Management in governing the insurer.
7.9.2 Subject to any reasonable commercial sensitivities and applicable privacy
or confidentiality obligations, the insurer’s communication policies and
strategies should include providing to the insurer’s stakeholders
information such as the following:
• the insurer’s overall strategic objectives, covering existing or
prospective lines of business and how they are being or will be
achieved;
• the insurer’s governance structures, such as allocation of
oversight and management responsibilities between the Board
and the Senior Management, and organisational structures,
including reporting lines;
• members of the Board and any Board committees, including
their respective expertise, qualifications, track-record, other
positions held by such members, and whether such members
are regarded as independent;
• processes in place for the Board to evaluate its own
performance and any measures taken to improve the Board’s
performance;
• the general design, implementation and operation of the
remuneration policy;
• major ownership and group structures, and any significant
affiliations and alliances; and
• material related-party transactions.
7.9.3 In addition to information publicly available, the supervisor may require
more detailed and additional information relating to the insurer’s
corporate governance for supervisory purposes, which may include
commercially sensitive information, such as assessments by the Board of
the effectiveness of the insurer’s governance system, internal audit
reports and more detailed information on the remuneration structures
adopted by the insurer for the Board, Senior Management, Key Persons
in Control Functions and major risk-taking staff. The insurer’s
communication policies and strategies should enable such information to
be provided to the supervisor in a timely and efficient manner.
Supervisors should safeguard such information having due regard to the
confidentiality of commercially sensitive information and applicable laws.
7.9.4 Disclosure of information on remuneration should be sufficient to enable
stakeholders to evaluate how the remuneration system relates to risk and
whether it is operating as intended. Relevant information may include:
• the operation of risk adjustments, including examples of how the
policy results in adjustments to remuneration for employees at
different levels;
• how remuneration is related to performance (both financial and
personal business conduct) over time; and
Public
• valuation principles in respect of remuneration instruments.
7.9.5 Appropriate quantitative information should also be made available to
enable supervisors to evaluate the financial impact of the remuneration
policy. Such information may include:
• the total cost of remuneration awarded in the period, analysed
according to the main components such as basic salary,
variable remuneration and long-term awards;
• the total amount set aside in respect of deferred variable
remuneration;
• adjustment to net income for the period in respect of variable
remuneration awarded in previous periods;
• the total costs of all sign-on payments in the period and number
of individuals to whom these relate; and
• the total costs of all severance payments in the period and
number of individuals to whom these relate.
These amounts should be analysed by type of instrument (e.g. cash,
shares, share options etc.) as applicable, and in a manner consistent with
the key elements of the remuneration policy.
7.9.6 Disclosure of information on governance should be made on a regular
(for instance, at least annually) and timely basis.
Duties of Senior Management
7.10 The supervisor requires the insurer to ensure that Senior Management:
• carries out the day-to-day operations of the insurer effectively and in
accordance with the insurer’s corporate culture, business objectives and
strategies for achieving those objectives in line with the Insurer's long
term interests and viability;
• promotes sound risk management, compliance and fair treatment of
customers;
• provides the Board adequate and timely information to enable the Board
to carry out its duties and functions including the monitoring and review
of the performance and risk exposures of the insurer, and the
performance of Senior Management; and
• maintains adequate and orderly records of the internal organisation.
7.10.1 Senior Management should implement appropriate systems and controls,
in accordance with the established risk appetite and corporate values and
consistent with internal policies and procedures.
7.10.2 Such systems and controls should provide for organisation and decision-
making in a clear and transparent manner that promotes effective
management of the insurer. Senior Management’s systems and controls
should encompass:
Public
• processes for engaging persons with appropriate competencies
and integrity to discharge the functions under Senior
Management, which include succession planning, on-going
training and procedures for termination;
• clear lines of accountability and channels of communication
between persons in Senior Management and Key Persons in
Control Functions;
• proper procedures for the delegation of Senior Management
functions and monitoring whether delegated functions are
carried out effectively and properly, in accordance with the same
principles that apply to delegations by the Board (see Guidance
7.3.13 and 7.3.14);
• standards of conduct and codes of ethics for the Senior
Management and other staff to promote a sound corporate
culture, and the effective implementation on an on-going basis
of standards and codes (see ICP 8 Risk Management and
Internal Controls for conflicts of interest provisions);
• proper channels of communications, including clear lines of
reporting, as between the individuals performing the functions
of the Senior Management and the Board, including provisions
dealing with whistleblower protection, and their effective
implementation; and
• effective communication strategies with supervisors and
stakeholders that include the identification of matters that should
be disclosed, and to whom such disclosure should be made.
7.10.3 Adequate procedures should be in place for assessing the effectiveness
of Senior Management’s performance against the performance
objectives set by the Board. For this purpose, annual assessments of
their performance against set goals should be carried out at least
annually, preferably by an independent party, a control function, or the
Board itself. Any identified inadequacies or gaps should be addressed
promptly and reported to the Board.
7.10.4 Senior Management should also promote strong risk management and
internal controls through personal conduct and transparent policies.
Senior Management should communicate throughout the insurer the
responsibility of all employees in this respect. It should not interfere with
the activities that control functions carry out in the rightful exercise of their
responsibilities, including that of providing an independent view of
governance, risk, compliance and control related matters.
Supervisory review
7.11 The supervisor requires the insurer to demonstrate the adequacy and
effectiveness of its corporate governance framework.
7.11.1 The supervisor plays an important role by requiring the Board and Senior
Management of the insurer to demonstrate that they are meeting the
applicable corporate governance requirements, consistent with these
standards, on an on-going basis. The onus for demonstrating, to the
Public
satisfaction of the supervisor, that the corporate governance framework
is effective and operates as intended rests with the insurer.
7.11.2 The Supervisor should assess through its supervisory review and
reporting processes whether the insurer’s overall corporate governance
framework is effectively implemented and remains adequate (see ICP 9
Supervisory Review and Reporting).
7.11.3 To help facilitate the supervisory review and reporting processes, the
supervisor should establish effective channels of communication with the
insurer, and have access to relevant information concerning the
governance of the insurer. This may be obtained through periodic reports
to the supervisor and any information obtained on an ad-hoc basis (see
also Standard 7.7). Communication may also be facilitated by the
supervisor having regular interaction with the Board, Senior Management
and Key Persons in Control Functions.
7.11.4 The supervisor should assess the governance effectiveness of the Board
and Senior Management and determine the extent to which their actions
and behaviours contribute to good governance. This includes the extent
to which the Board and Senior Management contribute to setting and
following the “tone at the top;” how the corporate culture of the insurer is
communicated and put into practice; how information flows to and from
the Board and Senior Management; and how potential material problems
are identified and addressed throughout the insurer.
7.11.5 To ascertain the on-going effectiveness of the Board and Senior
Management, the supervisor may also consider the use of measures
such as the following, where appropriate:
• on-going mandatory training that is commensurate with their
respective duties, roles and responsibilities of the Board and
Senior Management within the insurer;
• a review of the periodic self-evaluation undertaken by the Board
as referred to in Guidance 7.3.3 and 7.11.1;
• meetings and/or interviews with the Board and Senior
Management, both collectively and individually as appropriate,
particularly to reinforce expectations relating to their
performance and to get a sense of how informed and proactive
they are; and
• attending and observing Board proceedings.
7.11.6 Where remuneration policies of an insurer contain more high risk
elements, closer supervisory scrutiny of those policy and practices may
also be warranted, including requests for additional information as
appropriate to assess whether those practices are having an adverse
impact on the on-going viability of the insurer or commissioning an
independent assessment of the insurer’s remuneration policy and
practices.
Public
ICP 8 Risk Management and Internal Controls 10
The supervisor requires an insurer to have, as part of its overall corporate
governance framework, effective systems of risk management and internal controls,
including effective functions for risk management, compliance, actuarial matters and
internal audit.
8.0.1 As part of the overall corporate governance framework and in furtherance

of the safe and sound operation of the insurer and the protection of
policyholders, the Board is ultimately responsible for ensuring that the
insurer has in place effective systems of risk management and internal
controls and functions to address the key risks it faces and for the key
legal and regulatory obligations that apply to it. Senior Management
effectively implements these systems and provides the necessary
resources and support for these functions.
8.0.2 In some jurisdictions, risk management is considered a subset of internal
controls, while other jurisdictions would see it the other way around. The
two systems are in fact closely related. Where the boundary lies between
risk management and internal controls is less important than achieving,
in practice, the objectives of each.
8.0.3 The systems and functions should be adequate for the insurer’s
objectives, strategy, risk profile, and the applicable legal and regulatory
requirements. They should be adapted as the insurer’s business and
internal and external circumstances change.
8.0.4 The nature of the systems that the insurer has is dependent on many
factors. The systems typically include:
• strategies setting out the approach of the insurer for dealing with
specific areas of risk and legal and regulatory obligation;
• policies defining the procedures and other requirements that
members of the Board and employees need to follow;
• processes for the implementation of the insurer’s strategies and
policies;
• and controls to ensure that such strategies, policies and
processes are in fact in place, are being observed and are
attaining their intended objectives.
8.0.5 An insurer’s functions (whether in the form of a person, unit or
department) should be properly authorised to carry out specific activities
relating to matters such as risk management, compliance, actuarial
matters and internal audit. These are generally referred to as control
functions.

Public
Special considerations for groups
8.0.6 Group wide risks may affect insurance legal entities within a group, while
risks at the insurance legal entity level could also affect the group as a
whole. To help address this, groups should have strong risk management
and compliance culture across the group and at the insurance legal entity
level. Thus, in addition to meeting group governance requirements, the
group should take into account the obligations of its insurance legal
entities to comply with local laws and regulations.
8.0.7 How a group's systems of risk management and internal controls are
organised and operate will depend on the governance approach the
group takes, i.e., a more centralised or a more decentralised approach
(see IAIS Issues Paper on Approaches to Group Corporate Governance;
impact on control functions, October 2014). Regardless of the
governance approach, it is important that effective systems of risk
management and internal controls exist and that risks are properly
monitored and managed at the insurance legal entity level and on a
group-wide basis.
8.0.8 Additionally, a group’s governance approach will also affect the way in
which its control functions are organised and operated. Coordination
between the insurance legal entity and group control functions is
important to help ensure overall effective systems of risk management
and internal controls. Regardless of how the group control functions are
organised and operated, the result should provide an overall view of the
group-wide risks and how they should be managed.
8.0.9 Supervisors should require the establishment of comprehensive and
consistent group governance and assess its effectiveness. While the
group-wide supervisor is responsible for assessing the effectiveness of
the group’s systems of risk management and internal controls, the other
involved supervisors undertake such assessments on a legal entity basis.
Appropriate supervisory cooperation and coordination is necessary to
have a group-wide view and to enhance the assessment of the legal
entities.
Systems for risk management and internal controls
8.1 The supervisor requires the insurer to establish, and operate within, an effective
risk management system.
Basic components of a risk management system
8.1.1 The risk management system is designed and operated at all levels of
the insurer to allow for the identification, assessment, monitoring,
mitigation and reporting of all risks of the insurer in a timely manner. It
takes into account the probability, potential impact and time horizon of
risks.
8.1.2 An effective risk management system typically includes elements such
as:
• a clearly defined and well documented risk management
strategy, which includes a clearly defined risk appetite and takes
Public
into account the insurer’s overall business strategy and its
business activities (including any business activities which have
been outsourced);
• relevant objectives, key principles and proper allocation of
responsibilities for dealing with risk across the business areas
and business units of the insurer
• a documented process defining the Board approval required for
any deviations from the risk management strategy or the risk
appetite and for settling any major interpretation issues that may
arise;
• appropriate documented policies that include a definition and
categorisation of material risks (by type) to which the insurer is
exposed, and the levels of acceptable risk limits for each type of
these risk. These policies describe the risk standards and the
specific obligations of employees and the businesses in dealing
with risk, including risk escalation and risk mitigation tools;
• suitable processes and tools (including stress testing and,
where appropriate, models) for identifying, assessing,
monitoring and reporting on risks. Such processes should also
cover contingency planning;
• regular reviews of the risk management system (and its
components) to help ensure that necessary modifications and
improvements are identified and made in a timely manner;
• appropriate attention to other matters set out in ICP (16
Enterprise Risk Management for Solvency Purposes); and
• an effective risk management function.
Scope and embedding of the risk management system
8.1.3 The risk management system should at least cover underwriting and
reserving, asset-liability management, investments, liquidity and
concentration risk management, operational risk management, conduct
of business, and reinsurance and other risk-mitigation techniques.
8.1.4 The risk management system should be aligned with the insurer’s risk
culture and embedded into the various business areas and units with the
aim of having the appropriate risk management practices and procedures
embedded in the key operations and structures.
Identification
8.1.5 The risk management system should take into account all reasonably
foreseeable and relevant material risks to which the insurer is exposed,
both at the insurer and the individual business unit levels. This includes
current and emerging risks.
8.1.6 Significant new or changed activities and products that may increase an
existing risk or create a new type of exposure should be subject to
appropriate risk review and be approved by the Board and Senior
Management.
Public
Assessment
8.1.7 Insurers should assess material risks both qualitatively and, where
appropriate, quantitatively. Appropriate consideration should be given to
a sufficiently wide range of outcomes, as well as to the appropriate tools
and techniques to be used. The interdependencies of risks should also
be analysed and taken into account in the assessments.
Monitoring
8.1.8 The risk management system should include early warnings or triggers
that allows timely consideration of, and adequate response to, material
risks. An insurer may decide to tolerate a risk, when it is acceptable within
the risk appetite that has been set.
Mitigation
8.1.9 The risk management system should include strategies and tools to
mitigate against material risks. In most cases an insurer will control or
reduce the risk to an acceptable level. Another response to risk is to
transfer the risk to a third party. If risks are not acceptable within the risk
appetite and it is not possible to control, limit or transfer the risk, the
insurer should cease or change the activity which creates the risk.
Reporting
8.1.10 Risks, the overall assessment of risks and the related action plans should
be reported to the Board and/or to Senior Management, as appropriate,
using qualitative and quantitative indicators and effective action plans.
The insurer’s documented risk escalation process should allow for
reporting on risk issues within established reporting cycles and outside of
them for matters of particular urgency.
8.1.11 The Board should have appropriate ways to carry out its responsibilities
for risk oversight. The risk management policy should therefore cover the
content, form and frequency of reporting that it expects on risk from
Senior Management and each of the control functions. Any proposed
activity that would go beyond the Board-approved risk appetite should be
subject to appropriate review and require Board approval.
Risk Policies
8.1.12 The insurer’s risk policies should be written in a way to help employees
understand their risk responsibilities. They should also help explain the
relationship of the risk management system to the insurer’s overall
corporate governance framework and to its corporate culture. The overall
risk management policy of the insurer should outline how relevant and
material risks are managed. Related policies should be established,
either as elements of the risk management policy, or as separate sub-
policies. At a minimum, these should include policies related to the risk
appetite framework, an asset-liability management policy, an investment
policy, and an underwriting risk policy.
Public
8.1.13 Regular internal communications and training on risk policies should take
place.
Changes to the risk management system
8.1.14 Both the Board and Senior Management should be attentive to the need
to modify the risk management system in light of new internal or external
circumstances.
8.1.15 Material changes to an insurer’s risk management system should be
documented and subject to approval by the Board. The reasons for the
changes should be documented. Appropriate documentation should be
available to internal audit, external audit and the supervisor for their
respective assessments of the risk management system.
8.2 The supervisor requires the insurer to establish, and operate within, an effective
system of internal controls.
Basic components of an internal controls system
8.2.1 The internal controls system should ensure effective and efficient
operations, adequate control of risks, prudent conduct of business,
reliability of financial and non-financial information reported (both
internally and externally), and compliance with laws, regulations,
supervisory requirements and the insurer's internal rules and decisions.
It should be designed and operated to assist the Board and Senior
Management in the fulfilment of their respective responsibilities for
oversight and management of the insurer. Some insurers have a
designated person or function to support the advancement, coordination
and/or management of the overall internal controls system on a more
regular basis.
8.2.2 The internal controls system should cover all units and activities of the
insurer and should be an integral part of the daily activities of an insurer.
The controls should form a coherent system, which should be regularly
assessed and improved as necessary. Each individual control 11 of an
insurer, as well as all its controls cumulatively, should be designed for
effectiveness and operate effectively.
8.2.3 An effective internal control system requires an appropriate control
structure with control activities defined at every business unit level.
Depending on the organisational structure of the insurer, business or
other units should own, manage and report on risks and should be
primarily accountable for establishing and maintaining effective internal
control policies and procedures. Control functions should determine and
assess the appropriateness of the controls used by the business or other
units. The internal audit function should provide independent assurance
on the quality and effectiveness of the internal controls system. 12
11 Individual controls may be preventive (applied to prevent undesirable outcomes) or detective (to
uncover undesirable activity). Individual controls may be manual (human), automated, or a
combination and may be either general or process or application specific.
12 This division of responsibilities between business, risk management and compliance and internal
audit is typically referred to as the three lines of defense. The business is considered as the first line
Public
8.2.4 An effective internal controls system typically includes:
Segregation of duties and prevention of conflicts of interest
• appropriate segregation of duties and controls to ensure such
segregation is observed. This includes, amongst others, having
sufficient distance between those accountable for a process or
policy and those who check if for such a process or policy an
appropriate control exists and is being applied. It also includes
appropriate distance between those who design a control or
operate a control and those who check if such a control is
effective in design and operation;
• up-to-date policies regarding who can sign for or commit the
insurer, and for what amounts, with corresponding controls,
such as practice that key decisions should be taken at least by
two persons and the practice of double or multiple signatures.
Such policies and controls should be designed, among other
things, to prevent any major transaction being entered into
without appropriate governance review or by anyone lacking the
necessary authority and to ensure that borrowing, trading, risk
and other such limits are strictly observed. Such policies should
foresee a role for control functions, for example by requiring for
major matters the review and sign-off by Risk Management or
Compliance, and/or approval by a Board level committee;
Policies and processes
• appropriate controls for all key business processes and policies,
including for major business decisions and transactions
(including intra-group transactions), critical IT functionalities,
access to critical IT infrastructure by employees and related third
parties, and important legal and regulatory obligations;
• policies on training in respect of controls, particularly for
employees in positions of high trust or responsibility or involved
in high risk activities;
• a centralised documented inventory of insurer-wide key
processes and policies and of the controls in place in respect of
such processes and policies, that also may introduce a
hierarchy among the policies;
Information and communication
• appropriate controls to provide reasonable assurance over the
accuracy and completeness of the insurer’s books, records, and
accounts and over financial consolidation and reporting,
including the reporting made to the insurer’s supervisors;
of defence, the control functions (other than internal audit) as the second line of defence, and internal
audit as the third line of defence. The business is deemed to “own” the controls, and the other lines
of defence are there to help ensure their application and viability. Whatever approach is used, it is
important that responsibilities be clearly allocated to promote checks and balances and avoid conflicts
of interest.
Public
• adequate and comprehensive internal financial, operational and
compliance data, as well as external market information about
events and conditions that are relevant to decision making.
Information should be reliable, timely, accessible, and provided
in a consistent format;
• information processes that cover all significant activities of the
insurer, including contingency arrangements;
• effective channels of communication to ensure that all staff fully
understand and adhere to the internal controls and their duties
and responsibilities and that other relevant information is
reaching the appropriate personnel;
• policies regarding escalation procedures;
Monitoring and review
• processes for regularly checking that the totality of all controls
forms a coherent system and that this system works as
intended; fits properly within the overall corporate governance
structure of the insurer; and provides an element of risk control
to complement the risk identification, risk assessment, and risk
management activities of the insurer. As part of such review,
individual controls are monitored and analysed periodically to
determine gaps and improvement opportunities with Senior
Management taking such measures as are necessary to
address these; and
• periodic testing and assessments (carried out by objective
parties such as an internal or external auditor) to determine the
adequacy, completeness and effectiveness of the internal
controls system and its utility to the Board and Senior
Management for controlling the operations of the insurer.
Responsibilities of the Board
8.2.5 The Board should have an overall understanding of the control

environment across the various entities and businesses, and require
Senior Management to ensure that for each key business process and
policy, and related risks and obligations, there is an appropriate control.
8.2.6 In addition, the Board should ensure there is clear allocation of
responsibilities within the insurer, with appropriate segregation, including
in respect of the design, documentation, operation, monitoring and testing
of internal controls. Responsibilities should be properly documented,
such as in charters, authority tables, governance manuals or other similar
governance documents.
8.2.7 The Board should determine which function or functions report to it or to
any Board Committees in respect of the internal controls system.
Reporting
8.2.8 Reporting on the internal controls system should cover matters such as:
Public
• the strategy in respect of internal controls (such as
responsibilities, target levels of compliance to achieve,
validations and implementation of remediation plans);
• the stage of development of the internal controls system,
including its scope, testing activity, and the performance against
annual or periodic internal controls system goals being pursued;
• an assessment of how the various business units are performing
against internal control standards and goals;
• control deficiencies, weaknesses and failures that have arisen
or that have been identified (including any identified by the
internal or external auditors or the supervisor) and the
responses thereto (in each case to the extent not already
covered in other reporting made to the Board); and
• controls at the appropriate levels so as to be effective, including
at the process or transactional level.
Control functions (general)
8.3 The supervisor requires the insurer to have effective control functions with the
necessary authority, independence and resources.
8.3.1 As part of the effective systems of risk management and internal controls,
insurers have control functions, including for risk management,
compliance, actuarial matters and internal audit. Control functions add to
the governance checks and balances of the insurer and provide the
necessary assurance to the Board in the fulfilment of its oversight duties.
8.3.2 The existence of control functions does not relieve the Board or Senior
Management of their respective governance and related responsibilities.
8.3.3 The control functions should be subject to periodic review either by the
internal audit function (for control functions other than internal audit) or
an objective external reviewer.
Appointment and dismissal of heads of control functions
8.3.4 The appointment, performance assessment, remuneration, discipline and

dismissal of the head of control functions should be done with the
approval of, or after consultation with, the Board or the relevant Board
committee. For the head of the internal audit function, the appointment,
performance assessment, remuneration, discipline and dismissal should
be done by the Board, its Chair or the Audit Committee.
8.3.5 The insurer should notify the supervisor of the reasons for dismissals of
heads of control functions.
Authority and independence of control functions
8.3.6 The Board should approve the authority and responsibilities of each
control function to allow each control function to have the authority and
independence necessary to be effective.
Public
8.3.7 The authority and responsibilities of each control function should be set
out in writing and made part of, or referred to in, the governance
documentation of the insurer. The head of each control function should
periodically review such document and submit suggestions for any
changes to Senior Management and the Board for approval, where
appropriate.
8.3.8 A control function should be led by a person of appropriate level of
authority. The head of the control function should not have operational
business line responsibilities.
8.3.9 Insurers should organise each control function and its associated
reporting lines into the insurer’s organisational structure in a manner that
enables such function to operate and carry out their roles effectively. This
includes direct access to the Board or the relevant Board committee.
8.3.10 Notwithstanding the possibility for insurers to combine certain control
functions, a control function should be sufficiently independent from
Senior Management and from other functions to allow its staff to:
• serve as a component of the insurer’s checks and balances;
• provide an objective perspective on strategies, issues, and
potential violations related to their areas of responsibility; and
• implement or oversee the implementation of corrective
measures where necessary.
8.3.11 Each control function should avoid conflicts of interest. Where any
conflicts remain and cannot be resolved with Senior Management, these
should be brought to the attention of the Board for resolution.
8.3.12 Each control function should have the authority to communicate on its
own initiative with any employee and to have unrestricted access to
information in any business unit that it needs to carry out its
responsibilities. The control functions should have the right to conduct
investigations of possible breaches and to request assistance from
specialists within the insurer, e.g. legal and internal audit, or engage
external specialists to perform the task.
The control functions should be free to report to Senior Management or
the Board on any irregularities or possible breaches disclosed by its
investigations, without fear of retaliation or disfavour from management.
Resources and qualifications of the control functions
8.3.13 Each control function should have the resources necessary to fulfil its
responsibilities and achieve the specific goals in its areas of
responsibility. This includes qualified staff and appropriate
IT/management information processes. The function should be organized
in an appropriate manner to achieve its goals.
8.3.14 The head of each control function should review regularly the adequacy
of the function's resources and request adjustments from Senior
Management as necessary. Where the head of a control function has a
major difference of opinion with Senior Management on the resources
Public
needed, the head of the control function should bring the issue to the
Board or relevant Board Committee for resolution.
8.3.15 Persons who perform control functions should be suitable for their role
and meet any applicable professional qualifications and standards.
Higher expectations apply to the head of each control function. Persons
who perform control functions should receive regular training relevant to
their role to remain up to date on the developments and techniques
related to their areas of responsibility.
Board access and reporting by the control functions; Board assessment of control
functions
8.3.16 The Board should grant the head of each control function the authority
and responsibility to report periodically to it or one of its committees. The
Board should determine the frequency and depth of such reporting so as
to permit timely and meaningful communication and discussion of
material matters. The reporting should include, among other things:
• information as to the function’s strategy and longer term goals
and the progress in achieving these;
• annual or other periodic operational plans describing shorter
term goals and the progress in achieving these; and
• resources (such as personnel, budget, etc.), including an
analysis on the adequacy of these resources.
8.3.17 In addition to periodic reporting, the head of each control function should
have the opportunity to communicate directly and to meet periodically
(without the presence of management) with the Chair of any relevant
Board committee (e.g. Audit or Risk Committee) and/or with the Chair of
the full Board. The Board should periodically assess the performance of
each control function. This may be done by the full Board, by the Chair of
the Board, by the relevant Board committee or by the Chair of the relevant
Board committee.
Risk management function
8.4 The supervisor requires the insurer to have an effective risk management function
capable of assisting the insurer to
• identify, assess, monitor, mitigate and report on its key risks in a timely
way; and
• promote and sustain a sound risk culture.
8.4.1 A robust risk management function that is well positioned, resourced and
properly authorised and staffed is an essential element of an effective risk
management system. Within some insurers, and particularly at larger or
more complex ones, the risk management function is typically led by a
Chief Risk Officer.
Access and reporting to the Board by the risk management function
Public
8.4.2 The risk management function should have access and provide written
reports to the Board as required by the Board, typically on matters such
as:
• an assessment of risk positions and risk exposures and steps
being taken to manage them;
• an assessment of changes in the insurer’s risk profile relative to
risk appetite;
• where appropriate, an assessment of pre-defined risk limits;
• where appropriate, risk management issues resulting from
strategic affairs such as corporate strategy, mergers and
acquisitions and major projects and investments;
• an assessment of risk events and the identification of
appropriate remedial actions.
8.4.3 The head of the risk management function should have the authority and
obligation to inform the Board promptly of any circumstance that may
have a material effect on the risk management system of the insurer.
Main activities of the risk management function
8.4.4 The risk management function should establish, implement and maintain
appropriate mechanisms and activities including to:
• assist the Board and Senior Management in carrying out their
respective responsibilities, including by providing specialist
analyses and performing risk reviews;
• identify the individual and aggregated risks (actual, emerging
and potential) the insurer faces;
• assess, aggregate, monitor and help manage and otherwise
address identified risks effectively; this includes assessing the
insurer’s capacity to absorb risk with due regard to the nature,
probability, duration, correlation and potential severity of risks;
• gain and maintain an aggregated view of the risk profile of the
insurer both at a legal entity and/or group-wide level;
• establish a forward-looking assessment of the risk profile;
• evaluate the internal and external risk environment on an on-
going basis in order to identify and assess potential risks as
early as possible. This may include looking at risks from different
perspectives, such as by territory or by line of business;
• consider risks arising from remuneration arrangements and
incentive structures;
• conduct regular stress testing and scenario analyses as defined
in ICP 16 (Enterprise Risk Management for Solvency
Purposes);
• regularly provide written reports to Senior Management, Key
Persons in Control Functions and the Board on the insurer's risk
Public
profile and details on the risk exposures facing the insurer and
related mitigation actions as appropriate;
• document and report material changes affecting the insurer’s
risk management system to the Board to help ensure that the
system is maintained and improved; and
• conduct regular self-assessments and implement or monitor the
implementation of any needed improvements.
Compliance function
8.5 The supervisor requires the insurer to have an effective compliance function
capable of assisting the insurer to:
• meet its legal, regulatory and supervisory obligations; and
• promote and sustain a compliance culture,
including through the monitoring of related internal policies.
8.5.1 The compliance function has a broader role than merely monitoring
compliance with laws and regulations and supervisory requirements;
monitoring compliance with internal policies and promoting and
sustaining a compliance culture within the insurer are equally important
aspects of this control function.
8.5.2 Compliance starts at the top. The Board is ultimately responsible for
establishing standards for honesty and integrity throughout the insurer
and for creating an effective corporate culture that emphasises them. This
should include a code of conduct or other appropriate mechanism as
evidence of the insurer’s commitment to comply with all applicable laws,
regulations, supervisory requirements, and internal policies, and conduct
its business ethically and responsibly.
8.5.3 As part of this commitment, the insurer has in place a robust and well
positioned, resourced and properly authorised and staffed compliance
function. Within some insurers, particularly larger or more complex ones,
such a function is typically led by a Chief Compliance Officer.
Board access and reporting of the compliance function
8.5.4 The compliance function should have access and provide written reports
to Senior management, key persons in control functions and the Board
on matters such as:
• an assessment of the key compliance risks the insurer faces and
the steps being taken to address them;
• an assessment of how the various parts of the insurer (e.g.
divisions, major business units, product areas) are performing
against compliance standards and goals;
• any compliance issues involving management or persons in
positions of major responsibility within the insurer, and the
status of any associated investigations or other actions being
taken;
Public
• material compliance violations or concerns involving any other
person or unit of the insurer and the status of any associated
investigations or other actions being taken; and
• material fines or other disciplinary actions taken by any regulator
or supervisor in respect of the insurer or any employee.
8.5.5 The head of the compliance function should have the authority and
obligation to inform promptly the Chair of the Board directly in the event
of any major non-compliance by a member of management or a material
non-compliance by the insurer with an external obligation if in either case
he or she believes that Senior Management or other persons in authority
at the insurer are not taking the necessary corrective actions and a delay
would be detrimental to the insurer or its policyholders.
Main activities of the compliance function
8.5.6 The compliance function should establish, implement and maintain

appropriate mechanisms and activities including to:
• promote and sustain an ethical corporate culture that values
responsible conduct and compliance with internal and external
obligations; this includes communicating and holding training on
an appropriate code of conduct or similar that incorporates the
corporate values of the insurer, aims to promote a high level of
professional conduct and sets out the key conduct expectations
of employees;
• identify, assess, report on and address key legal and regulatory
obligations, including obligations to the insurer’s supervisor, and
the risks associated therewith; such analyses should use risk
and other appropriate methodologies;
• ensure the insurer monitors and has appropriate policies,
processes and controls in respect of key areas of legal,
regulatory and ethical obligation;
• hold regular training on key legal and regulatory obligations
particularly for employees in positions of high responsibility or
who are involved in high risk activities;
• facilitate the confidential reporting by employees of concerns,
shortcomings or potential or actual violations in respect of
insurer internal policies, legal or regulatory obligations, or ethical
considerations; this includes ensuring there are appropriate
means for such reporting;
• address compliance shortcomings and violations, including
ensuring that adequate disciplinary actions are taken and any
necessary reporting to the supervisor or other authorities is
made; and
• conduct regular self-assessments of the compliance function
and the compliance processes and implement or monitor
needed improvements.
Public
Actuarial function
8.6 The supervisor requires the insurer to have an effective actuarial function capable
of evaluating and providing advice regarding, at a minimum, technical
provisions, premium and pricing activities, capital adequacy, reinsurance and
compliance with related statutory and regulatory requirements.
8.6.1 A robust actuarial function that is well positioned, resourced and properly
authorised and staffed is essential for the proper operation of the insurer.
It plays a key role as part of the insurer’s overall systems of risk
management and internal controls.
Board access and reporting of the actuarial function
8.6.2 The actuarial function should have access to and periodically report to
the Board on matters such as:
• any circumstance that may have a material effect on the insurer
from an actuarial perspective;
• the adequacy of the technical provisions and other liabilities;
• distribution of profits to participating policyholders;
• stress testing and capital adequacy assessment with regard to
the prospective solvency position of the insurer; and
• any other matters as determined by the Board.
8.6.3 Written reports on actuarial evaluations should be made to the Board,
Senior Management, or other Key Persons in Control Functions or the
supervisor as necessary or appropriate or as required by legislation.
Main activities of the actuarial function
8.6.4 The actuarial function evaluates and provides advice to the insurer on
matters including:
• the insurer’s insurance liabilities, including policy provisions and
aggregate claim liabilities, as well as determination of reserves
for financial risks;
• asset liability management with regards to the adequacy and the
sufficiency of assets and future revenues to cover the insurer’s
obligations to policyholders and capital requirements, as well as
other obligations or activities;
• the insurer’s investment policies and the valuation of assets;
• an insurer’s solvency position, including a calculation of
minimum capital required for regulatory purposes and liability
and loss provisions;
• an insurer’s prospective solvency position by conducting capital
adequacy assessments and stress tests under various
scenarios, and measuring their relative impact on assets,
liabilities, and actual and future capital levels;
Public
• risk assessment and management policies and controls relevant
to actuarial matters or the financial condition of the insurer;
• the fair treatment of policyholders with regard to distribution of
profits awarded to participating policyholders;
• the adequacy and soundness of underwriting policies;
• the development, pricing and assessment of the adequacy of
reinsurance arrangements;
• product development and design, including the terms and
conditions of insurance contracts and pricing, along with
estimation of the capital required to underwrite the product;
• the sufficiency, accuracy and quality of data, the methods and
the assumptions used in the calculation of technical provisions;
• the research, development, validation and use of internal
models for internal actuarial or financial projections, or for
solvency purposes as in the ORSA; and
• any other actuarial or financial matters determined by the Board.
8.6.5 Where required, the actuarial function may also provide to the supervisor
certifications on the adequacy, reasonableness and/or fairness of
premiums (or the methodology to determine the same) and certifications
or statements of actuarial opinion.
8.6.6 The supervisor should clearly define when such certifications or
statements of actuarial opinion need to be submitted to the supervisor.
When these are required to be submitted, the supervisor should also
clearly define both the qualifications of those permitted to certify or sign
such statements and the minimum contents of such an opinion or
certification.
Appointed actuary
8.6.7 Some jurisdictions may require an “appointed actuary,” “statutory

actuary,” or “responsible actuary” (referred to here as an “Appointed
Actuary”) to perform certain functions, such as determining or providing
advice on an insurer’s compliance with regulatory requirements for
certifications or statements of actuarial opinion. The tasks and
responsibilities of the Appointed Actuary should be clearly defined and
should not limit or restrict the tasks and responsibilities of other
individuals performing actuarial functions.
8.6.8 The insurer should be required to report the Appointed Actuary’s
appointment to the supervisor.
8.6.9 The Appointed Actuary should not hold positions within or outside of the
insurer that may create conflicts of interest or compromise his or her
independence. If the Appointed Actuary is not an employee of the insurer,
the Board should determine whether the external actuary has any
potential conflicts of interest, such as if his or her firm also provides
auditing or other services to the insurer. If any such conflicts exist, the
Board should subject them to appropriate controls or choose another
Appointed Actuary.
Public
8.6.10 If an Appointed Actuary is replaced, the insurer should notify the
supervisor and give the reasons for the replacement. In some
jurisdictions, such a notification includes statements from both the insurer
and the former Appointed Actuary as to whether there were any
disagreements with the former Appointed Actuary over the content of the
actuary’s opinion on matters of risk management, required disclosures,
scopes, procedures, or data quality, and whether or not any such
disagreements were resolved to the former Appointed Actuary’s
satisfaction.
8.6.11 In some jurisdictions, the Appointed Actuary also has the obligation to
notify the supervisor if he or she resigns for reasons connected with his
or her duties as an Appointed Actuary or with the conduct of the insurer’s
business and give the reasons for resigning. The Appointed Actuary
should also notify the supervisor and provide an explanation if his or her
appointment is revoked by the insurer.
8.6.12 The supervisor should have the authority to require an insurer to replace
an Appointed Actuary when such person fails to adequately perform
required functions or duties, is subject to conflicts of interest or no longer
meets the jurisdiction’s eligibility requirements.
Internal audit function
8.7 The supervisor requires the insurer to have an effective internal audit function
capable of providing the Board with independent assurance in respect of the
quality and effectiveness of the insurer’s corporate governance framework.
8.7.1 One of the oversight roles of the Board is to ensure that the information
provided by the internal audit function allows the Board to effectively
validate the effectiveness of the internal control system.
8.7.2 The internal audit function should provide independent assurance to the
Board through general and specific audits, reviews, testing and other
techniques in respect of matters such as:
• the overall means by which the insurer preserves its assets and
those of policyholders, and seeks to prevent fraud,
misappropriation or misapplication of such assets;
• the reliability, integrity and completeness of the accounting,
financial and risk reporting information, as well as the capacity
and adaptability of IT architecture to provide that information in
a timely manner to the Board and Senior management;
• the design and operational effectiveness of the insurer’s
individual controls in respect of the above matters, as well as of
the totality of such controls (the internal controls system);
• other matters as may be requested by the Board, Senior
Management, the supervisor or the external auditor; and
• other matters which the internal audit function determines
should be reviewed to fulfil its mission, in accordance with its
charter, terms of reference or other documents setting out its
authority and responsibilities.
Public
Authority and independence of the internal audit function
8.7.3 To help ensure objectivity, the internal audit function is independent from
management and other control functions and is not involved operationally
in the business. The internal audit function’s ultimate responsibility is to
the Board, not management. To help ensure independence and
objectivity, the internal audit function should be free from conditions that
threaten its ability to carry out its responsibilities in an unbiased manner.
In carrying out its tasks, the internal audit function forms its judgments
independently. If necessary, the internal audit function should consider
the need to supplement its own assessment with third party expertise in
order to make objective and independent decisions.
8.7.4 The Board should grant suitable authority to the internal audit function,
including the authority to:
• access and review any records or information of the insurer
which the internal audit function deems necessary to carry out
an audit or other review;
• undertake on the internal audit function’s initiative a review of
any area or any function consistent with its mission;
• require an appropriate management response to an internal
audit report, including the development of a suitable
remediation, mitigation or other follow-up plan as needed; and
• decline doing an audit or review, or taking on any other
responsibilities requested by management, if the internal audit
function believes this is inconsistent with its mission or with the
strategy and audit plan approved by the Board. In any such
case, the internal audit function should inform the Board or the
Audit Committee and seek their guidance.
Board access and reporting of the internal audit function
8.7.5 The head of the internal audit function reports to the Board (or to any
member who is not part of the management) or to the Audit Committee if
one exists (or its Chair). In its reporting, the internal audit function should
cover matters such as:
• the function’s annual or other periodic audit plan, detailing the
proposed areas of audit focus, and any significant modifications
to the audit plan;
• any factors that may be adversely affecting the internal audit
function’s independence, objectivity or effectiveness;
• material findings from audits or reviews conducted; and
• the extent of management's compliance with agreed upon
corrective or risk mitigating measures in response to identified
control deficiencies, weaknesses or failures, compliance
violations or other lapses.
8.7.6 In addition to periodic reporting, the head of internal audit should be
authorised to communicate directly, and meet periodically, with the head
Public
of the Audit Committee or the Chair of the Board without management
present.
Main activities of the internal audit function
8.7.7 The audit function should carry out such activities as are needed to fulfil
its responsibilities. These activities include:
• establishing, implementing and maintaining a risk-based audit
plan to examine and evaluate alignment of the insurer's
processes with their risk culture;
• monitoring and evaluating the adequacy and effectiveness of
the insurer’s policies and processes and the documentation and
controls in respect of these, on a legal entity and group-wide
basis and on an individual subsidiary, business unit, business
area, department or other organisational unit basis;
• reviewing levels of compliance by employees, organisational
units and third parties with laws, regulations and supervisory
requirements, established policies, processes and controls,
including those involving reporting;
• evaluating the reliability, integrity and effectiveness of
management information processes and the means used to
identify, measure, classify and report such information;
• monitoring that identified risks are effectively addressed by the
internal control system;
• evaluating the means of safeguarding insurer and policyholder
assets and, as appropriate, verifying the existence of such
assets and the required level of segregation in respect of insurer
and policyholder assets;
• monitoring and evaluating the effectiveness of the insurer's
control functions, particularly the risk management and
compliance function; and
• coordinating with the external auditors and, to the extent
requested by the Board and consistent with applicable law,
evaluating the quality of performance of the external auditors.
8.7.8 In carrying out the above tasks, the internal audit function should ensure
all material areas of risk and obligation of the insurer are subject to
appropriate audit or review over a reasonable period of time. Among
these areas are those dealing with:
• market, underwriting, credit, liquidity, operational, conduct of
business, as well as reputational issues derived from exposure
to those risks;
• accounting and financial policies and whether the associated
records are complete and accurate;
• extent of compliance by the insurer with applicable laws,
regulations, rules and directives from all relevant jurisdictions;
Public
• intra-group transactions, including intra-group risk transfer and
internal pricing;
• adherence by the insurer to the insurer’s remuneration policy;
• the reliability and timeliness of escalation and reporting
processes, including whether there are confidential means for
employees to report concerns or violations and whether these
are properly communicated, offer the reporting employee
protection from retaliation, and result in appropriate follow up;
and
• the extent to which any non-compliance with internal policies or
external legal or regulatory obligations is documented and
appropriate corrective or disciplinary measures are taken
including in respect of individual employees involved.
8.7.9 Subject to applicable laws on record retention, the internal audit function
should keep records of all areas and issues reviewed so as to provide
evidence of these activities over time.
Outsourcing of material activities or functions
8.8 The supervisor requires the insurer to retain at least the same degree of oversight
of, and accountability for, any outsourced material activity or function (such as
a control function) as applies to non-outsourced activities or functions.
8.8.1 Outsourcing, should not materially increase risk to the insurer or
materially adversely affect the insurer’s ability to manage its risks and
meet its legal and regulatory obligations.
8.8.2 The Board and Senior Management remain responsible in respect of
functions or activities that are outsourced.
8.8.3 The supervisor should require the Board to have review and approval
processes for outsourcing of any material activity or function and to verify,
before approving, that there was an appropriate assessment of the risks,
as well as an assessment of the ability of the insurer’s risk management
and internal controls to manage them effectively in respect of business
continuity. The assessment should take into account to what extent the
insurer’s risk profile and business continuity could be affected by the
outsourcing arrangement.
8.8.4 The supervisor should require insurers which outsource any material
activity or function to have in place an appropriate policy for this purpose,
setting out the internal review and approvals required and providing
guidance on the contractual and other risk issues to consider. This
includes considering limits on the overall level of outsourced activities at
the insurer and on the number of activities that can be outsourced to the
same service provider. Because of the particularly important role that
control activities and control functions play in an insurer’s corporate
governance framework, the supervisor should consider issuing additional
requirements for their outsourcing or dedicating more supervisory
attention to any such outsourcing.
8.8.5 Outsourcing relationships should be governed by written contracts that
clearly describe all material aspects of the outsourcing arrangement,
Public
including the rights, responsibilities and expectations of all parties. When
entering into or varying an outsourcing arrangement, the Board and
Senior Management should consider, among other things:
• how the insurer’s risk profile and business continuity will be
affected by the outsourcing;
• the service provider’s governance, risk management and
internal controls and its ability to comply with applicable laws
and with regulations;
• the service providers’ service capability and financial viability;
and
• succession issues to ensure a smooth transition when ending or
varying an outsourcing arrangement.
8.8.6 In choosing an outsourcing provider, the Board or Senior Management
should be required to satisfy themselves as to the expertise, knowledge
and skills of such provider.
8.8.7 Outsourcing arrangements should be subject to periodic reviews.
Periodic reports should be made to management and the Board.
Public
ICP 9 Supervisory Review and Reporting 13
The supervisor takes a risk-based approach to supervision that uses both off-site
monitoring and on-site inspections to examine the business of each insurer,
evaluate its condition, risk profile and conduct, the quality and effectiveness of its
corporate governance and its compliance with relevant legislation and supervisory
requirements. The supervisor obtains the necessary information to conduct
effective supervision of insurers and evaluate the insurance market.
9.0.1 This Insurance Core Principle and its standards and guidance deal with
off-site monitoring and on-site inspections (collectively referred to as
“supervisory review”) and the reporting to the supervisor by the insurer as
required for the supervisory process. It should be noted that certain
aspects of supervisory review and reporting are dealt with in other ICPs
with respect to those ICPs’ specific areas of focus.
9.0.2 In applying this principle and these standards, it should be taken into
account that, in some jurisdictions, responsibility is shared between more
than one authority. Where this is the case, not all elements of the
standards and guidance are necessarily applicable in full to each
authority, although they apply in full to the jurisdiction as a whole.
Relevant authorities within a jurisdiction should cooperate with each other
in the application of this ICP to ensure an understanding of all risks that
might be relevant to supervisory review and reporting. This is particularly
important where prudential and conduct of business supervision is
allocated to separate supervisors, taking into consideration that the
intensity and focus of supervision may be different, even when within the
same authority. 14
9.0.3 This ICP and these standards apply to the supervision of insurers at the
legal entity and the insurance group level, including branches. 15 In
applying this ICP, its standards and guidance material, the supervisor
takes into account the nature, scale and complexity of the insurer, and
confidentiality requirements 16.
Supervisory powers
9.1 The supervisor has the necessary legal authority, powers and resources to perform
off-site monitoring and conduct on-site inspections of insurers, including
monitoring and inspecting services and activities outsourced by the insurer. 17
The supervisor also has the power to require insurers to submit information
necessary for supervision.
13 The ICP 9 Supervisory Review and Reporting was revised in 2011-2012 and adopted at the IAIS
Annual General Meeting on 12 October 2012.
14 Refer to paragraph 10 of the Introduction to the ICPs.
15 Refer to paragraphs 13 – 15 of the Introduction to the ICPs.
16 Refer to ICP 2 Supervisor and ICP 3 Information Exchange and Confidentiality Requirements.
17
For information on the powers required of the supervisor in general, see ICP 1 Objectives, Powers and Responsibilities of the
Supervisor and ICP 2 Supervisor.
Public
9.1.1 The supervisor should ensure that adequate resources are allocated to
supervisory review and reporting, to enable it to carry out a
comprehensive assessment of the insurer, taking into account its nature,
scale and complexity.
9.1.2 Services or activities that are outsourced by the insurer should be subject
to the same level of supervisory review and reporting as the services or
activities that are not outsourced and are performed by the insurer itself.
The supervisor can do this through the insurer itself but should also have
the ability to obtain information from, and conduct on-site inspections of,
entities engaged in providing outsourced services or activities to the
insurer, where necessary.
9.1.3 Agreements between the insurer and entities providing the outsourced
activities or services should be drawn up in such a way that the
supervisor’s ability to conduct its supervisory activities is not restricted.
9.1.4 In those cases where the supervisor does not have direct supervisory
powers over certain entities within the group – including non-regulated
entities – the supervisor should have the power to apply an indirect
approach, through the entities that it supervises in its jurisdiction, to
achieve its supervisory objectives. 18
Framework for supervisory review and reporting
9.2 The supervisor has a documented framework for supervisory review and reporting
which takes into account the nature, scale and complexity of insurers. The
framework encompasses a supervisory plan 19 that sets priorities and
determines the appropriate depth and level of off-site monitoring and on-site
inspection activity.
9.2.1 The supervisor should establish both qualitative and quantitative methods
for assessing insurers, in a consistent manner and on an on-going basis.
The supervisor should develop monitoring tools to identify potential risks
within or affecting the insurer in a timely manner.
9.2.2 As an overall objective of the framework is to assess the insurer’s current
and prospective solvency, other risks and its treatment of customers, the
supervisor should compare the risk profile of the insurer with its risk-
carrying capacity and seek to detect any issues that may adversely affect
the insurer's capacity to meet its obligations towards policyholders in the
long term. The supervisor will also need to evaluate:
• the assets and liabilities (including off-balance sheet
commitments);
• the technical operations (e.g. actuarial methods, underwriting
policy, reinsurance policy);
18 For additional information, see Guidance Paper on the Treatment of Non-regulated Entities in Group-
wide Supervision, of 12 April 2010.
19 A Supervisory Plan is a tool for supervisors to determine the frequency, scope and depth of
supervisory review. It could be generic (e.g. addressing categories or groups of insurers) or specific
(addressing individual insurers).
Public
• the treatment of customers and whether any activities being
engaged in are not fair, lawful or proper;
• the accounting and internal control systems;
• the insurer’s compliance with supervisory requirements;
• the corporate culture and the effectiveness of the insurer’s
corporate governance and risk management; and
• the insurer's organisation and any implications of belonging to a
group.
9.2.3 The framework should include an assessment of the potential impact that
an insurer’s failure would have on its policyholders, the insurance market,
and the financial markets as a whole.
9.2.4 The framework should promote pro-active and early intervention by the
supervisor, in order to enable the insurer to take appropriate action to
mitigate risks and/or minimise current or future problems.
9.2.5 The supervisor should have documented procedures and/or guidelines to
ensure that appropriate supervisory review procedures are being
consistently and regularly performed. Such procedures should allow for
the appropriate level or depth of review commensurate with the nature,
scale and complexity of the insurer.
9.2.6 In order to evaluate existing and prospective risks, the supervisor should
review the insurer’s business plans and strategy. This review should
include the insurer’s approach to its legal and regulatory obligations, its
distribution model and its proposals for dealing with specific areas of risk.
9.2.7 In establishing a supervisory plan the supervisor should assess and
determine the key areas of risk to which insurers are exposed or risks
which insurers may pose, using its judgement and the information,
methodologies and tools at its disposal. The supervisory plan may include
matters such as frequency, scope and depth of off-site monitoring and
on-site inspections and priority and scope of assessments.
9.2.8 The framework uses the input from various sources, such as off-site
monitoring and on-site inspections, market analyses, internal models,
insurers' own risk and solvency assessments (ORSA) 20, horizontal
reviews, previous risk and conduct assessments, and information
gathered as a result of supervisory reporting requirements. The
supervisor should use the information from these as input in establishing
the scope and frequency of off-site monitoring and on-site inspections.
9.2.9 The supervisor should be able to process data in a timely and effective
way. The supervisor should also have processes and procedures to
collect and store reported data in an electronic format.
9.2.10 The framework should enable the supervisor to analyse trends and
compare risk assessments including against any stress test outcomes.
The supervisor should assess the quality of the outcomes of the insurer’s
enterprise risk management framework for the identification and
20 Own Risk and Solvency Assessments, see ICP 8, Guidance 8.5.5 and ICP 16, Standards 16.11 to
16.16.
Public
quantification of risks, and evaluate whether business lines or
practices/processes show outcomes that support this assessment.
9.2.11 The framework should enable on-site inspection and off-site monitoring
activities to be coordinated. Accordingly, the results of these activities
should be documented and accessible to all involved staff within the
supervisor.
9.2.12 The framework should include sufficiently comprehensive and regular
communication between the supervisor and insurers to achieve the
supervisory objectives. This communication involves senior levels and
specialised areas within both the supervisor and insurers, and may
include contact with non-regulated and parent entities.
9.2.13 The framework for supervisory review by the group-wide supervisor
should cover all entities identified within the scope of the group, with
reference to ICP 23 Group-wide Supervision. The framework should
include appropriate tools for supervisory review and reporting for all
relevant entities.
9.3 The supervisor has a mechanism to check periodically that its supervisory
framework pays due attention to the evolving nature, scale and complexity of
risks which may be posed by insurers and of risks to which insurers may be
exposed.
9.3.1 The supervisory process is a dynamic one that takes a risk-based
approach and includes:
• analysis of reported and other relevant information;
• developing and executing the supervisory plan;
• feedback;
• intervention, including any preventive/corrective action, where
necessary; and
• follow-up (including setting the intensity of assessment and up-
dating the supervisory plan).
9.3.2 Individual supervisory staff should confer regularly with colleagues to
ensure that all relevant information is being appropriately assessed and
analysed, and to facilitate the identification of potential new risks or
emerging market trends.
9.3.3 The supervisory processes and plans should be suitably flexible to enable
them to adapt easily to domestic and global developments in, for
example, legislation, the financial markets, and international standards.
Supervisory reporting
9.4 The Supervisor:

• establishes documented requirements for the submission of regular
qualitative and quantitative information on a timely basis from all
insurers licensed in its jurisdiction;
Public
• defines the scope, content and frequency of those reports and
information;
• requires more frequent and/or more detailed additional information on a
timely basis whenever there is a need;
• sets out the relevant principles and norms for supervisory reporting, in
particular the accounting standards to be used;
• requires that inaccurate reporting is corrected as soon as possible; and
• requires that an external audit opinion is provided on annual financial
statements.
9.4.1 The supervisor requires insurers to submit financial reports, which include
at least a balance sheet and an income statement (including a statement
of comprehensive income if appropriate) and reviews such information on
a regular basis.
9.4.2 The supervisor requires and reviews qualitative information submitted by
insurers, such as relating to their corporate governance framework.
9.4.3 The reporting requirements are a reflection of the supervisory needs and
will thus vary according to overall market structure and conditions. The
reporting requirements should take into account the situation at individual
insurers and the way they manage their risks (for example, asset/liability
management, reinsurance policy, quality of governance, policy for
managing conflicts of interest, policy on complaints handling, training
standards). In particular, the supervisor should require that information
on changes that could materially impact the insurer’s risk profile, financial
position or treatment of its customers is obtained in a timely manner.
9.4.4 In setting the requirements, the supervisor should strike a balance
between the need for information for supervisory purposes and the
administrative burden it puts on insurers.
9.4.5 Reporting requirements should apply to all insurers licensed in a
jurisdiction, and form the general basis for off-site monitoring. Depending
on the nature, scale and complexity of the insurer and its customer profile,
additional information may be requested from specific insurers on a case-
by-case basis.
9.4.6 The supervisor may require that certain reports and information are
subject to independent (internal or external) review, including audit and/or
actuarial review.
9.4.7 In setting the reporting requirements, the supervisor may make a
distinction between those for insurers incorporated in its jurisdiction and
those for the branch operations in its jurisdiction of insurers incorporated
in another jurisdiction.
9.4.8 The supervisor should require insurers to utilise a consistent and clear
set of instructions and definitions for any element in the financial
statements or other required reports that is not self-evident, in order to
maximise comparability.
9.4.9 The supervisor should require an insurer which is part of an insurance
group to describe its group reporting structure, and to provide timely
notification of any material changes to that structure and significant
Public
changes or incidents that could affect the soundness of the insurance
group. The description of the reporting structure should include
information on the relationships between entities within the group, and on
the nature and volume of intra-group transactions. The supervisor may
require information on the impact on the insurer of being part of a group.
9.4.10 The supervisor may request and obtain relevant information on any
member of an insurance group, relating to its supervision of an insurer,
subject to applicable legal provisions and coordination with the
supervisors of affected jurisdictions.
9.4.11 The group-wide supervisor should establish supervisory reporting
requirements on a group-wide basis in coordination with the host
supervisors. The reporting may include the submission of information on
group entities in other jurisdictions.
9.4.12 The information submitted to the group-wide supervisor should include
information on the structure of the group, business operation and financial
position of material entities within the group, relationship among entities
within the group, including participation in other group entities and intra-
group transactions with other entities within the group.
9.5 In particular, the supervisor requires insurers to report:
• off-balance sheet exposures;
• material outsourced functions and activities; and
• any significant changes to their corporate governance.
The supervisor also requires insurers to promptly report any material changes
or incidents that could affect their condition or customers.
9.6 The supervisor periodically reviews its reporting requirements to ascertain that they
still serve their intended objectives and to identify any gaps which need to be
filled. The supervisor sets any additional requirements that it considers
necessary for certain insurers based on their nature, scale and complexity.
Off-site monitoring
9.7 The supervisor monitors and supervises insurers on an on-going basis, based on
regular communication with the insurer, information obtained through
supervisory reporting and analysis of market and other relevant information.
9.7.1 The supervisor should be proactive and forward-looking in conducting
effective off-site monitoring, and not rely only on historical data. The
results will influence the supervisory plan and help determine the content,
nature, timing and frequency of on-site inspections as well as enable the
early detection of problems so that prompt corrective action can be taken
before such problems become more serious.
9.7.2 The supervisor should analyse information received from insurers in a
timely manner. Analysis by the supervisor may provide a deeper
understanding of developing trends affecting an insurer and its
customers, its risk tolerance and its strategy. Analysis by business lines
may provide insights into the insurer’s risk profile and business model and
practices.
Public
9.7.3 The supervisor should establish and follow written procedures for the
analysis and monitoring of the supervisory reports that it receives. These
may be conducted by individual supervisory staff using monitoring tools
and/or specialised analysts/actuaries, as appropriate.
9.7.4 The supervisor should establish procedures for assessing the valuation
of assets, liabilities and technical provisions including reviewing and
analysing actuarial reports and audit reports (whether internal or external)
and other reports as necessary, both quantitative and qualitative. 21
9.7.5 Off-site monitoring should include a risk-based analysis on various risks
relevant to the insurer such as credit, market, underwriting, reserving,
liquidity, operational, conduct of business, legal, strategic and
reputational risk.
9.7.6 Off-site monitoring should cover all material entities in a group, including
non-regulated entities. Where the supervisor does not have direct
supervisory power, or only limited power for the off-site monitoring of non-
regulated entities, including a holding company, the supervisor should at
a minimum review the potential adverse impact on the insurer of such
non-regulated entities.
9.7.7 Further examples of how Standard 9.7 and the guidance under it can be
pursued can be found in the Annex to this ICP.
On-site inspection
9.8 The supervisor sets the objective and scope for on-site inspections, develops
corresponding work programmes and conducts such inspections.
9.8.1 On-site inspection may provide information that can supplement the
analysis from off-site monitoring and the supervisor should take the
opportunity to verify information it has received. On-site inspection may
also help detect problems that may not be apparent through off-site
monitoring.
9.8.2 On-site inspections should be tailored to the particular insurer and to any
detected problems. However, an on-site inspection plan should remain
flexible since new priorities might arise.
9.8.3 The supervisor may use on-site inspections as an opportunity to interact
with the Board, Senior Management and Key Persons in Control
Functions. This enables the supervisor to assess their on-going
suitability, the insurer’s organisational culture, the quality of their
corporate governance, risk management and internal controls and to
explore the rationale behind their strategy and business plan.
9.8.4 Important objectives in conducting an on-site inspection include reviewing
the insurer’s risk management processes and compliance with relevant
insurance laws and regulations. This review helps the supervisor identify
the strengths and weaknesses in the insurer’s approach, and assess and
analyse the risks to which an insurer and its customers are exposed.
21 Refer to ICP 14 Valuation, ICP 15 Investment and ICP 17 Capital Adequacy.

Public
9.8.5 The supervisor may delegate part of an on-site inspection to independent
experts. 22 If it does so, the supervisor should:
• be satisfied that independent experts possess the necessary
competence and skills;
• monitor their performance and retain the ability to take any
necessary action against them;
• be satisfied of their independence from the insurer; and
• have regard to the consideration they give to the protection of
the policyholders’ interests.
9.8.6 The frequency, scope and depth of on-site inspections should take
account of the insurer’s distribution model, the nature, size and
sophistication of its customer base and its relative importance in the
market. On-site inspections should be more frequent and more in- depth
when they concern insurers which are in a difficult financial position or
where there is concern that their business practices pose a high risk of
negative customer outcomes.
9.8.7 The supervisor may conduct on-site inspections on either a full scale
basis, or limited scale basis focused on area(s) of specific concern. A full-
scale on-site inspection would be expected to include at least the
following:
• evaluation of the on-going effectiveness of the corporate
governance structure including its risk management and internal
control systems; 23
• analysis of the nature of the insurer’s key business activities
(e.g. type of business written, customer base, distribution
model(s) used);
• analysis of the relationships with external entities, such as
through outsourcing or with respect to other companies in the
same group, including any resultant conflicts of interest;
• analysis of the insurer’s underwriting policy and reinsurance
agreements;
• assessment of the insurer’s financial strength; and
• assessment of the insurer’s fair treatment of customers,
including observance of conduct of business requirements and
consumer regulations.
9.8.8 Advance notice to the insurer is not required before conducting an on-site
inspection, although advance notice is normally given.
9.8.9 Although the supervisor may not have the power to conduct on-site
inspections of non-regulated entities, including a holding company within
the group, it should review, at a minimum, the potential adverse impact
on the insurer of such non-regulated entities through on-site inspection of
the insurer.
22 Refer to Standard 2.13 for conditions for outsourcing supervisory functions to third parties.
23 Refer to ICP 7 Corporate Governance and ICP 8 Risk Management and Internal Controls
Public
9.8.10 Similarly, where the group-wide supervisor does not have the power to
conduct on-site inspection of a group entity in another jurisdiction, it may
approach the host supervisor to propose a joint inspection or recommend
that the host supervisor undertake such an inspection, when deemed
necessary.
9.8.11 Further examples of how Standard 9.8 and guidance under it can be
pursued can be found in the Annex to this ICP.
Supervisory feedback and follow-up
9.9 The supervisor discusses with the insurer any relevant findings of the supervisory
review and the need for any preventive or corrective action. The supervisor
follows up to check that required actions have been taken by the insurer.
9.9.1 The supervisor should provide appropriate feedback to the insurer, at the
conclusion of the review at the very least. The supervisor should issue in
writing the findings of the review and the actions required.
9.9.2 The insurer’s willingness to address identified issues and the action
subsequently taken should be considered in the evaluation of the insurer
and should be factored into the on-going supervisory plan.
Annex: Examples of ways in which Standards 9.7 and 9.8 and their corresponding
guidance can be pursued include the following 24:
A. The evaluation of the effectiveness of the corporate governance framework, including its
risk management and internal control systems, can be done through:
• reviewing and analysing the minutes of the Board and its committees, the
auditors’ reports and, if any, actuaries' and electronic data processing audits;
• analysing the ownership structure and sources of capital funds;
• evaluating the independence of the Board Members, the suitability (fitness and
propriety) of the Board Members, Senior Management and Key Persons in
Control Functions, their effectiveness, and their ability to acknowledge
improvement needs and correct mistakes (especially after such needs or
mistakes have been identified by the insurer, its auditors, or the supervisor and
after changes of management and in the Board);
• examining the insurer's internal policies, processes and controls in order to
assess the adequacy of these in light of the insurer's risk profile;
• examining the accounting procedures in order to assess accuracy of the
financial and statistical information periodically sent to the supervisor and its
compliance with the regulations; and
• evaluating the organisation and the management of the insurer.
B. Analyses of the nature of the insurer’s activities can be done through:
24 Labelled Guidance 9.7.7 and 9.8.11 respectively in the ICP on-line tool
Public
• analysing the major categories of business, the policyholders and the
geographical spread thereof;
• analysing the distribution model(s) used;
• examining the business plans and meeting with the management to get
information about the plans for the future;
• analysing material contracts;
• analysing the commercial policy of the insurer, in particular, policy conditions
and commissions paid to the intermediaries; and
• evaluating the reinsurance cover and its security. In particular, the reinsurance
cover should be appropriate with regards to the financial means of the insurer
and the risks it covers.
C. Analyses of the relationships with external entities can be done through:
• analysing organisational charts, the group structures and the intragroup links;
• analysing the relationships with major investors and among branches and
subsidiaries;
• analysing intragroup transactions, fees and other arrangements, including
identifying any instances of cross-subsidization of businesses within a group or
non-arm's length fees and charges;
• analysing agreements with external service providers;
• identifying any financial problems originating from any entity in the group to
which the insurer belongs; and
• identifying of any conflicts of interest arising from intra-group relationships or
relationships with external entities.
D. Evaluation of the insurer's financial strength can be done through:
• analysing the settlement of claims and the calculation of technical provisions
according to current regulations;
• analysing the operations by line of business;
• analysing the investment policy (including derivatives policy), the assets held
to cover the technical provisions;
• verifying property and valuation of the insurer’s investments;
• analysing the litigation and off-balance sheet commitments; and
• analysing the forecasted balance sheets and profit & loss accounts of the next
years, on the basis of the most recent results and the management plans.
E. Assessment of the insurer's fair treatment of customers can be done through:
• assessing the culture of the insurer in relation to customer treatment, including
the extent to which the insurer’s leadership, governance, performance
management and recruitment, complaints handling policies and reward
practices demonstrate a culture of fair treatment to customers;
• checking the adequacy, appropriateness and timeliness of the information
given to consumers;
Public
• reviewing the handling and timing of claims and other payments;
• reviewing the frequency and nature of customer complaints, disputes and
litigation; and
• reviewing any customer satisfaction or other customer experience measures
used by the insurer.
***
Public
ICP 10 Preventive and Corrective Measures
The supervisor takes preventive and corrective measures that are timely, suitable
and necessary to achieve the objectives of insurance supervision.
10.1 The supervisor has the power to take action against individuals or entities that
conduct insurance activities without the necessary licence.
10.2 The supervisor has sufficient authority and ability, including the availability of
adequate instruments, to take timely preventive and corrective measures if the
insurer fails to operate in a manner that is consistent with sound business
practices or regulatory requirements. There is a range of actions or remedial
measures which include allowing for early intervention when necessary.
Preventive and corrective measures are applied commensurate with the severity
of the insurer’s problems.
10.2.1 Where an insurer fails to meet regulatory requirements or enters into
unsound business practices and the supervisor detects vulnerability in
the insurer’s ability to protect policyholders, there should be adequate
legal and operational capacity available for timely intervention. The
decision-making lines of the supervisor should be structured so that
action can be taken immediately in the case of an emergency situation.
10.2.2 The supervisor has adequate tools to supervise insurers according to the
nature, scale and complexity of their activities, including activities that
could pose systemic risk. These could include restrictions on the insurer’s
business activities, directions to reinforce the insurer’s financial position,
introduction of liquidity requirements or large exposure limits.
10.3 There is a progressive escalation in actions or remedial measures that can be
taken if the problems become worse or the insurer ignores requests from the
supervisor to take preventive and corrective action.
10.4 If necessary, the supervisor requires the insurer to develop an acceptable plan
for prevention and correction of problems. Preventive and corrective plans
include agreed and acceptable steps to be taken to resolve the issues raised
within an acceptable timeframe. Once preventive and corrective plans have been
agreed to or imposed, the supervisor periodically checks to determine that the
insurer is complying with the measures.
10.5 The supervisor communicates with the Board and Senior Management and Key
Persons in Control Functions and brings to their attention any material concern
in a timely manner to ensure that preventive and corrective measures are taken
and the outstanding issues are followed through to a satisfactory resolution.
10.5.1 For a group-wide supervisor applying an indirect approach to group-wide
supervision, the primary communication will be with the Board or Senior
Management of the insurance legal entity. However, for issues that have
arisen outside the regulated entities, communication with the Board or
Senior Management of other entities within the group may be required.
10.6 The supervisor initiates measures designed to prevent a breach of the
legislation from occurring, and promptly and effectively deals with non-
compliance that could put policyholders at risk or impinge on any other
supervisory objectives.
Public
ICP 11 Enforcement
The supervisor enforces corrective action and, where needed, imposes sanctions
based on clear and objective criteria that are publicly disclosed.
11.1 The supervisor has the power to enforce corrective action in a timely manner
where problems involving insurers are identified. The supervisor issues formal
directions to insurers to take particular actions or to desist from taking particular
actions. The directions are appropriate to address the problems identified.
11.2 The supervisor has a range of actions available in order to apply appropriate
enforcement where problems are encountered. Powers set out in legislation
should at a minimum include restrictions on business activities and measures
to reinforce the financial position of an insurer.
11.2.1 At a minimum, the supervisor should have the power to issue the
following:
• restrictions on business activities
• prohibiting the insurer from issuing new policies
• withholding approval for new business activities or acquisitions
• restricting the transfer of assets
• restricting the ownership of subsidiaries
• restricting activities of a subsidiary where, in its opinion, such
activities jeopardise the financial situation of the insurer.
• directions to reinforce financial position
• requiring measures that reduce or mitigate risks
• requiring an increase in capital
• restricting or suspending dividend or other payments to
shareholders
• restricting purchase of the insurer’s own shares.
• other directions
• arranging for the transfer of obligations under the policies from
a failing insurer to another insurer that accepts this transfer
• suspending or revoking the licence of an insurer
• barring individuals acting in responsible capacities from such
roles in future.
11.3 After corrective action has been taken or remedial measures, directions or
sanctions have been imposed, the supervisor checks compliance by the insurer
and assesses their effectiveness.
11.4 The supervisor has effective means to address management and governance
problems, including the power to require the insurer to replace or restrict the
Public
power of Board Members, Senior Management, Key Persons in Control
Functions, significant owners and external auditors.
11.5 Where necessary and in extreme cases, the supervisor imposes
conservatorship over an insurer that is failing to meet prudential or other
requirements. The supervisor has the power to take control of the insurer, or to
appoint other specified officials or receivers for the task, and to make other
arrangements for the benefit of the policyholders.
11.6 There are sanctions by way of fines and other penalties against insurers and
individuals where the provisions of the legislation are breached. The sanctions
are proportionate to the identified breach.
11.6.1 In some cases it may be appropriate to apply punitive sanctions against
insurers or individuals.
11.7 The legislation provides for sanctions against insurers and individuals who fail
to provide information to the supervisor in a timely fashion, withhold information
from the supervisor, provide information that is intended to mislead the
supervisor or deliberately misreport to the supervisor.
11.8 The process of applying sanctions does not delay necessary preventive and
corrective measures and enforcement.
11.9 The supervisor, or another responsible body in the jurisdiction, takes action to
enforce all the sanctions that have been imposed.
11.10 The supervisor ensures consistency in the way insurers and individuals are
sanctioned, so that similar violations and weaknesses attract similar sanctions.
Public
ICP 12 Winding-up and Exit from the Market
The legislation defines a range of options for the exit of insurance legal entities from
the market. It defines insolvency and establishes the criteria and procedure for dealing
with insolvency of insurance legal entities. In the event of winding-up proceedings of
insurance legal entities, the legal framework gives priority to the protection of
policyholders and aims at minimising disruption to the timely provision of benefits to
policyholders.
12.0.1 This ICP only applies to individual legal entities. The focus of this ICP is
on insolvency and run-off under distressed conditions; however
policyholder protection also applies for financially sound run-offs.
12.0.2 An insurer may no longer be financially viable or may be insolvent. In
such cases, the supervisor can be involved in resolutions that require a
take-over by or merger with a healthier institution. When all other
measures fail, the supervisor should have the ability to close or assist in
the closure of the troubled insurer having regard to the objective of the
protection of policyholder interests.
12.0.3 The legislation should establish the priority that policyholders receive in
winding-up an insurer. However, it is also common in many jurisdictions
that priority is given to other stakeholders, such as employees or the fiscal
authorities. In some jurisdictions, a policyholder protection fund provides
additional or alternative protection.
12.0.4 Where an insurer is a member of a group, there could be intra-group
transactions and guarantees among the insurer and other group entities.
In such cases, in the winding-up of an insurer, the supervisor should
cooperate with other involved supervisors to ascertain orderly resolution
where possible. For additional information on supervisory cooperation,
see ICP 25 Supervisory Cooperation and Coordination.
12.0.5 In cases where an insurer has cross-border dealings (eg through
branches), the supervisor should cooperate with other involved
supervisors to ascertain orderly resolution where possible.
12.1 The procedures for the winding-up and exit of an insurer from the market are
clearly set out in legislation. A high legal priority is given to the protection of the
rights and entitlements of policyholders. The procedures aim at minimising the
disruption to the timely provision of benefits to policyholders.
12.1.1 The bodies responsible for dealing with the insolvency of an insurer,
including the possible restructuring or portfolio transfer, and winding-up
of the insurer are clearly set out in legislation.
12.2 The legislation provides for the determination of the point at which it is no longer
permissible for an insurer to continue its business.
Public
ICP 13 Reinsurance and Other Forms of Risk Transfer 25
The supervisor requires the insurer to manage effectively its use of reinsurance and
other forms of risk transfer. The supervisor takes into account the nature of
reinsurance business when supervising reinsurers based in its jurisdiction.
13.0.1 Reinsurance refers to insurance purchased by an insurer (the ceding

insurer) to provide protection against certain risks, primarily underwriting
risks of the insurance policies issued by the insurer. Reinsurers assume
these risks in exchange for a premium. Other forms of risk transfer include
alternative reinsurance arrangements, such as risk transfer to the capital
markets. For simplicity, this ICP uses “reinsurance” to refer to both
mainstream reinsurance and other forms of risk transfer.
13.0.2 Geographical diversification of risk, which typically involves risk transfer
across jurisdictional borders, is a key element of ceding insurer’s and
reinsurer´s capital and risk management. Geographical diversification
can also have an impact in the jurisdiction of the ceding insurer, in
particular jurisdictions exposed to catastrophes. By ceding insurance risk
across borders, ceding insurers in the jurisdiction, and the jurisdiction as
a whole, can benefit from a reduced concentration of insurance risk
exposures at the ceding insurer and jurisdiction level respectively. This
may also contribute to the financial stability of the jurisdiction.
13.0.3 Ceding insurers and reinsurers may face external limitations to
geographical diversification, for example, in the form of constraints to
cross-border risk transfer. The supervisor should be aware of and take
into account the potential impacts of such limitations on individual ceding
insurers and reinsurers as well as on the soundness and efficiency of the
insurance market.
13.0.4 A reinsurance contract is one of indemnity between the reinsurer and
ceding insurer and does not constitute a legal transfer of part of the
underlying risk in the same way as, for example, a novation. Nonetheless,
reinsurance contracts have the effect of transferring part of the underlying
risk in an economic sense. The supervisor should remain aware that while
reinsurance transfers insurance risk from the ceding insurer to the
reinsurer, it also creates other risks. In a standard transaction, the ceding
insurer reduces its insurance risk and assumes other risks such as credit,
operational and basis risk; the reinsurer assumes risks such as
insurance, timing, operational and credit risk.
13.0.5 A reinsurance contract is by nature a business-to-business transaction,
made between professional counterparties as part of a wider risk and
capital management approach. For this reason, the sort of asymmetry of
expertise and knowledge associated with insurance contracts involving
general consumers is usually not an issue in the reinsurance sector,
although some asymmetry of bargaining power can exist, depending on

Public
the precise dynamics of the market. Thus, typically, it is not necessary for
the supervisor to seek the same level of protection for ceding insurers as
it does for general consumers (see ICP 19 Conduct of Business).
13.0.6 The supervisor should be able to assess whether ceding insurers make
effective use of reinsurance. This involves gaining an understanding of,
and comfort with, at a minimum:
• the ceding insurer’s reinsurance strategy and reinsurance
programme;
• the systems of risk management and internal controls put in
place in order to implement the reinsurance strategy and
execute the reinsurance programme;
• the economic impact of the risk transfer originating from the
ceding insurer’s reinsurance programme; and
• the impact of reinsurance on the ceding insurer’s liquidity
management.
13.0.7 The standards and guidance under this ICP are applicable to insurers and
reinsurers, thus throughout this ICP:
• references to ceded reinsurance should be taken to include
ceded retrocession (i.e. the reinsurance ceded by reinsurers);
• references to ceding insurers should be taken to include ceding
reinsurers (i.e. retrocedants); and
• references to reinsurers should be taken to include
retrocessionaires (i.e. reinsurers that assume reinsurance from
ceding reinsurers).
13.1 The supervisor requires ceding insurers to have a reinsurance programme
that is appropriate to their business and part of their overall risk and capital
management strategies.
13.1.1 A ceding insurer’s risk and capital management strategies should clearly
articulate the part played by reinsurance, in particular:
• the objectives that are pursued by using reinsurance;
• the risk concentration levels and ceding limits as defined by the
ceding insurer’s risk appetite; and
• the mechanisms to manage and control reinsurance risks.
13.1.2 When articulating the part played by reinsurance in the overall risk and
capital management strategies, the ceding insurer should take into
account its business objectives, levels of capital and business mix, with
particular reference to:
• risk appetite (both gross limit and net retention);
• peak exposures and seasonality in the insurance book;
• levels of diversification in the insurance book; and
• appetite for credit risk posed by reinsurers.
Public
13.1.3 The reinsurance programme comprises the detailed implementation of
the reinsurance related elements of the risk and capital management
strategies in terms of coverage, limits, deductibles, layers, signed lines
and markets used. It should reflect the ceding insurer’s overall risk
appetite, comparative costs of capital and liquidity positions determined
in the reinsurance strategy. Therefore, reinsurance programmes can vary
significantly in complexity, levels of exposure and number of participants.
13.1.4 In some instances, an insurer may have a business strategy and risk
appetite to retain all risk and therefore a reinsurance programme would
not be necessary.
13.1.5 Senior Management develops the reinsurance related elements of the
risk management strategy as well as the reinsurance programme. Senior
Management is also responsible for establishing appropriate systems
and controls to ensure that these are complied with. The Board is
responsible for approving the strategy and ensuring an appropriate
oversight and consistent implementation of the reinsurance programme.
13.1.6 Senior Management of the ceding insurer should regularly review the
performance of its reinsurance programme, to ensure that it functions as
intended and continues to meet its strategic objectives. It is likely that
such a review would take place as part of the feedback loop that is part
of the risk management framework.
13.1.7 The supervisor should understand the ceding insurer’s business
objectives and strategies, how reinsurance fits into these, and assess the
extent to which objectives and strategies are adequately reflected in the
reinsurance programme. The supervisor should challenge the ceding
insurer where it identifies inconsistencies between the objectives and
strategies and the reinsurance programme.
13.1.8 The supervisor’s assessment of a ceding insurer’s reinsurance
programme should be based on a number of factors, such as the:
• structure of the programme, including any alternative risk
transfer mechanisms;
• proportion of business ceded so that the net risks retained are
commensurate with the ceding insurer’s financial resources and
risk appetite;
• financial strength and claims payment record of the reinsurers
in question (both in normal and stressed conditions);
• levels of exposure to a single reinsurer or different reinsurers
being part of the same group;
• extent of any credit risk mitigation in place;
• expected resilience of the reinsurance programme in stressed
claims situations, including stress related to the occurrence of
multiple and/or catastrophic events;
• cession limits, if any, applicable in the jurisdiction;
• the supervisory regime in place in the jurisdiction of the
reinsurer;
Public
• level of effective risk transfer; and
• extent to which relevant functions are outsourced by the ceding
insurer, including the criteria for the selection of reinsurance
brokers.
Group perspectives
13.1.9 The group-wide supervisor should require a reinsurance strategy for the
insurance group that includes the following issues:
• its interaction with the group-wide risk and capital management
strategies;
• how the risk appetite is achieved, on both a gross limit and net
retention basis;
• the appetite for reinsurer credit risk, including approved security
criteria for reinsurance transactions and aggregate exposure
criteria to individual or related reinsurers;
• the autonomy afforded to individual insurance legal entities to
enter into “entity specific” reinsurance arrangements, and the
management and the aggregation of these exposures in the
group-wide context;
• procedures for managing reinsurance recoverables, including
required reporting from insurers;
• intra-group reinsurance strategy and practice; and
• use of alternative risk transfer, including capital markets risk
transfer products.
13.2 The supervisor requires ceding insurers to establish effective internal
controls over the implementation of their reinsurance programme.
13.2.1 Control of the reinsurance programme should be part of the ceding
insurer’s overall system of risk management and internal controls (see
ICP 8 Risk Management and Internal Controls). The supervisor should
require that the controls and oversight in place are suitable in the context
of the ceding insurer’s business.
13.2.2 The ceding insurer should ensure that the characteristics of its
reinsurance programme, including the credit risk posed by the reinsurer,
are reflected in its capital adequacy assessment as well as its ORSA (See
ICP 16 Enterprise Risk Management for Solvency Purposes).
Credit risk posed by the reinsurer
13.2.3 When developing the reinsurance programme the ceding insurer should
consider its appetite for reinsurer credit risk. Reinsurers may face
solvency issues, leading to delayed payment or default, and this can have
significant consequences for the solvency and liquidity of the ceding
insurer.
13.2.4 In practice, ceding insurers have various options to mitigate reinsurer
credit risk, for example:
Public
• establishing criteria on the financial strength and claims payment
record of eligible reinsurers;
• setting limits on risks ceded to a single reinsurer;
• ensuring a spread of risk amongst a number of reinsurers;
• incorporating rating downgrade or other special termination clauses
into the reinsurance contract;
• requiring the reinsurer to post collateral (the ability to require this
may depend upon the relative commercial strengths of the ceding
insurer and reinsurer);
• proactively monitoring reinsurance claims recoveries; and
• withholding reinsurer’s funds.
Approved security criteria
13.2.5 The ceding insurer should have in place procedures for identifying
reinsurers that meet its security requirements. If a ceding insurer
develops a pre-approved list of reinsurers, there should also be
processes for dealing with situations where there is a need to assess
reinsurers outside any pre-approved list. Ceding insurers may have their
own credit committees to make their own assessment of the risk.
13.2.6 In line with other approaches to identifying appropriate reinsurers, any
approved security criteria should be derived from a high level statement
of what reinsurance security will be acceptable to the ceding insurer,
which may be based on:
• external opinions;
• the ceding insurer’s own view of the reinsurer;
• minimum levels of capital;
• duration and quality of relationship;
• expertise of the reinsurer;
• levels of retrocession;
• reinsurance brokers’ security criteria; or
• a mixture of these and other factors.
Aggregate exposure limits or guidelines
13.2.7 A ceding insurer should set prudent limits or guidelines reflecting security
and size of the reinsurer, in relation to its maximum aggregate exposure
to any one reinsurer or to a group of related reinsurers, which would be
complementary to any supervisory limits or guidelines.
13.2.8 The ceding insurer should have in place procedures for monitoring this
aggregate exposure to ensure that these limits or guidelines are not
breached. The ceding insurer should also have procedures to manage
excess concentrations going forward, such as bringing them back within
limits or guidelines.
Public
Matching of underlying underwriting criteria
13.2.9 The ceding insurer should give due consideration to the risk posed by a
mismatch in terms and conditions between reinsurance contracts and the
underlying policies. The ceding insurer may bear a greater net exposure
than it initially intended because of this gap.
Criteria and procedures for purchasing facultative cover
13.2.10 The ceding insurer should have appropriate criteria in place for the
purchase of facultative coverage. Any facultative reinsurance coverage
bought should be linked to the procedures for aggregations and recovery
management.
13.2.11 The ceding insurer should have a specific process in place to approve,
monitor and confirm the placement of each facultative risk. If facultative
reinsurance is necessary to ensure that acceptance of a risk would not
exceed maximum net capacity and/or risk limits, such reinsurance should
be secured before the ceding insurer accepts the risk.
Operational risk related to contract documentation
13.2.12 In order to reduce the risk and scope of future disputes, the ceding insurer
and the reinsurer should have in place processes and adequate controls
to document the principal economic and coverage terms and conditions
of reinsurance contracts clearly and promptly.
13.2.13 Ceding insurers and reinsurers should finalise the formal reinsurance
contract without undue delay, ideally prior to the inception date of the
reinsurance contract.
13.2.14 All material reporting due to and from reinsurers should be timely and
complete, and settlements should be made as required by the
reinsurance contract.
13.2.15 The ceding insurer should consider how its reinsurance contracts will
operate in the event of an insolvency of itself or its reinsurer.
13.2.16 The supervisor should have access, on request, to material reinsurance
documentation. In case of indications of significant uncertainties in terms
of reinsurance documentation, the supervisor should take into account
the resulting underwriting, operational and legal risks when considering
the effects of reinsurance on the ceding insurer’s solvency.
13.3 The supervisor requires ceding insurers to demonstrate the economic
impact of the risk transfer originating from their reinsurance contracts.
13.3.1 The supervisor should regard as a reinsurance contract an agreement
that transfers sufficient insurance risk to be considered insurance under
jurisdictional rules.
13.3.2 In general, a contract should be considered as a loan or deposit if, during
its development, the ceding insurer has the unconditional obligation to
indemnify the reinsurer for any negative balances that may arise out of
the contractual relationship. This characteristic does not result in risk
transfer. All liabilities of the ceding insurer should be contingent on the
proceeds of the underlying insurance business.
Public
13.3.3 Upon request from the supervisor, the ceding insurer should provide
sufficient information about its reinsurance contracts to allow the
supervisor to make informed judgments about the substance of the risk
transfer (i.e., the degree of risk transfer in an economic sense).
13.3.4 Where there are concerns of inappropriate reporting with respect to the
degree of risk transfer, the supervisor should assess the substance of the
reinsurance contract entered into by the ceding insurer and how it has
been reported by the ceding insurer. Further, the supervisor should be
able to assess the impact that the ceding insurer’s reinsurance contracts
have on the ceding insurer’s capital requirements. The supervisor should
challenge Senior Management of the ceding insurer on the purpose of
individual contracts where appropriate.
Finite reinsurance
13.3.5 Finite reinsurance is a generic term that, for the purposes of this ICP, is
used to describe a spectrum of reinsurance arrangements that transfer
limited risk relative to aggregate premiums that could be charged under
the contract.
13.3.6 Finite reinsurance transactions are legitimate forms of reinsurance
arrangements; however, it is essential that they are accounted for
appropriately. In particular, only contracts that transfer sufficient
insurance risk in order to meet the requirements of the relevant
accounting standards in force in each jurisdiction can be accounted for
as reinsurance.
13.3.7 The supervisor should pay particular attention to reinsurance contracts
that have, or appear to have, limited levels of risk transfer which may
change over the duration of the contract. Only the amount of risk
transferred under finite reinsurance contracts should be included in the
regulatory capital calculations of the ceding insurer.
13.4 When supervising ceding insurers purchasing reinsurance across borders,
the supervisor takes into account the supervision performed in the
jurisdiction of the reinsurer.
13.4.1 The cross-border nature of reinsurance transactions, together with the
relative sophistication of the market participants involved in reinsurance,
are key elements that the supervisor should consider when supervising
ceding insurers.
13.4.2 Taking into account the supervision performed in the jurisdiction of the
reinsurer may help the supervisor to assess the overall risk profile of the
ceding insurer. This can be done, for example, by reviewing the
supervisory framework and practices in the jurisdiction of the reinsurer,
or by engaging in supervisor-to-supervisor dialogue.
Supervisory recognition
13.4.3 The supervisor can benefit from relying on supervision performed in the
jurisdiction of the reinsurer. Benefits may include, for example,
strengthened supervision as well as a more efficient use of resources by
the supervisor of the ceding insurer.
13.4.4 Where supervisors choose to recognise aspects of the work of other
supervisory authorities, they should consider putting a formal supervisory
Public
recognition arrangement in place (see ICP 3 Information Exchange and
Confidentiality Requirements).
13.4.5 Supervisory recognition can be conducted through unilateral, bilateral
and multilateral approaches to recognition. All three approaches
recognise the extent of equivalence, compatibility or, at least,
acceptability of a counterparty’s supervisory system. Bilateral and
multilateral approaches typically incorporate a mutuality component to
the recognition element, indicating that this is reciprocal.
13.5 The supervisor requires the ceding insurer to consider the impact of its
reinsurance programme in its liquidity management.
13.5.1 Given the nature and direction of cash flows within a ceding insurer,
liquidity risk historically has not been considered to be a major issue in
the insurance sector. However, there can be liquidity issues within an
individual ceding insurer which could arise specifically from the ceding
insurer’s reinsurance programme.
13.5.2 Reinsurance contracts do not remove the ceding insurer’s underlying
legal liability to its policyholders. The ceding insurer remains liable to fund
all valid claims under contracts of insurance it has written, regardless of
whether they are reinsured or not. For this reason, a large claim or series
of claims could give rise to cash flow difficulties if there are delays in
collecting from reinsurers or in the ceding insurer providing proof of loss
to reinsurers.
13.5.3 The supervisor should require ceding insurers to take appropriate
measures to manage their liquidity risk, including funding requirements in
adverse circumstances. As with all risks, the insurer should develop its
own response to the level of risk it faces and the supervisor should assess
these responses. There are a number of ways in which liquidity risk may
be mitigated. For example, some insurers choose to arrange a line of
credit from a bank in order to deal with short-term liquidity issues.
13.5.4 Ceding insurers may make arrangements with their reinsurers in order to
mitigate their liquidity risk. These arrangements, if used, may include
clauses that trigger accelerated payment of amounts due from reinsurers
in the event of a large claim and/or the use of collateral or deposit
accounts, giving ceding insurers access to funds as needed. Use of such
arrangements is a commercial matter between the ceding insurer and
reinsurer.
13.5.5 External triggers can give rise to liquidity issues, especially where
reinsurers have retroceded significant amounts of business. If a
reinsurance contract contains a downgrade clause that gives the ceding
insurer the right to alter the contract provisions, or obliges the reinsurer
to post collateral with a ceding insurer to cover some or all of its
obligations to that ceding insurer, such action may cause liquidity issues
among reinsurers and may be pro-cyclical. Therefore, the supervisor
should be aware of the potential consequences of such triggers for the
overall efficiency and stability of the market.
13.6 In jurisdictions that permit risk transfer to the capital markets, the supervisor
understands and assesses the structure and operation of such risk transfer
arrangements, and addresses any issues that may arise.
Public
13.6.1 A wide range of techniques has been developed to allow the transfer of
insurance risk to the capital markets, resulting in a diversity and
complexity of risk transfer arrangements.
13.6.2 In general, arrangements used to enable risk transfer to the capital
markets operate like mainstream reinsurance. For example, risk is
transferred via a reinsurance contract with similar terms and conditions
to any other reinsurance contract. Further, the risk assuming entity is a
reinsurer subjected to licensing conditions like any other reinsurer. The
defining feature of these risk transfer arrangements is the direct funding
of the reinsurance risk exposure with funds raised, often exclusively, in
the capital markets.
13.6.3 Insurance risk transfer to the capital markets can occur by making use of
a wide variety of arrangements. Arrangements in the non-life sector are
often broadly classified into four groups: 1) catastrophe bonds (cat
bonds); 2) collateralised reinsurance; 3) industry loss warranties (ILWs);
and 4) sidecars. These four groups, which are not mutually exclusive,
focus on different elements of the risk transfer arrangements:
• cat bonds take the name from the financial instrument (i.e. a debt
security) issued to fund an insurance exposure, usually a
catastrophe;
• collateralised reinsurance is generally used to highlight a credit risk
mitigation feature of certain insurance transactions (i.e. the
collateralisation of the insurance exposure);
• ILWs refer to a range of financial instruments used by
counterparties, who may or may not be insurers, to buy or sell
protection related to insurance risks; and
• sidecars refer to a legal entity created ‘on the side’ of an insurer that
is used to transfer insurance risk, usually to the capital markets.
To illustrate that these are not mutually exclusive, there could be a sidecar
that underwrites insurance risk via an ILW and funds the exposure
through an issuance of cat bonds, the proceeds of which are used to
collateralise the reinsurance risk assumed.
13.6.4 In the life sector, some arrangements are similar to the non-life sector (for
example, mortality bonds, which operate like cat bonds). Other life
insurance arrangements have specific features that are not used in non-
life insurance, such as the funding of certain portions of the ceding
insurer’s reserves.
13.6.5 Despite the many similarities with mainstream insurance, transactions
transferring insurance risk to the capital markets have special features
that the supervisor should bear in mind in order to assess the
appropriateness and effectiveness of their use by ceding insurers and
reinsurers.
Initial assessment
13.6.6 Insurance risk transfer to the capital markets usually entails the creation
of a dedicated entity or a legally ring-fenced arrangement, specifically
constituted to carry out the transfer of risk. These are referred to by a
variety of names, such as special purpose vehicles, special purpose
Public
reinsurance vehicles, or special purpose insurers; for the purpose of this
ICP, they are collectively referred to as special purpose entities (SPEs).
13.6.7 The main purpose of an SPE is to assume insurance risk, funding the
exposure by raising funds in the capital markets, and to be dismantled
once its purpose has been fulfilled. Importantly, as SPEs conduct
insurance business, the supervisor should consider licensing them as
insurers (see ICP 4 Licensing). Licensing of SPEs should be
appropriately tailored to take into consideration the unique characteristics
of SPEs. In this respect, close collaboration among those supervising
ceding insurers and those supervising SPEs before authorisation of the
SPE and on an on-going basis can be particularly helpful.
13.6.8 Key elements of any SPE structure include:
• the insurance risk that it assumes is “fully funded” (i.e., that the
exposure taken by the SPE is funded across a range of foreseeable
scenarios from the time the SPE goes on risk to the time it comes
off risk);
• the claims of any investors in the SPE are subordinate to those of
the ceding insurer; and
• the investors in the SPE have no recourse to the ceding insurer in
the event of an economic loss.
13.6.9 In order to be able to understand and assess whether an SPE structure
meets the criteria above, the supervisor should take the following into
account:
• ownership structure of the SPE;
• suitability of the Board and Senior Management of the SPE;
• the SPE's management of credit, market, underwriting and
operational risks;
• investment and liquidity strategy of the SPE;ranking and priority of
payments;
• extent to which the cash flows in the SPE structure have been
stress tested;
• arrangements for holding the SPE’s assets (e.g. trust accounts) and
the legal ownership of the assets;
• extent to which the SPE’s assets are diversified; and
• use of derivatives, especially for purposes other than risk reduction
and efficient portfolio management.
13.6.10 Understanding the role of all the parties to the SPE arrangement is critical
to understanding the underlying risks, particularly as these may be
fundamentally different from those involved in a traditional reinsurance
transaction. The supervisor should understand and assess, among other
things, the:
• extent to which key parties have been fully disclosed (e.g. sponsor,
(re)insured, investors, advisors, counterparties) and are known to
the supervisor;
Public
• extent to which potential conflicts of interest between all parties to
the SPE have been adequately disclosed and addressed (such as
situations where sponsors also take a managing role);
• credit risk associated with key service providers, including financial
guarantors used to protect the position of investors;
• degree of basis risk that is assumed by the ceding insurer and to
what extent this could have immediate ramifications for the ceding
insurer’s financial position in case of a loss;
• details of the SPE’s management arrangements and key personnel;
• third party assessments of the SPE structure (e.g. by credit rating
agencies);
• expertise of the legal advisors involved;
• robustness of any financial or actuarial projections, if applicable
(e.g. if triggers are indemnity based); and
• disclosure of outsourcing agreements.
13.6.11 As many SPEs are designed to operate with a minimum of day-to-day
management, the supervisor should understand and assess the extent to
which the systems of risk management and internal controls are adequate
and proportionate to the nature of the underlying risks and to the
complexity and expected lifespan of the SPE structure.
13.6.12 The systems of risk management and internal controls of the SPE should
ensure that, at a minimum:
• investment restrictions are not breached;
• interest payments, dividends, expenses and taxes are properly
accounted for;
• movements above established thresholds in assets and
collateral accounts are reported;
• assets are legally existent and technically identifiable; and
• liabilities can be determined on a timely and accurate basis and
obligations satisfied in accordance with the underlying
contracts.
13.6.13 The supervisor should understand and assess:
• the systems of risk management and internal controls of the SPE,
particularly the extent to which these are sufficient to ensure
effective operation in compliance with the SPE’s legal and
supervisory obligations; and
• operational risks within the SPE structure and any mitigation
arrangements.
Basis risk
13.6.14 The supervisor should understand and assess the extent to which SPE
arrangements give rise to basis risk. This arises where the trigger for
Public
indemnity under the SPE arrangement is different from the basis on which
underlying protected liabilities can arise.
13.6.15 Where SPEs contain indemnity triggers (i.e., recovery from the SPE is
based on the actual loss experience of the ceding insurer) basis risk is
unlikely to be an issue. However, many SPEs contain non-indemnity
triggers, such as parametric triggers (driven by objectively measurable
events) or modelled triggers (driven by the outcome of modelled, industry-
wide losses). In such cases, there may be events where the ceding
insurer will remain exposed to its underlying policyholders without having
recourse to the SPE.
13.6.16 Basis risk should be considered with reference either to the amount of
credit given by the supervisor of the ceding insurer for the SPE
arrangement or in the capital requirement of the ceding insurer, where
such mechanisms are used.
13.6.17 Additionally, in some jurisdictions the accounting and regulatory
treatment of insurance risk transfer that uses non-indemnity triggers may
be different from the accounting treatment of indemnity-based insurance.
The supervisor should understand these accounting differences and the
impact these may have on the financial statements of the ceding insurer
and the reinsurer.
Ongoing Supervision
13.6.18 The supervisor should understand the various issues that emerge in the
ongoing supervision of SPEs and their use. Consideration should be
given to the following areas:
• measures to be taken by the supervisor if any of the licensing or
authorisation conditions are breached;
• level of capital and ability of the SPE to continue to respond
adequately should covered events occur;
• level of reporting required by the supervisor in order to understand
and assess whether the SPE is complying with its obligations;
• the SPE’s response in the event of fluctuations in the values of
invested assets (e.g. match/mismatch between collateral account
and exposure, flow of premiums, fees, commissions);
• arrangements put in place in the SPE to ensure that the “fully
funded” condition is maintained in the case that the insurance risks
assumed are rolled over from one risk period to another; and
• where the SPE undertakes multiple transactions, arrangements put
in place in the SPE to ensure that the funds corresponding to each
transaction are appropriately segregated and legally insulated.
Unwinding of SPE arrangements
13.6.19 The unwinding of SPEs is often influenced by the dynamics of insurance
losses. The supervisor should understand and gain comfort with the
provisions in place to require orderly unwinding of SPEs. In particular, the
supervisor should understand the process related to the generation,
mitigation and management of any residual risk emerging from the
unwinding of the SPE.
Public
13.6.20 In addition, the supervisor should understand the process and stages that
the SPE goes through when it comes to a natural end and its obligations
have been fulfilled and the SPE is liquidated. There is a distinction
between unwinding in the event of a loss and unwinding a transaction
reaching legal maturity (without a loss having occurred). While the latter
case is usually simple and straightforward, unwinding in a full or partial
loss situation deserves close attention. Consideration should be given to
the following areas:
• issues relating to share buy-back and conditions to its
materialisation;
• issues relating to disposal of the investment portfolio;
• “dismantling” of the SPE and residual risks;
• where the SPE undertakes multiple transactions, issues relating to
the segregation and legal insulation of assets per transaction; and
• supervisory issues relating to risks which revert to the ceding
insurer on termination of the arrangement.
Considerations for supervisors of insurers ceding risks to SPEs
13.6.21 Although in many jurisdictions insurance risk transfer to the capital
markets is not permitted, the supervisor should consider that some of the
insurers in its jurisdiction may be transferring insurance risk to SPEs
located in another jurisdiction that permits insurance risk transfer to the
capital markets. In this case, the supervisor of the ceding insurer should
consider, among other things:
• whether the risk transfer taking place involves an SPE that is
licensed in the jurisdiction where the insurance risk is assumed;
• the supervisory regime to which the SPE is subject in its jurisdiction;
and
• the extent to which the ceding insurer has adequately provided for
the identification, assessment and management of the risks
associated with transferring insurance risk to an SPE (e.g. credit
risk, basis risk).
Public
ICP 14 Valuation
The supervisor establishes requirements for the valuation of assets and liabilities for
solvency purposes.
Application
14.0.1 The IAIS considers it is most desirable that the methodologies for
calculating items in general purpose financial reports can be used for, or
are substantially consistent with, the methodologies used for regulatory
reporting purposes, with as few changes as possible to satisfy regulatory
requirements. However, the IAIS also recognises that this may not be
possible or appropriate in all respects, considering the differing purposes.
The IAIS believes it is essential that differences between general purpose
financial reports and published regulatory reports are publicly explained
and reconciled.
14.0.2 The IAIS considers that differences between technical provisions for
general purpose financial reports and published regulatory reports should
be publicly explained and reconciled in terms of differences in data,
discount rate, methodology and assumptions used together with the
rationale for why any different approach is appropriate for solvency
purposes.
14.0.3 To the extent that financial reporting standards, including IFRS, are
consistent with the standards in this ICP, valuations that are in
accordance with those financial reporting standards may be regarded as
compliant with this ICP.
14.0.4 The context and purpose of the valuation of assets or liabilities of an
insurer are key factors in determining the values that should be placed on
them. This ICP considers the valuation requirements that should be met
for the purpose of the solvency assessment of insurers within the context
of IAIS risk-based solvency requirements that reflect a total balance sheet
approach on an economic basis 26 and address all reasonably foreseeable
and relevant risks.
14.0.5 Standard 17.1 states that the supervisor requires a total balance sheet
approach to be used in the assessment of solvency to recognise the
interdependence between assets, liabilities, regulatory capital
requirements and capital resources and to require that risks are
appropriately recognised 27. Such an approach ensures that the
determination of available and required capital is based on consistent
assumptions for the recognition and valuation of assets and liabilities for
solvency purposes.
26 An economic basis may include amortised cost valuations and market-consistent valuations that
comply with this ICP.

27 The total balance sheet approach is an overall concept rather than one which implies the use of a
particular methodology such as a cost of capital method or a percentile method.

Public
14.0.6 To achieve consistency with this approach to setting capital requirements
in the context of a total balance sheet approach, capital resources should
broadly be regarded as the difference between assets and liabilities, but
on the basis of their recognition and valuation for solvency purposes.
Solvency purposes
14.0.7 The valuation "for solvency purposes" referred to in this ICP is the
valuation of the assets and liabilities used within the broad concept of a
risk-based solvency assessment of insurers.
14.0.8 Solvency assessment results from the application of supervisory
judgment to various measures and estimates of an insurer’s current
financial position and future financial condition which serve to
demonstrate the insurer’s ability to meet its policyholder obligations when
they fall due. Useful in this regard is a set of financial statements which
may differ from those used for general purpose financial reporting. To
distinguish them, this ICP refers to the financial statements used for
solvency assessment as “regulatory financial statements”. Such
statements include a regulatory balance sheet and regulatory capital
requirements. For the purposes of this ICP, “valuation for solvency
purposes” refers to valuation of assets and liabilities in the regulatory
financial statements. The overall solvency assessment may use
information additional to the regulatory financial statements such as:
• stress and scenario testing;
• the insurer’s own risk and solvency assessment; and
• relevant disclosure.
14.0.9 Technical provisions are a significant component of valuation for solvency
purposes. They include a margin for risk appropriate for solvency
purposes. Regulatory capital requirements are another component of the
solvency assessment, and they include further allowance for risk so that
when taken together, they are sufficient to ensure that policy obligations
are satisfied with the probability of sufficiency required by the supervisor.
14.0.10 In adverse circumstances, certain assets may be considered to have
reduced or nil value. Consequently, in the capital adequacy assessment
such assets may be excluded from or have reduced value in capital
resources. Alternatively, a capital requirement may be set to cover the
potential shortfall in value. Such adjustments are part of the process of
determining capital requirements and/or capital resources and are
covered by ICP 17 Capital Adequacy. These adjustments are shown
separately from asset values in the regulatory financial statements. This
enables improved transparency, consistency and comparability.
14.1 The valuation addresses recognition, derecognition and measurement of assets
and liabilities.
14.1.1 Assets and liabilities should be recognised and derecognised to the
extent necessary for risks to be appropriately recognised. Such
recognition/derecognition principles may differ from those used for
general purpose financial reporting in a jurisdiction.
Public
14.1.2 Recognition of insurance contracts as part of the valuation of technical
provisions is a significant issue for insurers and supervisors. There are
two key possible points of recognition – on entering into a binding contract
(the bound date) and the inception date of the contract. In principle, the
bound date is the date at which an economic obligation arises. However,
in practice, these dates are only likely to be significantly different for
certain classes of non-life insurance.
14.1.3 Contracts for ceded reinsurance should be recognised and valued so as
to correspond to the recognition of the risks which they are mitigating.
Where a current reinsurance policy is contracted to cover future direct
policies, the value of the reinsurance policy should not include any
amount in respect of future direct policies that have not been recognised.
14.1.4 An insurance contract liability (or a part of an insurance contract liability)
within technical provisions should be derecognised when, and only when,
it is extinguished – i.e. when the obligation specified in the insurance
contract is discharged or cancelled or expires.
14.1.5 The purchase of reinsurance should not result in the derecognition of
technical provisions unless the purchase of that reinsurance results
effectively in the extinguishment or novation of the insurance contracts.
14.2 The valuation of assets and liabilities is undertaken on consistent bases.
14.2.1 Solvency assessment based on consistent valuation of assets and
liabilities is a prerequisite for obtaining a meaningful insight into the asset-
liability positions of an insurer and an understanding of the financial
position of an insurer relative to other insurers. It provides reliable
information on which to base the actions that are taken by insurers and
their supervisors in respect of those positions.
14.2.2 The overall financial position of an insurer should be based on the
consistent measurement of assets and liabilities, the explicit identification
and consistent measurement of risks and their potential impact on all
components of the balance sheet. This consistency should apply to all
assets and liabilities, including assets in excess of the liabilities, and
extend across insurers and time periods so as to achieve comparability.
14.2.3 Undertaking valuation on consistent bases means that differences in
values of assets and liabilities can be explained in terms of the differences
in the nature of the cash flows including their timing, amount and inherent
uncertainty, rather than differences in methodology or assumptions. Such
consistency may be applied at different levels such as segment within a
company, a company or a group.
14.2.4 Observed market valuations or amortised cost valuations may be used
for some assets and liabilities, while valuation models, such as
discounted cash flow models, may be used for other assets and liabilities.
Calibration of such discounted cash flow models to market valuations or
amortised cost of other assets and liabilities can be of assistance in
achieving consistency.
14.2.5 The specific characteristics of insurance contracts, financial instruments
and data available may vary within and across jurisdictions. Consistency
in the valuation of assets and liabilities means that such variations can be
Public
explained in terms of the differences in the nature of the cash flows valued
in each jurisdiction.
14.2.6 Regulatory capital requirements are determined using a consistent
treatment of the valuation of assets and liabilities. Consistency in the
valuation of assets and liabilities for solvency purposes does not
necessarily mean that a single valuation basis is used for all assets and
liabilities. The balance sheet, when taken together with capital
requirements, should result in an appropriate recognition of risks.
14.3 The valuation of assets and liabilities is undertaken in a reliable, decision useful
and transparent manner.
Reliability
14.3.1 The values placed on the assets and liabilities of an insurer for solvency
purposes should be a reliable measure of their value at the date of
solvency assessment.
14.3.2 Objectivity is an important aspect of valuing assets and liabilities in a
reliable manner, so that a valuation is not influenced inappropriately by
an insurer’s management. The valuation of assets and liabilities typically
involves judgment, e.g. expert judgment in assessing the relevance of
data and deriving assumptions. Consistent with reliability of outcome,
subjectivity in valuation should be reduced as far as practicable. This may
be achieved by using information available from effective internal control
processes, market valuations and other relevant current or factual
information, by applying professional standards and subjecting valuations
to independent review. The supervisor should require a valuation
methodology which uses information provided by the financial markets
and generally available data on insurance technical risks. Company-
specific information may be appropriate, for example, where the insurer’s
business model and practices are sufficiently substantiated as
representative of the portfolio and similar information is used in market
valuations.
Decision usefulness
14.3.3 In the context of this standard, ‘decision useful’ means useful in making
judgments for solvency purposes. It should be recognised that, in valuing
assets and liabilities in a reliable manner, and in reducing the subjectivity
in the valuation, it may not be appropriate to eliminate subjectivity
completely. A method that provides a single value without the need for
judgment may be less decision useful than one that produces a range of
reasonable values from which a value is selected by applying judgment.
A method that produces a decision useful outcome should take
precedence over one that does not.
14.3.4 In some jurisdictions, enforcement actions can only be based on objective
calculations. In those jurisdictions, an objective calculation should take
precedence over one based on subjective assumptions and methods.
Supervisors may need to provide greater specificity on assumptions (e.g.
mortality and interest) and methods for regulatory purposes. Specified
Public
methodology should include a margin for risk that is appropriate for a
valuation done for solvency purposes.
14.3.5 Decision useful values may be derived from a range of sources, including
market-consistent valuations, amortised cost valuations and other
valuation models, such as discounted cash flow projection models.
14.3.6 Where there is a market for an asset or liability in which prices are quoted
publicly and trades are readily available, the quoted prices could provide
a decision useful value of the asset or liability in the large majority of
situations. Typically, there will be a range of market prices for the same
item, and judgment will be needed in determining the final value.
14.3.7 In some circumstances, a market price may not necessarily provide a
decision useful basis for a valuation. If the reference market is
dysfunctional or anomalous in its operation, a more reliable method of
determining value based on more normal conditions may be appropriate.
Such circumstances may occur, for example, if there is a high cost in
making actual trades, trading is thin, independent pricing sources are not
available or are limited, or the market is subject to distorting influences.
The supervisor should evaluate such circumstances and as a result may
conclude that the use of an alternative economic valuation is appropriate.
14.3.8 Amortised cost could be a decision useful value for assets and liabilities
where it is a reflection of the amount the insurer will pay and receive over
time, and fluctuations in market values are not indicative of the insurer’s
ability to meet its obligations. Amortised cost may provide a pragmatic
and decision useful value when other valuation approaches are no more
useful or reliable. It is useful to complement such valuations with
sensitivity and adequacy testing.
14.3.9 An insurer’s modelling of its assets and liabilities may also provide a
decision useful value. The reliability of model results is enhanced through
the use of insurers’ and supervisors’ best practices surrounding model
governance, controls and independent review. Supervisory comparisons
or benchmarking of modelling practices can further enhance the reliability
of modelled results. Models can be used to apply common measurement
criteria across all risks (e.g. same methodology, time horizon, risk
measure, level of confidence, etc.)
14.3.10 The supervisor should evaluate the extent to which the time value and
risk adjustments add decision useful information. Where this is not the
case, the disclosure requirements may be relied upon. For liabilities
subject to significant litigation uncertainty, it may not be appropriate to
include estimates of time value and risk in the reported liability, due to the
unreliability of such adjustments.
Transparency
14.3.11 The solvency regime should be supported by appropriate public

disclosure and additional confidential reporting to the supervisor. For
example, explicit determination of the components of the technical
provisions supports the objectives of transparency and comparability and
facilitates convergence. Standards for public disclosure including the
Public
valuation of assets and liabilities for solvency purposes can be found in
ICP 20 Public Disclosure.
14.3.12 Insurers should provide sufficient information about the approaches they
have taken to the valuation of assets and liabilities, describing how the
principles of reliability, decision usefulness and consistency have been
addressed. Transparency facilitates understanding and comparability
within and across jurisdictions.
14.4 The valuation of assets and liabilities is an economic valuation.
14.4.1 An economic valuation is a valuation such that the resulting assessment
of an insurer’s financial position is not obscured by hidden or inherent
conservatism or optimism in the valuation. Such an approach is
appropriate in the context of risk-based solvency requirements which
satisfy these ICPs and standards and shares their objectives of
transparency and comparability.
14.5 An economic valuation of assets and liabilities reflects the risk-adjusted present
values of their cash flows.
14.5.1 An economic value should reflect the prospective valuation of the future
cash flows of the asset or liability allowing for the riskiness of those cash
flows and the time value of money. An asset or a liability may have both
cash inflows and cash outflows the net effect of which is a positive or
negative value. Such a valuation is not necessarily determined directly
using a discounted cash flow calculation. A current quoted market value
or a current sale or purchase value may also reflect the prospective
valuation of cash flows.
14.5.2 Supervisors should take into account all relevant information available
about current market assessments of value and risk and the principles,
methodologies and parameters used in the relevant markets for
assessing the value of an asset or liability.
14.5.3 The historic cost of an asset or liability may not reflect a current
prospective valuation of the future cash flows and may therefore not be
consistent with the current economic valuation of other assets or
liabilities. Historic cost generally does not reflect changes in value over
time. However, amortised cost, which adjusts the historic cost of an asset
or liability over time, may reliably reflect the value of future cash flows,
when used in conjunction with an adequacy or impairment test.
14.5.4 Some jurisdictions utilise a subset of economic valuation known as
market-consistent valuation which is described further in Guidance 14.5.5
to 14.5.11. Some jurisdictions use a subset of economic valuation known
as amortised cost valuation which is described further in Guidance
14.5.12 to 14.5.15.
Market-consistent valuation
14.5.5 It may be appropriate to use market-consistent values for the economic

valuation of assets and liabilities. A valuation that is based upon
principles, methodologies and parameters that the financial markets
would expect to be used is termed a market-consistent valuation. Where
Public
a range of assessments and approaches is evident from a market, a
market-consistent valuation is one that falls within this range.
14.5.6 It may be well known to financial markets that the approach taken to
market assessments for some assets and some insurance liabilities or
their components uses modelling based on certain assumptions and
techniques and portfolio specific information as well as generally
available data on insurance technical risks. A calculation consistent with
this approach would be market-consistent.
14.5.7 However, in exceptional circumstances there may be information
additional to that on market assessments from the wider economy that
should be taken into account e.g. where a market is anomalous, not
operating effectively or is subject to intervention from the relevant
authorities. For example, where a government/regulator intervenes in a
major way e.g. by injecting money or taking control. Such action may be
in response to or the cause of distortions of supply and demand in
relevant markets so that values determined in a market consistent way
may also be distorted temporarily.
14.5.8 A market-consistent value may not then be appropriate and a different
value, which may, for example, be expected to be market-consistent
under more normal market conditions, may need to be determined to
arrive at an economic valuation for solvency purposes. The extent to
which this is appropriate is likely to vary according to market conditions
in different jurisdictions. If such circumstances arise, supervisors should
provide guidance as to the appropriate values or adjustments insurers
should use for solvency purposes to reflect the risk-adjusted present
value of their cash flows and maintain consistency, decision usefulness,
relevance and transparency.
14.5.9 A sufficiently active market may exist for an asset or liability that in itself
provides a measure of value that is market consistent. For other assets
and liabilities or when the market becomes illiquid, there may be no direct
measure of value. However, relevant market information may be available
regarding the assessment of components of the rights, obligations or risks
of the asset or liability. If, for example, a component of the obligations of
an insurance liability can be replicated using financial instruments for
which there is a reliable market value, that value provides a reliable
indication of the value for this component.
14.5.10 The market-consistent value of an asset or liability may be determined
using different techniques, or a combination thereof. For example, in
valuing technical provisions:
• if the insurance obligations are traded in a sufficiently deep and
liquid market the observed prices may be used to arrive at a
market consistent value. The availability, decision usefulness
and reliability of the prices should be taken into account when
deriving the market consistent value;
• if some or all of the cash flows associated with the insurance
obligations can be replicated using financial instruments, the
market value of the replicating financial instruments may be
used as the value of those cash flows;
Public
• if the cash flows associated with the insurance obligations
cannot be replicated perfectly, then the remaining cash flows
may be valued using a discounted cash flow model. To be
market consistent, the methodology used needs to deliver a
proxy for market value based on market consistent valuation
principles and to reflect the uncertainty or unavailability of
market information.
14.5.11 This approach to valuation is sometimes termed the “components
approach”, under which risk components are valued at market value
where such a value is ascertainable, decision useful and reliable; other
components may need to be valued using marked-to-model methods.
Separate components may, for example, be identifiable for insurance
contracts which have an investment or deposit component and an
insurance risk component. The components approach helps to improve
market consistency and reduce modelling error. It should be noted that
where there is no sufficiently deep liquid market from which to determine
a market consistent value for a risk component, the additional liquidity risk
needs to be considered.
Amortised cost valuation
14.5.12 It may be appropriate to use an amortised cost method for economic

valuation of assets and liabilities. Amortised cost methods determine the
value of an asset or liability at any point in time as the present value of
future cash flows discounted at an appropriate interest rate, with an
appropriate adjustment for risk.
14.5.13 The discount rate used in valuing assets under an amortised cost method
equates the present value of expected contractual cash flows with the
amount paid to acquire the asset. The price paid for an asset usually
equals the market value at time of purchase. Since the price paid reflects
the risk of the instrument at the time of purchase, an adjustment for the
risk assessed at that time is automatically included in the discount rate.
14.5.14 When valuing both assets and liabilities under an amortised cost method,
there is a close relationship between the discount rate and the provision
for risk. The discount rate used may be based on the expected yield, after
making allowance for default, of the supporting asset portfolio. Other
combinations of discount rate and risk adjustment are possible.
14.5.15 When an amortised cost method is used, the values produced should be
evaluated for adequacy at least annually. For assets, when the asset has
been impaired to a significant degree, the carrying value of that asset
should be adjusted to reflect that impairment. For liabilities, the value
should be tested at least annually. When the liability value is found to be
inadequate, it should be strengthened. Adjustments should also be made
to reduce any significant, undue conservatism identified by the adequacy
test.
14.6 The value of technical provisions and other liabilities does not reflect the
insurer’s own credit standing
14.6.1 To achieve consistent and reliable economic values of insurance
portfolios for solvency purposes, the value of technical provisions should
Public
not reflect an insurer’s own credit standing. Insurance obligations are
required to be met to the same level of confidence by all insurers in a
jurisdiction and the value of an identical portfolio held by different insurers
should not depend on the insurer’s credit standing. This also applies to
the technical provisions of a reinsurer.
14.6.2 However, the credit standing of a reinsurer should be taken into account
when considering the solvency of a ceding (re)insurer even if the
contractual cash flows are the same. The risk of reinsurer default could
be covered either by the regulatory capital requirements or adjustments
made to the value of assets in determining available capital. Alternatively,
some allowance for the credit default risk could be made in valuing the
reinsurance asset directly.
14.6.3 The valuation of liabilities, other than technical provisions, should also not
reflect the insurer’s own credit standing.
14.6.4 Where the terms of the debt make it subordinate to the insurer’s
obligations in respect of insurance contracts, the value of the debt may
reflect the lower probability of repayment under subordinated debt and
the lower capital needed to cover the risk of non-payment.
14.7 The valuation of technical provisions exceeds the Current Estimate by a margin
(Margin over the Current Estimate or MOCE).
14.7.1 Technical provisions are assets or liabilities that represent the economic
value of the insurer fulfilling its insurance obligations to policyholders and
other beneficiaries arising over the lifetime of the insurer’s portfolio of
insurance policies. This includes a margin (Margin Over the Current
Estimate or MOCE) to cover the inherent uncertainty of those obligations.
14.7.2 The cash flows associated with fulfilling an insurer’s insurance obligations
include the premiums receivable, the claims payable under the insurance
policies, any other policy cash flows (e.g. future distributions under
participating contracts) and the future expenses of administering the
policies.
14.7.3 Acquisition costs are usually a significant component of an insurer’s cash
flows. After acquisition costs have been paid future cash inflows may
exceed future cash outflows.
14.7.4 Because an insurer’s obligations under an insurance policy are inherently
uncertain as to amount and/or timing, the present value of the cash flows
associated with fulfilling them has a range of possible values with varying
probabilities. The probability-weighted average of these present values is
their expected present value (also called the statistical mean) and is
termed the “current estimate of the cost of meeting the insurance
obligations” (Current Estimate). Actuarial and statistical techniques may
be used in determining the current estimate, including deterministic,
analytical and simulation techniques.
14.7.5 In addition to covering the cash flows associated with fulfilling insurance
obligations, an insurer incurs the cost of covering the uncertainty inherent
in those cash flows (e.g. through holding capital, or through hedging,
reinsurance or other forms of risk mitigation). Insurers are required to
maintain an amount such that the obligations under insurance policies will
be fulfilled with the claimant or beneficiary when they fall due. In principle,
Public
therefore, an economic value of the technical provisions exceeds the
current estimate of the cost of meeting the insurance obligations by an
amount covering this uncertainty. This excess is the MOCE.
14.7.6 Where, for example, capital is required to give the level of confidence
required by the solvency regime, the technical provisions should at
minimum also cover the cost of holding that capital. In these
circumstances, the MOCE might be seen as a provision for rewarding the
capital committed to the business over the outstanding lifetime of the
policy. As the uncertainty reduces over time, so the MOCE will also
reduce, gradually releasing it from the technical provisions. Equally, as
uncertainty reduces, the required capital would also reduce in line with
the revised risk profile.
14.7.7 It may not be necessary, in practice, to determine the current estimate
and the MOCE separately. The solvency regime should require any
method by which technical provisions are valued to be such that the value
includes an explicit or implicit margin over the current estimate. For
example, a reliable market valuation by reference to a sufficiently deep
and liquid market may be expected automatically to include a MOCE.
14.7.8 A model which includes in its calculations an allowance for uncertainty up
to the level of confidence required by the solvency regime is also capable
of calculating the technical provisions directly. However, in this case,
supervisors should consider whether the current estimate and MOCE
should be separately reported to help ensure that technical provisions are
consistent and reliable.
14.7.9 A change in underlying data or assumptions generating a change in
current estimate and MOCE should be disclosed and justified so that
consistency, reliability and relevance may be maintained and arbitrary
changes over time are avoided.
14.8 The Current Estimate reflects the expected present value of all relevant future
cash flows that arise in fulfilling insurance obligations, using unbiased, current
assumptions.
14.8.1 The current estimate should reflect all future cash flows under an existing
insurance contract to the extent that they are integral to the fulfilment of
the obligations under that contract. This encompasses all cash flows,
including non-guaranteed optional or discretionary cash flows, where
they are established as stemming from the contractual relationship
between the insurer and the policyholder. This reflects the commercial
substance of the contract and therefore reflects economic reality.
14.8.2 An insurance contract should be considered as a whole. In particular,
where the contract provides for the payment of future premiums, such
premiums are integral to the fulfilment of the obligations under that
contract. Neither the company nor the policyholder is able to deal with
one without simultaneously dealing with the other. To recognise one, the
other must also be recognised. Valuation of the insurance liability requires
consideration of all of the associated cash flows, including the
contractual, premium inflows. The uncertainty associated with those cash
flows along with that of the other relevant cash flows are reflected in the
probability weightings applied in calculating the current estimate.
Public
14.8.3 To give clarity as to what constitutes an insurance contract for solvency
purposes, the supervisory regime should specify the boundaries for
insurance contracts which define the relevant cash flows to be included
in determining the current estimate. The insurance contracts are subject
to the following boundary constraints, if they exist 28:
• contractual termination as extended by any unilateral option
available to the policyholder, or
• the insurer having a unilateral right to cancel or freely re-
underwrite the policy, or
• both the insurer and policyholder being jointly involved in
making a bilateral decision regarding continuation of the policy.
14.8.4 The first boundary constraint excludes new business arising from the
“rolling-over” of the existing contract, except where such “roll-over” is due
to the exercising of an explicit option available to the policyholder under
the current contract. Contractual cash flows arising from policyholders’
unilateral in-the-money options to extend the contractual termination date
should be included. The current estimate should allow for the expected
rate of exercising such options. This boundary constraint also excludes
additional voluntary contributions premiums, except where provided for
as a unilateral option under the contract. For insurance contracts with
variable premiums (such as universal life contracts), the cash-flows
should include voluntary contributions above the minimum required to the
extent that there are guarantees, under the current contract e.g. no-lapse
and premium rate guarantees. The current estimate should reflect the
expected rate of payment of additional contributions and the expected
level of such contributions.
14.8.5 The second boundary constraint clarifies that future cash flows arising
from events beyond the point where the insurer can unilaterally cancel
the contract – for example, by re-underwriting are not included in the
valuation. This is the case with most non-life insurance contracts which
are typically written for only one year. Although there might be a high
expectation that they would be renewed, the insurer is not bound to do
so, and accordingly only cash flows arising in respect of the currently in-
force or in run-off contracts, are included for valuation purposes, whereas
the impact of new business might be considered in capital requirements
or capital resources by the solvency regime. By contrast, future cash
flows under a life or disability contract which the insurer cannot
unilaterally cancel should be included, even if the future premiums under
such a contract are planned to increase, or able to be varied by the insurer
in respect of the entire class of contracts without individual underwriting.
14.8.6 The third boundary constraint clarifies that even if the policyholder has an
option to continue or increase the contract, if it requires the insurer’s
consent then cash flows arising from events beyond that point should not
be included for valuation purposes, whereas the impact of new business
28For certain types of long-duration life policy with an indefinite term, these would be evaluated through
the potential life of the policyholder, allowing for lapse or surrender in the probabilities attached to
each cash flow.
Public
might be considered in capital requirements or capital resources by the
solvency regime
Discretionary payments
14.8.7 Some insurance contracts give the policyholder both guaranteed benefits
(e.g. a minimum amount payable on death and/or maturity or any insured
event) and for example, a right to participate in the performance of the
relevant class of contracts, related assets or both. The insurer has some
discretion over the amount or timing of the resulting distributions to
policyholders, but there are often constraints over that discretion.
14.8.8 When establishing the future cash flows to include in the determination of
technical provisions for solvency purposes, consideration should
therefore be given to all payments whether or not these payments are
contractually guaranteed under an insurance contract. For example,
future discretionary bonuses which the insurer expects to make should
be included.
14.8.9 In view of the wide variety of participating contracts and legal frameworks
in different jurisdictions, supervisors should establish criteria appropriate
to their jurisdictions for the allowance of discretionary elements
associated with participating contracts in the valuation of technical
provisions. These should nonetheless reflect the principles of a
consistent, reliable and economic valuation and those that apply more
specifically to technical provisions, as discussed in this ICP.
14.8.10 In many jurisdictions, accumulated profits attributable to a class of
policyholders are accounted for separately by the insurer. Where such
accumulated profits can be used to absorb losses to protect policyholder
interests in a period of stress, they may possess all the characteristics of
capital and may hence be recognised in the determination of capital
resources for solvency purposes. In such a case, it is important to ensure
that the criteria established by the solvency regime for the allowance of
future discretionary benefits in the valuation of technical provisions are
compatible with the criteria for determining capital resources in order to
achieve a consistent overall assessment of the solvency position of the
insurer.
Unbiased current assumptions
14.8.11 Unbiased current assumptions are derived from a combination of

relevant, credible experience as well as judgment about its expected
future development, e.g. improving mortality rates, inflation of expenses
that neither deliberately overstates nor understates the expected
outcome. Reconsideration of data and assumptions should occur every
time the technical provisions are valued, with revisions made as
appropriate to ensure data and assumptions remain appropriate to
current conditions.
14.8.12 Observable data, such as interest rates, financial market prices and
inflation rates may be expected to be different each time the current
estimate is determined. In particular, cash flows are sensitive to inflation
rates. Where assumptions are derived from observed values in the
Public
market, these should be the observed values current at the date of the
valuation.
14.8.13 Regular experience analysis, considering the individual entity and
relevant industry experience where appropriate, should be undertaken to
support the assumptions used for insurance technical risks. Where
assumptions depend on the results of such experience analyses, the
most recent experience for the portfolio need not necessarily represent
the most credible current assumption for that portfolio. Greater credibility
may be achieved by the analysis of several years' experience, smoothing
out fluctuations in experience and allowing appropriately for any trends in
experience that may be evident. However, care should also be taken that
historical experience remains relevant to current conditions.
14.8.14 Where the credibility of an insurer’s own experience is low, for example
for a small or new portfolio of insurance contracts, assumptions based on
the relevant industry experience are likely to be more decision useful as
a basis for projecting its cash flows.
14.8.15 The assumptions used should, in principle, reflect the characteristics of
the portfolio rather than those of the particular insurer holding that
portfolio. However, it is important to note that, in practice, the
characteristics of the portfolio underwritten by an insurer may reflect
aspects of an insurer’s specific business practices, particularly with
regard its underwriting, claims handling and expenses. Company-specific
information may be appropriate, for example, where the insurer’s
business model and practices are sufficiently substantiated as
representative of the portfolio and similar information is used in market
valuations.
14.8.16 With respect to expenses, the insurer’s own expense experience in
managing a portfolio is likely to be relevant in determining an economic
value.
14.8.17 Acquisition costs are typically a major component of an insurer’s
expenses. For most insurance contracts, acquisition costs will already
have been incurred so that future cash flows include only maintenance
and claims costs. An appropriate analysis of the insurer’s expense
experience is needed to separate out acquisition costs in order to model
future expenses. Care is needed to allow for expenses that do not vary
directly with the level of new business so that expenses that will continue
to be incurred for a period if new business ceases are taken into account.
14.9 The MOCE reflects the inherent uncertainty related to all relevant future cash
flows that arise in fulfilling insurance obligations over the full time horizon
thereof.
14.9.1 Different methods may be used in practice to measure risk. For some
risks, observable market prices for risk may be available. In choosing a
methodology, due consideration should be given to the nature of the risks
being measured. Other approaches being considered around the world
include quantile, conditional tail expectation, cost of capital and explicit
assumption methods. Where a mixture of appropriate methods is used, a
consistency check should be considered. Calibration of the methods used
should reduce the effect of methodological differences to a level sufficient
to enable reliable solvency assessment to be undertaken. At present,
Public
there is no one common methodology. In practice, the results from
different methods will not be identical and calibration and consistency
checks should be applied so that methodological differences are reduced
to an acceptable level for solvency assessment purposes. Once
established, the methodology should not be changed from one valuation
to the next unless there is a reasonable rationale for change.
14.9.2 The margin over current estimate (MOCE) represents an estimated
measure of the uncertainty inherent in the cash flows associated with
fulfilling an insurer’s insurance obligations. To achieve a consistent,
reliable and decision useful valuation, the margin over current estimate
should consider all of the inherent uncertainty attached to the policy
obligations over the full period of those obligations i.e. the variability of all
relevant future cash flows to the extent to which this uncertainty is borne
by the insurer and not the policyholder.
14.9.3 Only risk inherent to the policy obligations should be reflected in the
MOCE. Other risks should be reflected in regulatory capital requirements.
Where risks are reflected in both the MOCE and regulatory capital
requirements to provide an overall level of safety, double counting should
be avoided as far as practical.
14.9.4 In some jurisdictions it may be considered appropriate, due to inherent
uncertainty in policy obligations and profit, that no component of premium
related to such considerations should be recognised in profit at the
inception of a contract. In those jurisdictions, the inherent uncertainty is
effectively represented by the difference between premium received and
the Current Estimate. Other jurisdictions may take the view that one of
the other methodologies described in this document provides a decision
useful separate estimate of the level of uncertainty in determining the
MOCE and may therefore allow potential gain at issue to be recognised.
14.9.5 It is important to be clear about the extent to which risk factors should be
reflected when valuing the MOCE and to what extent. It is appropriate to
differentiate between the risks specific to the portfolio of insurance
obligations and the risks associated with the operations of the particular
insurer. Risks that are portfolio specific are inherent to the policy
obligations and should be taken into account in the MOCE.
14.9.6 In determining the appropriate methodology for determining the MOCE in
a solvency regime, the supervisor should consider the extent to which
possible methodologies promote transparency and comparability
between insurers and insurance markets.
14.9.7 An appropriate method for the determination of the MOCE would be
expected to exhibit the following characteristics:
• Insurance obligations with similar risk profiles have similar
MOCEs;
• The less that is known about the cash flows; the higher the
MOCE;
• For the same level of probability, risks with higher impact have
higher MOCEs than those with lower impact;
Public
• Risks with low frequency and high severity will generally have
higher MOCEs than risks with high frequency and low severity;
• For risks of the same or a similar nature, contracts that persist
over a longer timeframe will have higher MOCEs than those of
shorter duration;
• Risks with a wide probability distribution have higher MOCEs
than those risks with a narrower distribution; and
• To the extent that emerging experience reduces uncertainty,
MOCEs should decrease, and vice versa.
14.9.8 In establishing appropriate criteria or methods for determining the MOCE,
the supervisor should consider the diversification of the inherent risk
factors reflected in the MOCE.
14.9.9 Consideration should be given to the segmentation of the insurance
policies of the insurer into separate portfolios and the impact this has on
the diversification of inherent risk factors that is taken into account.
Segmentation, e.g. by line of business, may be undertaken for calculation
purposes and may mean that diversification within portfolios is taken into
account in the MOCE but diversification across portfolios is left out of
account. The calculation method may also mean that diversification within
portfolios is only partially taken into account. Any residual diversification
within portfolios and all diversification across portfolios could for example
be addressed as an offset to regulatory capital requirements, if
appropriate. The MOCEs for the total business of the insurer would simply
be the sum of the MOCEs of its portfolios.
14.9.10 Where an element of an insurance liability, i.e. an insurance obligation or
risk in whole or in part, can be replicated or hedged by a financial
instrument which has a reliable value, the value of that instrument
provides a reliable value for that element of the liability including an
implicit MOCE. In practice, such hedging is rarely perfect in all scenarios
and there are some differences between the insurance cash flows and
those of the replicating instrument which need to be valued separately.
Where a model is used for this valuation, calibration of the model to the
value of hedging instrument used is likely to assist in achieving overall
consistency and reliability. Such practice should be encouraged by
supervisors.
14.10 The valuation of technical provisions allows for the time value of money. The
supervisor establishes criteria for the determination of appropriate rates to be
used in the discounting of technical provisions.
14.10.1 The solvency regime allows for the time value of money to be recognised
in the determination of technical provisions and should establish criteria
for the determination of appropriate interest rates to be used in the
discounting of technical provisions (discount rates). In developing these
criteria, the supervisor should consider the following:
• the economics of the insurance obligations in its jurisdiction
including their nature, structure and term; and
• the extent (if any) to which benefits are dependent on underlying
assets.
Public
14.10.2 The criteria for determining appropriate interest rates to be used in the
discounting of technical provisions should recognise that the appropriate
interest rates may not be directly observable and apply adjustments
based on observable economic and market data of a general nature as
appropriate.
14.10.3 To the extent that a risk is provided for elsewhere in the balance sheet by
alternative means, there should be no allowance for that risk in the
chosen discount rates.
14.10.4 As the discount rates should reflect the economics of the insurance
obligations, any observed yield curve should be adjusted to account for
differences between the economics of the observed instrument with those
of the insurance obligations.
14.10.5 The criteria should also allow appropriate interpolation and extrapolation
for non-observable market data and maturities. To provide for consistent,
reliable, economic values, the criteria for discount rates should utilise the
entire interest rate term structure.
14.10.6 In principle, if an investment has a reliable market value and fully
replicates or hedges an element of the insurance obligations or risks,
such a value is presumed to reflect the time value of money.
14.11 The supervisor requires the valuation of technical provisions to make
appropriate allowance for embedded options and guarantees.
14.11.1 The determination of the current estimate and MOCE should make
explicit allowance for any options of the policyholder or insurer and for
guarantees embedded in the insurance contract, such as guaranteed
minimum benefits and interest rate guarantees. The method used to
value embedded options and guarantees should be appropriate to the
nature, scale and complexity of risk and may include stochastic simulation
or simplified methods as appropriate.
14.11.2 An important policyholder option is the option to lapse and, for some life
products, to receive payment of a surrender value. Explicit allowance for
lapses and surrenders should be incorporated in the projections of future
cash flows that are used to determine technical provisions. The risks of
lapse and surrender need to be considered over the full time horizon of
the insurance contract. Historical experience of lapses and surrenders is
decision useful in considering the setting of assumptions about future
experience used for calculating a current estimate and MOCE. The
uncertainty associated with lapses and surrender may not be fully
diversifiable across insurance contracts as the level of lapses and
surrenders may depend on economic conditions or perceptions about the
performance of the insurer which apply generally to policyholders. This is
offset by variations in policyholders’ responses to such conditions or
perceptions and their personal motivation for lapse and surrender. Such
factors should be taken into account when assessing the risk of lapse and
surrender.
14.11.3 Technical provisions are not required to be subject to a surrender value
floor equal to the total surrender values payable if all policies were to
surrender immediately. Such an approach would not be an economic
valuation as the effect of surrenders is already allowed for in the technical
Public
provisions by incorporating assumptions about the future rate of
surrender and associated risks. However, in the determination of the
overall financial requirements for solvency assessment purposes, a form
of surrender value minimum may be considered appropriate, to provide
additional protection in the event of a high level of surrenders. This should
be reflected in regulatory capital requirements, as appropriate.
Public
ICP 15 Investment
The supervisor establishes requirements for solvency purposes on the investment
activities of insurers in order to address the risks faced by insurers.
15.0.1 This ICP does not directly apply to non-insurance entities (regulated or
unregulated) within an insurance group but it does apply to insurance
legal entities and insurance groups with regard to the risks posed to them
by non-insurance entities.
Basis for establishing regulatory investment requirements
15.1 The supervisor establishes requirements that are applicable to the investment
activities of the insurer.
15.1.1 The nature of insurance business necessitates the establishment of
technical provisions and loss-absorbing capital. This, in turn necessitates
the investment in and holding of assets sufficient to cover technical
provisions and capital requirements. The quality and characteristics of an
insurer’s asset portfolio and the interplay and interdependence between
the insurer’s assets and its liabilities are central to an assessment of an
insurer’s solvency position, and hence, are important aspects to be
addressed by the supervisor and for an insurer to manage.
15.1.2 There are various reasons for insurers to make investments (e.g. capital
appreciation, hedging or cash flow expectation) and there is a wide
variety of assets that insurers may invest in, with the risk profiles of
different investments varying widely. Some assets, such as equities and
property are subject to unpredictable short term price movements. Other
assets such as corporate and government bonds have fixed or defined
income, with uncertainty related to the price at which these assets can be
sold before maturity and the extent to which the counterparty is able to
make fixed income payments and repay the principal. Unless restricted,
derivatives may be used for speculative or hedging purposes and some may
be subject to wide variations in their value and involve unlimited
commitments.
15.1.3 Financial requirements are not sufficient by themselves to ensure
solvency and should be complemented with appropriate quantitative
and/or qualitative requirements limiting/regulating the investment risks
that are taken by the insurer. This guards against the possibility that the
regulatory capital requirements and the insurer’s own risk and solvency
assessments do not fully cover the risks inherent in those activities.
15.1.4 In establishing regulatory investment requirements, factors considered
may include:
• the overall quality of risk management and governance
frameworks in the insurance industry in the jurisdiction;
Public
• the way in which the quality of capital resources is addressed by
the supervisor, including whether or not quantitative
requirements are applied to the composition of capital
resources;
• the comprehensiveness and transparency of disclosure
frameworks in the jurisdiction and the ability for markets to
exercise sufficient scrutiny and impose market discipline;
• the development of relevant investment and capital markets
locally and internationally and the range of available financial
instruments;
• the cost of compliance, the impact on innovation and the effect
on the efficiency of industry practices keeping in mind that the
protection of policyholders is the main focus of prudential
regulation;
• noting that insurers compete with other financial services
institutions, the requirements on the investment activities of
other financial services entities, including banks; and
• the level of prudence and risk-sensitivity of the regulatory
solvency requirements and the risks that they cover.
15.1.5 Regulatory investment requirements may take many forms and may
influence the investment strategies of the insurer. Requirements may be
rules-based, setting out specific rules or restrictions on the investment
activities of the insurer. For example, the requirements may set out
quantitative limits on the asset types in which the insurer can invest.
Alternatively, requirements may be principles-based, such that there is
no specific restriction on the asset strategy taken by the insurer, as long
as defined principles are met.
15.1.6 Regulatory investment requirements may be a combination of rules-
based and principles-based requirements, setting out some specific rules
or restrictions and some principles with which the insurer’s investment
strategy should comply. Broadly, regulatory investment requirements
should provide the basis and incentives for the implementation of
effective risk management by the insurer.
15.1.7 Rules-based requirements may be used to prohibit or limit specific
classes of investment. Such requirements may be used, for example, for
classes that have very volatile payouts, such as commodities, certain
derivatives, asset classes where the counterparty is below a certain credit
rating, unsecured loans, unquoted shares and exposures to closely
related companies. Rules may also be defined to restrict exposure to any
single counterparty, group, or homogeneous risk group (such as industry
and geographical area) to, for example, a defined percentage of the total
assets or capital base. Such rules or restrictions may either be applied
directly to the investments or lead to charges to or deductions from
available capital which act as a disincentive to investment in risky assets
or high concentrations in particular assets rather than as a prohibition.
15.1.8 Rules-based requirements may be relatively easy to enforce by
supervisors, as there is limited scope for different interpretations of the
Public
rules. Similarly, they may be more readily explainable to a court when
seeking enforcement of supervisory action. A further advantage of rules-
based requirements is that the supervisor is able to prohibit or deter the
insurer from investing in an asset class that it believes is not appropriate
for it to hold.
15.1.9 However, rules-based regulatory requirements may stifle innovation and
may restrain the insurer from holding the assets that it believes are most
appropriate for meeting its financial objectives. For example, an insurer
may want to use derivatives in a hedging strategy to protect it from
adverse market movements, but derivatives may be on the list of
restricted assets. This may result in an ineffective risk management
process, or prevent the insurer from developing innovative contracts to
meet policyholder needs. Also, since the nature of business and structure
of liabilities differ among insurance companies, a uniform rule-based
regulatory requirement on investment, which is applicable to all insurers,
may discourage insurers from developing their own risk management.
15.1.10 One advantage of principles-based requirements is that there is more
flexibility for the insurer in its choice of particular investments and
therefore to follow an investment strategy that it believes is the most
appropriate to its risk profile, risk tolerance and overall financial
objectives. The insurer will be able to select and follow the investment
strategy to best manage its investment risks. Another advantage of
principle-based requirements is that they may not need to be revised so
frequently in response to innovations in the investment market. A
potential disadvantage of a solely principles-based investment regime is
that it may allow certain innovative investments which prove to be riskier
than originally assessed. It may also be more difficult for the supervisor
to take enforcement actions as principles-based investment requirements
admit some scope for differences in interpretation.
15.1.11 The supervisor should establish investment requirements having regard
to such requirements applied in other, non-insurance, financial sectors. It
is important that requirements are consistent to the extent possible, in
order to prevent groups from transferring assets between the entities in
the group to take advantage of regulatory arbitrage. Consistency of
regulation between sectors assists in maintaining a level playing field and
enhances fairness. However, such requirements should take into account
the differences in risk profiles and risk management between sectors.
Additional guidance for insurance groups
15.1.12 For insurance groups, the supervisor should specify how investments
should be aggregated for the purposes of regulatory investment
requirements that apply to the group and consider appropriate restrictions
on intra-group transactions, for example, to limit contagion or reputational
risk. Issues to be considered may include exposures to related
counterparties and the exposures arising from investments in
subsidiaries and interests over which the insurer has some influence. In
stress situations there will tend to be greater restrictions on movements
and realisation of investments within the group. The regulatory regime
may therefore require contractual evidence of the ability to access assets
for solvency purposes before allowing their inclusion for group purposes.
Public
15.2 The supervisor is open and transparent as to the regulatory investment
requirements that apply and is explicit about the objectives of those
requirements.
15.2.1 Openness and transparency of the supervisory investment requirements
are required to facilitate its effective operation. The supervisor should be
explicit as to the objectives of setting regulatory investment requirements.
This is particularly important with regard to the consistency of such
requirements with other building blocks of the regulatory solvency
assessment of the insurer, such as the valuation of assets and liabilities,
the calculation of regulatory capital requirements and the determination
of available capital resources.
15.2.2 A supervisor for insurance groups should be explicit as to the

requirements that apply both on a group-wide basis as well as to
insurance legal entities within the group and should address issues
specific to groups, such as requirements for liquidity, transferability of
assets and fungibility of capital within the group.
15.2.3 In respect of group solvency, transparency allows appropriate
comparisons with other solvency requirements. The openness and
transparency of the regulatory investment requirements in the
jurisdictions in which an insurance group operates also facilitates the
effective individual solvency assessment of insurers which are members
of the group and its corresponding group-wide solvency assessment.
Regulatory investment requirements regarding asset portfolio
15.3 The regulatory investment requirements address at a minimum, the

• Security;
• Liquidity; and
• Diversification;
of an insurer’s portfolio of investments as a whole.
15.3.1 The supervisor should require the insurer to invest assets in such a
manner that, for the portfolio as a whole:
• assets are sufficiently secure;
• payments to policyholders or creditors are able to be made as
they fall due (liquidity);
• assets are held in the appropriate location for their availability;
and
• assets are sufficiently diversified.
15.3.2 Insurance legal entities should be able to demonstrate that they meet the
regulatory investment requirements as well as enterprise risk
management requirements.
Public
15.3.3 In addition to meeting the qualitative and quantitative investment
requirements at an insurance legal entity level, the insurance group
should monitor 29 investment risk exposures on an aggregate basis for the
group as a whole.
15.3.4 The investment requirements should consider cases where losses from
investments made by entities of an insurance group have the ability to
weaken another entity or the group as a whole through intra-group
investments (for example if there is explicit or implicit support from
another entity).
15.3.5 The assets of an entity within an insurance group may include
participations or investments in another entity within the same group.
Appropriate investment requirements should apply to such investments
or participations which have particular regard to their lack of liquidity.
Relatively small holdings in another insurance group entity which does
not give the investor control over the investee may, for example, be
subject to the same requirements that apply to investments in entities
external to the group. On the other hand, for larger holdings which give
the investor control or significant influence over the investee,
consideration should be given to aggregating the assets of the investee
with those of the investor for the purposes of applying investment
requirements. This is done so that adequate security, liquidity and
diversification are maintained and that the investor, using its control over
the investee, ensures the investee’s investment activities are consistent
with its own investment policy.
Security
15.3.6 The supervisor requires that the insurer’s investments are sufficiently
secure both individually and for the portfolio as a whole. A sufficient
degree of security of investments is essential so that obligations to
policyholders can be met. The security of an investment is related to the
protection of its value and to the preservation of its economic substance.
Hence it may be necessary to establish regulatory investment
requirements to restrict the insurer’s selection of, and/or exposure to,
investments that have low security or whose security is difficult to assess
reliably.
15.3.7 The security of an investment is affected by the risk of default of a
counterparty with which the investment is made, as well as the risk that it
will lose its value (including currency risk, discussed in Guidance 15.4.1).
Security is also affected by the safekeeping, custodianship or trusteeship
of its investments. The insurer should ensure that its overall portfolio is
sufficiently secure.
15.3.8 Where external credit ratings of the investment are available, these may
assist the insurer in determining the security of the counterparty and the
associated risk of default. However, the insurer should be aware of the
limits of using credit ratings and, where appropriate, conduct its own due
diligence to assess the counterparty credit risk exposure. The supervisor
29
Monitoring in this context does not imply that the assets are managed centrally but that, at a minimum, the asset risks are
aggregated and considered, and acted on, appropriately.
Public
may also establish requirements on the appropriate use of credit ratings
by the insurer to ensure a sufficient degree of security of investments.
15.3.9 To assess the security of its investments, it is important that the insurer
is capable of assessing the nature, scale and complexity of the
associated risks. This may be difficult in cases where there is a lack of
transparency as to the underlying risk profile of an investment. This may
be the case for indirect investments through a collective investment fund
or for investments in more complex financial instruments such as
structured asset products. When an insurer invests in some markets,
there may also be a lack of transparency or clarity in respect of the
market, regulatory and legal systems that apply and the degree of
protection that they provide.
15.3.10 For those assets which are lacking in transparency, the risk profile should
be carefully analysed by the insurer. The insurer should look through to
the underlying exposure of the investment as far as possible as well as
considering the additional risks introduced by and inherent in the
investment structure. For example, additional legal risks may arise if
investments are located outside of the insurer’s operating jurisdictions.
Potential obligations to make future payments under the assets should
be identified and adequately covered.
15.3.11 The security of derivative products should be evaluated by taking into
account the assets underlying the derivative, as well as the security of the
counterparty providing the derivative, the purpose for which the derivative
is held and the cover (such as collateral) the insurer has for exposures
under the derivative contract. In some cases, counterparties may provide
collateral to improve security by giving the insurer the right to the
collateral if the counterparty fails. Similarly, the security of investments
may be improved by guarantees from more secure third parties.
15.3.12 Some investments that are not themselves derivatives may embed a
derivative, thereby having an effect on the insurer corresponding to the
derivative itself. Some commitments may be transacted through Special
Purpose Entities (SPEs) which may be “off-balance sheet” in some
jurisdictions. Such commitments which are similar to derivatives have
similar security issues and the regulatory investment requirements should
address these commitments in a consistent manner.
15.3.13 When an insurer lends securities, it must consider both the risk inherent
in the counterparty to which the securities are lent and the risk of the
securities themselves. The insurer should seek to ensure that securities
lending transactions are appropriately collateralised (with suitably
frequent updating) and should recognise that lending a security does not
mitigate the risk it poses to the insurer, even if doing so removes the
security from the balance sheet. Care should be taken by the insurer
when investing the collateral it holds that it will continue to cover the
lending under adverse market conditions and that it will be returnable in
the required form when due.
Additional guidance on security for insurance groups
15.3.14 The supervisor should make appropriate allowance for the possibility of
an aggregation of exposures in an insurance group compounding security
Public
issues that may be relatively less important when considered at individual
entity level. Correspondingly, the supervisor should guard against a
group investing in assets that are not secure and which may then be
distributed around the group to avoid investment restrictions, by requiring
appropriate consolidated disclosure.
Liquidity
15.3.15 The insurer is required to pay benefits to the policyholder when the
benefits become due. In order to do so, the insurer needs to have
available assets which can be used to generate cash when it needs to do
so. This includes disposal of assets for an amount (in the relevant
currency) equal to the value it ascribes to that asset in addition to cash
from income on assets that the insurer retains.
15.3.16 The ability of the insurer to remain in a liquid position may be adversely
impacted if, for example, the insurer pledges or hypothecates its assets,
it experiences an unexpectedly large claim, there is an event resulting in
many claims or a derivative needs to be serviced. A large cash outflow
may impact the liquidity of the insurer leaving it with less liquid assets to
make other policyholder payments.
15.3.17 The ability to realise or liquidate an investment at any point in time is
important. For example, where an investment is made in a closed fund, it
would usually not be possible to resell the interest in the fund. This may
also impede the security of the investment in terms of its ability to settle
obligations towards policyholders. Similar considerations would need to
be given for property used by the insurer which might be hard to liquidate
without disrupting its operations.
Additional guidance on liquidity for insurance groups
15.3.18 The legal and practical impediments to cross-border movement of assets

should also receive due regard. It is unlikely that available capital,
however liquid within a jurisdiction, will be perfectly mobile across
jurisdictional borders, particularly in a crisis. Therefore insurers and home
and host supervisors should have due regard to the nature of the potential
legal and practical impediments to cross-border transfer of assets as well
as any potential effect those impediments might have, particularly in a
winding up.
15.3.19 Group issues are also relevant when managing liquidity risk both in terms
of the availability of additional liquidity and the possible need to provide
liquidity support to other parts of the group.
15.3.20 Very often, the entities within a group engage in intra-group transactions
(e.g. swaps, inter-company loans) in order to offset risks that exist within
different parts of the group, or so that more mature businesses may
support growing businesses within the group. Such transactions should
be done using appropriate transfer pricing based on current market
conditions so that there is appropriate recognition of the impact of these
transactions for each of the entities involved and the group as a whole.
15.3.21 Liquidity of assets and fungibility of capital are especially important if the
group relies on diversification between entities without each entity being
Public
fully capitalised on a stand-alone basis (where the supervisor allows this
scenario).
Diversification
15.3.22 Diversification and pooling of risks is central to the functioning of

insurance business. To mitigate the risk of adverse financial events, it is
important that the insurer ensures that its overall investment portfolio is
adequately diversified and that its asset and counterparty exposures are
kept to prudent levels.
15.3.23 It is useful to draw a distinction between diversification within a risk
category and diversification between risk categories. Diversification
within a risk category occurs where risks of the same type are pooled
(e.g. shares relating to different companies). It is related to the statistical
property that the volatility of the average of independent, identically
distributed random variables decreases as the number of variables
increases. Diversification between risk categories is achieved through
pooling different types of risk. For example, where the insurer combines
two asset portfolios whose performances are not fully correlated, the
exposure to the aggregated risks will generally be lower than the sum of
the exposures to the risks in the individual portfolios.
15.3.24 With respect to its investment portfolio, the insurer should ensure that it
is diversified both within as well as between risk categories taking into
account the nature of the liabilities. Diversification between investment
risk categories could, for example, be achieved through spreading the
investments across different classes of assets and different markets. To
achieve diversification within a risk category, the insurer needs to ensure
that with respect to a given type of risk the investments are sufficiently
uncorrelated so that – through pooling of individual assets – there is a
sufficient degree of diversification of the portfolio as a whole.
15.3.25 To ensure that its investment portfolio is adequately diversified, the
insurer should avoid excessive reliance on any specific asset, issuer,
counterparty, group, or market and, in general, any excessive
concentration or accumulation of risk in the portfolio as a whole. As an
example the insurer might consider its asset concentration by type of
investment product, by geographical dispersion, or by credit rating. The
insurer should also ensure that its aggregate exposure to related entities
is considered and that different types of exposure to the same
entity/group are also considered e.g. equity investment in a reinsurer
which is also providing its reinsurance cover.
Additional guidance on diversification for insurance groups
15.3.26 Monitoring investments on a group-wide basis is more likely to make

management aware of issues (e.g. asset concentrations) that could be
overlooked if only the individual legal entities are monitored. Groups that
are unaware of their global exposures could end up with an inappropriate
level of exposure to certain investments, creating financial difficulties
within the group if the value or liquidity of these investments decreases.
Regulatory investment requirements relating to the nature of the liabilities
Public
15.4 The supervisor requires the insurer to invest in a manner that is appropriate to
the nature of its liabilities.
15.4.1 The assets that are held to cover policyholder liabilities and those
covering regulatory capital requirements should be invested in a manner
which is appropriate to the nature of the liabilities as the insurer will need
to use the proceeds of its investments to pay the policyholders and other
creditors, as and when the payments to them fall due. The insurer’s
investment strategies should take into account the extent to which the
cash flows from its investments match the liability cash flows in both
timing and amount and how this changes in varying conditions. In this
context, the insurer should specifically consider investment guarantees
and embedded options that are contained in its policies. It should also
consider the currency or currencies of its liabilities and the extent to which
they are matched by the currencies of the assets. To the extent that
assets and liabilities are not well matched, movements in financial
variables (e.g. interest rates, market values and exchange rates) could
affect the value of the assets and the liabilities differently and result in an
adverse economic impact for the insurer.
15.4.2 This requirement to take into account the characteristics of the liabilities
does not necessarily place a requirement on the insurer to employ an
investment strategy which matches the assets and the liabilities as
closely as possible.
15.4.3 As liability cash flows are often uncertain, or there are not always assets
with appropriate cash flow characteristics, the insurer is usually not able
to adopt a completely matched position. The insurer may also wish to
adopt a mismatched position deliberately to optimise the return on its
business. In such circumstances, the supervisor may require the insurer
to hold additional technical provisions and/or capital to cover the
mismatching risk. The regulatory investment requirements may also
constrain an insurer’s ability to mismatch its assets and liabilities as the
extent of mismatching should not expose policyholders to risks that
cannot be effectively managed by the insurer.
15.4.4 However, close matching of assets and liabilities is usually possible and
should be considered as a potential requirement in the case of unit-linked
or universal life policies where there is a direct link between policyholder
benefits and investment funds or indices. It may not otherwise be possible
for the mismatching risk to be covered effectively by capital. Where a
regime requires assets to be closely matched to such liabilities, other
restrictions on investments may be appropriate to contain the investment
fund risk being borne directly by policyholders.
15.4.5 The insurer should manage conflicts of interest (e.g. between the
insurer’s corporate objectives and disclosed insurance policy objectives)
to ensure assets are invested appropriately. For with-profits liabilities, an
insurer should hold an appropriate mix of assets to meet policyholders’
reasonable expectations.
15.4.6 Investments that back liabilities including those covering regulatory

capital requirements within one of a group’s legal entities should be
Public
tailored to the characteristics of the liabilities and the needs of the legal
entity and not subject to undue influence from the wider objectives of the
group.
Regulatory investment requirements regarding risk assessability
15.5 The supervisor requires the insurer to invest only in assets whose risks it can
properly assess and manage.
15.5.1 The insurer should ensure that its investments, including those in
collective investment funds, are sufficiently transparent and should limit
its investments to those where the associated risks of the asset can be
properly managed by the insurer i.e. where the insurer can identify,
measure, monitor, control and report those risks and appropriately take
them into account in its own risk and solvency assessment.
15.5.2 The insurer should understand all of the risks involved sufficiently well
before any such investments are undertaken. Such an understanding is
necessary in order to assess how material the risk from a proposed
investment is to an insurer. Assessments of risks should take into account
the maximum loss possible in a transaction, including losses that may
occur in situations where assets or derivatives become liabilities for the
insurer.
15.5.3 Where the insurer is able to look through the structure of the investments
to the underlying assets, the insurer should consider the risk
characteristics of the underlying assets and how this affects the risk
characteristics of the investments itself. However, where look through is
not possible, appropriate techniques should be developed to assess the
risks associated with the investment, e.g. by assessing the investment
manager of an investment fund.
15.5.4 Investments which are not admitted to trading on a regulated financial
market should be kept to prudent levels as the assessment of their risks
may be subjective. This is particularly relevant where standardised
approaches to determining regulatory capital requirements are used,
since such standardised approaches will often be designed to be not
unduly complex and thus feasible in practice for all insurers, whilst
delivering capital requirements which reasonably reflect the overall risk to
which the insurer is exposed. Moreover, by its very nature a standardised
approach may not be able to fully and appropriately reflect the risk profile
of the investment portfolio of each individual insurer.
15.5.5 Investments held by entities within a group are sometimes managed

centrally, with the entities relying on expertise provided by the group head
office or specialist central unit. Such arrangements may be acceptable if
the investment management unit has the requisite knowledge and skills
to assess and manage the risks of these investments and manages the
investments with due regard to the needs of the entity in addition to the
group as a whole.
Regulatory investment requirements relating to specific financial instruments
Public
15.6 The supervisor establishes quantitative and qualitative requirements, where
appropriate, on the use of more complex and less transparent classes of assets
and investment in markets or instruments that are subject to less governance or
regulation.
15.6.1 Complex investments pose additional risks in that large, sudden and/or
unexpected losses can occur. For example, off-balance sheet vehicles
have led to losses arising from implicit obligations of support, structured
credit products have lost value when correlations between assets
increased in stress environments, and unhedged derivatives have
produced large liabilities arising from extreme low-probability market
events.
15.6.2 Similarly, additional considerations need to be given for assets in which
investment is permitted by the regime (because the risk is generally
sufficiently assessable) but which are less transparent compared to other
investments. Other assets could be less well governed in terms of the
systems and controls in place for managing them or the market regulation
that applies to them. Such assets may present operational risks that may
arise in adverse conditions which are difficult to assess reliably. In terms
of market regulation, investments in an unregulated market or a market
that is subject to less regulation such as a professional securities market
need to be given special consideration.
15.6.3 Supervisors should therefore establish quantitative and qualitative
requirements or restrictions on such investments including those
described below. As an example, where appropriate the regulatory
investment requirements might include the pre-approval of an insurer’s
derivative investment plan e.g. a dynamic hedging program. That pre-
approval procedure could require that the insurer describe its controls
over the derivative investment process and the testing of the process
before it is used in a live environment.
15.6.4 The investments described below do not represent an exhaustive list and
regulatory investment requirements should be flexible (or sufficiently
broad) to take account of the changing environment. The solvency
position and the sophistication of an insurer should also be considered.
The amount of available capital an insurer has could provide additional
flexibility to the supervisor in particular cases.
Off-balance sheet structures
15.6.5 The supervisor should consider whether investments in off-balance sheet

structures should be permitted under the regulatory investment regime or
if the investment was set up in order to circumvent any regulatory
investment requirements.
15.6.6 SPEs are generally set up for a specific purpose to meet specific
payments to investors, who have accepted the risk profile of their
payments based on the cash flows underlying the SPE. The investment
strategy for the SPE may need to be more restrictive than the strategy for
the insurer, which may choose to make more risky investments if it has
adequate free assets.
Public
15.6.7 The investment strategy for the structure may be different from the
investment strategy for the insurer, as there may be a different appetite
to take on different investment risks. However, the investment strategy
adopted by the off-balance sheet structure may have an impact on the
ability of the insurer to make payments to the policyholders, especially if
the structure is in a stressed position.
Investments in structured credit products
15.6.8 It may also be the case that the insurer invests in securities or other
financial instruments which have been “repackaged” by an SPE and
which may originate from other financial institutions (including banks or
insurers). Examples of such instruments are asset backed securities
(ABS), credit linked notes (CLN) or insurance linked securities (ILS). In
these cases, it may be very difficult for the insurer to assess the risk
inherent in the investment (and in particular the risk profile of the
underlying reference instruments which in some cases may be of
particularly poor quality e.g. sub-prime mortgages). Where the originator
is another insurer, the investment may also carry insurance related risks
(such as non-life catastrophe risks in the case of a non-life catastrophe
bond securitisation) which may not be transparent to the insurer or else
difficult to assess.
15.6.9 In order to prevent that the insurer is exposed to an undue level of risk in
such cases, the supervisor may consider establishing qualitative or
quantitative requirements which may relate directly to the insurer
investing in such assets, or which may relate to the originator of the
“repackaged” instrument.
15.6.10 Such requirements may recognise that some structured credit products
are higher risk than others and consider, for example:
• the treatment of such investment in other financial sectors;
• the extent to which the originator has retained an interest in a
proportion of the risk being distributed to the market;
• the definition and soundness of criteria applied by the originator
in extending the original credit and in diversifying its credit
portfolio;
• the transparency of the underlying instruments; and
• the procedures the insurer has in place to monitor exposures to
securitisations, including consideration of securitisation
tranches, and reporting them to the insurer’s Board and Senior
Management and supervisor.
Restrictions or prohibition may be applied to investments in structured
products where appropriate conditions are not satisfied.
Use of derivatives and similar commitments
15.6.11 A derivative is a financial asset or liability whose value depends on (or is

derived from) other assets, liabilities or indices (the “underlying asset”).
Derivatives are financial contracts and include a wide assortment of
Public
instruments, such as forwards, futures, options, warrants and swaps.
Similar commitments can be embedded in hybrid instruments that are not
themselves derivatives (e.g. a bond whose maturity value is tied to an
equity index is a hybrid instrument that contains a derivative). An insurer
choosing to engage in derivative activities should clearly define its
objectives, ensuring that these are consistent with any legislative
restrictions.
15.6.12 Derivatives, used appropriately, can be useful tools in the management
of portfolio risk of insurers and in efficient portfolio management. In
monitoring the activities of insurers involved in derivatives, the supervisor
satisfies itself that the insurer has the ability to recognise, measure and
prudently manage the risks associated with their use. The supervisor
should obtain sufficient information on the insurer’s policies and
procedures on the use of derivatives and may request information on the
purpose for which particular derivatives are to be used and the rationale
for undertaking particular transactions.
15.6.13 Given the nature of insurance operations, derivatives should preferably
be used as a risk management mechanism rather than for speculative
investment. Supervisors may restrict the use of derivatives (particularly
derivatives that involve the possibility of unlimited commitments) to the
reduction of investment risk or efficient portfolio management. This
means that where derivatives are used it is required that this is for the
purpose of reducing risk and costs or generating additional capital or
income with an acceptable level of risk. Restrictions may also be applied
to require the suitability of derivative counterparties, the cover the insurer
has to meet any obligations it has under the derivative, the tradability of
the derivative and, in the case of over-the-counter derivatives, the ability
to value it and to close it out at that value when needed. Derivatives
should be considered in the context of a prudent overall asset/liability
management strategy. This should also apply to financial instruments that
have the economic effect of derivatives.
Public
ICP 16 Enterprise Risk Management for Solvency Purposes
The supervisor establishes enterprise risk management requirements for
solvency purposes that require insurers to address all relevant and material
risks.
unregulated) within an insurance group, but it does apply to insurance
Enterprise risk management
16.0.2 Several different terms are commonly used to describe the process of
identifying, assessing, measuring, monitoring, controlling and mitigating
risks. This ICP uses the generic term enterprise risk management (ERM)
in describing these activities in respect of the insurance enterprise as a
whole.
16.0.3 This ICP recognises the importance of an enterprise risk management
framework from a supervisory perspective in underpinning robust
insurance legal entity and group-wide solvency assessment.
16.0.4 The raison d'être of insurance is the assumption, pooling and spreading
of risk so as to mitigate the risk of adverse financial consequences to
individuals and businesses that are policyholders. For this reason, a
thorough understanding of risk types, their characteristics and
interdependencies, the sources of the risks and their potential impact on
the business is essential for insurers. Insurers should exhibit an
understanding of their enterprise risk issues and show a willingness and
ability to address those issues. Supervisors should, therefore, seek to
require that the insurer has a competent understanding of risk and
implements sound risk management practices. The ultimate aim of
insurance is to create and protect value for policyholders while using
capital resources efficiently. A purpose of both risk and capital
management is to protect policyholders and capital providers from
adverse events. It is therefore natural for insurers to combine the
management of risk and capital.
16.0.5 ERM involves the self-assessment of all reasonably foreseeable and
relevant material risks that an insurer faces and their interrelationships.
One outcome of ERM, which is particularly relevant for this ICP, is that
decisions regarding risk management and capital allocation can be co-
ordinated for maximum financial efficiency and, from a supervisory
viewpoint, the adequate protection of policyholders. A fundamental
aspect of ERM is a primary focus on the actions that an insurer takes to
manage its risks on an ongoing basis and specific aspects of those risks,
so as to ensure that they are the risks it intends to retain both individually
and in aggregate and that the insurer stays within its risk tolerance. ERM
Public
also involves the rigorous enforcement of risk standards, policies and
limits.
16.0.6 ERM is an acknowledged practice and has become an established
discipline and separately identified function assuming a much greater role
in many insurers’ everyday business practices. Originally, risk
management only facilitated the identification of risks and was not fully
developed to provide satisfactory methods for measuring and managing
risks, or for determining related capital requirements to cover those risks.
ERM processes being developed today by insurers increasingly use
internal models and sophisticated risk metrics to translate risk
identification into management actions and capital needs. Internal models
are recognised as powerful tools that may be used, where it is appropriate
to the nature, scale and complexity to do so, to enhance company risk
management and to better embed risk culture in the company. They can
be used to provide a common measurement basis across all risks (e.g.
same methodology, time horizon, risk measure, level of confidence, etc.)
and enhance strategic decision-making, for example capital allocation
and pricing. Such an approach typically adopts a total balance sheet
approach whereby the impact of the totality of material risks is fully
recognised on an economic basis. A total balance sheet approach reflects
the interdependence between assets, liabilities, capital requirements and
capital resources, and identifies a capital allocation, where needed, to
protect the insurer and its policyholders and to optimise returns to the
insurer on its capital.
16.0.7 ERM provides a link between the ongoing operational management of
risk and longer-term business goals and strategies. Appropriate risk
management policies should be set by each insurer according to the
nature, scale30 and complexity of its business and the risks it bears. This
ICP focuses on the link between risk management and the management
of capital adequacy and solvency. Insurers should integrate their ERM
framework in their overall corporate governance framework as described
in ICP 8 Risk Management and Internal Controls.
16.0.8 The objective of ERM is not to eliminate risk. Rather, it is to manage risks
within a framework that includes self-imposed limits. In setting limits for
risk, the insurer should consider its solvency position and its risk
tolerance. Limits should be set after careful consideration of corporate
objectives and circumstances and, where appropriate, should take into
account the projected outcomes of scenarios run using a range of
plausible future business assumptions which reflect sufficiently adverse
scenarios. Within these limits, risks can be reduced if this is cost effective,
or increased, if justified by the expectation of enhanced returns and the
availability of additional capital, without endangering the capacity of the
insurer to meet its commitments to policyholders.
16.0.9 The IAIS recognises the different levels of sophistication of supervisors
and insurance markets around the world and acknowledges that this ICP
may not be fully achievable by some insurers and in some markets in the
30
The scale of the business is a relevant factor. Some insurers may be less well diversified and more susceptible to risks
arising from external sources. They may also need to structure their risk management functions differently from other insurers
and commission external consultants to achieve satisfactory standards and robust processes; they may need to use
reinsurance to a greater extent.
Public
near future. Nevertheless, the IAIS believes that good risk management
practices and procedures need to be in place for solvency requirements
to be effective. ERM that follows this ICP is expected to enhance
confidence in assessing an insurer's financial strength. The IAIS
envisages that solvency requirements will, over time, be developed
towards conformity with the ICPs. The IAIS nevertheless wishes to
emphasise that this ICP does not prescribe a specific aspect of solvency
requirements which is to be applied compulsorily by IAIS members.
Enterprise risk management framework - risk identification and measurement
16.1 The supervisor requires the insurer’s enterprise risk management framework to
provide for the identification and quantification of risk under a sufficiently wide
range of outcomes using techniques which are appropriate to the nature, scale
and complexity of the risks the insurer bears and adequate for risk and capital
management and for solvency purposes.
Risk identification
16.1.1 The ERM framework should identify and address all reasonably
foreseeable and relevant material risks to which an insurer is, or is likely
to become, exposed. Such risks should include, at a minimum,
underwriting risk 31, market risk, credit risk, operational risk and liquidity
risk and may also include, for example, legal risk and risk to the reputation
of the insurer.
16.1.2 After identification of risks, an insurer should highlight significant risks
together with possible key leading indicators (e.g. a relevant stock market
indicator). This information should be included in regular management
information which is relevant and focussed.
Causes of risk and the relationship between risks
16.1.3 An insurer should consider the causes of different risks and their impacts
and assess the relationship between risk exposures. By doing so, an
insurer can better identify both strengths and weaknesses in governance,
business and control functions and should use and improve risk
management policies, techniques and practices and change its
organisational structure to make these improvements where necessary.
The insurer should also assess external risk factors which, if they were to
crystallise, could pose a significant threat to its business. The insurer
should recognise the limitations of the methods it uses to manage risks,
the potential impact these limitations may have and adapt its risk
management appropriately.
16.1.4 In assessing the relationship between risk exposures, consideration
should be given to correlations between the tails of risk profiles. For
example, risks that show no strong dependence under normal economic
31
The term “underwriting risk” is used in a broad sense and includes claims, expense and reserving risks and the risks
associated with guarantees and options embedded in policies.
Public
conditions, such as catastrophe risks and market risks, could be more
correlated in a stress situation.
16.1.5 As an illustration, insurers should be particularly aware that certain major
trigger events, such as catastrophes, downgrades from rating agencies
or other events that have an adverse impact on the insurer’s reputation,
can result, for example, in a high level of claims, collateral calls or
policyholder terminations, especially from institutional counterparties or
institutional policyholders and hence lead to serious liquidity issues. The
ERM framework should adequately address the insurer’s options for
responding to such trigger events.
Measuring, analysing and modelling the level of risk
16.1.6 The level of risk is a combination of the impact that the risk will have on
the insurer and the probability of that risk materialising. The level of risk
borne by the insurer should be assessed regularly using appropriate
forward-looking quantitative techniques such as risk modelling, 32 stress
testing, including reverse stress testing, and scenario analysis. An
appropriate range of adverse circumstances and events should be
considered, including those that pose a significant threat to the financial
condition of the insurer, and management actions should be identified
together with the appropriate timing of those actions. Risk measurement
techniques should also be used in developing long-term business and
contingency plans, where it is appropriate to the nature, scale and
complexity to do so.
16.1.7 Different approaches may be appropriate depending on the nature, scale
and complexity of a risk and the availability of reliable data on the
behaviour of that risk. For example, a low frequency but high impact risk
where there is limited data, such as catastrophe risk, may require a
different approach from a high frequency, low impact risk for which there
is substantial amounts of experience data available. Stochastic risk
modelling may be appropriate to measure some non-life catastrophe risks
for example, whereas relative simple calculations may be appropriate in
other circumstances.
16.1.8 The measurement of risks should be based on a consistent economic
assessment of the total balance sheet as appropriate to ensure that
appropriate risk management actions are taken. In principle, ERM should
take into consideration the distribution of future cash flows to measure
the level of risks. Care should be taken not to base ERM decisions purely
on accounting or regulatory measures that involve non-economic
considerations and conventions although the constraints on cash flows
that they represent should be taken into account.
16.1.9 The quantitative assessment of risks the insurer faces provides it with a
disciplined method of monitoring risk exposure. Assessments undertaken
at different times should be produced on a broadly consistent basis
overall, so that any variations in results can be readily explained. Such
analysis also aids an insurer in prioritising its risk management.
32“Modelling” in this context does not necessarily mean complex stochastic modelling. It can also
include less sophisticated methods.
Public
16.1.10 Where models are used, it must be remembered that, regardless of how
sophisticated they are, they cannot exactly replicate the real world. As
such, the use of models itself generates risk (modelling and parameter
risk) which, if not explicitly quantified, at least needs to be acknowledged
and understood as the insurer implements its ERM framework, including
by the insurer’s Board and Senior Management.
16.1.11 Models may be external or internal. External models may be used to
assess external insurance or market risks while internal models may be
developed by an insurer to assess specific material risks or to assess its
risks overall where this cannot be done appropriately by external models.
16.1.12 Internal models can play an important role in facilitating the risk
management process and supervisors should encourage insurers to
make use of such models for parts or all of their business where it is
appropriate to the nature, scale and complexity to do so. Further guidance
on the use of internal models for the insurers own risk and solvency
assessment is contained in Guidance 16.14.11 - 16.14.19.
16.1.13 Where a risk is not readily quantifiable, for instance some operational
risks or where there is an impact on the insurer’s reputation, an insurer
should make a qualitative assessment that is appropriate to that risk and
sufficiently detailed to be useful for risk management. An insurer should
analyse the controls needed to manage such risks to ensure that its risk
assessments are reliable and consider events that may result in high
operational costs or operational failure. Such analysis is expected to
inform an insurer’s judgments in assessing the size of the risks and
enhancing overall risk management.
16.1.14 Stress testing measures the financial impact of stressing one or relatively
few factors affecting the insurer. Scenario analysis considers the impact
of a combination of circumstances which may reflect extreme historical
scenarios which are analysed in the light of current conditions. Scenario
analysis may be conducted deterministically using a range of specified
scenarios or stochastically, using models to simulate many possible
scenarios, to derive statistical distributions of the results.
16.1.15 Stress testing and scenario analysis should be carried out by the insurer
to validate and understand the limitations of its models. They may also
be used to complement the use of models for risks that are difficult to
model, or where the use of a model may not be appropriate from a cost-
benefit perspective. This may arise, for example, where a range of
calculations is urgently required focusing on specific aspects or going
beyond the current parameters of the model to investigate the effect of
proposed management actions.
16.1.16 Scenario analysis may be particularly useful as an aid to communication
in relation to risk management between the Board and Senior
Management and other parts of the organisation thereby facilitating the
integration of the insurer’s ERM framework with its business operations
and culture.
16.1.17 Reverse stress testing, which identifies scenarios that are most likely to
cause an insurer to fail, may also be used to enhance risk management.
While some risk of failure is always present, such an approach may help
to ensure adequate focus on the management actions that are
Public
appropriate to avoid undue risk of business failure. The focus of such
reverse stress testing is on appropriate risk management actions rather
than the assessment of financial adequacy and so may be largely
qualitative in nature although broad assessment of associated financial
impacts may help in deciding the appropriate action to take.
Additional guidance for insurance groups and insurance legal entities that are
members of groups
16.1.18 “Group risk” arises for insurance legal entities that are members of
groups. Group risk also arises for an insurance group in respect of the
widest group of which it is part. Group risk includes the risk that an
insurance legal entity may be adversely affected by an occurrence
(financial or non-financial) in another group entity. For instance, losses in
one group member may create pressure to divert the financial resources
of other members of the group to that entity or otherwise lead to a
depletion of those financial resources. Group risk also includes the risk
that the financial stability of a group or insurance legal entities within the
group may be adversely affected by an event in a legal entity, a group-
wide occurrence or an event external to the group. For example, the
positive aspects of being a member of a group might be lessened due to
restructuring.
16.1.19 Group risk may arise, for example, through contagion, leveraging, double
or multiple gearing, concentrations, large exposures and complexity.
Participations, loans, guarantees, risk transfers, liquidity, outsourcing
arrangements and off-balance sheet exposures may all give rise to group
risk. Many of these risks may be borne by stand-alone insurance legal
entities and are not specific to membership of a group. However, the inter-
relationships among group members including aspects of control,
influence and interdependence alter the impact of risks on group
members and should therefore be taken into account in managing the
risks of an insurance legal entity that is a member of an insurance group
and in managing the risks of that insurance group as a whole. To be
effective, the management of insurance group risk needs to take into
account risks arising from all parts of an insurance group including non-
insurance entities (regulated or unregulated) and partly-owned entities.
16.1.20 The risks identified and the techniques that are appropriate and adequate
for measuring them, including stress testing, scenario analysis, risk
modelling and reverse stress testing, may differ at insurance group and
insurance legal entity level. Where an insurance legal entity’s ERM
framework is an integral part of the insurance group’s ERM framework,
the techniques used to measure risks at insurance legal entity level
should include those that are appropriate and adequate at the insurance
legal entity level in order to meet the insurance legal entity’s ERM
requirements.
16.1.21 The ERM of an insurance group should address the direct and indirect
interrelationships between its members. The more clearly-defined and
understood such relationships are, the more accurately they can be
allowed for in the group-wide solvency assessment. For example, legally
enforceable capital and risk transfer instruments (CTRI) established
between insurance group members may help to establish the integrity of
Public
the insurance group and the effectiveness of its ERM framework for
group-wide solvency assessment purposes.
16.1.22 Assumptions that are implicit in the solvency assessment of an insurance
legal entity may not apply at an insurance group level because of the legal
separation of insurance group members. For example, there may be few
constraints on the fungibility of capital and the transferability of assets
within an individual insurance legal entity. An assumption of full fungibility
may be appropriate for such an insurer. 33 However, such constraints may
feature much more prominently for an insurance group and may, for
example, restrict the degree to which benefits of diversification of risks
across the group can be shared among group members. Such constraints
should be taken into account in both the insurance group’s and the
insurance legal entity’s ERM frameworks.
16.1.23 The following diagram Figure 16.1 illustrates the IAIS standard ERM
framework showing the key features of the framework as described in the
following sections of this ICP.
33 This assumption may not always be appropriate for an insurance legal entity e.g. if it has branches
in different jurisdictions where restrictions on fungibility of capital apply or where there is ring-fencing of
with-profit funds.
Public
Figure 16.1 The IAIS standard ERM framework
Enterprise Risk Management Framework
Risk Management
Risk Tolerance Statement
Policy
Feedback Loop
Own Risk and Solvency Assessment (ORSA)
Feedback Loop
Economic and Regulatory

Continuity Analysis Capital
Role of supervision
Enterprise risk management framework - documentation
16.2 The supervisor requires the insurer’s measurement of risk to be supported by

accurate documentation providing appropriately detailed descriptions and
explanations of the risks covered, the measurement approaches used and the
key assumptions made.
Enterprise risk management framework - risk management policy
16.3 The supervisor requires the insurer to have a risk management policy which
outlines how all relevant and material categories of risk are managed, both in
the insurer’s business strategy and its day-to-day operations.
16.3.1 As part of the required ERM framework, an insurer should describe its
policy for managing the risks to which it is exposed, including the
processes and methods for monitoring risk. A risk management policy
would be expected to include a description of the insurer's policies
towards risk retention, risk management strategies including reinsurance
Public
and the use of derivatives, diversification/ specialisation and asset-liability
management (ALM).
16.3.2 An insurer’s risk management policy should clearly address the
relationship between pricing, product development and investment
management in order that product design and pricing and the
accompanying investment strategy are appropriately aligned. In
particular, investment and product benchmarks may need to be
established to require that the insurer’s financial objectives continue to be
met.
members of groups
16.3.3 An insurance group should have a risk management policy which outlines
the way in which it manages all the risks that are relevant and material at
insurance group level, both in its business strategy and its day-to-day
operations. This includes group risk that arises from the insurance group
being part of a wider group.
16.3.4 The categories of risks covered by the insurance legal entity’s risk
management policy should include the category comprising all of the
additional group risks it faces as a result of its membership of a group.
Such risks may arise from the widest group of which the insurance legal
entity is a member and not only from its insurance group.
16.3.5 Where an insurance legal entity’s risk management policy is an integral
part of an insurance group’s risk management policy, it is the
responsibility of the Board and Senior Management of the insurance legal
entity to make sure that the insurance legal entity’s risk management
policy covers all the risks that are relevant and material at insurance legal
entity level and that this policy is clearly defined and understood.
describes the relationship between the insurer’s tolerance limits, regulatory
capital requirements, economic capital and the processes and methods for
monitoring risk.
16.4.1 An insurer's risk management policy should describe how its risk
management links with its management of capital (regulatory capital
requirement and economic capital).
16.4.2 As an integral part of its risk management policy, an insurer should also
describe how its risk management links with corporate objectives,
strategy and current circumstances. A reasonably long time horizon,
consistent with the nature of the insurer’s risks and the business planning
horizon, should be considered by the risk management policy so that it
maintains relevance to the insurer's business going forward. This can be
done by using methods, such as scenario models, that produce a range
of outcomes based on plausible future business assumptions which
reflect sufficiently adverse scenarios. The insurer should monitor risks so
that the Board and Senior Management are fully aware of the insurer's
risk profile and how it is evolving. Where models are used for business
forecasting insurers should perform back-testing, to the extent
practicable, to validate the accuracy of the model over time.
Public
16.4.3 As part of its risk mitigation strategy, an insurer may transfer some of the
risk on its own balance sheet to an off-balance sheet structure, such as a
special purpose entity (SPE). SPEs are generally set up for a specific
purpose to meet specific payments to investors, who have accepted the
risk profile of their payments based on the cash flows underlying the SPE.
The risk remaining with the insurer as a result of the off-balance sheet
structure should be managed effectively. For an SPE these may arise as
follows:
• Even though the SPE’s cash flows are not part of the insurer’s
balance sheet, the insurer may still face pressure to support the
payments out of the SPE during periods of stress, due to
reputational damage to the insurer if the payments to the
investors are not made.
• Default by an SPE may cause the insurer reputational damage
and affect its ability to raise finance in the future, possibly
leading to liquidity issues. In addition, default by an SPE may
have implications on the insurer’s credit rating, which may
further affect the insurer’s ability to raise finance in the future.
• The investment policy of the SPE, including that for assets
transferred from the insurer, may differ from the investment
policy of the insurer because of differences in capital and risk
tolerance. However, the investment strategy adopted by the
SPE may have an impact on the insurer’s ability to make
payments to the policyholders, especially if the SPE is in a
stressed position.
includes an explicit asset-liability management (ALM) policy which clearly
specifies the nature, role and extent of ALM activities and their relationship with
product development, pricing functions and investment management.
16.5.1 ALM is the practice of managing a business so that decisions and actions
taken with respect to assets and liabilities are coordinated. To co-ordinate
the management of risks associated with assets and liabilities, the
insurer’s risk management policy should include an explicit ALM policy
which is appropriate to the nature, scale and complexity of those risks to
set out how the investment and liability strategies adopted by the insurer
allow for the interaction between assets and liabilities, how the liability
cash flows will be met by the cash inflows and how the economic
valuation of assets and liabilities will change under an appropriate range
of different scenarios. ALM does not imply that assets should be matched
as closely as possible to liabilities but that mismatches are effectively
managed. Not all ALM needs to use complex techniques. For example,
simple, low risk or short term business may call for less complex ALM
techniques.
16.5.2 The ALM policy should recognise the interdependence between all of the
insurer’s assets and liabilities and take into account the correlation of risk
between different asset classes as well as the correlations between
different products and business lines, recognising that correlations may
not be linear. The ALM framework should also take into account any off-
Public
balance sheet exposures that the insurer may have and the contingency
that risks transferred may revert to the insurer.
16.5.3 Different strategies may be appropriate for different categories of assets
and liabilities. One possible approach to ALM is to identify separate
homogeneous segments of liabilities and obtain investments for each
segment which would be appropriate if each liability segment was a
stand-alone business. Another possible approach is to manage the
insurer’s assets and liabilities together as a whole. The latter approach
may provide greater opportunities for profit and management of risk than
the former. If ALM is practised for each business segment separately, this
is likely to mean that the benefits of scale, hedging, diversification and
reinsurance that can be gained from managing the different segments of
assets and liabilities together are ignored or receive less attention.
16.5.4 However, for some types of insurance business it may not be appropriate
to manage risks by combining liability segments. It may be necessary for
the insurer to devise separate and self-contained ALM policies for
particular portfolios of assets that are “ring-fenced” or otherwise not freely
available to cover obligations in other parts of the company.
16.5.5 Assets and liabilities may be ring-fenced to protect policyholders. For
example, non-life insurance business is normally ring-fenced from life
insurance business and a separate fund of assets may be used to
determine the benefits under participating business. Some assets may
be required by regulation or the insurer’s risk management policy to be
closely matched with corresponding liabilities, for example equity-linked
or indexed-linked benefits may be closely matched with corresponding
assets, and annuities cash outflows may be closely matched with cash
inflows from fixed income instruments.
16.5.6 Some liabilities may have particularly long durations, such as certain
types of liability insurance and whole-life policies and annuities. In these
cases, assets with sufficiently long duration may not be available to match
the liabilities, introducing a significant reinvestment risk, such that the
present value of future net liability cash flows is particularly sensitive to
changes in interest rates. Many financial markets throughout the world do
not have long fixed-income assets to back long duration liabilities. There
may also be gaps in the asset durations available. This may be an issue
even in the most well developed markets for some types of liabilities.
Risks arising from mismatches between assets and liabilities require
particular attention. The insurer should give explicit attention within its
ALM policy to risks arising from liabilities with substantially longer
durations or other mismatches with assets available from the
corresponding financial markets to ensure that they are effectively
managed by holding adequate capital or having appropriate risk
mitigation in place.
16.6 The supervisor requires the insurer to have a risk management policy which is
reflected in an explicit investment policy which:
• specifies the nature, role and extent of the insurer’s investment activities
and how the insurer complies with the regulatory investment
requirements established by the supervisor; and
Public
• establishes explicit risk management procedures within its investment
policy with regard to more complex and less transparent classes of asset
and investment in markets or instruments that are subject to less
governance or regulation.
16.6.1 The insurer’s risk management policy should be reflected in an explicit
investment policy. Such a policy may, for example, set out the insurer’s
strategy for optimising investment returns and specify asset allocation
strategies and authorities for investment activities and how these are
related to the ALM policy. It may also specify how regulatory investment
requirements (see ICP 15 Investment) and other parameters are met.
16.6.2 The insurer’s investment policy should outline its policy towards
inherently risky financial instruments such as derivatives of various types,
hybrid instruments that embed derivatives, private equity, alternative
investment funds such as hedge funds, insurance linked instruments and
commitments transacted through special purpose entities. Consideration
of the associated counterparty credit risk should be included in the
investment policy. It should also set out the policy for the safe-keeping of
assets including custodial arrangements and the conditions under which
investments may be pledged or lent.
16.6.3 Similarly, explicit consideration should be given by the insurer to assets
for which the risk is generally sufficiently assessable to be permitted by
the supervisor but, compared to other investments, are more complex,
less transparent, less well regulated in terms of the market regulation that
applies to them or less well governed in terms of the processes required
to manage them. Such assets may present operational risks in adverse
conditions which are difficult to assess reliably. In terms of market
regulation, investments in an unregulated market or a market that is
subject to less governance such as a professional securities market and
investments that are not traded on a public exchange need to be given
special consideration.
16.6.4 For investment risks in particular, it is important for the insurer to
understand the source, type and amount of risk that it is accepting across
all lines of business. For example, where there is a complex chain of
transactions it should understand who has the ultimate legal risk or basis
risk. Similar questions arise where the investment is via external funds,
especially when such funds are not transparent.
16.6.5 For insurers in many jurisdictions concentration risk arising from the
limited availability of suitable domestic investment vehicles is an issue.
By contrast, international insurers’ investment strategies may be complex
because of a need to manage and match assets and liabilities in a
number of currencies and different markets. In addition, the need for
liquidity resulting from potential large-scale payments may further
complicate an insurer’s investment strategy.
16.6.6 The insurer should have the competencies necessary to manage the
instruments it is investing in. For complex investment activities (including
underwriting guarantees for such complex securities) robust models of
risks that consider all relevant variables may be needed. It is the insurer’s
responsibility to ensure that the internal expertise and competence
necessary are in place at all levels of the organisation to manage these
Public
risks effectively including the expertise to apply and vet any models used
and to assess them against market convention. Also, an insurer needs
explicit procedures to evaluate hidden and non-standard risks associated
with complex structured products, especially new forms of concentration
risk that may not be obvious.
16.6.7 For complex investment strategies, aspects to consider include liquidity
and responsiveness to sudden market movements. Stress testing, as well
as contingency planning for stressed situations, is essential. Trial
operation of procedures for sufficiently long periods may also be
appropriate in advance of ‘live’ operation.
16.6.8 For derivatives, for example, there is a wide variation of products. There
are also hybrid instruments that embed derivatives such as bonds whose
maturity values are tied to an equity index. The insurer’s risk management
policy should be clear about the purpose of using derivatives and address
whether it is appropriate for it to rule out or restrict the use of some types
of derivatives where, for example:
• the potential exposure cannot be reliably measured;
• closing out of a derivative is difficult considering the illiquidity of
the market;
• the derivative is not readily marketable as may be the case with
over-the-counter instruments;
• independent (i.e. external) verification of pricing is not available;
• collateral arrangements do not fully cover the exposure to the
counterparty;
• the counterparty is not suitably creditworthy; and
• the exposure to any one counterparty exceeds a specified
amount
These factors are particularly important for "over-the-counter" derivatives
which are not effected or issued on or under the rules of a regulated
market. The effectiveness of clearing facilities available may be a relevant
consideration in assessing the counterparty risk associated with some
types of widely traded "over-the-counter" derivatives, such as credit
default swaps.
includes explicit policies in relation to underwriting risk.
16.7.1 The risk management policy should also include explicit policies in
relation to underwriting risk i.e. the specific insurance risk arising from the
underwriting of insurance contracts. Such policies may relate to the
underwriting process, pricing, claims settlement both in terms of timing
and amount and expense control aspects of managing the risks arising
from the insurance contracts the insurer writes. Such policies may
include, for example, the terms on which contracts are written and any
exclusions, the procedures and conditions that need to be satisfied for
risks to be accepted, additional premiums for substandard risks and
procedures and conditions that need to be satisfied for claims to be paid.
Public
16.7.2 ALM may be needed to address parts of underwriting risk. The
uncertainty of timing and size of future claim payments, especially for
long-tail non-life business, may require coordination with the
management of assets under the ALM policy.
16.7.3 The insurer should ensure that the underwriting policy pays particular
attention to risk retention and risk transfer through reinsurance and other
forms of risk transfer as appropriate to the insurer’s risk profile and
capital. The policy should take account of the effectiveness of risk transfer
in adverse circumstances.
16.7.4 Expense control is an important part of managing risk especially in
conditions of high general rates of inflation. Inflation of claim amounts also
tends to be high in such conditions for some types of risk. Insurers should
therefore have systems in place to control their expenses, including
claims handling and administration expenses. These expenses should be
monitored by management on an on-going basis.
16.7.5 Reinsurance arrangements should be adequate and the claims by the
insurer on its reinsurers should be recoverable. This includes ensuring
that:
• the insurer’s reinsurance programme provides coverage
appropriate to its level of capital, the profile of the risks it
underwrites, its business strategy and risk tolerance;
• the protection provided by the reinsurer is secure. This might be
addressed by the insurer by ensuring that the financial strength
of the reinsurer is adequate, obtaining collateral (including
trusts, letters of credit or funds withheld 34), limiting exposure to
particular reinsurers or holding adequate capital to cover
exposure to the risk of reinsurer default. Insurers should perform
their own assessment of the financial strength of reinsurers and
be careful not to place undue emphasis on external ratings; and
• the effectiveness of the transfer of risk should be assessed for
particular risk transfer arrangements to ensure that risk will not
revert to the insurer in adverse circumstances. The insurer
should review its arrangements if there is a possibility that it will
provide support to the reinsurer in such circumstances.
Enterprise risk management framework - risk tolerance statement
16.8 The supervisor requires the insurer to:

• establish and maintain a risk tolerance statement which sets out its
overall quantitative and qualitative risk tolerance levels and defines risk
34Funds withheld: the capital which achieves both the objectives of reducing the probability of insolvency by absorbing losses
on a going-concern basis, or in run-off, and of re ducing the los s to policyholde rs in the e ve nt of ins olve ncy or winding-up.
Public
tolerance limits which take into account all relevant and material
categories of risk and the relationships between them;
• make use of its risk tolerance levels in its business strategy; and
• embed its defined risk tolerance limits in its day-to-day operations via its
risk management policies and procedures.
16.8.1 In parallel with developing its risk management policy, establishing
appropriate tools for analysing, assessing, monitoring and measuring
risks and identifying its risk exposures, an insurer should establish and
maintain a risk tolerance statement. An insurer’s overall risk tolerance
statement should set out the level of risk to which it is willing and able to
be exposed, taking into account its financial strength and the nature,
scale and complexity of its business and risks, the liquidity and
transferability of its business and the physical resources it needs to
adequately manage its risks.
16.8.2 The risk tolerance statement should define the insurer's ‘tolerance limits’
which give clear guidance to operational management on the level of risk
to which the insurer is prepared to be exposed and the limits of risk to
which they are able to expose the insurer as part of their work. An insurer
should consider how these tolerance limits are to be suitably embedded
in its ongoing operational processes. This can be achieved, for instance,
by expressing tolerance limits in a way that can be measured and
monitored as part of ongoing operations. Stress testing can also provide
an insurer with a tool to help ascertain whether its tolerance limits remain
suitable for its business.
members of groups
16.8.3 An insurance group should establish and maintain a risk tolerance

statement based on its strategy which sets out its overall quantitative and
qualitative tolerance levels and defines tolerance limits which take into
account all categories of risk which are relevant and material to the
insurance group and the relationships between them. The insurance
group’s risk tolerance levels should be actively applied within its ERM
framework and risk management policy.
An insurance legal entity’s risk tolerance statement should define
tolerance limits taking into account the category of risks comprising all of
the group risks it faces as a result of membership of a group to the extent
that they are relevant and material to the insurance legal entity.
16.8.4 Insurance group tolerance limits should give the Board and Senior
Management of a member insurance legal entity clear guidance on the
level of risk which the insurance group is prepared to take and the limits
to which the insurance legal entity is able to expose the insurance group
during the course of its business. It is the responsibility of the Board and
Senior Management of the insurance legal entity to make sure that their
group environment is clearly defined and understood.
Enterprise risk management framework - risk responsiveness and feedback loop
Public
16.9 The supervisor requires the insurer's ERM framework to be responsive to
changes in its risk profile.
16.9.1 The ERM framework and risk management policy of the insurer should
be responsive to change as a result of both internal and external events.
The framework should include mechanisms to incorporate new risks and
new information on a regular basis. For example, new risks identified from
within the business may include new acquisitions, investment positions,
or business lines. New information may become available from external
sources, as a result of evolution of the environment affecting the nature
and size of underlying risks. Supervisory and legislative requirements,
rating agency concerns (if applicable), political changes, major
catastrophes or market turbulence may all make changes necessary. The
framework and policy should also be responsive to the changing interests
and reasonable expectations of policyholders and other stakeholders.
16.10 The supervisor requires the insurer’s ERM framework to incorporate a feedback
loop, based on appropriate and good quality information, management
processes and objective assessment, which enables it to take the necessary
action in a timely manner in response to changes in its risk profile.
16.10.1 Within the ERM framework there should also be a "feedback loop". This
should ensure that decisions made by the Board and Senior Management
are implemented and their effects monitored and reported in a timely and
sufficiently frequent manner via good management information. The
feedback loop is the process of assessing the effect, within the ERM
framework, of changes in risk leading to changes in risk management
policy, tolerance limits and risk mitigating actions. Without this continual
updating process, complemented by explicit one-off changes in response
to major events, the ERM framework would not remain relevant in
assisting the insurer in meeting its strategic and risk objectives.
members of groups
16.10.2 An insurance group’s ERM framework should incorporate a feedback

loop, based on appropriate and good quality information, management
processes and objective assessment, which enables it to take the
necessary action in a timely manner in response to changes in its risk
profile.
16.10.3 Group risk should be included in the feedback loop of the insurance legal
entity’s ERM framework in respect of the widest group of which it is a
member. This means the insurance legal entity should obtain appropriate
and good quality information about changes in the group which affect its
risk profile. It also means the management of the insurance legal entity
should provide information to an insurance group of which it is a member
as part of the feedback loop of the insurance group’s ERM framework.
Own risk and solvency assessment (ORSA)
16.11 The supervisor requires the insurer to perform its own risk and solvency
assessment (ORSA) regularly to assess the adequacy of its risk management
and current, and likely future, solvency position.
Public
16.11.1 Every insurer should undertake its own risk and solvency assessment
(ORSA) and document the rationale, calculations and action plans arising
from this assessment. The ability of an insurer to reflect risks in a robust
manner in its own assessment of risk and solvency is supported by an
effective overall ERM framework and by embedding its risk management
policy in its operations. It is recognised that the nature of the assessment
undertaken by a particular insurer should be appropriate to the nature,
scale and complexity of its risks.
16.12 The supervisor requires the insurer’s Board and Senior Management to be
responsible for the ORSA.
16.12.1 The prime purpose of the ORSA is to assess whether its risk
management and solvency position is currently adequate and is likely to
remain so in the future. Responsibility for the ORSA rests at the top level
of the insurer’s organisation, the insurer’s Board and Senior
Management. Where it is appropriate to the nature, scale and complexity
to do so, the effectiveness of the ORSA should be assured through
internal or external independent overall review by a suitably experienced
individual, such as a Chief Risk Officer, who reports directly to or is a
member of the Board.
16.13 The supervisor requires the insurer’s ORSA to encompass all reasonably
foreseeable and relevant material risks including, as a minimum, underwriting,
credit, market, operational and liquidity risks and additional risks arising due to
membership of a group. The assessment is required to identify the relationship
between risk management and the level and quality of financial resources
needed and available.
16.13.1 In its ORSA, an insurer should consider all material risks that may have
an impact on its ability to meet its obligations to policyholders, including
in that assessment a consideration of the impact of future changes in
economic conditions or other external factors. An insurer should
undertake an ORSA on a regular basis so that it continues to provide
relevant information for its management and decision making processes.
The insurer should regularly reassess the causes of risk and the extent
to which particular risks are material. Significant changes in the risk profile
of the insurer should prompt it to undertake a new ORSA. Risk
assessment should be done in conjunction with consideration of the
effectiveness of applicable controls to mitigate the risks.
members of groups
16.13.2 Adequate risk management should be in place within an insurance group

and should be assessed on an insurance group-wide basis to enhance
the assessment of insurance legal entities that are members of the group.
16.13.3 An insurance group should perform its ORSA to assess the adequacy of
the group’s risk management and current, and likely future, solvency
position. The nature of the assessment should be appropriate to the
nature, scale and complexity of the risks at insurance group level. The
risks should include all reasonably foreseeable and relevant material risks
arising from every member of the insurance group and from the widest
group of which the insurance group is part. The insurance group’s ORSA
Public
should make sure that there are no material risks of the group that are
not captured, that the fungibility of capital and the transferability of assets
within the group is taken into account and that capital is not double
counted. It is likely to be appropriate to the nature, scale and complexity
of their risks for particular care to be given to these aspects for large
complex groups.
16.13.4 Similarly, the insurance legal entity’s ORSA should include all additional
risks arising due to membership of the widest group of which it is a part
to the extent that they impact the insurance legal entity as appropriate to
the nature, scale and complexity of those risks.
16.13.5 In both the insurance legal entity’s ORSA and the insurance group’s
ORSA, it may be appropriate to consider scenarios in which a group splits
or changes its structure in other ways. Assessment of current capital
adequacy and continuity analysis should include consideration of relevant
possible changes in group structure and integrity in adverse
circumstances and the implications this could have for group risks, the
existence of the group and the support or demands from the group to or
on its members.
16.13.6 Given the level of complexity at insurance group level compared with that
at a legal entity level, additional analysis and information is likely to be
needed in order to comprehensively address the range of insurance
group level risks. It may, for example, be appropriate to apply a contagion
test e.g. by using stress testing to assess the impact of difficulties in each
legal entity which is a member of the insurance group on the other
insurance group entities.
Own risk and solvency assessment (ORSA) - economic and regulatory capital
16.14 The supervisor requires the insurer to:

• determine, as part of its ORSA, the overall financial resources it needs to
manage its business given its own risk tolerance and business plans,
and to demonstrate that supervisory requirements are met;
• base its risk management actions on consideration of its economic
capital, regulatory capital requirements and financial resources,
including its ORSA; and
• assess the quality and adequacy of its capital resources to meet
regulatory capital requirements and any additional capital needs.
16.14.1 In the context of its overall ERM framework, an insurer should perform its
ORSA and have risk and capital management processes in place to
monitor the level of its financial resources relative to its economic capital
and the regulatory capital requirements set by the supervisor.
16.14.2 In the context of its own assessment, an insurer should clearly distinguish
between current capital needs and its projected future financial position,
having regard for its longer-term business strategy and, in particular, new
business plans.
16.14.3 While holding capital is not necessarily the most effective way of
managing risk, it is important that an insurer has regard for how risk
management and capital management relate to and interact with each
Public
other. Therefore, an insurer should determine the overall financial
resources it needs, taking into account its risk tolerance and business
plans, based on an assessment of its risks, the relationship between them
and the risk mitigation in place. Determining economic capital helps an
insurer to assess how best to optimise its capital base, whether to retain
or transfer risk and how to allow for risks in its pricing. It also helps to give
the supervisor confidence that risks are being well managed.
16.14.4 Although the amounts of economic capital and regulatory capital
requirements and the methods used to determine them may differ, an
insurer should be aware of, and be able to analyse and explain, these
differences. Such analysis helps to embed supervisory requirements into
an insurer's ORSA and risk and capital management, so as to ensure that
obligations to policyholders continue to be met as they fall due.
16.14.5 As part of the ORSA, the insurer should perform its own assessment of
the quality and adequacy of capital resources both in the context of
determining its economic capital and in demonstrating that regulatory
capital requirements are met having regard to the quality criteria
established by the supervisor and other factors which the insurer
considers relevant. The scope of this assessment should be appropriate
to the nature, scale and complexity of the insurer’s risks. The insurer
should also assess the appropriateness of its capital resources in
supporting its business strategy and enabling it to continue its operations,
with due regard for its longer term business strategy and in particular new
business plans.
Re-capitalisation
16.14.6 If an insurer suffers losses that are absorbed by its available capital
resources, it may need to raise new capital to meet ongoing regulatory
capital requirements and to maintain its business strategies. It cannot be
assumed that capital will be readily available at the time it is needed.
Therefore, an insurer’s own assessment of the quality of capital should
also consider the issue of re-capitalisation, especially the ability of capital
to absorb losses on a going-concern basis and the extent to which the
capital instruments or structures that the insurer uses may facilitate or
hinder future re-capitalisation. For example, if an insurer enters into a
funding arrangement where future profits are cashed immediately, the
reduced future earnings potential of the insurer may make it more difficult
to raise capital resources in the future.
16.14.7 For an insurer to be able to recapitalise in times of financial stress, it is
critical to maintain market confidence at all times, through its solvency
and capital management, investor relationships, robust governance
structure/practices and fair market conduct practices. For example,
where an insurer issues preferred stock without voting rights, this may
affect the robustness of the governance structure and practice of that
insurer. The voting rights attached to common stock can provide an
important source of market discipline over an insurer’s management.
Other insurers may issue capital instruments with lower coupons and
fees, sacrificing the economic value of the existing shareholders and
bondholders.
Public
16.14.8 When market conditions are good, many insurers should be readily able
to issue sufficient volumes of high quality capital instruments at
reasonable levels of cost. However, when market conditions are stressed,
it is likely that only well capitalised insurers, in terms of both the quality
and quantity of capital resources held, will be able to issue high quality
capital instruments. Other insurers may only be able to issue limited
amounts of lower quality capital and at higher cost. Therefore,
supervisors should make sure that insurers have regard for such
variations in market conditions and manage the quality and quantity of
their capital resources in a forward looking manner. In this regard, it is
expected that high quality capital instruments, such as common shares,
should form the substantial part of capital resources in normal market
conditions as that would enable insurers to issue capital instruments even
in stressed situations. Such capital management approaches also help to
address the procyclicality issues that may arise, particularly in risk-based
solvency requirements.
members of groups
16.14.9 An insurance group should determine, as part of its ORSA, the overall
financial resources it needs to manage its business given its own risk
tolerance and business plans and demonstrate that its supervisory
requirements are met. The insurance group’s risk management actions
should be based on consideration of its economic capital, regulatory
capital requirements and financial resources. Economic capital should
thus be determined by the insurance group as well as a member
insurance legal entity and appropriate risk tolerances and management
actions should be identified for both the insurance group and the
insurance legal entity.
16.14.10 Key group-wide factors to be addressed in the insurer’s assessment of
group-wide capital resources include multiple gearing, intra-group
creation of capital and reciprocal financing, leverage of the quality of
capital and fungibility of capital and free transferability of assets across
group entities.
Own risk and solvency assessment (ORSA) – using internal models
16.14.11 An insurer may consider that the assessment of current financial

resources and the calculation of regulatory capital requirements would be
better achieved through the use of internal models.
16.14.12 Where an internal model is used for the ORSA, it is likely to be an
important strategic and operational decision-making tool and to be most
useful if it enables the insurer to integrate its risk and capital management
processes; that is, assisting with both the assessment of the risks faced
within its business and the determination of the economic capital needed,
where appropriate, to meet those risks.
16.14.13 An ERM framework should address all reasonably foreseeable and
relevant material risks the insurer faces in accordance with a properly
constructed risk management policy. To be most effective, therefore, an
internal model used for the ORSA needs to address all those identified
Public
risks and assess their impact on the insurer’s business given the possible
situations that could occur. The risks to be considered should include
underwriting risk, credit risk, market risk, operational risk and liquidity risk
(including any significant risk concentrations). The categories of risks
considered should be clearly defined. The methods by which this analysis
could be conducted range from simple stress testing of events to more
complex stochastic modelling as appropriate to the nature, scale and
complexity of the risks concerned.
16.14.14 When used for the ORSA, the insurer’s internal model is likely to be
calibrated on the basis of defined modelling criteria which the insurer
believes will determine the level of capital appropriate and sufficient to
meet its business plan and strategic objectives. These modelling criteria
are likely to include the basis for valuation of the assets and liabilities, and
the confidence level, risk measure and time horizon which the insurer
considers appropriate to its risk tolerance and business plans. An insurer
is likely to consider various factors in order to determine the modelling
criteria used to determine its economic capital; for example choosing a
level to achieve a certain investment rating, or to meet other business
objectives.
16.14.15 In constructing its internal model for the ORSA, an insurer is likely to
adopt risk modelling techniques and approaches appropriate to the
nature, scale and complexity of the risks incorporated within its risk
strategy and business objectives. An insurer may consider various inputs
to the modelling process, such as economic scenarios, asset portfolios
and liabilities from in-force or past business 35. It is likely that the modelling
criteria and the various inputs to the modelling would be established in
the context of the insurer continuing to operate on a going concern basis
(unless the insurer is in financial difficulty).
16.14.16 An internal model used in the ORSA to determine the economic capital
enables the insurer to allocate sufficient financial resources to ensure it
can continue to meet its policyholder liabilities as they fall due, at a
confidence level appropriate to its business objectives. To fully assess
policyholder liabilities in this way, all liabilities that need to be met to avoid
putting policyholder interests at risk need to be considered, including any
liabilities for which a default in payment could trigger the winding up of
the insurer.
16.14.17 An internal model used by an insurer in the context of its ORSA for
determining its own economic capital needs should not need supervisory
approval for that purpose. However, an insurer would be expected to
review its own internal model and validate it so as to satisfy itself of the
appropriateness of the model for use as part of its risk and capital
management processes. 36 It would be expected to calibrate the model
according to its own modelling criteria. As well as internal review, the
35 It may also consider regulatory constraints on the application and transfer of assets, e.g. in
jurisdictions where insurers are required to segregate the assets backing the liabilities of different
classes of insurance into separate funds and where the transfer of assets between funds is restricted
by regulations.
36 Where appropriate, taking into account the insurer’s nature, scale and complexity, validation would
be expected to be carried out by a different department or persons than those who created the internal
model, in order to facilitate independence.
Public
insurer may wish to consider an external review of its internal model by
appropriate specialists e.g. if the internal review does not have an
appropriate level of independence or the insurer’s management wishes
to have greater assurance about the validity of the model than can be
provided by an internal review.
members of groups on using an internal model for the ORSA
16.14.18 An insurance group may consider that the assessment of financial

resources and the calculation of regulatory capital requirements would be
better achieved through the use of internal models to enable the range of
risks and their scale and complexity to be effectively assessed.
16.14.19 All insurance legal entities and insurance groups of which they are
members should be undertaking their ORSA. To carry out its ORSA, an
insurance group should apply a methodology that is best suited to the
nature, scale and complexity of the risk profile of its business. Although
this does not necessarily imply the use of internal models for this purpose,
the nature of the risks may be more diverse and the scale and complexity
of the business and risks of an insurance group may be greater than that
of its member legal entities. It may therefore be appropriate for internal
models to be used for the group’s ORSA even where the use of an
internal model is not an approach appropriate to the nature, scale and
complexity of its members.
Own risk and solvency assessment (ORSA) - continuity analysis
16.15 The supervisor requires:

• the insurer, as part of its ORSA, to analyse its ability to continue in
business, and the risk management and financial resources required to
do so over a longer time horizon than typically used to determine
regulatory capital requirements;
• the insurer’s continuity analysis to address a combination of quantitative
and qualitative elements in the medium and longer-term business
strategy of the insurer and include projections of its future financial
position and analysis of its ability to meet future regulatory capital
requirements.
16.15.1 An insurer should be able to demonstrate an ability to manage its risk
over the longer term under a range of plausible adverse scenarios. An
insurer’s capital management plans and capital projections are therefore
key to its overall risk management strategy. These should allow the
insurer to determine how it could respond to unexpected changes in
markets and economic conditions, innovations in the industry and other
factors such as demographic, legal and regulatory, medical and social
developments.
16.15.2 Where it is appropriate to the nature, scale and complexity to do so,
supervisors should require an insurer to undertake periodic, forward-
looking continuity analysis and modelling of its future financial position
including its ability to continue to meet its regulatory capital requirements
in future under various conditions. Insurers should ensure that the capital
Public
and cash flow projections (before and after stress) and the management
actions included in their forecasts, are approved at a sufficiently senior
level.
16.15.3 In carrying out its continuity analysis, the insurer should also apply
reverse stress testing to identify scenarios that would be the likely cause
of business failure (e.g. where business would become unviable or the
market would lose confidence in it) and the actions necessary to manage
this risk. (See also Guidance 16.1.17).
16.15.4 As a result of continuity analysis, supervisors should encourage insurers
to maintain contingency plans and procedures for use in a going and gone
concern situation. Such plans should identify relevant countervailing
measures and off-setting actions they could realistically take to
restore/improve the insurer’s capital adequacy or cash flow position after
some future stress event and assess whether actions should be taken by
the insurer in advance as precautionary measures.
16.15.5 A clear distinction should be made between the assessment of the current
financial position and the projections, stress testing and scenario
analyses used to assess an insurer’s financial condition for the purposes
of strategic risk management including maintaining solvency. 37 Continuity
analysis helps to ensure sound, effective and complete risk management
processes, strategies and systems. It helps to assess and maintain on an
ongoing basis the amounts, types and distribution of financial resources
needed to cover the nature and level of the risks to which an insurer is or
might be exposed and to enable the insurer to identify and manage all
reasonably foreseeable and relevant material risks. In doing so, the
insurer assesses the impact of possible changes in business or risk
strategy on the level of economic capital needed as well as the level of
regulatory capital requirements.
16.15.6 Such continuity analysis should have a time horizon needed for effective
business planning, for example 3 to 5 years, which is longer than typically
used to determine regulatory capital requirements 38. It should also place
greater emphasis than may be considered in regulatory requirements on
new business plans and product design and pricing, including embedded
guarantees and options, and the assumptions appropriate given the way
in which products are sold. The insurer’s current premium levels and
strategy for future premium levels are a key element in its continuity
analysis. In order for continuity analysis to remain most meaningful, an
insurer should also consider changes in external factors such as possible
future events including changes in the political or economic situation.
16.15.7 Through the use of continuity analysis an insurer is better able to link its
current financial position with future business plan projections and ensure
its ability to maintain its financial position in the future. In this way the
insurer further embeds its ERM into its ongoing and future operations.
16.15.8 An internal model may also be used for the continuity analysis allowing
the insurer to assess the capital consequences of strategic business
decisions in respect of its risk profile. For example, the insurer may decide
The scenarios used for such assessments may be determined by the insurer or the supervisor.
37
38The comparison with the time horizon for determining regulatory capital requirements is with the
defined time horizon over which the level of safety is specified or "shock period".
Public
to reduce its exposure to certain risks by writing different types of
business, in order to reduce the capital that is needed to be held against
such risks, potentially freeing up resources for use elsewhere. This
process of capital management enables the insurer to change its capital
exposure as part of its long-term strategic decision making.
16.15.9 As a result of such strategic changes, the risk profile of an insurer may
alter, so that different risks need to be assessed and quantified within its
internal model. In this way, an internal model may sit within a cycle of
strategic risk and capital management and provides the link between
these two processes.
members of groups
16.15.10 An insurance group should also analyse its ability to continue in business
and the risk management and financial resources it requires to do so. The
insurance group’s analysis should consider its ability to continue to exist
as an insurance group, potential changes in group structure and the
ability of its members to continue in business.
An insurance legal entity’s continuity analysis should analyse the ongoing
support from the group including the availability of financial support in
adverse circumstances as well as the risks that may flow from the group
to the insurance legal entity. Both the insurance legal entity and an
insurance group of which it is a member should thus take into account the
business risks they face including the potential impact of changes in the
economic, political and regulatory environment.
16.15.11 In their continuity analysis, insurance groups should pay particular
attention to intra-group cash flows, i.e. whether the insurance group will
have available cash flows (e.g. from surpluses released from long-term
funds, dividends from other subsidiaries, etc) and whether they will be
transferable among group member entities to cover any payments of
interest or capital on loans, to finance new business and to meet any
other anticipated liabilities as they fall due. Insurance groups should
outline what management actions they would take to manage the
potential cash flow implications of a stress scenario (e.g. reducing new
business, cutting dividends, etc).
16.15.12 The insurance group’s continuity analysis should also consider the
distribution of capital in the insurance group after stress and the possibility
that subsidiaries within the insurance group may require recapitalisation
(either due to breaches of local regulatory requirements, a shortfall in
economic capital, or for other business reasons). The assessment should
consider whether sufficient sources of surplus and transferable capital
would exist elsewhere in the insurance group and identify what
management actions might need to be taken (e.g. intra-group movements
of resources, other intra-group transactions or group restructuring).
16.15.13 The insurance group should also apply reverse stress testing to identify
scenarios that are likely to cause business failure within the insurance
group and the actions necessary to manage this risk. (See Guidance
16.1.17.)
Public
Role of supervision in risk management
16.16 The supervisor undertakes reviews of an insurer's risk management processes

and its financial condition, including the ORSA. Where necessary, the
supervisor requires strengthening of the insurer’s risk management, solvency
assessment and capital management processes.
16.16.1 The output of an insurer’s ORSA should serve as an important tool in the
supervisory review process by helping the supervisor to understand the
risk exposure and solvency position of the insurer.
16.16.2 The insurer's ERM framework and risk management processes (including
internal controls) are critical to solvency assessment. Supervisors should
therefore assess the adequacy and soundness of the insurer’s framework
and processes by receiving the appropriate information, including the
ORSA regularly. However, company operations are primarily the
responsibility of the Board and Senior Management, and they need to be
able to exercise their own discretion or business judgment to carry out
these responsibilities.
16.16.3 Supervisors should review an insurer's internal controls and monitor its
capital adequacy, requiring strengthening where necessary. Where
internal models are used to calculate the regulatory capital requirements,
particularly close interaction between the supervisor and insurer is
important. In these circumstances, the supervisor may consider the
insurer’s internal model, its inputs and outputs and the validation
processes, as a source of insight into the risk exposure and solvency
position of the insurer. (See also ICP 8 Risk Management and Internal
Controls.)
16.16.4 Supervisors should suitably monitor the techniques employed by the
insurer for risk management and capital adequacy assessment and
intervene where weaknesses are identified. Supervisors should not take
a “one-size-fits-all” approach to insurers’ risk management but base their
expectations on the nature, scale and complexity of its business and
risks. In order to do this, supervisors need to have sufficient and
appropriate resources and capabilities. Supervisors may, for instance,
have a risk assessment model or programme with which they can assess
their insurers' overall condition (e.g. risk management, capital adequacy
and solvency position) and ascertain the likelihood of insurers breaching
their regulatory requirements. Supervisors may also prescribe minimum
aspects that an ERM framework should address.
16.16.5 Supervisors should require appropriate information on risk management
and risk and solvency assessments from each insurer they regulate. This
not only provides supervisors with a long-term assessment of capital
adequacy to aid in their assessment of insurers, but encourages insurers
to use risk management effectively. This could also be achieved by, for
instance, a supervisor requiring or encouraging insurers to provide a
solvency and financial condition report. Such a report could include a
description of the relevant material categories of risk that the insurer
faces, its overall financial resource needs including its economic capital
and regulatory capital requirements, as well as the capital available to
meet these requirements, and projections of how such factors will
develop in future. Where, after appropriate request from the supervisor,
Public
an insurer fails to report adequate information about its risk and capital
management practices, processes and procedures from which the
supervisor can monitor the insurer, the supervisor should intervene or
apply penalties appropriately. In addition, an insurer should have a duty
to report a breach in regulatory requirements to the supervisor as soon
as it occurs.
16.16.6 Supervisors should require the results of the most material risk modelling,
stress testing and scenario analysis and the key assumptions underlying
them to be reported to them, as appropriate to the nature, scale and
complexity of the risks, and have access to all other results if requested.
Where a supervisor considers that the calculations conducted by an
insurer should be supplemented with additional calculations, it should be
able to require the insurer to carry out those additional calculations.
Where the supervisor considers that the insurer’s response to the results
of its risk modelling, stress testing and scenario testing are insufficient it
should be able to direct the insurer to develop a more appropriate
response. Supervisors should also consider available reverse stress tests
performed by insurers where they wish to satisfy themselves that
appropriate action is being taken to manage the risk of business failure.
(See also Guidance 16.1.17.)
16.16.7 While insurers should carry out stress testing and scenario analysis and
risk modelling that are most appropriate for their businesses, supervisors
may also develop prescribed or standard tests and require insurers to
perform them when circumstances are appropriate. One purpose of such
testing may be to improve consistency of testing among a group of similar
insurers. Another purpose may be to assess the financial stability of the
insurance sector to economic or market stresses or other stresses that
apply to a number of insurers simultaneously, such as pandemics, or
major catastrophes. Such tests may be directed at selected insurers or
all insurers. The criteria for scenarios used for standard tests should be
developed as appropriate to the risk environment of insurers in each
jurisdiction.
16.16.8 Forward-looking stress testing, scenario analysis and risk modelling of
future capital positions and cash flows whether provided by the insurer’s
own continuity analysis or in response to supervisory requirements is a
valuable tool for supervisors in assessing the financial condition of
insurers, Such testing informs the discussion between supervisors and
insurers on appropriate planning, comparing risk assessments against
stress test outcomes, risk management and management actions and
enables supervisors to consider the dynamic position of insurers and form
a high-level assessment of whether the insurer is adequately capitalised
to withstand a range of standardised and bespoke stresses.
16.16.9 Supervisors may use insurers’ continuity analyses to increase the
attention insurers pay to the robustness of their future financial position,
the information on which they base decisions and their contingency
planning. Such information enables supervisors to assess whether
insurers should improve their ERM by taking additional countervailing
measures and off-setting actions, either immediately, as a precautionary
measure, or including them in future plans so as to reduce any projected
Public
financial inadequacies, improve cash flows and increase their ability to
restore their capital adequacy after stress events.
16.16.10 While an insurer may itself decide to hold additional capital or reduce its
risks as a direct result of its continuity analysis as well as taking other
management actions, the analysis should not of itself be used as a basis
for increasing current regulatory capital requirements/solvency control
levels.
16.16.11 Publicly disclosing information on risk management should work towards
the IAIS's objective of improving the transparency and comparability of
existing solvency requirements. The IAIS supports the need for balance
regarding the level of information to disclose about an insurer's risk
management whilst producing sufficient information for external and
internal stakeholders which is useful and meaningful. Therefore, the IAIS
recognises that the requirements for public disclosure of information on
risk management, including possible disclosure of elements of a solvency
and financial condition report, should be carefully considered by
supervisors taking into account the proprietary nature of the information,
whether it is commercially sensitive and the potential for its publication to
have adverse effects on insurers.
16.16.12 Where an insurer's risk management practices and processes are not
considered adequate by the supervisor, the supervisor should use its
supervisory powers to take appropriate action. This could be in the form
of further supervisory reporting or additional qualitative and quantitative
requirements arising from the supervisor's assessment. However,
additional quantitative requirements should only be applied in appropriate
circumstances and subject to a transparent framework. If routinely
applied, such measures may undermine a consistent application of
standardised approaches to regulatory capital requirements.
16.16.13 Conversely, an insurer that manages its risks and capital well should be
recognised and the level of supervision adapted to be commensurate with
a risk-based supervisory approach. This does not necessarily mean a low
level of supervision, but a level of supervision appropriate to the level of
risk to which the insurer is exposed and its ability to manage the risks. An
insurer's effective management of risk and capital does not necessarily
mean the use of complex internal models, but a degree of risk
management appropriate to the nature, scale and complexity of the
insurer’s risks. Importantly, risk sensitive regulatory financial
requirements should provide the incentive for optimal alignment of the
insurer’s risk and capital management and regulatory requirements.
members of groups
16.16.14 The group-wide supervisor should undertake reviews of the risk

management processes and financial condition of the insurance group.
Where necessary, the group-wide supervisor should use its powers to
require strengthening of the insurance group’s risk management,
solvency assessment and capital management processes, as
appropriate to the nature, scale and complexity of risks at group level. .
Public
The group-wide supervisor should inform the insurance legal entity
supervisors of any action required.
16.16.15 The supervisory review of an insurance legal entity’s risk management
processes and its financial condition should include group risks. In
particular, the supervisors involved should understand and assess the
sources of risk, including emerging new risks to the insurance group and
to insurance legal entities from any non-regulated entities within the
group. Risk mitigation measures should be considered as possible
response in treatment of non-regulated entities where a proper
assessment is not possible or non-regulated entities threaten
policyholder protection significantly. For example, the relevant supervisor
could, where legally possible, forbid distribution of dividends to holding
companies, issuance of new guarantees, or new participations in non-
regulated entities. Such measures may also involve ring-fencing, such as
portfolio transfers to another legal insurance entity in the group.
16.16.16 Questions the group-wide supervisor should consider when assessing
the soundness, appropriateness and strengths and weaknesses of the
insurance group ERM framework include, but are not be confined to:
• How well is the group’s ERM framework tailored to the group?
• Are decisions influenced appropriately by the group’s ERM
framework outputs?
• How responsive is the group’s ERM framework to changes in
individual businesses and to the group structure?
• How does the framework bring into account intra-group
transactions, risk mitigation and constraints on fungibility of
capital/ transferability of assets/liquidity?
• What is the allocation of responsibilities for ERM in the group
and what oversight is given of any outsourcing?
• What are the internal control systems and audit trails?
• What modelling and stress testing (including reverse stress
testing) is done and how is modelling risk managed?
16.16.17 The group-wide supervisory review and assessment of the insurance
group’s ERM framework should consider the framework’s soundness and
appropriateness and identify its strengths, weaknesses and suitability as
a basis for group-wide solvency assessment. The arrangements for
managing conflicts of interest across an insurance group should be a
particular focus in the supervisory review and assessment of an
insurance group’s ERM framework.
16.16.18 The soundness of the insurance group ERM framework may be a factor
in the supervisory assessment of the risks to which the insurance group
and its member insurance legal entities members are subject. This may
in turn affect the level of capital that the insurance group is required to
hold for regulatory purposes and any regulatory restrictions that are
applied e.g. in terms of the recognition of diversification across the
insurance group, the allowances made for operational risk and the
allocation of capital within the insurance group.
Public
16.16.19 Although it is not a requirement in general for an insurance legal entity or
an insurance group to use internal models to carry out its ORSA, it may
be considered appropriate by the supervisor in particular cases that the
ORSA should use internal models in order to achieve a sound ERM
framework. The effectiveness of an insurance group’s ORSA may be
affected by the degree of integration of its internal capital models, the
extent to which it takes into account constraints on fungibility of capital
and its ability to model changes in its structure, the transfer of risks around
the insurance group and insurance group risk mitigation. These factors
should be taken into account by the group-wide supervisor in its review
of the insurance group’s ORSA.
16.16.20 In considering the insurance group’s financial position, the group-wide
supervisor should review the insurance group’s ORSA, including its
continuity analysis. In addition, supervisors may wish to specify criteria or
analyses that should form part of the supervisory risk assessments so as
to achieve effective supervision and consistency across insurance
groups. This may, for example, include prescribed stress tests that apply
to insurance groups that are regarded as particularly important in terms
of meeting supervisory objectives.
Public
ICP 17 Capital Adequacy
The supervisor establishes capital adequacy requirements for solvency purposes
so that insurers can absorb significant unforeseen losses and to provide for
degrees of supervisory intervention.
unregulated) within an insurance group, but it does apply to insurance
Capital adequacy in the context of a total balance sheet approach
17.1 The supervisor requires that a total balance sheet approach is used in the
assessment of solvency to recognise the interdependence between assets,
liabilities, regulatory capital requirements and capital resources and to require
that risks are appropriately recognised.
17.1.1 The overall financial position of an insurer should be based on consistent
measurement of assets and liabilities and explicit identification and
consistent measurement of risks and their potential impact on all
components of the balance sheet. In this context, the IAIS uses the term
total balance sheet approach to refer to the recognition of the
interdependence between assets, liabilities, regulatory capital
requirements and capital resources. A total balance sheet approach
should also require that the impacts of relevant material risks on an
insurer’s overall financial position are appropriately and adequately
recognised. 39
17.1.2 The assessment of the financial position of an insurer for supervision
purposes addresses the insurer’s technical provisions, required capital
and available capital resources. These aspects of solvency assessment
(namely technical provisions and capital) are intrinsically inter-related and
cannot be considered in isolation by a supervisor.
17.1.3 Technical provisions and capital have distinct roles, requiring a clear and
consistent definition of both elements. Technical provisions represent the
amount that an insurer requires to fulfil its insurance obligations and settle
all commitments to policyholders and other beneficiaries arising over the
lifetime of the portfolio. 40 In this ICP, the term regulatory capital
requirements refers to financial requirements that are set by the
supervisor and relates to the determination of amounts of capital that an
insurer must have in addition to its technical provisions.
17.1.4 Technical provisions and regulatory capital requirements should be
covered by adequate and appropriate assets, having regard to the nature
39 It is noted that the total balance sheet approach is an overall concept rather than implying use of a
particular methodology.
40 This includes costs of settling all commitments to policyholders and other beneficiaries arising over
the lifetime of the portfolio of policies, the expenses of administering the policies, the costs of hedging,
reinsurance, and of the capital required to cover the remaining risks.
Public
and quality of those assets. To allow for the quality of assets, supervisors
may consider applying restrictions or adjustments (such as quantitative
limits, asset eligibility criteria or “prudential filters”) where the risks
inherent in certain asset classes are not adequately covered by the
17.1.5 Capital resources may be regarded very broadly as the amount of the
assets in excess of the amount of the liabilities. Liabilities in this context
includes technical provisions and other liabilities (to the extent these other
liabilities are not treated as capital resources - for example, liabilities such
as subordinated debt may under certain circumstances be given credit for
regulatory purposes as capital – see Guidance 17.10.8 - 17.10.11).
Assets and liabilities in this context may include contingent assets and
contingent liabilities.
17.1.6 In considering the quality of capital resources the supervisor should have
regard to their characteristics, including the extent to which the capital is
available to absorb losses (including considerations of subordination and
priority), the extent of the permanent and/or perpetual nature of the capital
and the existence of any mandatory servicing costs in relation to the
capital. 41
members of groups
17.1.7 The capital adequacy assessment of an insurance legal entity which is a

member of an insurance group needs to consider the value of any
holdings the insurance legal entity has in affiliates. Consideration may be
given, either at the level of the insurance legal entity or the insurance
group, to the risks attached to this value.
17.1.8 Where the value of holdings in affiliates is included in the capital
adequacy assessment and the insurance legal entity is the parent of the
group, group-wide capital adequacy assessment and legal entity
assessment of the parent may be similar in outcome although the detail
of the approach may be different. For example, a group-wide assessment
may consolidate the business of the parent and its subsidiaries and
assess the capital adequacy for the combined business while a legal
entity assessment of the parent may consider its own business and its
investments in its subsidiaries.
17.1.9 There are various possible approaches for group-wide supervision. More
specifically, undertaking a capital adequacy assessment of an insurance
group falls into two broad sets of approaches:
• group level focus and
• legal entity focus.
“Hybrid” or intermediate approaches which combine elements of
approaches with a group and a legal entity focus may also be used.
17.1.10 The choice of approach would depend on the preconditions in a
jurisdiction, the legal environment which may specify the level at which
the group-wide capital requirements are set, the structure of the group
41 More detailed guidance on the determination of capital resources is given below.

Public
and the structure of the supervisory arrangements between the
supervisors.
17.1.11 To further describe and compare the various approaches to group-wide
capital adequacy assessment, a two dimensional continuum may be
considered; on one axis – the organisational perspective – consideration
is given to the extent to which a group is considered as a set of
interdependent entities or a single integrated entity; on the other axis –
the supervisory perspective – consideration is given to the relative weight
of the roles of insurance legal entity supervision and group-wide
supervision, without implying that the latter can replace the former in any
way. It is recognised that supervisors around the world have adopted
approaches corresponding to many points of this continuum. The
continuum may be split into four quadrants as shown in Figure 17.1
below.
Figure 17.1
Legal Entity Focus Group Level Focus
SUPERVISORY PERSPECTIVE
Large relative weight of Insurance legal entity Insurance legal entity capital
group supervision with capital adequacy adequacy assessed under the
respect to local assessed for all assumption that the group
supervision (relevant) legal entities behaves as a single integrated
taking into account entity. Local and group
group impact. The supervisors additionally define
results are binding and how much capital each legal
valid for local entity has to hold.
supervisors as well as
for the group supervisor
Small relative weight of Insurance legal entity Insurance legal entity capital
group supervision with capital adequacy adequacy assessed under the
respect to local assessed for all assumption that the group
supervision (relevant) legal entities behaves as a single integrated
taking into account entity. These results are not
group impact. These binding; local supervisors apply
results are not binding; insurance legal entity capital
local supervisors apply adequacy requirements.
insurance legal entity
capital adequacy
requirements.
O R G A N I S A T I O N A L P E R S P E C T I V E
members of groups - group level focus
17.1.12 Under a group-wide capital adequacy assessment which takes a group

level focus, the insurance group is considered primarily as a single
integrated entity for which a separate assessment is made for the group
Public
as a whole on a consistent basis, including adjustments to reflect
constraints on the fungibility of capital and transferability of assets among
group members. Hence under this approach, a total balance sheet
approach to solvency assessment is followed which is (implicitly or
explicitly) based on the balance sheet of the insurance group as a whole.
However, adjustments may be necessary appropriately to take into
account risks from non-insurance members of the insurance group,
including cross-sector regulated entities and non-regulated entities.
17.1.13 Methods used for approaches with a group level focus may vary in the
way in which group capital requirements are calculated. Either the group’s
consolidated accounts may be used as a basis or an aggregation method
may be used. The former is already adjusted for intra-group holdings and
further adjustments may then need to be made to reflect the fact that the
group may not behave or be allowed to behave as one single entity 42.
This is particularly the case in stressed conditions. The latter method may
sum surpluses or deficits (i.e. the difference between capital resources
and capital requirements) for each insurance legal entity in the group with
relevant adjustments for intra-group holdings in order to measure an
overall surplus or deficit at group level. Alternatively, it may sum the
insurance legal entity capital requirements and insurance legal entity
capital resources separately in order to measure a group capital
requirement and group capital resources. Where an aggregation
approach is used for a cross-border insurance group, consideration
should be given to consistency of valuation and capital adequacy
requirements and of their treatment of intra-group transactions.
members of groups - legal entity focus
17.1.14 Under a group-wide capital adequacy assessment which takes a legal

entity focus, the insurance group is considered primarily as a set of
interdependent legal entities. The focus is on the capital adequacy of
each of the parent and the other insurance legal entities in the insurance
group, taking into account risks arising from relationships within the
group, including those involving non-insurance members of the group.
The regulatory capital requirements and resources of the insurance legal
entities in the group form a set of connected results but no overall
regulatory group capital requirement is used for regulatory purposes. This
is still consistent with a total balance sheet approach, but considers the
balance sheets of the individual group entities simultaneously rather than
amalgamating them to a single balance sheet for the group as a whole.
Methods used for approaches with a legal entity focus may vary in the
extent to which there is a common basis for the solvency assessment for
all group members and the associated communication and co-ordination
needed among supervisors.
17.1.15 For insurance legal entities that are members of groups and for insurance
sub-groups that are part of a wider insurance or other sector group, the
additional reasonably foreseeable and relevant material risks arising from
42Consolidated accounts may be those used for accounting purposes or may differ (e.g. in terms of the
entities included in the consolidation).
Public
being a part of the group should be taken into account in capital adequacy
assessment.
Establishing regulatory capital requirements
17.2 The supervisor establishes regulatory capital requirements at a sufficient level

so that, in adversity, an insurer’s obligations to policyholders will continue to be
met as they fall due and requires that insurers maintain capital resources to meet
the regulatory capital requirements.
Purpose and role of regulatory capital requirements and resources
17.2.1 An insurer's Board and Senior Management have the responsibility to

ensure that the insurer has adequate and appropriate capital to support
the risks it undertakes. Capital serves to reduce the likelihood of failure
due to significantly adverse losses incurred by the insurer over a defined
period, including decreases in the value of the assets and/or increases in
the obligations of the insurer, and to reduce the magnitude of losses to
policyholders in the event that the insurer fails.
17.2.2 From a regulatory perspective, the purpose of capital is to ensure that, in
adversity, an insurer’s obligations to policyholders will continue to be met
as they fall due. Regulators should establish regulatory capital
requirements at the level necessary to support this objective.
17.2.3 In the context of its own risk and solvency assessment (ORSA), the
insurer would generally be expected to consider its financial position from
a going concern perspective (that is, assuming that it will carry on its
business as a going concern and continue to take on new business) but
may also need to consider a run-off and/or winding-up perspective (e.g.
where the insurer is in financial difficulty). The determination of regulatory
capital requirements may also have aspects of both a going concern and
a run-off 43 or winding-up perspective. In establishing regulatory capital
requirements, therefore, supervisors should consider the financial
position of insurers under different scenarios of operation.
17.2.4 From a macro-economic perspective, requiring insurers to maintain
adequate and appropriate capital enhances the safety and soundness of
the insurance sector and the financial system as a whole, while not
increasing the cost of insurance to a level that is beyond its economic
value to policyholders or unduly inhibiting an insurer’s ability to compete
in the marketplace. There is a balance to be struck between the level of
risk that policyholder obligations will not be paid with the cost to
policyholders of increased premiums to cover the costs of servicing
additional capital.
17.2.5 The level of capital resources that insurers need to maintain for regulatory
purposes is determined by the regulatory capital requirements specified
by the supervisor. A deficit of capital resources relative to capital
requirements determines the additional amount of capital that is required
for regulatory purposes.
43In this context, “run-off” refers to insurers that are still solvent but have closed to new business and
are expected to remain closed to new business.
Public
17.2.6 Capital resources protect the interests of policyholders by meeting the
following two objectives. They:
• reduce the probability of insolvency by absorbing losses on a
going-concern basis or in run-off; and/or
• reduce the loss to policyholders in the event of insolvency or
winding-up.
17.2.7 The extent to which elements of capital achieve the above outcomes will
vary depending on their characteristics or “quality”. For example, ordinary
share capital may be viewed as achieving both of the above, whereas
subordinated debt may be viewed largely as only protecting policyholders
in insolvency. Capital which achieves both of the above is sometimes
termed “going-concern capital” and capital which only reduces the loss to
policyholders in insolvency is sometimes termed “wind-up capital” or
“gone concern” capital. It would be expected that the former (i.e. going-
concern capital instruments) should form the substantial part of capital
resources.
17.2.8 For an insurer, the management and allocation of capital resources is a
fundamental part of its business planning and strategies. In this context,
capital resources typically serve a broader range of objectives than those
in Guidance 17.2.6. For example, an insurer may use capital resources
over and above the regulatory capital requirements to support future
growth or to achieve a targeted credit rating.
17.2.9 It is noted that an insurer’s capital management (in relation to regulatory
requirements and own capital needs) should be supported and
underpinned by establishing and maintaining a sound enterprise risk
management framework, including appropriate risk and capital
management policies, practices and procedures which are applied
consistently across its organisation and are embedded in its processes.
Maintaining sufficient capital resources alone is not sufficient protection
for policyholders in the absence of disciplined and effective risk
management policies and procedures. (See ICP 16 Enterprise Risk
Management for Solvency Purposes.)
members of groups
17.2.10 The supervisor should require insurance groups to maintain capital

resources to meet regulatory capital requirements. These requirements
should take into account the non-insurance activities of the insurance
group. For supervisors that undertake group-wide capital adequacy
assessments with a group level focus this means maintaining insurance
group capital resources to meet insurance group capital requirements for
the group as a whole. For supervisors that undertake group-wide capital
adequacy assessments with a legal entity focus this means maintaining
capital resources in each insurance legal entity based on a set of
connected regulatory capital requirements for the group’s insurance legal
entities which fully take the relationships and interactions between these
legal entities and other entities in the insurance group into account.
Public
17.2.11 It is not the purpose of group-wide capital adequacy assessment to
replace assessment of the capital adequacy of the individual insurance
legal entities in an insurance group. Its purpose is to require that group
risks are appropriately allowed for and the capital adequacy of individual
insurers is not overstated, e.g. as a result of multiple gearing and leverage
of the quality of capital or as a result of risks emanating from the wider
group, and that the overall impact of intra-group transactions is
appropriately assessed.
17.2.12 Group-wide capital adequacy assessment considers whether the amount
and quality of capital resources relative to required capital is adequate
and appropriate in the context of the balance of risks and opportunities
that group membership brings to the group as a whole and to insurance
legal entities which are members of the group. The assessment should
satisfy requirements relating to the structure of group-wide regulatory
capital requirements and eligible capital resources and should
supplement the individual capital adequacy assessments of insurance
legal entities in the group. It should indicate whether there are sufficient
capital resources available in the group so that, in adversity, obligations
to policyholders will continue to be met as they fall due. If the assessment
concludes that capital resources are inadequate or inappropriate then
corrective action may be triggered either at a group (e.g. authorised
holding or parent company level) or an insurance legal entity level.
17.2.13 The quantitative assessment of group-wide capital adequacy is one of a
number of tools available to supervisors for group-wide supervision. If the
overall financial position of a group weakens it may create stress for its
members either directly through financial contagion and/or organisational
effects or indirectly through reputational effects. Group-wide capital
adequacy assessment should be used together with other supervisory
tools, including in particular the capital adequacy assessment of
insurance legal entities in the group. A distinction should be drawn
between regulated entities (insurance and other sector) and non-
regulated entities. It is necessary to understand the financial positions of
both types of entities and their implications for the capital adequacy of the
insurance group but this does not necessarily imply setting regulatory
capital requirements for non-regulated entities. In addition, supervisors
should have regard to the complexity of intra-group relationships
(between both regulated and non-regulated entities), contingent assets
and liabilities and the overall quality of risk management in assessing
whether the overall level of safety required by the supervisor is being
achieved.
17.2.14 For insurance legal entities that are members of groups and for insurance
sub-groups that are part of a wider insurance or other sector group,
capital requirements and capital resources should take into account all
additional reasonably foreseeable and relevant material risks arising from
being a part of any of the groups.
Structure of regulatory capital requirements - solvency control levels
17.3 The regulatory capital requirements include solvency control levels which
trigger different degrees of intervention by the supervisor with an appropriate
degree of urgency and requires coherence between the solvency control levels
Public
established and the associated corrective action that may be at the disposal of
the insurer and/or the supervisor.
Establishing solvency control levels
17.3.1 The supervisor should establish control levels that trigger

intervention by the supervisor in an insurer’s affairs when capital
resources fall below these control levels. The control level may be
supported by a specific framework or by a more general framework
providing the supervisor latitude of action. A supervisor’s goal in
establishing control levels is to safeguard policyholders from loss due to
an insurer’s inability to meet its obligations when due.
17.3.2 The solvency control levels provide triggers for action by the insurer and
supervisor. Hence they should be set at a level that allows intervention at
a sufficiently early stage in an insurer’s difficulties so that there would be
a realistic prospect for the situation to be rectified in a timely manner with
an appropriate degree of urgency. At the same time, the reasonableness
of the control levels should be examined in relation to the nature of the
corrective measures. The risk tolerance of the supervisor will influence
both the level at which the solvency control levels are set and the
intervention actions that are triggered.
17.3.3 When establishing solvency control levels it is recognised that views
about the level that is acceptable may differ from jurisdiction to jurisdiction
and by types of business written and will reflect, amongst other things,
the extent to which the pre-conditions for effective supervision exist within
the jurisdiction and the risk tolerance of the particular supervisor. The IAIS
recognises that jurisdictions will acknowledge that a certain level of
insolvencies may be unavoidable and that establishing an acceptable
threshold may facilitate a competitive marketplace for insurers and avoid
inappropriate barriers to market entry.
17.3.4 The criteria used by the supervisor to establish solvency control levels
should be transparent. This is particularly important where legal action
may be taken in response to an insurer violating a control level. In this
case, control levels should generally be simple and readily explainable to
a court when seeking enforcement of supervisory action.
17.3.5 Supervisors may need to consider different solvency control levels for
different modes of operation of the insurer - such as an insurer in run-off
or an insurer operating as a going concern. These different scenarios and
considerations are discussed in more detail in Guidance 17.6.3 - 17.6.5.
17.3.6 In addition, the supervisor should consider the allowance for
management discretion and future action in response to changing
circumstances or particular events. In allowing for management
discretion, supervisors should only recognise actions which are practical
and realistic in the circumstances being considered 44.
17.3.7 Other considerations in establishing solvency control levels include:
44The supervisor should carefully consider the appropriateness of allowing for such management
discretion in the particular case of the MCR as defined in Standard 17.4.
Public
the supervisor;
• the coverage of risks in the determination of technical provisions
and regulatory capital requirements and the extent of the
sensitivity or stress analysis underpinning those requirements;
• the relation between different levels (for example the extent to
which a minimum is set at a conservative level);
• the powers of the supervisor to set and adjust solvency control
levels within the regulatory framework;
• the accounting and actuarial framework that applies in the
jurisdiction (in terms of the valuation basis and assumptions that
may be used and their impact on the values of assets and
liabilities that underpin the determination of regulatory capital
requirements);
• policyholder priority and status under the legal framework
relative to other creditors in the jurisdiction;
• overall level of capitalisation in the insurance sector in the
jurisdiction;
• overall quality of risk management and governance frameworks
in the insurance sector in the jurisdiction;
• the development of capital markets in the jurisdiction and its
impact on the ability of insurers to raise capital; and
• the balance to be struck between protecting policyholders and
the impact on the effective operation of the insurance sector and
considerations around unduly onerous levels and costs of
members of groups
17.3.8 While the general considerations in Guidance 17.3.1 to 17.3.7 above on

the establishment of solvency control levels apply in a group-wide context
as well as a legal entity context, the supervisory actions triggered at group
level will be likely to differ from those at legal entity level. As a group is
not a legal entity the scope for direct supervisory action in relation to the
group as a whole is more limited and action may need to be taken through
co-ordinated action at insurance legal entity level.
17.3.9 Nevertheless, group solvency control levels are a useful tool for
identifying a weakening of the financial position of a group as a whole or
of particular parts of a group, which may, for example, increase contagion
risk or impact reputation which may not otherwise be readily identified or
assessed by supervisors of individual group entities. The resulting timely
identification and mitigation of a weakening of the financial position of a
Public
group may thus address a threat to the stability of the group or its
component insurance legal entities.
17.3.10 Group-wide solvency control levels may trigger a process of coordination
and cooperation between different supervisors of group entities which will
facilitate mitigation and resolution of the impact of group-wide stresses
on insurance legal entities within a group. Group-wide control levels may
also provide a trigger for supervisory dialogue with the group’s
management.
Structure of regulatory capital requirements - triggers for supervisory intervention in

the context of legal entity capital adequacy assessment
17.4 In the context of insurance legal entity capital adequacy assessment, the
regulatory capital requirements establish:
• a solvency control level above which the supervisor does not intervene
on capital adequacy grounds. This is referred to as the Prescribed
Capital Requirement (PCR). The PCR is defined such that assets will
exceed technical provisions and other liabilities with a specified level of
safety over a defined time horizon.
• a solvency control level at which, if breached, the supervisor would
invoke its strongest actions, in the absence of appropriate corrective
action by the insurance legal entity. This is referred to as the Minimum
Capital Requirement (MCR). The MCR is subject to a minimum bound
below which no insurer is regarded to be viable to operate effectively.
17.4.1 A range of different intervention actions should be taken by a supervisor
depending on the event or concern that triggers the intervention. Some
of these triggers will be linked to the level of an insurer’s capital resources
relative to the level at which regulatory capital requirements are set.
17.4.2 In broad terms, the highest regulatory capital requirement, the Prescribed
Capital Requirement (PCR), will be set at the level at which the supervisor
would not require action to increase the capital resources held or reduce
the risks undertaken by the insurer 45. However if the insurer’s capital
resources were to fall below the level at which the PCR is set, the
supervisor would require some action by the insurer to either restore
capital resources to at least the PCR level or reduce the level of risk
undertaken (and hence the required capital level).
17.4.3 The regulatory objective to require that, in adversity, an insurer’s
obligations to policyholders will continue to be met as they fall due will be
achieved without intervention if technical provisions and other liabilities 46
are expected to remain covered by assets over a defined period, to a
specified level of safety. As such, the PCR should be determined at a
45 Note that this does not preclude the supervisor from intervention or requiring action by the insurer for
other reasons, such as weaknesses in the risk management or governance of the insurer. Nor does it
preclude the supervisor from intervention when the insurer’s capital resources are currently above the
PCR but are expected to fall below that level in the short term. To illustrate, the supervisor may
establish a trend test (a time series analysis). A sufficiently adverse trend would require some
supervisory action. The trend test would support the objective of early regulatory intervention by
considering the speed at which capital deterioration is developing.
46 To the extent these liabilities are not treated as capital resources.
Public
level such that the insurer is able to absorb the losses from adverse
events that may occur over that defined period and the technical
provisions remain covered at the end of the period.
17.4.4 The Minimum Capital Requirement (MCR) represents the supervisory
intervention point at which the supervisor would invoke its strongest
actions, if further capital is not made available 47. Therefore, the main aim
of the MCR is to provide the ultimate safety net for the protection of the
interests of policyholders.
17.4.5 These actions could include stopping the activities of the insurer,
withdrawal of the insurer’s licence, requiring the insurer to close to new
business and run-off the portfolio, transfer its portfolio to another insurer,
arrange additional reinsurance, or other specified actions. This position is
different from the accounting concept of insolvency as the MCR would be
set at a level in excess of that at which the assets of the insurer were still
expected to be sufficient to meet the insurer’s obligations to existing
policyholders as they fall due. The PCR cannot be less than the MCR,
and therefore the MCR may also provide the basis of a lower bound for
the PCR, which may be especially appropriate in cases where the PCR
is determined on the basis of an insurer’s internal model 48 approved for
use in determining regulatory capital requirements by the supervisor.
17.4.6 In establishing a minimum bound on the MCR below which no insurer is
regarded to be viable to operate effectively, the supervisor may, for
example, apply a market-wide nominal floor 49 to the regulatory capital
requirements, based on the need for an insurer to operate with a certain
minimal critical mass and consideration of what may be required to meet
minimum standards of governance and risk management. Such a
nominal floor might vary between lines of business or type of insurer and
is particularly relevant in the context of a new insurer or line of business.
17.4.7 Regulatory capital requirements may include additional solvency control
levels between the level at which the supervisor takes no intervention
action from a capital perspective and the strongest intervention point (that
is, between the PCR and MCR levels). These control levels may be set
at levels that correspond to a range of different intervention actions that
may be taken by the supervisor itself or actions which the supervisor
would require of the insurer according to the severity or level of concern
regarding adequacy of the capital held by the insurer. These additional
control levels may be formally established by the supervisor with explicit
47 Note that this does not preclude such actions being taken by the supervisor for other reasons, and
even if the MCR is met or exceeded.
48 The term “internal model” refers to “a risk measurement system developed by an insurer to analyse
its overall risk position, to quantify risks and to determine the economic capital required to meet those
risks” . Internal models may also include partial models which capture a subset of the risks borne by
the insurer using an internally developed measurement system which is used in determining the
insurer's economic capital. The IAIS is aware that insurers use a variety of terms to describe their risk
and capital assessment processes, such as “economic capital model”, “risk-based capital model”, or
“business model”. The IAIS considers that such terms could be used interchangeably to describe the
processes adopted by insurers in the management of risk and capital within their business on an
economic basis. For the purposes of consistency, the term “internal model” is used throughout.
49 In this context, a market-wide nominal floor may, for example, be an absolute monetary minimum
amount of capital required to be held by an insurer in a jurisdiction.

Public
intervention actions linked to particular control levels. Alternatively, these
additional control levels may be structured less formally, with a range of
possible intervention actions available to the supervisor depending on the
particular circumstances. In either case the possible triggers and range
of intervention actions should be appropriately disclosed by the
supervisor.
17.4.8 Possible intervention actions include:
• measures that are intended to enable the supervisor to better
assess and/or control the situation, either formally or informally,
such as increased supervision activity or reporting, or requiring
auditors or actuaries to undertake an independent review or
extend the scope of their examinations;
• measures to address capital levels such as requesting capital
and business plans for restoration of capital resources to
required levels, limitations on redemption or repurchase of
equity or other instruments and/or dividend payments;
• measures intended to protect policyholders pending
strengthening of the insurer’s capital position, such as
restrictions on licences, premium volumes, investments, types
of business, acquisitions, reinsurance arrangements;
• measures that strengthen or replace the insurer’s management
and/or risk management framework and overall governance
processes;
• measures that reduce or mitigate risks (and hence required
capital) such as requesting reinsurance, hedging and other
mechanisms; and/or
• refusing, or imposing conditions on, applications submitted for
regulatory approval such as acquisitions or growth in business.
17.4.9 In establishing the respective control levels, consideration should be had
for these possibilities and the scope for an insurer with capital at this level
to be able to increase its capital resources or to be able to access
appropriate risk mitigation tools from the market.
Figure 17.2 below illustrates the concept of solvency control levels in the
context of establishing regulatory capital requirements:
Public
Figure 17.2: Solvency control levels and regulatory capital requirements
Prescribed Capital
Requirement (PCR)
Capital
Required
Resources
(CR) Capital
Minimum Capital
Risk Margin Requirement
(RM) (MCR)
Current
Technical
Estimate
Provisions (CE)
(TP) and
Other
liabilities Other
liabilities
Insurer’s Regulatory
Financial
Capital
Position Requirements
Structure of regulatory capital requirements - Triggers for supervisory intervention in

the context of group-wide capital adequacy assessment
17.5 In the context of group-wide capital adequacy assessment, the regulatory capital
requirements establish solvency control levels that are appropriate in the
context of the approach to group-wide capital adequacy that is applied.
17.5.1 The supervisor should establish solvency control levels that are
appropriate in the context of the approach that is adopted for group-wide
capital adequacy assessment. The supervisor should also define the
relationship between these solvency control levels and those at legal
entity level for insurers that are members of the group. The design of
solvency control levels depends on a number of factors. These include
the supervisory perspective, i.e. the relative weight placed on group-wide
supervision and legal entity supervision, and the organisational
perspective, i.e. the extent to which a group is considered as a set of
interdependent entities or a single integrated entity. The solvency control
levels are likely to vary according to the particular group and the
supervisors involved. (See Figure 17.1.) The establishment of group-wide
solvency control levels should be such as to enhance the overall
supervision of the insurers in the group.
17.5.2 Having group-wide solvency control levels does not necessarily mean
establishing a single regulatory capital requirement at group level. For
Public
example, under a legal entity approach consideration of the set of capital
requirements for individual entities (and interrelationships between them)
may enable appropriate decisions to be taken about supervisory
intervention on a group-wide basis. However, this requires the approach
to be sufficiently well developed for group risks to be taken into account
on a complete and consistent basis in the capital adequacy assessment
of insurance legal entities in a group. To achieve consistency for
insurance legal entity assessments, it may be necessary to adjust the
capital requirements used for insurance legal entities so they are suitable
for group-wide assessment.
17.5.3 One approach may be to establish a single group-wide PCR or a
consistent set of PCRs for insurance legal entities that are members of
the group which, if met, would mean that no supervisory intervention at
group level for capital reasons would be deemed necessary or
appropriate. Such an approach may assist, for example, in achieving
consistency of approach towards similar organisations with a branch
structure and different group structures e.g. following a change in
structure of a group. Where a single group-wide PCR is determined, it
may differ from the sum of insurance legal entity PCRs because of group
factors including group diversification effects, group risk concentrations
and intra-group transactions. Similarly, where group-wide capital
adequacy assessment involves the determination of a set of PCRs for the
insurance legal entities in an insurance group, these may differ from the
insurance legal entity PCRs if group factors are reflected differently in the
group capital assessment process. Differences in the level of safety
established by different jurisdictions in which the group operates should
be considered when establishing group-wide PCR(s).
17.5.4 The establishment of a single group-wide MCR might also be considered
and may, for example, trigger supervisory intervention to restructure the
control and/or capital of the group. A possible advantage of this approach
is that it may encourage a group solution where an individual insurer is in
financial difficulty and capital is sufficiently fungible and assets are
transferable around the group. Alternatively, the protection provided by
the supervisory power to intervene at individual entity level on breach of
an insurance legal entity MCR may be regarded as sufficient.
17.5.5 The solvency control levels adopted in the context of group-wide capital
adequacy assessment should be designed so that together with the
solvency control levels at insurance legal entity level they represent a
consistent ladder of supervisory intervention. For example, a group-wide
PCR should trigger supervisory intervention before a group-wide MCR
because the latter may invoke the supervisor’s strongest actions. Also, if
a single group-wide PCR is used it may be appropriate for it to have a
floor equal to the sum of the legal entity MCRs of the individual entities in
the insurance group. Otherwise, no supervisory intervention into the
operation of the group would be required even though at least one of its
member insurers had breached its MCR.
17.5.6 Supervisory intervention triggered by group-wide solvency control levels
should take the form of coordinated action by relevant group supervisors.
This may, for example, involve increasing capital at holding company
level or strategically reducing the risk profile or increasing capital in
Public
insurance legal entities within the group. Such supervisory action may be
exercised via the insurance legal entities within a group and, where
insurance holding companies are authorised, via those holding
companies. Supervisory action in response to breaches of group-wide
solvency control levels should not alter the existing division of statutory
responsibilities of the supervisors responsible for authorising and
supervising each individual insurance legal entity.
Structure of regulatory capital requirements - approaches to determining regulatory

capital requirements
17.6 The regulatory capital requirements are established in an open and transparent
process, and the objectives of the regulatory capital requirements and the bases
on which they are determined are explicit. In determining regulatory capital
requirements, the supervisor allows a set of standardised and, if appropriate,
other approved more tailored approaches such as the use of (partial or full)
internal models.
17.6.1 Transparency as to the regulatory capital requirements that apply is
required to facilitate effective solvency assessment and supports its
enhancement, comparability and convergence internationally.
17.6.2 The supervisor may develop separate approaches for the determination
of different regulatory capital requirements, in particular for the
determination of the MCR and the PCR. For example, the PCR and MCR
may be determined by two separate methods, or the same methods and
approaches may be used but with two different levels of safety specified.
In the latter case, for example, the MCR may be defined as a simple
proportion of the PCR, or the MCR may be determined on different
specified target criteria to those specified for the PCR.
17.6.3 The PCR would generally be determined on a going concern basis, i.e. in
the context of the insurer continuing its operations. On a going concern
basis, an insurer would be expected to continue to take on new risks
during the established time horizon. Therefore, in establishing the
regulatory capital level to provide an acceptable level of solvency, the
potential growth in an insurer’s portfolio should be considered.
17.6.4 Capital should also be capable of protecting policyholders if the insurer
were to close to new business. Generally, the determination of capital on
a going concern basis would not be expected to be less than would be
required if it is assumed that the insurer were to close to new business.
However, this may not be true in all cases, since some assets may lose
some or all of their value in the event of a winding-up or run-off, for
example, because of a forced sale. Similarly, some liabilities may actually
have an increased value if the business does not continue (e.g. claims
handling expenses).
17.6.5 Usually the MCR would be constructed taking into consideration the
possibility of closure to new business. It is, however, relevant to also
consider the going concern scenario in the context of establishing the
level of the MCR, as an insurer may continue to take on new risks up until
the point at which MCR intervention is ultimately triggered. The supervisor
should consider the appropriate relationship between the PCR and MCR,
establishing a sufficient buffer between these two levels (including
Public
consideration of the basis on which the MCR is generated) within an
appropriate continuum of solvency control levels, having regard for the
different situations of business operation and other relevant
considerations.
17.6.6 It should be emphasised that meeting the regulatory capital requirements
should not be taken to imply that further financial injections will not be
necessary under any circumstances in future.
17.6.7 Regulatory capital requirements may be determined using a range of
approaches, such as standard formulae, or other approaches, more
tailored to the individual insurer (such as partial or full internal models),
which are subject to approval by the relevant supervisors. 50 Regardless
of the approach used, the principles and concepts that underpin the
objectives for regulatory capital requirements described in this ICP apply
and should be applied consistently by the supervisor to the various
approaches. The approach adopted for determining regulatory capital
requirements should take account of the nature and materiality of the
risks insurers face generally and, to the extent practicable, should also
reflect the nature, scale and complexity of the risks of the particular
insurer.
17.6.8 Standardised approaches, in particular, should be designed to deliver
capital requirements which reasonably reflect the overall risk to which
insurers are exposed, while not being unduly complex. Standardised
approaches may differ in level of complexity depending on the risks
covered and the extent to which they are mitigated or may differ in
application based on classes of business (e.g. life and non-life).
Standardised approaches should be appropriate to the nature, scale and
complexity of the risks that insurers face and should include approaches
that are feasible in practice for insurers of all types including small and
medium sized insurers and captives taking into account the technical
capacity that insurers need to manage their businesses effectively.
17.6.9 By its very nature a standardised approach may not be able to fully and
appropriately reflect the risk profile of each individual insurer. Therefore,
where appropriate, a supervisor should allow the use of more tailored
approaches subject to approval. In particular, where an insurer has an
internal model (or partial internal model) that appropriately reflects its
risks and is integrated into its risk management and reporting, the
supervisor should allow the use of such a model to determine more
tailored regulatory capital requirements, where appropriate 51. The use of
the internal model for this purpose would be subject to prior approval by
the supervisor based on a transparent set of criteria and would need to
be evaluated at regular intervals. In particular, the supervisor would need
to be satisfied that the insurer’s internal model is, and remains,
appropriately calibrated relative to the target criteria established by the
supervisor (see Guidance 17.12.1 to 17.12.18).
50 A more tailored approach which is not an internal model might include, for example, approved
variations in factors contained in a standard formula or prescribed scenario tests which are appropriate
for a particular insurer or group of insurers.
51 It is noted that the capacity for a supervisor to allow the use of internal models will need to take
account of the sufficiency of resources available to the supervisor.

Public
17.6.10 The supervisor should also be clear on whether an internal model may
be used for the determination of the MCR. In this regard, the supervisor
should take into account the main objective of the MCR (i.e. to provide
the ultimate safety net for the protection of policyholders) and the ability
of the MCR to be defined in a sufficiently objective and appropriate
manner to be enforceable (refer to Guidance 17.3.4).
17.7 The supervisor addresses all relevant and material categories of risk in insurers
and is explicit as to where risks are addressed, whether solely in technical
provisions, solely in regulatory capital requirements or if addressed in both, as
to the extent to which the risks are addressed in each. The supervisor is also
explicit as to how risks and their aggregation are reflected in regulatory capital
requirements.
Types of risks to be addressed
17.7.1 The supervisor should address all relevant and material categories of risk
- including as a minimum underwriting risk, credit risk, market risk,
operational risk and liquidity risk. This should include any significant risk
concentrations, for example, to economic risk factors, market sectors or
individual counterparties, taking into account both direct and indirect
exposures and the potential for exposures in related areas to become
more correlated under stressed circumstances.
Dependencies and interrelations between risks
17.7.2 The assessment of the overall risk that an insurer is exposed to should
address the dependencies and interrelationships between risk categories
(for example, between underwriting risk and market risk) as well as within
a risk category (for example, between equity risk and interest rate risk).
This should include an assessment of potential reinforcing effects
between different risk types as well as potential “second order effects”,
i.e. indirect effects to an insurer’s exposure caused by an adverse event
or a change in economic or financial market conditions. 52 It should also
consider that dependencies between different risks may vary as general
market conditions change and may significantly increase during periods
of stress or when extreme events occur. “Wrong way risk”, which is
defined as the risk that occurs when exposure to counterparties, such as
financial guarantors, is adversely correlated to the credit quality of those
counterparties, should also be considered as a potential source of
significant loss e.g. in connection with derivative transactions. Where the
determination of an overall capital requirement takes into account
diversification effects between different risk types, the insurer should be
able to explain the allowance for these effects and ensure that it considers
how dependencies may increase under stressed circumstances.
Allowance for risk mitigation
17.7.3 Any allowance for reinsurance in determining regulatory capital

requirements should consider the possibility of breakdown in the
52 For example, a change in the market level of interest rates could trigger an increase of lapse rates
on insurance policies.
Public
effectiveness of the risk transfer and the security of the reinsurance
counterparty and any measures used to reduce the reinsurance
counterparty exposure. Similar considerations would also apply for other
risk mitigants, for example derivatives.
Transparency of recognition of risks in regulatory requirements
17.7.4 The supervisor should be explicit as to where risks are addressed,

whether solely in technical provisions, solely in regulatory capital
requirements or if addressed in both, as to the extent to which the risks
are addressed in each. The solvency requirements should also clearly
articulate how risks are reflected in regulatory capital requirements,
specifying and publishing the level of safety to be applied in determining
regulatory capital requirements, including the established target criteria
(refer to Standard 17.8).
Treatment of risks which are difficult to quantify
17.7.5 The IAIS recognises that some risks, such as strategic risk, reputational
risk, liquidity risk and operational risk, are less readily quantifiable than
the other main categories of risks. Operational risk, for example, is
diverse in its composition and depends on the quality of systems and
controls in place. The measurement of operational risk, in particular, may
suffer from a lack of sufficiently uniform and robust data and well
developed valuation methods. Jurisdictions may choose to base
regulatory capital requirements for these less readily quantifiable risks on
some simple proxies for risk exposure and/or stress and scenario testing.
For particular risks (such as liquidity risk), holding additional capital may
not be the most appropriate risk mitigant and it may be more appropriate
for the supervisor to require the insurer to control these risks via exposure
limits and/or qualitative requirements such as additional systems and
controls.
17.7.6 However, the IAIS envisages that the ability to quantify some risks (such
as operational risk) will improve over time as more data become available
or improved valuation methods and modelling approaches are
developed. Further, although it may be difficult to quantify risks, it is
important that an insurer nevertheless addresses all material risks in its
own risk and solvency assessment.
17.8 The supervisor sets appropriate target criteria for the calculation of regulatory
capital requirements, which underlie the calibration of a standardised approach.
Where the supervisor allows the use of approved more tailored approaches such
as internal models for the purpose of determining regulatory capital
requirements, the target criteria underlying the calibration of the standardised
approach are also used by those approaches for that purpose to require broad
consistency among all insurers within the jurisdiction.
17.8.1 The level at which regulatory capital requirements are set will reflect the
risk tolerance of the supervisor. Reflecting the IAIS’s principles-based
approach, this ICP does not prescribe any specific methods for
determining regulatory capital requirements. However, the IAIS’s view is
that it is important that individual jurisdictions set appropriate target
criteria (such as risk measures, confidence levels or time horizons) for
Public
their regulatory capital requirements. Further, each jurisdiction should
outline clear principles for the key concepts for determining regulatory
capital requirements, considering the factors that a supervisor should
take into account in determining the relevant parameters as outlined in
this ICP.
17.8.2 Where a supervisor allows the use of other more tailored approaches to
determine regulatory capital requirements, the target criteria established
should be applied consistently to those approaches. In particular, where
a supervisor allows the use of internal models for the determination of
regulatory capital requirements, the supervisor should apply the target
criteria in approving the use of an internal model by an insurer for that
purpose. This should achieve broad consistency among all insurers and
a similar level of protection for all policyholders, within the jurisdiction.
17.8.3 With regards to the choice of the risk measure and confidence level to
which regulatory capital requirements are calibrated, the IAIS notes that
some supervisors have set a confidence level for regulatory purposes
which is comparable with a minimum investment grade level. Some
examples have included a 99.5% VaR calibrated confidence level over a
one year timeframe53, 99% TVaR over one year and 95% TVaR over the
term of the policy obligations.
17.8.4 In regards to the choice of an appropriate time horizon, the determination
and calibration of the regulatory capital requirements needs to be based
on a more precise analysis, distinguishing between:
• the period over which a shock is applied to a risk – the “shock
period”; and
• the period over which the shock that is applied to a risk will
impact the insurer – the “effect horizon”.
17.8.5 For example, a one-off shift in the interest rate term structure during a
shock period of one year has consequences for the discounting of the
cash flows over the full term of the policy obligations (the effect horizon).
A judicial opinion (e.g. on an appropriate level of compensation) in one
year (the shock period) may have permanent consequences for the value
of claims and hence will change the projected cash flows to be considered
over the full term of the policy obligations (the effect horizon).
17.8.6 The impact on cash flows of each stress that is assumed to occur during
the shock period will need to be calculated over the period for which the
shock will affect the relevant cash flows (the effect horizon). In many
cases this will be the full term of the insurance obligations. In some cases,
realistic allowance for offsetting reductions in discretionary benefits to
policyholders or other offsetting management actions may be considered,
where they could and would be made and would be effective in reducing
policy obligations or in reducing risks in the circumstances of the stress.
In essence, at the end of the shock period, capital has to be sufficient so
that assets cover the technical provisions (and other liabilities) re-
determined at the end of the shock period. The re-determination of the
53 Thisis the level expected in Australia for those insurers that seek approval to use an internal model
to determine their MCR. It is also the level used for the calculation of the risk-based Solvency Capital
Requirement under the European Solvency II regime.
Public
technical provisions would allow for the impact of the shock on the
technical provisions over the full time horizon of the policy obligations.
17.8.7 Figure 17.3 summarises key aspects relevant to the determination of
regulatory capital requirements:
Figure 17.3: Illustration of determination of regulatory capital
requirements
Valuation date
Capital Capital
resources require-
ment New
Risk margin risk margin
Technical
Current
provisions
estimate New
(TP) and
other current
liabilities
Other
liabilities
Financial Risk
position impact
17.8.8 For the determination of the technical provisions, an insurer is expected

to consider the uncertainty attached to the policy obligations, that is, the
likely (or expected) variation of future experience from what is assumed
in determining the current estimate, over the full period of the policy
obligations. As indicated above, regulatory capital requirements should
be calibrated such that assets exceed the technical provisions (and other
liabilities) over a defined shock period with an appropriately high degree
of safety. That is, the regulatory capital requirements should be set such
that the insurer’s capital resources can withstand a range of predefined
shocks or stress scenarios that are assumed to occur during that shock
period (and which lead to significant unexpected losses over and above
the expected losses that are captured in the technical provisions).
Calibration and measurement error
17.8.9 The risk of measurement error inherent in any approach used to

determine capital requirements should be considered. This is especially
important where there is a lack of sufficient statistical data or market
information to assess the tail of the underlying risk distribution. To
mitigate model error, quantitative risk calculations should be blended with
qualitative assessments, and, where practicable, multiple risk
measurement tools should be used. To help assess the economic
Public
appropriateness of risk-based capital requirements, information should
be sought on the nature, degree and sources of the uncertainty
surrounding the determination of capital requirements in relation to the
established target criteria.
17.8.10 The degree of measurement error inherent, in particular, in a
standardised approach depends on the degree of sophistication and
granularity of the methodology used. A more sophisticated standardised
approach has the potential to be aligned more closely to the true
distribution of risks across insurers. However, increasing the
sophistication of the standardised approach is likely to imply higher
compliance costs for insurers and more intensive use of supervisory
resources (for example, in validating the calculations). The calibration of
the standardised approach therefore needs to balance the trade-off
between risk-sensitivity and implementation costs.
Procyclicality
17.8.11 When applying risk-based regulatory capital requirements, there is a risk

that an economic downturn will trigger supervisory interventions that
exacerbate the economic crises, thus leading to an adverse “procyclical”
effect. For example, a severe downturn in share markets may result in a
depletion of the capital resources of a major proportion of insurers. This
in turn may force insurers to sell shares and to invest in less risky assets
in order to decrease their regulatory capital requirements. A simultaneous
massive selling of shares by insurers could, however, put further pressure
on the share markets, thus leading to a further drop in share prices and
to a worsening of the economic crises.
17.8.12 However, the system of solvency control levels required enables
supervisors to introduce a more principles-based choice of supervisory
interventions in cases where there may be a violation of the PCR control
level and this can assist in avoiding exacerbation of procyclicality effects:
supervisory intervention is able to be targeted and more flexible in the
context of an overall economic downturn so as to avoid measures that
may have adverse macroeconomic effects.
17.8.13 It could be contemplated whether further explicit procyclicality-dampening
measures would be needed. This may include allowing a longer period
for corrective measures or allowance for the calibration of the regulatory
capital requirements to reflect procyclicality dampening measures.
Overall, when such dampening measures are applied, an appropriate
balance needs to be achieved to preserve the risk sensitivity of the
17.8.14 In considering the impacts of procyclicality, the influence of external
factors (for example, the influence of credit rating agencies) should be
given due regard. The impacts of procyclicality also heighten the need for
supervisory cooperation and communication.
members of groups
Public
17.8.15 Approaches to determining group-wide regulatory capital requirements
will depend on the overall approach taken to group-wide capital adequacy
assessment. Where a group level approach is used, either the group’s
consolidated accounts may be taken as a basis for calculating group-wide
capital requirements or the requirements of each insurance legal entity
may be aggregated or a mixture of these methods may be used. For
example, if a different treatment is required for a particular entity (for
example, an entity located in a different jurisdiction) it might be
disaggregated from the consolidated accounts and then included in an
appropriate way using a deduction and aggregation approach.
17.8.16 Where consolidated accounts are used, the requirements of the
jurisdiction in which the ultimate parent of the group is located would
normally be applied, consideration should also be given to the scope of
the consolidated accounts used for accounting purposes as compared to
the consolidated balance sheet used as a basis for group-wide capital
adequacy assessment to require, for example, identification and
appropriate treatment of non-insurance group entities.
17.8.17 Where the aggregation method is used (as described in Guidance
17.1.13), or where a legal entity focus is adopted (as described in
Guidance 17.1.14), consideration should be given as to whether local
capital requirements can be used for insurance legal entities within the
group which are located in other jurisdictions or whether capital
requirements should be recalculated according to the requirements of the
jurisdiction in which the ultimate parent of the group is located.
Group-specific risks
17.8.18 There are a number of group-specific factors which should be taken into
account in determining group-wide capital requirements including
diversification of risk across group entities, intra-group transactions, risks
arising from non-insurance group entities, treatment of group entities
located in other jurisdictions and treatment of partially-owned entities and
minority interests. Particular concerns may arise from a continuous
sequence of internal financing within the group, or closed loops in the
financing scheme of the group.
17.8.19 Group specific risks posed by each group entity to insurance members of
the group and to the group as a whole are a key factor in an overall
assessment of group-wide capital adequacy. Such risks are typically
difficult to measure and mitigate and include notably contagion risk
(financial, reputational, legal), concentration risk, complexity risk and
operational/organisational risks. As groups can differ significantly it may
not be possible to address these risks adequately using a standardised
approach for capital requirements. It may therefore be necessary to
address group specific risks through the use of more tailored approaches
to capital requirements including the use of (partial or full) internal models.
Alternatively, supervisors may vary the standardised regulatory capital
requirement so that group-specific risks are adequately provided for in
the insurance legal entity and/or group capital adequacy assessment. 54
54 See Standard 17.9.

Public
17.8.20 Group specific risks should be addressed from both an insurance legal
entity perspective and group-wide perspective ensuring that adequate
allowance is made. Consideration should be given to the potential for
duplication or gaps between insurance legal entity and group-wide
approaches.
Diversification of risks between group entities
17.8.21 In the context of a group-wide solvency assessment, there should also

be consideration of dependencies and interrelations of risks across
different members in the group. However, it does not follow that where
diversification effects exist these should be recognised automatically in
an assessment of group-wide capital adequacy. It may, for example, be
appropriate to limit the extent to which group diversification effects are
taken into account for the following reasons:
• Diversification may be difficult to measure at any time and in
particular in times of stress. Appropriate aggregation of risks is
critical to the proper evaluation of such benefits for solvency
purposes.
• There may be constraints on the transfer of diversification
benefits across group entities and jurisdictions because of a lack
of fungibility of capital or transferability of assets.
• Diversification may be offset by concentration/aggregation
effects (if this is not separately addressed in the assessment of
group capital).
17.8.22 An assessment of group diversification benefits is necessary under
whichever approach used to assess group-wide capital adequacy. Under
a legal entity approach, recognition of diversification benefits will require
consideration of the diversification between the business of an insurance
legal entity and other entities within the group in which it participates and
of intra-group transactions. Under an approach with a consolidation focus
which uses the consolidated accounts method, some diversification
benefits will be recognised automatically at the level of the consolidated
group. In this case, supervisors will need to consider whether it is prudent
to recognise such benefits or whether an adjustment should be made in
respect of potential restrictions on the transferability or sustainability
under stress of surplus resources created by group diversification
benefits.
Intra-group transactions
17.8.23 Intra-group transactions may result in complex and/or opaque intra-group

relationships which give rise to increased risks at both insurance legal
entity and group level. In a group-wide context, credit for risk mitigation
should only be recognised in group capital requirements to the extent that
risk is transferred outside the group. For example, the transfer of risk to a
captive reinsurer or to an intra-group insurance special purpose vehicle
should not result in a reduction of overall group capital requirements.
Non-insurance group entities
Public
17.8.24 In addition to insurance legal entities, an insurance group may include a
range of different types of non-insurance entity, either subject to no
financial regulation (non-regulated entities) or regulated under other
financial sector regulation. The impact of all such entities should be taken
into account in the overall assessment of group-wide solvency but the
extent to which they can be captured in a group-wide capital adequacy
measure as such will vary according to the type of non-insurance entity,
the degree of control/influence on that entity and the approach taken to
group-wide supervision.
17.8.25 Risks from non-regulated entities are typically difficult to measure and
mitigate. Insurance supervisors may not have direct access to information
on such entities but it is important that supervisors are able to assess the
risks they pose in order to apply appropriate mitigation measures.
Measures taken to address risks from non-regulated entities do not imply
active supervision of such entities.
17.8.26 There are different approaches to addressing risks stemming from non-
regulated entities such as capital measures, non-capital measures or a
combination thereof.
17.8.27 One approach may be to increase capital requirements in order that the
group holds sufficient capital. If the activities of the non-regulated entities
have similar risk characteristics to insurance activities (e.g. certain credit
enhancement mechanisms as compared to traditional bond insurance) it
may be possible to calculate an equivalent capital charge. Another
approach might be to deduct the value of holdings in non-regulated
entities from the capital resources of the insurance legal entities in the
group, but this on its own may not be sufficient to cover the risks involved.
17.8.28 Non-capital measures may include, for example, limits on exposures and
requirements on risk management and governance applied to insurance
legal entities with respect to non-regulated entities within the group.
Cross-jurisdictional entities
17.8.29 Group-wide capital adequacy assessments should, to the extent

possible, be based on consistent application of ICPs across jurisdictions.
In addition, consideration should be given to the capital adequacy and
transferability of assets in entities located in different jurisdictions.
Partial ownership and minority interests
17.8.30 An assessment of group-wide capital adequacy should include an

appropriate treatment of partially-owned or controlled group entities and
minority interests. Such treatment should take into account the nature of
the relationships of the partially-owned entities within the group and the
risks and opportunities they bring to the group. The accounting treatment
may provide a starting point. Consideration should be given to the
availability of any minority interest’s share in the net equity in excess of
regulatory capital requirements of a partially-owned entity.
Variation of regulatory capital requirements
Public
17.9 Any variations to the regulatory capital requirement imposed by the supervisor
are made within a transparent framework, are appropriate to the nature, scale
and complexity according to the target criteria and are only expected to be
required in limited circumstances.
17.9.1 As has already been noted, a standardised approach, by its very nature,
may not be able to fully and appropriately reflect the risk profile of each
individual insurer. In cases where the standardised approach established
for determining regulatory capital requirements is materially inappropriate
for the risk profile of the insurer, the supervisor should have the flexibility
to increase the regulatory capital requirement calculated by the standard
approach. For example, some insurers using the standard formula may
warrant a higher PCR and/or group-wide regulatory capital requirement if
they are undertaking higher risks, such as new products where credible
experience is not available to establish technical provisions, or if they are
undertaking significant risks that are not specifically covered by the
17.9.2 Similarly, in some circumstances when an approved more tailored
approach is used for regulatory capital purposes, it may be appropriate
for the supervisor to have some flexibility to increase the capital
requirement calculated using that approach. In particular, where an
internal model or partial internal model is used for regulatory capital
purposes, the supervisor may increase the capital requirement where it
considers the internal model does not adequately capture certain risks,
until the identified weaknesses have been addressed. This may arise, for
example, even though the model has been approved where there has
been a change in the business of the insurer and there has been
insufficient time to fully reflect this change in the model and for a new
model to be approved by the supervisor.
17.9.3 In addition, supervisory requirements may be designed to allow the
supervisor to decrease the regulatory capital requirement for an individual
insurer where the standardised requirement materially overestimates the
capital required according to the target criteria. However, such an
approach may require a more intensive use of supervisory resources due
to requests from insurers for consideration of a decrease in their
regulatory capital requirement. Therefore, the IAIS appreciates that not
all jurisdictions may wish to include such an option for their supervisor.
Further, this reinforces the need for such variations in regulatory capital
requirements to only be expected to be made in limited circumstances.
17.9.4 Any variations made by the supervisor to the regulatory capital
requirement calculated by the insurer should be made in a transparent
framework and be appropriate to the nature, scale and complexity in
terms of the target criteria. The supervisor may, for example, develop
criteria to be applied in determining such variations and appropriate
discussions between the supervisor and the insurer may occur. Variations
in regulatory capital requirements following supervisory review from those
calculated using standardised approaches or approved more tailored
approaches should be expected to be made only in limited
circumstances.
17.9.5 In undertaking its ORSA, the insurer considers the extent to which the
regulatory capital requirements (in particular, any standardised formula)
Public
adequately reflect its particular risk profile. In this regard, the ORSA
undertaken by an insurer can be a useful source of information to the
supervisor in reviewing the adequacy of the regulatory capital
requirements of the insurer and in assessing the need for variation in
those requirements.
Identification of capital resources potentially available for solvency purposes
17.10 The supervisor defines the approach to determining the capital resources
eligible to meet regulatory capital requirements and their value, consistent with
a total balance sheet approach for solvency assessment and having regard to
the quality and suitability of capital elements.
17.10.1 The following outlines a number of approaches a supervisor could use for
the determination of capital resources in line with this requirement. The
determination of capital resources would generally require the following
steps:
• the amount of capital resources potentially available for
solvency purposes is identified (see Guidance 17.10.3 -
17.10.21);
• an assessment of the quality and suitability of the capital
instruments comprising the total amount of capital resources
identified is then carried out (see Guidance 17.11.1 - 17.11.29);
and
• on the basis of this assessment, the final capital resources
eligible to meet regulatory capital requirements and their value
are determined (see Guidance 17.11.30 - 17.11.44).
17.10.2 In addition, the insurer is required to carry out its own assessment of its
capital resources to meet regulatory capital requirements and any
additional capital needs (see Standard 16.14).
Capital resources under total balance sheet approach
17.10.3 The IAIS supports the use of a total balance sheet approach in the
assessment of solvency to recognise the interdependence between
assets, liabilities, regulatory capital requirements and capital resources
so that risks are appropriately recognised.
17.10.4 Such an approach requires that the determination of available and
required capital is based on consistent assumptions for the recognition
and valuation of assets and liabilities for solvency purposes.
17.10.5 From a regulatory perspective, the purpose of regulatory capital
requirements is to require that, in adversity, an insurer’s obligations to
policyholders will continue to be met as they fall due. This aim will be
achieved if technical provisions and other liabilities are expected to
remain covered by assets over a defined period, to a specified level of
safety 55.
55 Refer to Guidance 17.3.1 - 17.9.5.

Public
17.10.6 To achieve consistency with this economic approach to setting capital
requirements in the context of a total balance sheet approach, capital
resources should broadly be regarded as the difference between assets
and liabilities on the basis of their recognition and valuation for solvency
purposes.
Figure 17.4
Total balance sheet approach to solvency assessment
Assessment of financial solvency
Available capital resources Required regulatory capital

• Broadly given as excess • Reflects potential
of assets over liabilities adverse change of
• Subject to fungibility and excess of assets over
transferability aspects liabilities over time
• Subject to quality criteria
Valuation of assets and liabilities for

solvency purposes
17.10.7 When regarding available capital resources as the difference between

assets and liabilities, the following issues should be considered:
• the extent to which certain liabilities other than technical
provisions may be treated as capital for solvency purposes
(Guidance 17.10.8 - 17.10.10);
• whether contingent assets could be included (Guidance
17.10.11) ;
• the treatment of assets which may not be fully realisable in the
normal course of business or under a wind-up scenario
(Guidance 17.10.12 - 17.10.19); and
• reconciliation of such a “top down” approach to determining
capital resources with a “bottom up” approach which sums up
Public
individual items of capital to derive the overall amount of capital
resources (Guidance 17.10.20).
Treatment of liabilities
17.10.8 Liabilities include technical provisions and other liabilities. Certain items
such as other liabilities in the balance sheet may be treated as capital
resources for solvency purposes.
17.10.9 For example, perpetual subordinated debt, although usually classified as
a liability under the relevant accounting standards, could be classified as
a capital resource for solvency purposes. 56 This is because of its
availability to act as a buffer to reduce the loss to policyholders and senior
creditors through subordination in the event of insolvency. More
generally, subordinated debt instruments (whether perpetual or not) may
be treated as capital resources for solvency purposes if they satisfy the
criteria established by the supervisor. Other liabilities that are not
subordinated would not be considered as part of the capital resources;
examples include liabilities such as deferred tax liabilities and pension
liabilities.
17.10.10 It may, therefore, be appropriate to exclude some elements of funding
from liabilities and so include them in capital to the extent appropriate.
This would be appropriate if these elements have characteristics which
protect policyholders by meeting one or both of the objectives set out in
Guidance 17.2.6 above.
Treatment of contingent assets
17.10.11 It may be appropriate to include contingent elements which are not

considered as assets under the relevant accounting standards, where the
likelihood of payment if needed is sufficiently high according to criteria
specified by the supervisor. Such contingent capital may include, for
example, letters of credit, members’ calls by a mutual insurer or the
unpaid element of partly paid capital and may be subject to prior approval
by the supervisor.
Treatment of assets which may not be fully realisable on a going-concern or wind-

up basis
17.10.12 Supervisors should consider that, for certain assets in the balance sheet,
the realisable value under a wind-up scenario may become significantly
lower than the economic value which is attributable under going-concern
conditions. Similarly, even under normal business conditions, some
assets may not be realisable at full economic value, or at any value, at
the time they are needed. This may render such assets unsuitable for
inclusion at their full economic value for the purpose of meeting required
capital. 57
56 However, adequate recognition should be given to contractual features of the debt such as embedded
options which may change its loss absorbency.
57 In particular, supervisors should consider the value of contingent assets for solvency purposes taking
into account the criteria set out in Guidance 17.11.21.

Public
17.10.13 Examples of such assets include:
• own shares directly held by the insurer: the insurer has bought
and is holding its own shares thereby reducing the amount of
capital available to absorb losses under going concern or in a
wind-up scenario;
• intangible assets: their realisable value may be uncertain even
during normal business conditions and may have no significant
marketable value in run-off or winding-up; Goodwill is a common
example;
• future income tax credits: such credits may only be realisable if
there are future taxable profits, which is improbable in the event
of insolvency or winding-up;
• implicit accounting assets: under some accounting models,
certain items regarding future income are included, implicitly or
explicitly, as asset values. In the event of run-off or winding-up,
such future income may be reduced;
• investments 58 in other insurers or financial institutions: such
investments may have uncertain realisable value because of
contagion risk between entities; also there is the risk of “double
gearing” where such investments lead to a recognition of the
same amount of available capital resources in several financial
entities; and
• company-related assets: certain assets carried in the
accounting statements of the insurer could lose some of their
value in the event of run-off or winding-up, for example physical
assets used by the insurer in conducting its business which may
reduce in value if there is a need for the forced sale of such
assets. Also, certain assets may not be fully accessible to the
insurer e.g. surplus in a corporate pension arrangement.
17.10.14 The treatment of such assets for capital adequacy purposes may need to
reflect an adjustment to its economic value. Generally, such an
adjustment may be effected either:
• directly, by not admitting a portion of the economic value of the
asset for solvency purposes (deduction approach); or
• indirectly, through an addition to regulatory capital requirements
(capital charge approach).
Deduction approach
17.10.15 Under the deduction approach, the economic value of the asset is
reduced for solvency purposes. This results in capital resources being
reduced by the same amount. The partial (or full) exclusion of such an
asset may occur for a variety of reasons, for example, to reflect an
expectation that it would have only limited value in the event of insolvency
or winding-up to absorb losses. No further adjustment would normally be
58These investments include investment in the equity of, loans granted to, deposits with and bonds
issued by the related parties.
Public
needed in the determination of regulatory capital requirements for the risk
of holding such assets.
Capital charge approach
17.10.16 Under the capital charge approach, an economic value is placed on the
asset for the purpose of determining available capital resources. The risk
associated with the asset – i.e. a potential deterioration of the economic
value of the asset due to an adverse event which may occur during the
defined solvency time horizon - would then need to be reflected in the
determination of regulatory capital requirements. This should take into
account the estimation uncertainty 59 inherent in the determination of the
economic value.
Choice and combination of approaches
17.10.17 As outlined above, an application of the deduction approach would lead

to a reduction in the amount of available capital resources, whereas an
application of the capital charge approach would result in an increase in
regulatory capital requirements. Provided the two approaches are based
on a consistent economic assessment of the risk associated with the
relevant assets, they would be expected to produce broadly similar
results regarding the overall assessment of the solvency position of the
insurer.
17.10.18 For some asset classes, it may be difficult to determine a sufficiently
reliable economic value or to assess the associated risks. Such difficulties
may also arise where there is a high concentration of exposure to a
particular asset or type of assets or to a particular counterparty or group
of counterparties.
17.10.19 A supervisor should choose the approach which is best suited to the
organisation and sophistication of the insurance sector and the nature of
the asset class and asset exposure considered. It may also combine
different approaches for different classes of assets. Whatever approach
is chosen, it should be transparent and consistently applied. It is also
important that any material double counting or omission of risks under the
calculations for determining the amounts of required and available
regulatory capital is avoided.
Reconciliation of approaches
17.10.20 The approach to determining available capital resources as broadly the

amount of assets over liabilities (with the potential adjustments as
discussed above) may be described as a “top-down” approach - i.e.
starting with the high level capital as reported in the balance sheet and
adjusting it in the context of the relevant solvency control level. An
alternative approach which is also applied in practice is to sum up the
amounts of particular items of capital which are specified as being
59This refers to the degree of inaccuracy and imprecision in the determination of the economic value
where observable values are not available, and estimation methodologies need to be applied. Sources
for this estimation uncertainty are for example the possibility that the assumptions and parameters
used in the valuation are incorrect, or that the valuation methodology itself is deficient.
Public
acceptable. Such a “bottom-up” approach should be reconcilable to the
“top-down” approach on the basis that the allowable capital items under
the “bottom-up approach” should ordinarily include all items which
contribute to the excess of assets over liabilities in the balance sheet, with
the addition or exclusion of items as per the discussion in Guidance
17.10.8 - 17.10.19.
Other considerations
17.10.21 A number of factors may be considered by the supervisor in identifying

what may be regarded as capital resources for solvency purposes,
including the following:
the supervisor, including whether or not quantitative
requirements are applied to the composition of capital resources
and/or whether or not a categorisation or continuum- based
approach is used;
• the coverage of risks in the determination of technical provisions
and regulatory capital requirements;
• the assumptions in the valuation of assets and liabilities
(including technical provisions) and the determination of
regulatory capital requirements, e.g. going-concern basis or
wind-up basis, before tax or after tax, etc;
• policyholder priority and status under the legal framework
relative to other creditors in the jurisdiction;
• overall quality of risk management and governance frameworks
in the insurance sector in the jurisdiction;
• the development of the capital market in the jurisdiction and its
impact on the ability of insurers to raise capital;
• the balance to be struck between protecting policyholders and
the impact on the effective operation of the insurance sector and
considerations around unduly onerous levels and costs of
regulatory capital requirements;
• the relationship between risks faced by insurers and those faced
by other financial services entities, including banks.
members of groups
17.10.22 The considerations set out in Guidance 17.10.3 - 17.10.21 above apply
equally to insurance legal entity and group-wide supervision. The
practical application of these considerations will differ according to
whether a legal entity focus or a group level focus is taken to group-wide
supervision. Whichever approach is taken, key group-wide factors to be
Public
addressed in the determination of group-wide capital resources include
multiple gearing, intra-group creation of capital and reciprocal financing,
leverage of the quality of capital and fungibility of capital and free
transferability of assets across group entities. There may be particular
concerns where such factors involve less transparent transactions e.g.
because they involve both regulated and non-regulated entities or where
there is a continuous sequence of internal financing within the group, or
closed loops in the financing of the group.
Criteria for the assessment of the quality and suitability of capital resources
17.11 The supervisor establishes criteria for assessing the quality and suitability of
capital resources, having regard to their ability to absorb losses on both a going-
concern and wind-up basis.
17.11.1 In view of the two objectives of capital resources set out in Guidance
17.2.6, the following questions need to be considered when establishing
criteria to determine the suitability of capital resources for regulatory
purposes:
• To what extent can the capital element be used to absorb losses
on a going-concern basis or in run-off?
• To what extent can the capital element be used to reduce the
loss to policyholders in the event of insolvency or winding-up?
17.11.2 Some capital elements are available to absorb losses in all circumstances
i.e. on a going concern basis, in run-off, in winding-up and insolvency. For
example, common shareholders' funds (ordinary shares and reserves)
allow an insurer to absorb losses on an ongoing basis, are permanently
available and rank as the most subordinate instruments in a winding-up.
Further, this element of capital best allows insurers to conserve resources
when they are under stress because it provides an insurer with full
discretion as to the amount and timing of distributions. Consequently,
common shareholders' funds are a core element of capital resources for
the purpose of solvency assessment.
17.11.3 The extent of loss absorbency of other capital elements can vary
considerably. Hence, a supervisor should take a holistic approach to
evaluating the extent of loss absorbency overall and should establish
criteria that should be applied to evaluate capital elements in this regard,
taking into account empirical evidence that capital elements have
absorbed losses in practice, where available.
17.11.4 To complement the structure of regulatory capital requirements, the
supervisor may choose to vary the criteria for capital resources suitable
for covering the different solvency control levels established by the
supervisor. Where such an approach is chosen, the criteria relating to
capital resources suitable for covering an individual control level should
have regard to the supervisory intervention that may arise if the level is
breached and the objective of policyholder protection.
17.11.5 For example, considering that the main aim of the MCR is to provide the
ultimate safety net for the protection of the interests of policyholders, the
supervisor may decide to establish more stringent quality criteria for
capital resources suitable to cover the MCR (regarding such resources
Public
as a “last line of defence” for the insurer both during normal times and in
wind-up) than for capital resources to cover the PCR.
17.11.6 Alternatively, a common set of regulatory criteria for capital resources
could be applied at all solvency control levels, with regulatory capital
requirements reflecting the different nature of the various solvency control
levels.
17.11.7 In assessing the ability of elements of capital to absorb losses, the
following characteristics are usually considered:
• the extent to which and in what circumstances the capital
element is subordinated to the rights of policyholders in an
insolvency or winding-up (subordination);
• The extent to which the capital element is fully paid and
available to absorb losses (availability);
• the period for which the capital element is available
(permanence); and
• the extent to which the capital element is free from mandatory
payments or encumbrances (absence of encumbrances and
mandatory servicing costs).
17.11.8 In the first bullet of Guidance 17.11.7 above, this characteristic is
inherently linked to the ability of the capital item to absorb losses in the
event of insolvency or winding-up. The characteristics of permanence and
availability are relevant for loss absorbency under both going-concern
and winding-up; taken together, they could be described as being able to
absorb losses when needed. The fourth characteristic is related to the
degree to which the capital is conserved until needed, and in the case of
absence of mandatory serving costs is primarily relevant for ensuring loss
absorbency on a going-concern basis.
17.11.9 The relationship between these characteristics is illustrated below:
Public
Figure 17.5
Quality of capital
Loss absorbency
Loss absorbency under Loss absorbency under

going-concern winding-up
Subordination
Availability
Permanence
Absence of
encumbrances/
mandatory servicing costs
17.11.10 In the following Guidance, we examine how the characteristics of capital

resources described above may be used to establish criteria for an
assessment of the quality of capital elements for regulatory purposes. It
is recognised that views about the specific characteristics that are
acceptable may differ from jurisdiction to jurisdiction and will reflect,
amongst other things, the extent to which the pre-conditions for effective
supervision exist within the jurisdiction and the risk tolerance of the
particular supervisor.
Subordination
17.11.11 To require that a capital element is available to protect policyholders, it

must be legally subordinated to the rights of policyholders and senior
creditors of the insurer in an insolvency or winding-up. This means that
the holder of a capital instrument is not entitled to repayment, dividends
or interest once insolvency or winding-up proceedings have been started
until all obligations to the insurer’s policyholders have been satisfied.
Public
17.11.12 In addition, there should be no encumbrances that undermine the
subordination or render it ineffective. One example of this would be
applying rights of offset where creditors are able to set off amounts they
owe the insurer against the subordinated capital instrument 60. Further,
the instrument should not be guaranteed by either the insurer or another
related entity unless it is clear that the guarantee is available subject to
the policyholder priority. In some jurisdictions subordination to other
creditors may also need to be taken into account.
17.11.13 Each jurisdiction is governed by its own laws regarding insolvency and
winding-up. Common equity shareholders normally have the lowest
priority in any liquidating distribution of assets, immediately following
preferred shareholders. In some jurisdictions, insurers can issue
subordinated debt that provides protection to policyholders and creditors
in insolvency. While policyholders are often given a legal priority above
other creditors such as bondholders, this is not always the case; some
jurisdictions treat policyholders and other creditors equally. Some
jurisdictions rank obligations to the government (e.g. taxes) and
obligations to employees, ahead of policyholders and other creditors.
Where creditors have secured claims, they may rank before
policyholders. The determination of suitable capital elements for solvency
purposes is critically dependent upon the legal environment of the
relevant jurisdiction.
17.11.14 The supervisor should evaluate each potential capital element in the
context that its value and suitability, and hence an insurer’s solvency
position may change significantly in a wind-up or insolvency scenario. In
most jurisdictions the payment priority in a wind-up situation is clearly
stated in law.
Availability
17.11.15 In order to satisfy the primary requirement that capital resources are
available to absorb unforeseen losses, it is important that capital
elements are fully paid.
17.11.16 However, in some circumstances, a capital element may be paid for “in
kind” i.e. issued for non-cash. The supervisor should define the extent to
which payment other than cash is acceptable for a capital element to be
treated as fully paid without prior approval by the supervisor and the
circumstances where payment for non-cash consideration may be
considered as suitable subject to approval by the supervisor. There may,
for example, be issues about the valuation of the non-cash components
or the interests of parties other than the insurer.
17.11.17 It may also be appropriate to treat certain contingent elements of capital
as available capital resources in cases where the probability of payment
is expected to be sufficiently high (for example, the unpaid part of partly
paid capital, contributions from members of a mutual insurer or letters of
credit, see Guidance 17.10.11).
17.11.18 Where a supervisor allows contingent elements of capital to be included
in the determination of capital resources, such inclusion would be
60 Rights of offset will vary according to the legal environment in a jurisdiction.

Public
expected to be subject to meeting specific supervisory requirements or
prior supervisory approval. When assessing the appropriateness of
inclusion of a contingent element of capital, regard should be had to:
• the ability and willingness of the counterparty concerned to pay
the relevant amount;
• the recoverability of the funds, taking into account any
conditions which would prevent the item from being successfully
paid in or called up; and
• any information on the outcome of past calls which have been
made in comparable circumstances by other insurers, which
may be used as an indication of future availability.
17.11.19 The availability of capital instruments may also be impaired when capital
is not fully fungible within an insurer to cover losses arising from the
insurer’s business. Whereas the fungibility of capital and transferability of
assets is primarily an issue in the context of group solvency assessment,
it may also be relevant for the supervision of an insurer as a legal entity.
17.11.20 For example, this is the case where – as applies to certain forms of with-
profit business in life insurance – part of the assets or surplus of the
insurer is segregated from the rest of its operations in a ring-fenced fund.
In such cases, assets in the fund may only be able to be used to meet
obligations to policyholders with respect to which the fund has been
established. In these circumstances, the insurer’s available capital
resources relating to the ring-fenced fund can only be used to cover
losses stemming from risks associated with the fund (until transferred out
of that fund) and cannot be transferred to meet the insurer’s other
obligations.
Permanence
17.11.21 To provide suitable protection for policyholders for solvency purposes, a

capital element must be available to protect against losses for a
sufficiently long period to ensure that it is available to the insurer when
needed. Supervisors may want to determine a minimum period that
capital should be outstanding to be regarded as capital resources for
solvency purposes.
17.11.22 When assessing the extent of permanence of a capital element, regard
should be had to:
• the duration of the insurer’s obligations to policyholders; 61
• contractual features of the capital instrument which have an
effect on the period for which the capital is available, e.g. lock-
in clauses, step-up options or call options;
• any supervisory powers to restrict the redemption of capital
resources; and
61The duration of the insurer’s obligations to policyholders should be assessed on an economic basis
rather than strict contractual basis.
Public
• the time it might take to replace the capital element on suitable
terms as it approaches maturity.
17.11.23 Similarly, if a capital element has no fixed maturity date, the notice
required for repayment should be assessed against the same criteria.
17.11.24 It is important to take into account incentives to redeem a capital element
prior to its maturity date which may exist in a capital element and may
effectively reduce the period for which the capital is available. For
example, a capital instrument which features a coupon rate which
increases from its initial level at a specified date after issue, may give rise
to an expectation that the instrument will be paid back at that future
specified date.
Absence from mandatory servicing requirements or encumbrances
17.11.25 The extent to which capital elements require servicing in the form of
interest payments, shareholder dividend payments and principal
repayments should be considered, as it will affect the insurer’s ability to
absorb losses on a going-concern basis.
17.11.26 Capital elements that have a fixed maturity date may have fixed servicing
costs that cannot be waived or deferred before maturity. The presence of
such features also affects the insurer’s ability to absorb losses on a going-
concern basis and may accelerate insolvency if the payment of a
servicing cost results in the insurer breaching its regulatory capital
requirements.
17.11.27 A further consideration is the extent to which payments to capital
providers or redemption of capital elements should be restricted or
subject to supervisory approval. For example, the supervisor may have
the ability to restrict the payment of dividends or interest and any
redemption of capital resources where considered appropriate to
preserve the solvency position of the insurer. Insurers may also issue
capital instruments for which payments and redemptions are fully
discretionary or subject to supervisory approval according to the
contractual terms.
17.11.28 Some capital instruments are structured so as to restrict the payment of
dividends or interest and any redemption of capital resources where an
insurer is breaching or near to breaching its regulatory capital
requirements and/or is incurring loss. The payment of dividends or
interest may also be subordinated to policyholder interests in case of
winding-up or insolvency. Such features will contribute to the ability of the
capital instrument to absorb losses on a wind-up basis provided that any
claims to unpaid dividends or interest are similarly subordinated.
17.11.29 It should also be considered whether the capital elements contain
encumbrances which may restrict their ability to absorb losses, such as
guarantees of payment to the capital provider or other third parties,
hypothecation or any other restrictions or charges which may prevent the
insurer from using the capital resource when needed. Where the capital
element includes guarantees of payment to the capital provider or other
third parties, the priority of that guarantee in relation to policyholders’
Public
rights should be assessed. Encumbrances may also undermine other
characteristics such as permanence or availability of capital.
Determination of capital resources to meet regulatory capital requirements
17.11.30 Based on the assessment of the quality of the capital elements

comprising the total capital resources potentially available to the insurer,
the final capital resources suitable to meet the regulatory capital
requirements can be determined.
17.11.31 Capital elements that are fully loss absorbent under both a going-concern
and a wind-up perspective would generally be allowed to cover any of the
different levels of regulatory capital requirements. However, the
supervisor may choose to restrict the extent to which the stronger
solvency control levels (i.e. control levels which trigger more severe
supervisory interventions) may be covered by lower quality capital
resources or to establish minimum levels for the extent to which these
stronger requirements should be covered by the highest quality capital
resources. In particular, this applies to amounts of capital resources
which are intended to cover the MCR.
17.11.32 To determine the amount of an insurer’s capital resources, supervisors
may choose a variety of approaches:
• approaches which categorise capital resources into different
quality classes (“tiers”) and apply certain limits/restrictions with
respect to these tiers (tiering approaches);
• approaches which rank capital elements on the basis of the
identified quality characteristics (continuum-based
approaches); or
• approaches which do not attempt to categorise or rank capital
elements, but apply individual restrictions or charges where
necessary.
To accommodate the quality of assets and quality of capital elements,
combinations of the above approaches have been widely used in various
jurisdictions for solvency purposes for insurance and other financial
sectors.
Determination of capital resources to meet regulatory capital requirements - tiering

approach
17.11.33 To take into account the quality of capital instruments, a tiering approach
is commonly used in many jurisdictions and in other financial sectors.
Under a tiering approach, the composition of capital resources is based
on the categorisation of elements of capital according to the quality
criteria set by the supervisor.
17.11.34 In many jurisdictions, capital elements are categorised into two or three
distinct levels of quality when considering criteria for, and limits on, those
Public
capital elements for solvency purposes. For example, one broad
categorisation may be as follows; 62
• Highest quality capital - permanent capital that is fully available
to cover losses of the insurer at all times on a going-concern
and a wind-up basis;
• Medium quality capital - capital that lacks some of the
characteristics of highest quality capital, but which provides a
degree of loss absorbency during ongoing operations and is
subordinated to the rights (and reasonable expectations) of
policyholders; and
• Lowest quality capital - capital that provides loss absorbency in
insolvency/ winding-up only.
17.11.35 Under a tiering approach, the supervisor would set minimum or upper
levels for the extent to which required capital should comprise the various
categories or tiers (for example, high, medium, low) of capital elements.
Where established, the level may be expressed as a percentage of
required capital 63 (for example, a minimum level of 50% 64 of required
capital for high quality capital elements and/or an upper limit for lowest
quality capital might be 25% of required regulatory capital). There may
also be limits set on the extent to which required capital may be
comprised of certain specific types of capital elements (for example,
perpetual subordinated loan capital and perpetual cumulative preference
share capital may be limited to 50% of required capital.)
17.11.36 What constitutes an adequate minimum or upper level may depend on
the nature of the insurance business and how the requirement interacts
with the various solvency control levels. A separation into tiers as set out
above assumes that all elements of capital can clearly be identified as
belonging to one of the specified tiers and that elements falling into an
individual tier will all be of the same quality. In reality, such distinctions
between elements of capital may not be clear cut and different elements
of capital will exhibit the above quality characteristics in varying degrees.
17.11.37 There are two potential policy responses to this fact. One is to set
minimum quality thresholds on the characteristics the capital must have
to be included in the relevant tier - as long as these thresholds are met
for a given element then it can be included in the relevant tier of capital
without limit. The other approach is to set minimum quality thresholds for
limited inclusion in the relevant tier, but to set additional higher quality
thresholds for elements to be permitted to be included in that tier without
limit. This approach effectively sub-divides the tiers. It permits greater
recognition within a given tier for elements of capital which are more likely
to fulfil the quality targets specified for that tier.
17.11.38 Where a tiering approach is applied, this should ideally follow the
distinction between going-concern capital and wind-up capital. Dividing
62 Capital elements categorised as being of highest quality are often referred to as core capital and
lower levels as supplementary capital, or similar.
63 Alternative approaches may also be used in practice, for example, where the levels are expressed as
a percentage of available capital.

64 The percentages used may vary for supervisors in different jurisdictions
Public
capital into these tiers is an approach that is also used in the context of
regulatory capital requirements for the banking sector.
Determination of capital resources to meet regulatory capital requirements –

continuum-based approach
17.11.39 In other jurisdictions a continuum-based approach may be used in

recognising the differential quality of capital elements. Under this
approach, elements of capital are not categorised, but rather ranked,
relative to other elements of capital on the basis of identified quality
characteristics set by the supervisor. The supervisor also defines the
minimum acceptable level of quality of capital for solvency purposes and
perhaps for different solvency control levels. In this way the capital
elements are classified from highest to lowest quality on a continuous
basis; only capital elements sitting above this defined minimum level on
the continuum, would be accepted as capital resources for solvency
purposes. Due consideration should again be given to the quality of
capital elements to ensure that there is an appropriate balance of going-
concern and wind-up capital.
Determination of capital resources to meet regulatory capital requirements - other

approaches on determination of capital resources
17.11.40 The supervisor may also apply approaches that are not based on an
explicit categorisation of capital instruments, but more on an assessment
of the quality of individual capital instruments and their specific features.
For example, the terms of a hybrid capital instrument may not provide
enough certainty that coupon payments will be deferred in times of stress.
In such a case, the supervisor’s approach may limit (possibly taking into
account further quality criteria) the ability of that instrument to cover the
Determination of capital resources to meet regulatory capital requirements - choice

and combination of approaches
17.11.41 Each approach has advantages and disadvantages. Jurisdictions should

consider the organisation and sophistication of the insurance sector and
choose the best approach appropriate to the circumstances. Whatever
approach is used overall, it should be transparent and be consistently
applied so that capital resources are of sufficient quality on a going-
concern and a wind-up basis.
17.11.42 It is recognised that in some markets, only a limited range of instruments
(for example, pure equity) may meet the quality criteria set out above.
Accordingly, supervisors in such markets may wish to restrict the range
of instruments that may be included in capital resources for solvency
purposes or to apply procedures for prior approval as appropriate.
17.11.43 It is also important that the approach to the determination of capital
resources for solvency purposes is consistent with the framework and
principles underlying the determination of regulatory capital
requirements. This includes not only the implemented range of solvency
control levels but is also relevant with regard to the target criteria
Public
underlying the regulatory capital requirements. In particular, the target
criteria for regulatory capital requirements and hence the approach to
determining capital resources should be consistent with the way in which
the supervisor addresses the two broad aims of capital from a regulatory
perspective as described in Guidance 17.2.6.
17.11.44 To illustrate this, suppose that in setting regulatory capital requirements
the supervisor would consider the maximum probability over a specified
time period with which they are willing to let unforeseen losses cause the
insolvency of an insurer. In such a case, insurers would need to maintain
sufficient capital resources to absorb losses before insolvency or winding-
up occurs. Hence the determination of capital resources would need to
lay sufficient emphasis on the first objective stated in Guidance 17.2.6
(loss absorbency under going concern), and could not entirely rely on the
second objective (loss absorbency solely under insolvency or winding-
up).
members of groups
17.11.45 The considerations set out in Guidance 17.11.1 - 17.11.44 above apply
equally to insurance legal entity and group-wide supervision. See
Guidance 17.10.22 for additional guidance on the criteria for the
assessment of the quality and suitability of capital resources for insurance
groups and insurance legal entities that are members of groups.
Multiple gearing and intra-group creation of capital
17.11.46 Double gearing may occur if an insurer invests in a capital instrument that
counts as regulatory capital of its subsidiary, its parent or another group
entity. Multiple gearing may occur if a series of such transactions exist.
17.11.47 Intra-group creation of capital may arise from reciprocal financing
between members of a group. Reciprocal financing may occur if an
insurance legal entity holds shares in or makes loans to another legal
entity (either an insurance legal entity or otherwise) which, directly or
indirectly, holds a capital instrument that counts as regulatory capital of
the first insurance legal entity.
17.11.48 For group-wide capital adequacy assessment with a group level focus, a
consolidated accounts method would normally eliminate intra-group
transactions and consequently multiple gearing and other intra-group
creation of capital whereas, without appropriate adjustment, a legal entity
focus may not. Whatever approach is used, multiple gearing and other
intra-group creation of capital should be identified and treated in a manner
deemed appropriate by the supervisor to largely prevent the duplicative
use of capital.
Leverage
17.11.49 Leverage arises where a parent, either a regulated company or an

unregulated holding company, issues debt or other instruments which are
ineligible as regulatory capital or the eligibility of which is restricted and
down-streams the proceeds as regulatory capital to a subsidiary.
Public
Depending on the degree of leverage, this may give rise to the risk that
undue stress is placed on a regulated entity as a result of the obligation
on the parent to service its debt.
Fungibility and transferability
17.11.50 In the context of a group-wide solvency assessment, excess capital in an

insurance legal entity above the level needed to cover its own capital
requirements may not always be available to cover losses or capital
requirements in other insurance legal entities in the group. Free transfer
of assets and capital may be restricted by either operational or legal
limitations. Some examples of such legal restrictions are exchange
controls in some jurisdictions, surpluses in with-profits funds of life
insurers which are earmarked for the benefit of policyholders and rights
that holders of certain instruments may have over the assets of the legal
entity. In normal conditions, surplus capital at the top of a group can be
down-streamed to cover losses in group entities lower down the chain.
However, in times of stress such parental support may not always be
forthcoming or permitted.
17.11.51 The group-wide capital adequacy assessment should identify and
appropriately address restrictions on the fungibility of capital and
transferability of assets within the group in both “normal” and “stress”
conditions. A legal entity approach which identifies the location of capital
and takes into account legally enforceable intra-group risk and capital
transfer instruments may facilitate the accurate identification of, and
provision for, restricted availability of funds. Conversely an approach with
a consolidation focus using a consolidated accounts method which starts
by assuming that capital and assets are readily fungible/transferable
around the group will need to be adjusted to provide for the restricted
availability of funds.
General provisions on the use of an internal model to determine regulatory capital

requirements
17.12 Where a supervisor allows the use of internal models to determine regulatory
capital requirements, the supervisor:
• establishes appropriate modelling criteria to be used for the
determination of regulatory capital requirements, which require broad
consistency among all insurers within the jurisdiction; and
• identifies the different levels of regulatory capital requirements for which
the use of internal models is allowed.
17.12.1 Internal models can be considered in the dual contexts of:
• a method by which an insurer determines its own economic
capital 65 needs; and
• a means to determine an insurer's regulatory capital resources
and requirements, where appropriate.
65 Economic capital refers to the capital which results from an economic assessment of the
insurer's risks given the insurer’s risk tolerance and business plans.
Public
In either case, the quality of the insurer’s risk management and
governance is vital to the effective use of internal models. If the insurer
has supervisory approval, internal models can be used to determine the
amount of the insurer’s regulatory capital requirements. However, an
insurer should not need supervisory approval, initial or ongoing, for the
use of its internal model in determining its own economic capital needs
or management.
17.12.2 One of the main purposes of an internal model is to better integrate the
processes of risk and capital management within the insurer. Among
other uses, internal models can be used to determine the economic
capital needed by the insurer and, if an insurer has supervisory approval,
to determine the amount of the insurer’s regulatory capital requirements.
As a basic principle, an internal model that is to be used for regulatory
capital purposes should already be in established use for determining
economic capital. The methodologies and assumptions used for the two
purposes should be consistent, any differences being explainable in
terms of the difference in purposes.
17.12.3 Where the supervisor allows a range of standardised and more tailored
approaches for regulatory capital purposes, including internal models, an
insurer should have a choice as to which approach it adopts, 66 subject to
satisfying certain conditions established by the supervisor on the use of
internal models for regulatory capital purposes.
17.12.4 Where there is a choice of approach allowed by a supervisor, it is
inappropriate for an insurer to be able to adopt a process of “cherry-
picking” between those approaches 67 – for example, by choosing to use
its model for regulatory capital purposes only when the model results in a
lower capital requirement than a standardised approach. The IAIS
supports the use of internal models where appropriate as they can be a
more realistic, risk-responsive method of calculating capital
requirements, but discourages any “cherry-picking” practices by insurers.
17.12.5 In particular, where the risk profile of an insurer which is using a
standardised approach for calculating its regulatory capital requirements
is such that the assumptions underlying this approach are inappropriate,
the supervisor may use its powers to increase the insurer's capital
requirement, or to require the insurer to reduce the risks it bears.
However, in such circumstances the supervisor should also consider
encouraging the insurer to develop a full or partial internal model which
might enable its risk profile to be better reflected in its regulatory capital
requirements.
17.12.6 Where the supervisor is aware that an insurer has an existing internal
model but has not sought approval to use it to calculate the regulatory
capital requirement, the supervisor should discuss this decision with the
insurer.
66 There are a number of considerations that the insurer would also have to make before deciding to
invest in constructing an internal model, one of which is cost. The IAIS is not advocating that all
insurers must have an internal model (although their use is encouraged where appropriate).
67 Refer to Guidance 17.12.14 in relation to “cherry-picking” in the particular context of partial internal
models.
Public
17.12.7 Effective use of internal models by an insurer for regulatory capital
purposes should lead to a better alignment of risk and capital
management by providing incentives for insurers to adopt better risk
management procedures which can:
• produce regulatory capital requirements that are more risk
sensitive and better reflect the supervisor’s target criteria; and
• assist the integration of the internal model fully into the insurer's
strategic, operational and governance processes, systems and
controls.
Criteria for the use of an internal model to determine an insurer's regulatory capital
requirements
17.12.8 Where a supervisor allows the use of internal models to determine

regulatory capital requirements, the supervisor should determine
modelling criteria, based upon the level of safety required by the
supervisor, to be used by an insurer adopting an internal model for that
purpose. These criteria should require broad consistency between all
insurers within the jurisdiction being based on the same broad level of
safety requirements applied to the overall design and calibration of the
standardised approach to determining regulatory capital requirements.
Discussions with the insurance industry in a jurisdiction may also assist
in achieving consistency. The supervisor should set out for which of the
different levels of regulatory capital requirements the use of internal
models is allowed and determine the modelling criteria for each level.
17.12.9 In particular, when considering whether an internal model may be used
in determining the MCR, the supervisor should take into account the main
objective of the MCR (i.e. to provide the ultimate safety net for the
protection of policyholders) and the ability of the MCR to be defined in a
sufficiently objective and appropriate manner to be enforceable. If internal
models are allowed for determining the MCR, particular care should be
taken so that the strongest supervisory action that may be necessary if
the MCR is breached can be enforced, for example if the internal model
is challenged in a court of law.
17.12.10 The IAIS does not prescribe specific solvency requirements which are
compulsory to all IAIS members. Notwithstanding this, the supervisor will
need to establish the appropriate modelling criteria to be used by insurers
to meet its regulatory capital requirements, and the insurer’s internal
models will need to be calibrated accordingly if used for that purpose. The
IAIS notes that some supervisors who allow the use of internal models to
determine regulatory capital requirements have set a confidence level for
regulatory purposes, which is comparable with a minimum investment
grade level. Some examples of modelling criteria include a 99.5% VaR 68
68VaR – Value at Risk – an estimate of the worst expected loss over a certain period of time at a given
confidence level.
Public
calibrated confidence level over a one year timeframe, 69 a 99% TVaR 70
over one year 71 and a 95% TVaR over the term of the policy obligations.
Different criteria apply for PCR and MCR.
17.12.11 If an internal model is used for regulatory capital purposes, the insurer
should ensure that its regulatory capital requirements determined by the
model are calculated in a way that is consistent with the objectives,
principles and criteria used by the supervisor. For example, the insurer
may be able to apply the confidence level specified in the supervisors’
modelling criteria directly to the probability distribution forecasts used in
its internal model. Alternatively, depending on the insurer’s own modelling
criteria for its economic capital, an insurer may have to recalibrate its
internal model to the modelling criteria required by the supervisor in order
to use it for regulatory capital purposes. This will allow internal models to
have a degree of comparability to enable supervisors to make a
meaningful assessment of an insurer's capital adequacy, without
sacrificing the flexibility needed to make it a useful internal capital model
in the operation of the insurer's business. Further elaboration is provided
in Guidance 17.15.1 - 17.15.2.
17.12.12 It is noted that, due to the insurer-specific nature of each internal model,
internal models can be very different from each other. Supervisors, in
allowing the use of an internal model for regulatory capital purposes,
should preserve broad consistency of capital requirements between
insurers with broadly similar risks.
Partial internal models
17.12.13 The IAIS supports the use of partial internal models for regulatory capital
purposes, where appropriate. A partial internal model typically involves
the use of internal modelling to substitute parts of a standardised
approach for the determination of regulatory capital requirements. For
example, an insurer could decide to categorise its insurance contracts
along business lines for modelling purposes. If the regulatory capital
requirements for some of these categories are determined by modelling
techniques, while the capital requirements for other categories are
determined using a standardised approach, then this would constitute the
insurer using a partial internal model to calculate regulatory capital.
17.12.14 Partial internal models are often used to smooth an insurer's transition to
full use of an internal model or to deal with instances such as the merger
of two insurers, one of which uses an internal model, and the other which
uses a standardised approach. Given the potential complexity of a full
internal model, use of a partial internal model could be a satisfactory
approach provided its scope is properly defined (and approved by the
supervisor). Provided the reduced scope of the internal model is soundly
justified, the use of a partial internal model could be allowed as a
69 This is the level expected in Australia for those insurers that seek approval to use an internal model
to determine their MCR. It is also the level used for the calculation of the risk-based Solvency Capital
Requirement under the European Solvency II regime.
70 TVaR – Tail Value at Risk – the VaR plus the average exceedence over the VaR if such exceedence
occurs
71 These are the modelling criteria of the Swiss Solvency Test.
Public
permanent solution. However, as discussed above, there could be a
tendency for an insurer to adopt a “cherry-picking” approach in the use of
internal models. This particularly applies where partial modelling is
allowed. The supervisor should place the onus on the insurer to justify
why it has chosen to only use internal models for certain risks or business
lines. Where this justification is not sound enough, the supervisor should
take appropriate action e.g. refuse or withdraw approval of the model or
impose a capital add-on until the model has developed to a sufficient
degree.
17.12.15 This ICP should be applied to both partial and full internal models. Partial
models should therefore be subject, as appropriate, to the full range of
tests: the “statistical quality test”, “calibration test” and “use test” (see
Guidance 17.13.1 - 17.17.8). In particular, an insurer should assess how
the partial internal model achieves consistency with the modelling criteria
specified by the supervisor for regulatory purposes. As part of the
approval process for regulatory capital use, an insurer should be required
to justify the limited scope of the model and why it considers that using
partial internal modelling for determining regulatory capital requirements
is more consistent with the risk profile of the business than the
standardised approach or why it sufficiently matches regulatory capital
requirements. The insurer should clearly document the reasons behind
its decision to use partial internal models. If, for example, this is to ease
transition towards full internal models, the insurer should outline a
transitional plan, considering the implications for risk and capital
management of the transition. Such plans and use of partial internal
models should be reviewed by the supervisor, who may decide to impose
certain restrictions on the partial model’s use for calculating regulatory
capital (for example, introducing a capital add-on during the transitional
period).
Additional guidance for group-wide internal models
17.12.16 Where a supervisor allows the use of group-wide internal models 72 to

determine regulatory capital requirements, the supervisor should
determine modelling criteria for such models, based upon the level of
safety required by the supervisor applicable to an insurance group or an
insurance legal entity adopting an internal model for that purpose.
17.12.17 The modelling criteria for internal models for regulatory capital purposes
and the process for internal model approval that a supervisor establishes
should require broad consistency between group-wide regulatory capital
requirements and regulatory capital requirements of individual insurance
legal entities.
72 Agroup-wide internal model is a risk measurement system a group uses for its internal purposes to
analyse and quantify risks to the group as a whole as well as risks to the various parts of the group,
to determine the capital resources needed to cover those risks and to allocate capital resources across
the group. Group-wide internal models include partial models which capture a subset of the risks to
the group and/or all the risks of a subset of the group. Group-wide internal models also include
combinations of models in respect of different parts of the group. An insurer’s internal model may be
part of a broader group-wide model rather than a standalone model.
Public
17.12.18 Group-wide internal models can vary greatly depending on their group-
specific nature. In allowing the use of group-wide internal models for
regulatory capital purposes, supervisors should preserve broad
consistency between insurance groups and insurers with broadly similar
risks e.g. insurance legal entities and insurance groups operating through
a branch structure in a jurisdiction. The supervisor should design
modelling criteria and the process for model approval so as to maintain
broad consistency between the regulatory capital requirements
determined using internal models and standardised approaches.
17.12.19 The IAIS recognises that modelling criteria may differ among supervisors.
For Insurance groups operating in multiple jurisdictions, the degree of
consistency in regulatory capital requirements across group members
may vary.
17.12.20 Each supervisor should set out for which group-wide regulatory capital
requirements, corresponding to the solvency control level or levels which
apply to an insurance group, the use of group-wide internal models is
allowed.
17.12.21 In particular, when the supervisor considers allowing the use of internal
models for the purpose of determining group-wide regulatory capital
requirements at the MCR level, the issues relating to possible legal
challenges may differ from those encountered in respect of individual
insurance legal entities. For example, supervisors may need to work
together to establish and co-ordinate grounds for legal action in respect
of the different insurance legal entities within a group.
Initial validation and supervisory approval of internal models
capital requirements, the supervisor requires:
• prior supervisory approval for the insurer’s use of an internal model for
the purpose of calculating regulatory capital requirements;
• the insurer to adopt risk modelling techniques and approaches
appropriate to the nature, scale and complexity of its current risks and
those incorporated within its risk strategy and business objectives in
constructing its internal model for regulatory capital purposes;
• the insurer to validate an internal model to be used for regulatory capital
purposes by subjecting it, as a minimum, to three tests: “statistical
quality test”, “calibration test” and “use test”; and
• the insurer to demonstrate that the model is appropriate for regulatory
capital purposes and to demonstrate the results of each of the three
tests.
Approval of the use of an internal model for determination of regulatory capital

requirements
17.13.1 Where insurers may be permitted to use internal models for calculating
regulatory capital requirements, the models used for that purpose should
be subject to prior supervisory approval. The onus should be placed on
the insurer to validate a model that is to be used for regulatory capital
Public
purposes and provide evidence that the model is appropriate for those
purposes. The IAIS considers that an insurer should not need supervisory
approval for the use of internal models in determining its own economic
capital needs.
17.13.2 The supervisor may prescribe requirements which will allow it to assess
different models fairly and facilitate comparison between insurers within
its jurisdiction. However, overly prescriptive rules on internal model
construction may be counter-productive in creating models which are risk-
sensitive and useful for insurers. Therefore, although a certain level of
comparability can be achieved by the calibration requirements, full and
effective comparison across jurisdictions to align best practice may be
best achieved by dialogue between supervisors and industry.
17.13.3 The supervisor should require that in granting approval for the use of an
internal model to calculate regulatory capital requirements, it has
sufficient confidence that the results being produced by the model provide
adequate and appropriate measures of risk and capital. Although the
supervisor may encourage insurers to develop internal models that better
reflect their risks as soon as possible, this should not lead to models being
approved until there is confidence that they are calibrated correctly. The
supervisor may therefore feel it necessary to evaluate an internal model
over a specified period of time, for example a few years, prior to approval.
For supervisors, approval of an internal model could require considerable
expertise (depending on the sophistication of the model) which may need
to be developed. In addition, it may be necessary to introduce different
supervisory powers to allow the approval of internal models.
17.13.4 The supervisor should use, at a minimum, the “statistical quality test”,
“calibration test” and “use test”, as the basis of its approval process. While
a broad range of internal model approaches may be suitable for internal
economic capital assessment purposes, and this should not be subject to
supervisory approval, supervisors may want to place requirements on the
internal model approaches that would be regarded as acceptable for
regulatory capital purposes. In approving the use of an internal model for
calculating regulatory capital requirements, the supervisor should
consider the primary role of the model as part of the insurer's risk
management procedures. Any requirements imposed by the supervisor
on the approval of a model for use in determining regulatory capital
requirements should not prevent the model from being sufficiently flexible
to be a useful strategic decision making tool which reflects the insurer's
unique risk profile. Consistent standards for the approval of an insurer’s
internal model should be applied by the supervisor, regardless of whether
the model is developed in-house by the insurer or by an external party.
17.13.5 The “statistical quality test” and the “use test” are envisaged to be more
insurer-specific measures which should allow the supervisor to gain an
understanding of how a particular insurer has embedded its internal
model within its business. The “calibration test” would be used by the
supervisor to assess the results from the internal model in comparison to
the insurer’s regulatory capital requirements and to those of other
insurers.
17.13.6 In addition, the insurer should review its own internal model and validate
it so as to satisfy itself of the appropriateness of the model for use as part
Public
of its risk and capital management processes. 73 As well as internal
review, the insurer may wish to consider a regular independent, external
review of its internal model by appropriate specialists.
17.13.7 Each supervisor who permits the use of internal models for regulatory
capital purposes at legal entity and/or group level should require prior
supervisory approval for that purpose.
If an insurance group wishes to use its group-wide internal model for
regulatory capital purposes in more than one jurisdiction in which it
operates, the group may be subject to requirements that differ in a
number of ways. Examples of some areas of possible variation may
include:
• modelling criteria (risk measure, time horizon, level of safety);
• valuation bases for regulatory capital purposes;
• the risks that have to be modelled;
• treatment of intra-group transactions;
• approach to group-wide capital adequacy (e.g. group level or
legal entity focus); and
• recognition of diversification across the group.
A group-wide internal model therefore needs to be sufficiently flexible to
meet the differing requirements of each jurisdiction in which it is to be
used for regulatory capital purposes.
17.13.8 The supervisors of an insurance group that conducts insurance business
in more than one jurisdiction may consider their joint and common
interests for the joint approval of the use of a group-wide internal model
for regulatory capital purposes. If so, it may improve the efficiency and
effectiveness of the approval process if the supervisors agree on common
requirements for the process e.g. standardised language or languages
for the application process.
17.13.9 Alternatively, the supervisors may independently approve the use of a
group-wide internal model. Therefore, an insurance group seeking
approval for a group-wide internal model may receive permission from
one supervisor to use the model in that jurisdiction, while not receiving
approval in another jurisdiction.
17.13.10 Similarly, where an insurance legal entity operates in other jurisdictions
through a branch structure, the supervisors in those branch jurisdictions
will have an interest in the solvency of the insurance legal entity. If local
branch supervisors in these jurisdictions are not satisfied with the capital
requirements of the home supervisor, possibly because they are
determined using internal models, the local branch supervisors may
impose limitations on the branch operations. The home supervisor,
however, does not need to have the approval of the local branch
73Validation should be carried out by a different department or personnel to those that created the
internal model to facilitate independence.
Public
supervisors in order to approve the use of the insurance legal entity’s
internal model for its own purposes.
17.13.11 The degree of involvement of different supervisors in the approval
process depends on a number of factors as illustrated in Guidance
17.13.12 - 17.13.16.
17.13.12 In the simplest case, an insurance group operates in one jurisdiction only.
Clearly only the supervisor in that jurisdiction needs to be involved in the
group-wide internal model approval process. Where there is more than
one supervisor in a jurisdiction, e.g. where different insurance activities
of a group are supervised separately, then both may need to be involved
depending on the scope of the model. Nevertheless, some liaison with
supervisors in other jurisdictions may be mutually beneficial to facilitate
convergence and comparability across jurisdictions in respect of internal
model standards and practice.
17.13.13 In the case of an insurance group that operates in more than one
jurisdiction but only applies to use its group-wide internal model for
regulatory capital purposes in one jurisdiction, e.g. the parent’s
jurisdiction, the group does not need group-wide internal model approval
of other jurisdictions provided that it is using other approaches to meet
the capital requirements of those other jurisdictions. However, the
supervisor considering approval of the group-wide internal model may
wish to consult the other supervisors about the relevant insurance
markets, the group’s operations in those markets and the standard of
modelling.
17.13.14 In the case of an insurance group that wishes to use its group-wide
internal model in more than one jurisdiction (e.g. to calculate insurance
legal entity PCRs), the supervisor of each of those jurisdictions should
consider approval of the specific application of the group-wide internal
model in its jurisdiction, having regard to the considerations in Guidance
17.13.15 - 17.13.18 below.
17.13.15 When considering approval of the use of a group-wide internal model for
group-wide regulatory capital purposes, each supervisor should consider:
• its group-wide regulatory capital requirements;
• whether and the extent to which its jurisdiction allows the use of
internal models for regulatory capital purposes (e.g. PCR or
both PCR and MCR);
• how its jurisdiction interacts with the other jurisdictions
potentially involved when supervisory intervention is being
considered; and
• the arrangements for collaboration between the supervisors of
the entities within the insurance group.
17.13.16 A supervisor may delegate the approval process to another supervisor or
agree to be bound by its decision while retaining supervisory
responsibility. Alternatively, a group-wide supervisor may have ultimate
decision-making authority over some or all of the supervisors involved. If
more than one jurisdiction is concerned, making such authority legally
binding may require a treaty between these jurisdictions. To be effective,
Public
each arrangement requires a high level of collaboration between
supervisors. To require the model appropriately addresses all categories
of risk, the supervisor making the decision needs sufficient knowledge of
the local circumstances in which the group operates.
17.13.17 Supervisors should require that the approval process for the use of a
group-wide internal model for regulatory capital purposes is sufficiently
flexible to achieve an approach appropriate to the nature, scale and
complexity at each organisational level in an insurance group
(group/sub-group/individual insurance legal entity). Risks which may
have a large impact at insurance legal entity level may have much smaller
significance at insurance group level. Conversely, risks that may have a
small impact at insurance legal entity level may aggregate to have a
larger impact on risk at the group level. The nature and complexity of risks
may also vary at different levels in the insurance group.
17.13.18 Whether the group-wide internal model is appropriate for regulatory
purposes given the nature, scale and complexity of the risks depends on
the regulatory capital requirements of a jurisdiction. While the risk
coverage by an internal model may look reasonable from a group-wide
perspective, it may not be reasonable from the point of view of each
member of the insurance group. For example, in a group of many non-life
insurers and one small life insurer it may be appropriate from an overall
perspective to place less emphasis on the modelling of the life insurance
risks. However this may not be appropriate from the life insurer’s or
supervisor’s perspective. In such circumstances, it may be necessary for
the group to upgrade its model to include an adequate life insurance risk
component or to set up a self-contained internal model for the life insurer
in order to gain approval.
Statistical quality test for internal models
• the insurer to conduct a “statistical quality test” which assesses the base
quantitative methodology of the internal model, to demonstrate the
appropriateness of this methodology, including the choice of model
inputs and parameters, and to justify the assumptions underlying the
model; and
• that the determination of the regulatory capital requirement using an
internal model addresses the overall risk position of the insurer and that
the underlying data used in the model is accurate and complete.
17.14.1 Given the importance of an embedded internal model to an insurer's risk
management policy and operations, an internal model would generally be
constructed to deliver a probability distribution of the required risk capital
rather than a “point estimate”. A range of approaches could constitute an
effective internal model for risk and capital management purposes, and
supervisors should encourage the use of a range of different approaches
appropriate to the nature, scale and complexity of different insurers and
different risk exposures. There are several different techniques to quantify
risk which could be used by an insurer to construct its internal model. In
broad terms, these could range from basic deterministic scenarios to
Public
complex stochastic models. Deterministic scenarios would typically
involve the use of stress and scenario testing reflecting an event, or a
change in conditions, with a set probability to model the effect of certain
events (such as a drop in equity prices) on the insurer's capital position,
in which the underlying assumptions would be fixed. In contrast,
stochastic modelling often involves simulating very large numbers of
scenarios in order to reflect the likely distributions of the capital required
by, and the different risk exposures of, the insurer.
17.14.2 The IAIS recognises that there are numerous methodologies which an
insurer could use as part of its stress and scenario testing. For example,
an insurer may decide to model the effect of various economic scenarios,
such as a fall in equity prices or a change in interest rates, on its assets
and liabilities. Alternatively, an insurer could consider a run-off approach,
where the effect of various scenarios on a specific portfolio of business
as it is run-off is examined. The insurer should use scenarios which it
regards as most appropriate for its business. Where the internal model is
used for regulatory capital purposes, the onus is on the insurer to
demonstrate to the supervisor that the chosen methodology is
appropriate to capture the relevant risks for its business. This includes
testing of the model to require that it can replicate its results on request
and that its response to variation in input data is adequate such as that
corresponding to changes in base or stress scenarios. Overall capital
requirements derived from an internal model can be highly sensitive to
assumptions on the effect of diversification across risks. Supervisors and
insurers should therefore give particular consideration to aggregation
issues. Conducting stress and scenario testing to determine the effect of
shocks may be a suitable tool to validate statistical assumptions.
17.14.3 Where an internal model is established to assess risks at a modular level,
i.e. on a risk-by-risk basis, in order to conduct an overall risk assessment,
the insurer should aggregate the results for each of these risks both within
and across business lines. Several methods exist to aggregate the
separate results allowing for diversification effects. The IAIS considers
that an insurer would generally be expected to decide how best to
aggregate and account for the risks to the whole of its business. The
determination of overall regulatory capital requirements by the internal
model should consider dependencies within, as well as across, risk
categories. Where the internal model allows for diversification effects, the
insurer should be able to justify its allowance for diversification effects
and demonstrate that it has considered how dependencies may increase
under stressed circumstances.
17.14.4 Internal models need high quality data in order to produce sufficiently
reliable results. The data used for an internal model should be current
and sufficiently credible, accurate, complete and appropriate.Hence, a
“statistical quality test” should examine the appropriateness of the
underlying data used in the construction of the internal model. A
“statistical quality test” would include the examination of the aggregation
of data, the modelling assumptions and the statistical measures used to
construct the internal model. This could include an annual (or more
frequent) review of the various items that are being measured (claims,
lapses, etc.) updated for the additional data available together with a
scrutiny of data from previous periods to determine whether this data
Public
continues to be relevant. Older data may no longer be relevant possibly
due to changes in risks covered, secular trends or policy conditions and
guarantees attaching. Similarly, new data may not be of substantive use
when modelling items that require a long-term view of experience (such
as testing the predictions of cash flows for catastrophic events).
17.14.5 An insurer may not always have sufficient reliable data in-house. In
instances where an insurer lacks fully credible data it may rely on industry
or other sufficiently credible data sources to supplement its own data. For
example, a new company may lack its own historical data and so could
use market data sources in constructing its internal model. Some
supervisors have published jurisdictional data which may be of some use.
17.14.6 Another possible source of data may be from reinsurers - whose data
pool is typically larger and covers a wider spectrum of the market. It is,
however, important to consider that such industry data may not be entirely
appropriate for all insurers. Reinsurers often only receive data in
aggregated form and sometimes are only informed of larger claims or
from smaller insurers whose market may not be applicable for all or many
insurers. Therefore, any data not specific to the insurer would need to be
carefully considered before deciding it was appropriate for use as the
basis for an insurer's “statistical quality test”. Even where deemed
appropriate, it may still be necessary to adjust the data to allow for
differences in features between the data source and the insurer.
17.14.7 In assessing suitability of data and of other inputs, e.g. assumptions, to
the internal model, expert judgment should be applied and supported by
proper justification, documentation and validation.
17.14.8 As part of the “statistical quality test”, the insurer should be able to
demonstrate that the base quantitative methodology used to construct its
internal model is sound and sufficiently reliable to support the model's
use, both as a strategic and capital management tool, and to calculate
the insurer's regulatory capital requirements, if appropriate. The
methodology should also be consistent with the methods used to
calculate technical provisions.
17.14.9 A “statistical quality test” should also include a review of the internal
model to determine whether the assets and products as represented in
the model truly reflect the insurer's actual assets and products. This
should include an analysis of whether all reasonably foreseeable and
relevant material risks have been incorporated, including any financial
guarantees and embedded options. Insurers should also consider
whether the algorithms used are able to take into account the action of
management and the reasonable expectation of policyholders. Testing
should include future projections within the model and to the extent
practicable “back-testing” (the process of comparing the predictions from
the model with actual experience).
17.14.10 For use in determining the regulatory capital requirements of an

insurance legal entity, a group-wide internal model should meet the same
standards as applicable to a stand-alone internal model of that insurer.
Public
17.14.11 For use for group-wide regulatory capital requirements, group members
should be sufficiently engaged with a group-wide internal model and its
application to their businesses (through their input to the model, local
Board involvement, capital allocation, performance measurement etc.),
even if the insurance group does not use the model to determine the
regulatory capital requirements of individual group members.
Calibration test for internal models
capital requirements, the supervisor requires the insurer to conduct a
“calibration test” to demonstrate that the regulatory capital requirement
determined by the internal model satisfies the specified modelling criteria.
17.15.1 As part of a “calibration test”, where an internal model is used for
determining regulatory capital, the insurer should assess the extent to
which the output produced by its internal model is consistent with the
modelling criteria defined for regulatory capital purposes, and hence,
confirm the validity of using its internal model for that purpose.
17.15.2 The “calibration test” should be used by the insurer to demonstrate that
the internal model is calibrated appropriately to allow a fair, unbiased
estimate of the capital required for the particular level of confidence
specified by the supervisor. Where an insurer uses different modelling
criteria than those specified by the supervisor for regulatory capital
purposes, it may need to recalibrate its model to the supervisor’s
modelling criteria to achieve this.
17.15.3 See Guidance 17.14.10 and 17.14.11 for additional guidance for group-
wide internal models.
Use test and governance for internal models
• the insurer to fully embed the internal model, its methodologies and
results, into the insurer’s risk strategy and operational processes (the
“use test”);
• the insurer's Board and Senior Management to have overall control of
and responsibility for the construction and use of the internal model for
risk management purposes, and ensure sufficient understanding of the
model's construction at appropriate levels within the insurer's
organisational structure. In particular, the supervisor requires the
insurer’s Board and Senior Management to understand the
consequences of the internal model's outputs and limitations for risk and
capital management decisions; and
• the insurer to have adequate governance and internal controls in place
with respect to the internal model.
Public
17.16.1 In considering the use of an internal model for regulatory capital purposes
by an insurer, the supervisor should not merely focus on its use for that
narrow purpose, but should consider the wider use of the internal model
by the insurer for its own risk and capital management.
17.16.2 The “use test” is the process by which the internal model is assessed in
terms of its application within the insurer's risk management and
governance processes. In order for the insurer’s internal model to be most
effective it should be genuinely relevant for use within its business for risk
and capital management purposes.
17.16.3 Where an insurer decides to adopt a higher confidence level than the
level required for regulatory capital purposes for its own purposes, for
example, in order to maintain a certain investment grade rating, then
“calibration” testing should also be conducted by the insurer to allow the
insurer to determine the level of capital needed at this higher level. The
insurer should then assess whether holding this amount of capital is
consistent with the insurer's overall business strategy.
17.16.4 The insurer should have the flexibility to develop its internal model as an
important tool in strategic decision making. An insurer should therefore
have the flexibility to use the most appropriate risk measure and
modelling techniques in its internal models. It may be beneficial if the
insurer is able to demonstrate why it has chosen a particular risk
measure, and it should include in its internal model an appropriate
recalibration or reconciliation, if necessary, between the modelling criteria
used in the model for its own risk and capital management purposes and
those set by the supervisor for regulatory capital purposes. Differences
between the economic capital and the regulatory capital requirements
should be explicit and capable of being explained by the insurer to its
Board and the supervisor.
17.16.5 The “use test” is a key method by which the insurer can demonstrate that
its internal model is integrated within its risk and capital management and
system of governance processes and procedures. As part of the “use
test”, an insurer should examine how the internal model is used for
operational management purposes, how the results are used to influence
the risk management strategy and business plan of the insurer, and how
senior management are involved in applying the internal model in running
the business. An insurer should demonstrate to the supervisor that an
internal model used for regulatory capital purposes remains useful and is
applied consistently over time and that it has the full support of and
ownership by the Board and Senior Management.
17.16.6 The insurer's Senior Management should take responsibility for the
design and implementation of the internal model, in order to ensure full
embedding of the model within the insurers' risk and capital management
processes and operational procedures. The methodology used in building
the model should be compatible with the overall enterprise risk
management framework agreed to by the Board and Senior
Management. Although the Board and Senior Management may not be
able to de-construct the internal model in detail, it is important that the
Board has overall oversight of the model's operation on an ongoing basis
and the level of understanding necessary to achieve this. The Board and
Senior Management should also ensure that processes are in place to
Public
update the internal model to take into account changes in the insurer's
risk strategy or other business changes.
17.16.7 Various business units within the insurer may be involved in the
construction and operation of the internal model, such as risk
management, capital management, finance and actuarial departments,
depending on the size of the insurer. The experience and technical ability
of staff involved in the construction and operation of the internal model
should be an important consideration for the insurer. For a model to pass
the “use test” it would be expected that an insurer would have a
framework for the model's application across business units. This
framework should define lines of responsibility for the production and use
of information derived from the model. It should also define the purpose
and type of management information available from the model, the
decisions to be taken using that information, and the responsibilities for
taking those decisions. The “use test” should also ensure the adequacy
of systems and controls in place for the maintenance, data feeds and
results of the model. The IAIS notes that internal models may require
significant IT resources and costs, which should be a consideration for
the insurer in developing its models.
17.16.8 The IAIS considers that governance processes and communication in
respect of an internal model are as important as its construction. An
internal model should be subject to appropriate review and challenge so
that it is relevant and reliable when used by the insurer. The key elements
and results from the internal model should be understood by the key
personnel within the insurer, including the Board, and not only by those
who have constructed it. This understanding should ensure that the
internal model remains a useful decision-making tool. If the internal model
is not widely understood, it will not be achieving its purpose and adding
value to the business. The “use test” is key in ensuring the relevance of
the internal model to the insurer’s business.
17.16.9 See Guidance 17.14.10 and 17.14.11 for additional guidance for group-
wide internal models.
Documentation for internal models
capital requirements, the supervisor requires the insurer to document the
design, construction and governance of the internal model, including an outline
of the rationale and assumptions underlying its methodology. The supervisor
requires the documentation to be sufficient to demonstrate compliance with the
regulatory validation requirements for internal models, including the statistical
quality test, calibration test and use test outlined above.
17.17.1 The insurer should document the design and construction of the internal
model sufficient for a knowledgeable professional in the field to be able
to understand its design and construction. This documentation should
include justifications for and details of the underlying methodology,
assumptions and quantitative and financial bases, as well as information
on the modelling criteria used to assess the level of capital needed.
Public
17.17.2 The insurer should also document, on an ongoing basis, the development
of the model and any major changes, as well as instances where the
model is shown to not perform effectively. Where there is reliance on an
external vendor/supplier, the reliance should be documented along with
an explanation of the appropriateness of the use of the external
vendor/supplier.
17.17.3 The insurer should document the results of the “statistical quality test”,
“calibration test” and “use test” conducted to enable the supervisor to
assess the appropriateness of its internal model for regulatory capital
purposes.
17.17.4 In view of the potential complexity of a group-wide internal model, the

flexibility required and the potential need for multiple supervisory
approvals, it is essential that the group fully document all aspects of the
group-wide internal model clearly and unambiguously. This enables
supervisors to identify what is approved and what is not approved.
Supervisors should require the insurance group to provide thorough
documentation of the scope of an internal model, clarifying what falls
within and outside of the model boundaries and what parts of the group
universe are modelled. Supervisory authorities should know the boundary
to the internal model.
17.17.5 As a minimum, the documentation of the group-wide internal model
should include:
• a full description of the risk profile of the insurance group and
how the group models those risks, including the underlying
central assumptions and methods;
• the parts, entities and geographical locations of the insurance
group and which are included or excluded from the scope of the
model submitted for approval;
• specification of which risks are modelled, with particular focus
on group-wide risks;
• intra-group transactions such as (subordinated) loans and other
hybrid instruments together with their different level of triggers,
guarantees, reinsurance, capital and risk transfer instruments,
contingent assets and liabilities; off-balance sheet items and
special purpose vehicles;
• the effect of these instruments, either on individual insurance
legal entities or on the insurance group considered as one single
economic entity or on both, depending on supervisory
requirements and how these effects are modelled;
• justifications for specific decisions taken in terms of
assumptions, scope, simplifications;
• the flexibility of the model architecture to cope with central
assumptions ceasing to be valid;
Public
• more generally the insurance group’s processes for validating,
maintaining and updating the model including the use of stress
testing and scenario analysis and the results of those tests and
analyses;
• how the model allows for and models fungibility of capital,
transferability of assets and liquidity issues, the assumptions
made especially regarding the treatment of intra-group
transactions and the free flow of assets and of liabilities across
different jurisdictions, and how the group uses the model for an
analysis or a qualitative assessment of liquidity issues; and
• the allocation of capital to insurance legal entities implied by the
group-wide model and how this would change in times of stress
for insurance groups established in more than one jurisdiction.
Such allocation is required by supervisors, even if an insurance
group uses a different allocation, e.g. by region or business line,
for management purposes.
17.17.6 If elements are omitted from the group-wide internal model, the
supervisors should require an explanation within the required
documentation, for example if and why a standardised approach is used
for some insurance legal entities, lines of business or risks.
17.17.7 The supervisors should require the insurance group to provide
documentation describing whether and how the modelling is consistent
over different jurisdictions or insurance legal entities regarding, for
example, modelling criteria, risks, lines of business, intra-group
transactions or capital and risk transfer instruments (CRTIs) with suitable
explanations for any differences in approach.
17.17.8 Diversification/concentration of risks means that some risks or positions
are offset or increased by other risks or positions. The supervisors should
require, within the framework of the required internal model
documentation, a description of how the insurance group:
• incorporates diversification/concentration effects at the relevant
different levels within the group-wide internal model;
• measures such effects in normal and in adverse conditions;
• confirms those measurements for reasonableness, and
• allocates diversification effects across the group according to
supervisory requirements.
Credit for diversification effects should only be allowed where appropriate
having regard to risk correlations in adverse financial conditions.
Ongoing validation and supervisory approval of the internal model
• the insurer to monitor the performance of its internal model and regularly
review and validate the ongoing appropriateness of the model’s
specifications. The supervisor requires the insurer to demonstrate that
the model remains fit for regulatory capital purposes in changing
Public
circumstances against the criteria of the statistical quality test,
calibration test and use test;
• the insurer to notify the supervisor of material changes to the internal
model made by it for review and continued approval of the use of the
model for regulatory capital purposes;
• the insurer to properly document internal model changes; and
• the insurer to report information necessary for supervisory review and
ongoing approval of the internal model on a regular basis, as determined
appropriate by the supervisor. The information includes details of how
the model is embedded within the insurer’s governance and operational
processes and risk management strategy, as well as information on the
risks assessed by the model and the capital assessment derived from its
operation.
17.18.1 Over time an insurer's business may alter considerably, as a result of
internal factors or events (such as a change in insurer strategy) and
external factors or events (such as a change in interest rates), so that the
internal model may no longer fully capture the risks to which the insurer
is exposed unless adapted. The supervisor should reassess an insurer's
internal model and the results that it produces on a regular basis against
the criteria of the statistical quality test, calibration test and use test so
that it remains valid for use, both as a strategic decision-making tool in
the context of the insurer’s own risk and capital management, and as a
means of calculating regulatory capital requirements where appropriate.
In general only material changes to the model (such as changing the
underlying model structure or the risk measure used) or to the risks faced
by the insurer should require the model to be reassessed by the
supervisor. A “model change policy” could be agreed between the
supervisor and the insurer regarding the degree and timing of changes
made to the internal model. This would enable the insurer to enact minor
changes to its internal model without seeking prior supervisory approval
(provided the changes are in accordance with the agreed policy), thereby
allowing the model to be updated in a quicker and more flexible way.
17.18.2 The insurer should be required to notify the supervisor of material
changes to the internal model and to properly document changes to
enable the supervisor to assess, for continued approval, the ongoing
validity of the model for use in determining regulatory capital
requirements. Following any material changes to an internal model, the
supervisor may give the insurer a reasonable amount of time so that the
updated model is embedded in its risk strategies and operational
processes.
17.18.3 The insurer should demonstrate that the data used in the internal model
remains appropriate, complete and accurate for this purpose.
17.18.4 The supervisor should take care that its ongoing validation requirements
do not unduly restrict the use of the internal model by the insurer for its
own risk and capital management purposes and thereby reduce its ability
to comply with the use test.
Public
17.18.5 The insurance group should adjust the model for material changes in
group composition and operations, including mergers, acquisitions and
other structural changes of affiliated entities or jurisdictional changes.
17.18.6 The supervisor should require the insurance group to provide
documentation of material changes in group operations and the reasons
why continued use of the group-wide internal model would remain
appropriate following the change. If such reasons cannot be given or are
not sufficient the supervisor should require the group to propose
appropriate model changes as a result of the material change for re-
assessment of approval by the supervisor.
Supervisory responsibilities
17.18.7 The IAIS considers that it is essential that supervisors are able to
understand fully the insurers' internal models and be able to appraise their
quality. To this end, the supervisor should have access to experienced
personnel with appropriate technical ability, as well as sufficient
resources. It is likely to take time for supervisors to acquire the necessary
experience to appraise an insurer’s internal model. Without the
experience and resources, the supervisor may be unable to reliably
approve the use of an insurer’s internal model for regulatory purposes.
The supervisor may wish to use external specialists that are considered
to have the appropriate experience, such as actuarial consultants,
accountancy firms and ratings agencies, to assist it in reviewing an
insurer's internal models. In such instances, the supervisor should retain
the final responsibility for review and approval of the use of the internal
model for regulatory purposes.
17.18.8 It may be appropriate for a supervisor to consider transitional measures
when permitting insurers to use internal models for regulatory capital
purposes for their first time. Such measures will permit the necessary time
for both insurers and the supervisor to become familiar with the internal
models and their uses. For example, during a transition period, the
supervisor could include the use of partial internal modelling, to allow the
insurer to move gradually to full use of internal models or the supervisor
could require parallel reporting of regulatory capital determined by both
the internal model and standardised approach. The supervisor may also
consider applying a minimum capital level during the transition period.
17.18.9 The supervisor may need to impose additional capital requirements
(capital add-ons) or take other supervisory action to address any
identified weaknesses in an internal model, either prior to approving the
use of the model, as a condition on the use of the model or in the context
of a review of the ongoing validity of an internal model for regulatory
capital purposes. It may be necessary to introduce additional supervisory
powers, to allow such supervisory actions and measures, when internal
models are allowed for regulatory capital purposes by a supervisor.
17.18.10 Where an insurer which is a subsidiary of an insurance group seeks
approval for the use of an internal model which itself is part of a broader
“group model”, the supervisor of this subsidiary should conduct the
approval process in close co-operation with the group-wide supervisor. In
particular, the supervisor of the subsidiary should check the status of the
Public
“group model” and seek information from the group-wide supervisor about
its own approval process.
Supervisory reporting
17.18.11 For supervisory approval purposes, supervisors should require the

insurer to submit sufficient information for them to be able to approve the
use of the internal model for regulatory capital purposes and to give
confidence to the supervisor that the insurer is appropriately carrying out
its responsibility to manage its risks and protect the interests of
policyholders. This should include the results of analysis conducted
under the “statistical quality test”, “calibration test” and “use test”. While
supervisors should have the power to determine the exact nature and
scope of the information they require, supervisory reporting should be
appropriate to the nature, scale and complexity of an insurer's business.
17.18.12 The level of information on internal models necessary to allow meaningful
assessment by supervisors would be expected to include appropriate
information regarding the insurer's risk and capital management strategy
– for example, how the model is embedded into the insurer's governance
procedures, overall business strategy, operational procedures and risk
processes. An insurer should report details of the risks assessed by the
model, including how these are identified and measured, as well as
information on the results of the internal model analysis, the economic
capital derived from these results and how the results of the internal
model compare to those derived from the supervisory standardised
approach. 74
74Supervisors may consider that the comparison between the capital requirements from an internal
model and a supervisory standardised approach should only be required during a transition period.
Public
ICP 18 Intermediaries 75
The supervisor sets and enforces requirements for the conduct of insurance
intermediaries, in order that they conduct business in a professional and
transparent manner.
18.0.1 There is a diverse range of organisations and individuals carrying out

insurance intermediation, and channels through which this is undertaken.
In order to ensure consumer protection and to promote a level playing
field amongst these actors, this ICP applies to the supervision of those
conducting the activity of insurance intermediation. Some of the
Standards under this ICP apply to the supervision of the individuals
providing insurance intermediation services to customers. Other
Standards apply to the organisation within which the insurance
intermediation is carried out; where this is the case, it is made clear in the
corresponding guidance. Where an insurer’s direct sales staff solicit,
negotiate or sell insurance as employees of the insurer, the supervisor
would apply the relevant Standards to the insurer.
18.0.2 Some intermediaries do not have direct contact with the customer but act
with other intermediaries to place business with insurers (such as
wholesale intermediaries). Even though they do not necessarily deal
directly with the purchaser of insurance, they perform one of the functions
in the chain of soliciting, negotiating or selling insurance, and are within
the scope of this ICP.
18.0.3 Where the Standards under this ICP apply to the intermediary as an
organisation, the supervisor should hold those responsible for the
intermediary’s governance to account for implementation of the
requirements.
18.0.4 Individuals or organisations which only refer (or introduce) potential
customers to an insurer or insurance intermediary, without carrying out
insurance intermediation, are excluded from the scope of this ICP. Also
excluded from the scope are persons, such as tax advisers or
accountants, who in conducting another professional activity provide:
• advice on insurance cover on an occasional basis in the course
of that other activity; or
• information of a general nature on insurance products (without
advising on the choice of insurance product provider),
provided that the purpose of that professional activity is not to
intermediate an insurance contract.
18.0.5 Insurance intermediaries may also perform functions supplemental to
insurance intermediation, many of which may be described as outsourced
functions of the insurer. These supplemental functions may include
underwriting, premium collection, administration, management of

Public
insurance claims, loss adjusting and claims appraisal. These functions
are excluded from the IAIS definition of insurance intermediation.
However, in some jurisdictions these supplemental functions are included
in their definition of insurance intermediation. The outsourcing of
processes that are relevant to business conduct is addressed in other
ICPs (see ICP 19 Conduct of Business and – for insurers – ICP 8 Risk
Management and Internal Controls).
18.0.6 Insurance intermediation involves the interface between insurers and
customers. Effective assessment of the quality of insurance
intermediation to a large extent requires supervisory consideration of
policies, processes and procedures that relate to individual customer
relationships and individual transactions.
18.0.7 Where intermediaries are part of a group, the application of appropriate
policies and procedures on insurance intermediation should be consistent
across the group, recognising local requirements and specificities, and
should result in the fair treatment of customers on a group-wide basis.
Proportionality with regard to intermediaries
18.0.8 Intermediation systems and practices are closely linked with jurisdictions’
tradition, culture, legal regime and the degree of development of
insurance markets. For this reason, supervisory approaches to insurance
intermediation also tend to vary. Such diversity should be taken into
consideration in implementing this ICP in order to promote the fair
18.0.9 In implementing this ICP, the supervisor should take into account that
there are various business models ranging from sole traders to large
enterprises, including specialist wholesale or reinsurance intermediaries.
18.0.10 The nature of the customers with which an intermediary interacts and the
complexity of the products offered are also relevant to the supervisory
approach. Retail customers, in particular vulnerable consumers, have
different needs in terms of consumer protection than professional ones;
life products with an investment element are typically more complex than
general personal lines products.
18.0.11 In light of market diversity, in implementing this ICP, the supervisor should
consider focusing on the activity carried out by the intermediary, to ensure
consistency and minimise the opportunity for regulatory arbitrage.
18.0.12 Supervisors are faced with balancing the need for consumers to receive
an appropriate level of protection and the benefits of innovation and
competition. The supervisor should consider whether its licensing and
supervisory requirements impose unreasonable barriers to entry for small
or emerging intermediary businesses, or inhibit beneficial innovations,
and thereby limit the accessibility of insurance coverage to consumers.
Types of intermediaries
18.0.13 Intermediaries fall into two categories: i) acting primarily on behalf of the
insurer; or ii) acting primarily on behalf of the customer:
Public
• Where the intermediary acts primarily on behalf of the insurer
and sells products for, and on behalf of, one or more insurers,
they are often referred to as “agent” or “producer”.
Intermediaries may act for a single insurer (sometimes referred
to as “tied”) or several. The products they can offer may be
restricted by agency agreements with the insurer(s) concerned.
• Where the intermediary acts primarily on behalf of the customer,
the intermediary is independent of the insurer(s) whose
products he sells. Often referred to as “broker”, or “independent
financial adviser”, they are able to select products from those
available across the market.
18.0.14 Some supervisors do not distinguish between different intermediary
categories in legislation and instead supervise according to the activity
performed. In some jurisdictions, it may be possible for an intermediary
to have a different status depending on the customer relationship and the
product or service being offered. In others, an intermediary is prevented
from acting in any capacity other than the one in which it has been
licensed to do business, in order to avoid conflicts of interest.
18.0.15 Intermediary operations range from large international organisations to
local sole traders. Intermediary organisations sometimes operate as
independent enterprises or divisions of insurers or other financial
institutions, or as part of non-financial organisations. Insurance
intermediation may also be performed by digital means, such as website
and mobile phone applications.
18.0.16 Insurers use various distribution channels to market and sell insurance
products. These can include a variety of partners - such as car
dealerships, post offices, mobile phone operators, travel agents, other
financial institutions and other retailers - who offer insurance alongside or
as an add-on to the primary goods and services in which they trade. In
many cases the activities of these distribution channels would constitute
intermediation.
Intermediaries’ role in promoting public trust and confidence in the insurance sector
18.0.17 In most insurance markets, intermediaries serve as important distribution

channels of insurance. Their good conduct and professional competence
are essential to promote confidence in insurance markets.
18.0.18 It is in the interests of supervisors, in promoting fair, safe and stable
insurance markets, that the public has trust and confidence in the
insurance sector. Insurance intermediaries’ interface between consumers
and insurers gives them a key role in building and justifying this public
trust and confidence.
18.0.19 In some jurisdictions, intermediaries’ duty to act in a professional and
transparent manner is supported by professional bodies and other
interested organisations. Such organisations encourage, amongst other
things, the obtaining of professional qualifications, continuous
professional development, ethical behaviour, the fair treatment of
customers and better communication with the public. Such measures are
Public
aimed at enhancing public confidence in insurance intermediaries
through raising professional standards.
Intermediaries’ role in promoting financial awareness
18.0.20 Intermediaries can promote consumer protection by assisting consumers

to make better informed decisions about the products that they buy. This
helps to address a core consumer protection concern about asymmetries
of information between financial services product providers and the public
to whom the products are sold. The adoption of good conduct of business
practices by insurers and insurance intermediaries helps to ensure that
customers are sufficiently informed on the insurance products they are
considering buying, before concluding a contract.
18.0.21 Enhancing financial awareness is a further means of ensuring that
consumers are aware of the types of products available to them and
understand their purpose, how they work and their key features, including
cost. This understanding helps consumers to compare products and to
purchase insurance products that meet their needs. Enhanced financial
awareness can be achieved, for example, through formal education
initiatives and targeted awareness campaigns led by insurers and
intermediaries, individually or jointly.
18.0.22 The promotion of financial awareness may benefit consumers in
jurisdictions where consumer protection standards are weak or levels of
financial literacy are low. It is also especially important when dealing with
more complex financial products, particularly those with an investment
element.
18.0.23 Improved understanding by consumers of the terms and benefits they can
expect from insurance products may also lead to a reduction in
complaints against intermediaries or the insurers whose products they
sell.
18.0.24 Insurance intermediaries are not the only stakeholders in promoting the
financial awareness of consumers; governments, supervisors, social
interest organisations and insurers have a significant role to play in
consumer protection. Other stakeholders, using various communication
channels, are also able to play a significant role. Nevertheless,
intermediaries’ face-to-face dealings with their customers and marketing
of products to consumers place them in a position to contribute to
strengthening the financial awareness of the public on insurance matters.
Supervisors may therefore wish to encourage insurance intermediaries to
promote financial awareness.
18.0.25 A variety of means may be used by insurance intermediaries to promote
financial awareness, such as:
• explaining face-to-face the features of products in which
customers may be interested, which may be particularly
important where their interest is in complex or long term
contracts;
• providing references to specific websites or other reference
material which gives relevant information, or publishing such
material themselves;
Public
• making available, or suggesting other sources of, financial tools
such as on-line calculators which estimate premiums or
coverage levels; or
• participating in educational initiatives such as training seminars.
18.0.26 In undertaking financial education initiatives, intermediaries should
ensure that the personnel involved have sufficient knowledge for this
purpose and that material or tools provided are up to date, free from error
to the extent practicable, and easily understood. Such initiatives may
target specific audiences, such as vulnerable groups.
18.0.27 Intermediaries’ initiatives to promote financial awareness, where
conducted with professionalism, may help to enhance both their own
reputation and that of the insurance sector.
Additional ICPs applicable to the supervision of intermediaries
18.0.28 ICP 19 (Conduct of Business) addresses conduct of business supervision

in respect of both intermediaries and insurers, whereas this ICP
addresses other aspects of supervision that are specific to intermediaries.
Other ICPs that apply, generally or in part, to the supervision of
intermediaries are:
• ICP 21 Countering Fraud in Insurance; and
• ICP 22 Anti-Money Laundering and Combating the Financing of
Terrorism (AML/CFT).
Supervisory cooperation
18.0.29 In some jurisdictions, the supervision of insurance intermediaries is the

responsibility of a different authority than the insurance conduct of
business supervisory authority. Even where the same authority is
responsible for conduct of business and intermediary supervision, the
supervisory responsibilities are often undertaken within different
departments. Where different authorities or departments are involved, the
insurance intermediary supervisor should communicate, and cooperate
where possible, with other relevant authorities and departments to ensure
an understanding of all the risks relevant to their supervision of insurance
intermediaries.
18.1 The supervisor requires insurance intermediaries operating in its jurisdiction to
be licensed.
18.1.1 In some jurisdictions other terminology such as “authorisation” or
“registration”, are used in place of “licensing”. For the purposes of this
ICP these terms are collectively referred to as “licensing”.
18.1.2 The supervisor may choose to license intermediaries at the entity level or
the individual level, or both. In some jurisdictions insurance intermediation
activities carried out by the insurer’s direct sales staff or its authorised
representatives are covered by the insurer’s licence; in others these may
require separate intermediary licensing.
18.1.3 Where licensing is at the entity level the supervisor may consider whether
the entity has in place procedures to ensure that the individuals who
Public
conduct insurance intermediation under its responsibility meet
appropriate standards of professionalism and competence. The
supervisor may also wish to set its own requirements for approval of
individuals, within an insurance intermediary, who conduct intermediary
business.
18.1.4 Different types of insurance business involve different levels of complexity
and risks and may require different levels of skill and experience in their
intermediation. The supervisor may wish to specify in the licence the
range of intermediation activities that it permits the insurance
intermediary to undertake, taking into account, for example, the
intermediary’s proposed business plan and areas of expertise.
18.1.5 The licensing process should be designed to enable the supervisor to
reject a licence application where it considers that the applicant will be
incapable of delivering fair consumer outcomes or where it cannot be
effectively supervised. For these purposes the supervisor may require an
application, together with additional information that may depend on the
type of licence being applied for, and may include items such as:
• details of ownership, including all information necessary to
provide a full understanding of the insurance intermediary’s
ownership and control structure;
• a business plan, including details of proposed business and
financial projections;
• the proposed sources and method of capitalisation;
• information on personnel, in particular on proposed holders of
key functions;
• details of any significant third party service providers;
• details of the proposed auditor, where applicable;
• details of professional indemnity insurance cover, including
amount and limitations, or comparable guarantee, where
applicable;
• business continuity plans;
• if incorporated, relevant information on incorporation such as
memorandum and articles of association and certificate of
incorporation;
• details of policies, procedures and controls in key areas such
as:
− new business;
− client money;
− complaints;
− conflicts of interest;
− compliance;
− combating financial crime (including AML/CFT and
fraud); and
Public
• a copy of the policy and supporting documents that govern the
insurance intermediary’s conduct of business, or confirmation of
agreement to conduct of business rules published by the
supervisor.
The supervisor may require additional information to complete the
licensing process, upon request.
18.1.6 The supervisor may set minimum financial resource requirements, for
example, to discourage market entrants with insufficient financial
resources and to help ensure that existing licensees have sufficient
financial resources for business continuity purposes. Where this is the
case, such requirements might take into account factors such as the
nature of the business to be intermediated, whether the intermediary
operates client accounts, the level of any professional indemnity
insurance and the level of operating expenses, to ensure that an
appropriately risk-based financial resource requirement is set.
18.1.7 The supervisor should only issue a licence if the applicant meets the initial
licensing conditions.
18.1.8 In specific and limited circumstances, the supervisor may have the power
to make exceptions to certain licensing requirements. The supervisor
should ensure that any such exceptions do not encourage regulatory
arbitrage or increase the risk to consumers.
18.1.9 The supervisor should consider what licensing requirements are
applicable to intermediaries operating on a cross-border basis from
outside the jurisdiction. These requirements should be transparent to
consumers, as well as to intermediaries, so that they can make an
informed decision when choosing to deal with intermediaries from other
jurisdictions.
18.1.10 The supervisor may consider the possibility of issuing periodically
renewable licences. An advantage of doing so would be to ensure formal
periodic reassessment of compliance with the regulatory licensing
requirements.
18.2 The supervisor ensures that insurance intermediaries licensed in its jurisdiction
are subject to ongoing supervisory review.
18.2.1 The supervisor should require that initial licensing conditions, as
applicable, are maintained subsequent to the licence being issued and
that ongoing regulatory requirements are met. Where another authority is
responsible for setting the licensing requirements, the supervisor should
communicate, and cooperate where possible, with this authority.
18.2.2 The supervisor may choose to take a risk-based approach in reviewing
on a targeted basis whether insurance intermediaries fulfil their licensing
and conduct of business requirements on an ongoing basis. Under such
an approach, supervisory review should take into account the differing
size of intermediaries, their likely impact on the market and the riskiness
and complexity of their business.
18.2.3 In addition to monitoring ongoing compliance, the supervisor should
require that any breaches in licensing conditions or other supervisory
requirements are reported promptly.
Public
Direct supervision
18.2.4 Direct ongoing supervision may take various forms, both off-site
monitoring and on-site inspection, as necessary, as well as other
supervisory tools. Further information on this topic is available in ICP 9
Supervisory Review and Reporting, but may require adaptation to make
it appropriate for the specific nature of intermediary business. The
balance between off-site and on-site approaches will typically be
influenced by the number and nature of intermediaries in the market, as
well as the supervisor’s resources. The supervisor may take these factors
into account when determining the balance between a proactive and
reactive approach to ongoing supervision.
18.2.5 Off-site monitoring may include supervisory reporting, analysis of
complaints, thematic reviews and other forms of information. The
supervisor may specify information to be provided for off-site monitoring
purposes, including information to be reported routinely or on an ad-hoc
basis. Supervisory reporting requirements may include, but are not limited
to:
• financial statements, audited where applicable, or other
certification of the financial soundness of the intermediary;
• auditor’s management letter, where applicable;
• confirmation of professional indemnity cover (including
exclusions or limitations) or comparable guarantee;
• information on the sources of and placement of business;
• summary of movements on client money accounts, where
applicable;
• changes in key functions and significant owners;
• financial links with insurers and other intermediaries (such as
through related party structures or service contracts);
• types of products sold;
• business partners;
• staff compensation policy;
• incentive arrangements;
• claims data;
• complaints data; and
• details of advertising and marketing expenditure relating to
particular types of products or distribution channels.
18.2.6 Where the intermediary is an employee of the insurer, the supervisor may
determine that information provided by the insurer as part of the insurer’s
regular reporting responsibilities is sufficient, without requiring separate
reporting in respect of the intermediation activities conducted by the
employee of the insurer.
Public
18.2.7 The supervisor may also use regular formal meetings with intermediaries
as a means of supplementing these off-site and on-site processes and
procedures. Where appropriate, the supervisor may use other tools, such
as “mystery shopping”, to evaluate whether the implementation of
intermediaries’ internal policies and procedures is resulting in fair
outcomes for customers.
18.2.8 Where applicable, the supervisor should apply supervisory review
processes and procedures to insurance intermediaries at the level at
which licensing takes place (entity or individual level) or at the insurer
level. Reporting requirements in respect of an insurer’s direct sales staff
would be the responsibility of the insurer.
18.2.9 On-site inspections may consider areas such as:
• corporate governance and internal controls;
• procedures and controls for combating financial crime;
• review of client money accounts where applicable;
• review of customer files;
• review of complaints;
• review of disclosure to customers and terms of business
agreements;
• review of documentation of advice given and the reasons for that
advice; and
• other relevant elements such as the strategy, business activities
and business models, the treatment of customers, and
compliance with supervisory requirements.
18.2.10 Analysis of complaints may be a valuable source of information for the
supervisor, as well as for insurers and intermediaries, in identifying
possible risks of poor conduct in the area of insurance intermediation.
18.2.11 The supervisor may take a risk-based approach, where greater attention
is focused on higher risk areas. Examples include where:
• Insurance intermediation includes the provision of advice;
• the nature of the business intermediated is more complex;
• customers are less sophisticated; and
• there is an increased likelihood of conflicts of interest.
Indirect supervision
18.2.12 In some jurisdictions intermediaries are supervised indirectly through the
supervision of the insurers. The supervisor will need to take into account
the extent to which such an approach achieves effective supervision.
Regardless of the approach, it is ultimately the supervisor’s responsibility
that intermediaries are effectively supervised.
18.2.13 An indirect approach may be more appropriate for agency intermediation
rather than the broker model.
Public
18.2.14 Indirect supervision can relate to circumstances where the insurer relies
upon an intermediary to perform processes on its behalf. In such cases,
written agreements could be checked by the supervisor to assess the
respective responsibilities. For example, insurers are expected to obtain
appropriate documentation regarding their customers to demonstrate that
appropriate customer due diligence and/or fact-finding procedures have
been carried out. Insurers will be assessed on the adequacy of the
processes carried out and documentation obtained, including where the
insurer relies upon intermediaries to perform this work and supply the
documentation required.
18.2.15 Where the supervision of intermediaries is undertaken indirectly, the
supervisor should assess the insurer’s processes to monitor the work
undertaken by an intermediary on its behalf.
Self-regulatory organisations
18.2.16 A self-regulatory organisation (SRO) can be described as a non-
government organisation that has the power to create and enforce
industry or professional regulations and standards. The self-regulatory
functions of an SRO can contribute to the supervision of intermediaries
through the requirements for, and enforcement of, professional standards
for its members.
18.2.17 In jurisdictions with an SRO for intermediaries, the supervisor should
assess whether the SRO meets appropriate standards before placing any
reliance on the SRO’s self-regulatory functions. The supervisor’s
assessment should consider matters such as whether the SRO:
• has sufficient independence;
• has appropriate powers and resources to fulfil its mission and
provide effective self-regulation;
• performs its self-regulatory functions adequately;
• establishes and maintains standards that are sufficiently robust;
and
• takes appropriate action to deal with any shortcomings.
18.2.18 An SRO’s regulations and standards may not address all the aspects of
the supervision of insurance intermediaries for which the supervisor has
responsibility. Therefore, whilst the supervisor may choose to place some
reliance on the self-regulatory functions of an SRO, the supervisor should
retain overall responsibility for supervision.
Other
18.2.19 In addition to direct and indirect supervision of intermediaries, the

supervisor may use the supervision of insurers to gather information on
and, to some extent, monitor intermediaries’ activities. This may include,
for example, identifying whether particular intermediaries or particular
matters are the subject of regular or frequent complaints.
18.3 The supervisor requires insurance intermediaries to maintain appropriate levels
of professional knowledge and experience, integrity and competence.
Public
Professional knowledge and experience
18.3.1 It is important that individuals carrying out the activity of insurance

intermediation have adequate professional knowledge. Professional
knowledge can be gained from experience, education and/or training.
The attainment of relevant professional qualifications may demonstrate
that a certain level of professional knowledge has been achieved.
18.3.2 The supervisor should require that individuals carrying out the activity of
insurance intermediation have professional knowledge and experience
appropriate for the business which they intermediate. More complex
products or customer needs may require higher or more specialised
knowledge and experience. The knowledge and experience of individuals
should also be appropriate for the type of business being intermediated.
Once professional qualifications have been achieved, it is important that
individuals who continue to carry out the activity of insurance
intermediation keep their professional knowledge up to date. In some
jurisdictions, there are supervisory or statutory requirements that
individuals carrying out the activity of insurance intermediation should
spend a specified minimum amount of time on continuous professional
development. In some jurisdictions, professional bodies impose such a
requirement on their members.
18.3.3 The supervisor may consider recognising the qualifications of specified
professional bodies. Where a jurisdiction has no such professional body,
consideration could be given to encouraging or recognising qualifications
obtained through professional bodies in other jurisdictions. The
supervisor may also consider recognising such qualifications where these
are considered to be equivalent to, or exceed, the qualifications available
within the jurisdiction.
18.3.4 Intermediaries should be knowledgeable regarding the status of the
insurers whose products they sell. For example, they should be satisfied
that the insurer is licensed to sell insurance in the relevant jurisdiction, as
a branch or subsidiary, and should be aware of the financial status and
credit rating of the insurer and the applicability of any policyholder
protection schemes to that insurer’s products.
Integrity
18.3.5 It is essential that those carrying out the activity of insurance

intermediation act with integrity and high ethical standards. These relate
to the behaviour of the individuals concerned, such as:
• being honest, trustworthy and open;
• being reliable, dependable and respectful;
• not taking unfair advantage;
• not accepting or offering gifts where this might imply an improper
obligation.
18.3.6 The supervisor may require individuals carrying out the activity of
insurance intermediation to be subject either to their organisation’s
Public
internal policies and procedures, or to the ethical standards of
professional bodies, that require integrity.
18.3.7 The supervisor may establish its own expectations on integrity through,
for example, the publication of codes of conduct with which such
individuals are required to comply. Codes of conduct should be
complementary to the relevant legislation and may address any aspect of
dealings between insurance intermediaries and their customers.
18.3.8 Intermediary organisations should have procedures to assess the
integrity of those intermediating on their behalf. Such procedures should
include pre-employment checks as well as ongoing requirements. Pre-
employment checks should include, amongst other things, employment
history, any civil liability, criminal convictions, administrative actions by
regulatory agencies and self-regulatory organisations, or pending legal
proceedings.
Competence
18.3.9 The supervisor should require individuals carrying out the activity of
insurance intermediation to act only in respect of business for which they
have the required competence.
18.3.10 The supervisor should require insurance intermediaries to implement
policies and procedures to assess the competence of individuals carrying
out the activity of insurance intermediation. Assessment would be
particularly important in the case of new employees or where staff are
assigned different or more challenging responsibilities. Competence
should also be monitored as an ongoing process for all relevant staff. This
may include actions such as:
• observed interviews with customers;
• review of customer files;
• internal interviews; and/or
• coaching.
18.3.11 An on-site inspection may provide an opportunity for the supervisor to
assess competence, such as through file reviews and interviews of
selected staff.
Role of professional standards
18.3.12 SROs and other professional bodies can be instrumental in promoting

professional standards where they issue standards or codes with which
their members are required to comply. Standards required by relevant
SROs or other professional bodies might include areas such as:
• acting with high ethical standards and integrity;
• acting in the best interests of each client;
• providing a high standard of service; and
• treating customers fairly.
Public
18.3.13 Members of an SRO or other professional body who are found to be in
breach of its professional standards may be subject to disciplinary
procedures such as suspension of, or exclusion from, membership.
18.3.14 In jurisdictions where there is reliance on the membership of a
professional body, the supervisor may consider confirming that such a
body has an effective disciplinary scheme in force. The supervisor may
nevertheless decide not to depend on such professional processes
entirely and deal with issues of an individual’s professional conduct
directly.
18.4 The supervisor requires that insurance intermediaries apply appropriate
governance.
18.4.1 An insurance intermediary’s governance framework may vary, depending
upon the nature and scale of the intermediary and the complexity of its
business, and may be subject to general company law. However, each
intermediary’s governance framework should be sufficient to provide for
sound and prudent management of the business and to support the fair
18.4.2 In setting relevant governance requirements the supervisor should
consider the application of such requirements to sole traders and small
businesses operating as insurance intermediaries. Such requirements for
sole traders and small businesses will differ from those for larger entities.
Key areas where requirements may vary include internal controls,
segregation of duties, and compliance functions. Regardless, the
supervisor should be satisfied that a sound level of governance is
achieved and that there are no unacceptable risks, with the overriding
objective that customers are appropriately protected.
18.4.3 Good governance may be promoted by the supervisor, as well as other
authorities, professional bodies and SROs, by publishing guidance (for
example, a Code of Practice) for insurance intermediaries on their
obligations in respect of governance-related matters. Guidance that may
help intermediaries meet governance requirements may include matters
such as:
• ensuring that those responsible for the intermediary
organisation’s governance have the competence and integrity to
fulfil their respective roles;
• ensuring appropriate standards for conduct of business;
• ensuring there is regular monitoring of consumer outcomes;
• ensuring that the making of key decisions is subject to sufficient
discussion at Board level or with key persons in control functions
as appropriate;
• ensuring adequate human resources to conduct the business;
• ensuring an appropriate level of internal controls of the
business;
• ensuring appropriate disciplinary policies and procedures for
wrongdoing are in place;
Public
• maintaining adequate files and records and ensuring their
availability for inspection;
• maintaining appropriate controls over outsourced functions; and
• compliance with all relevant legislation, including non-insurance
legislation such as in respect of anti-money laundering, fraud,
etc.
18.4.4 Relevant to governance, intermediaries are required to establish and
implement policies and procedures on the fair treatment of customers that
are an integral part of their business culture (see Standard 19.2).
18.4.5 The governance of an insurer’s direct sales staff is the responsibility of
the insurer, and the governance of insurers is the subject of ICP 7
Corporate Governance. Although ICP 7 is otherwise not directly
applicable to intermediaries, it may be a useful source of information for
intermediary supervisors.
18.5 The supervisor requires insurance intermediaries to disclose to customers, at a
minimum:
• the terms and conditions of business between themselves and the
customer;
• the relationship they have with the insurers with whom they deal; and
• information on the basis on which they are remunerated where a
potential conflict of interest exists.
18.5.1 In addition to disclosing matters relating to intermediaries themselves,
intermediaries are required to disclose information on insurance products
offered to customers (see Standards 19.5 and 19.6).
18.5.2 In setting disclosure requirements, the supervisor may take into account
that there are differences in:
• the nature of different insurance products;
• the level of sophistication of different customers; and
• the way in which different types of insurance are transacted (for
example, differences between commercial and personal (retail)
lines).
The nature, timing and detail of disclosures may differ according to the
circumstances. Nevertheless, disclosure requirements should provide
adequate information to customers, taking into account these factors.
Terms of business
18.5.3 A terms of business agreement may be a convenient means by which an

insurance intermediary can provide important information to a customer
and satisfy many of the disclosure requirements. Such a document may
include information such as:
• by whom they are licensed and supervised;
• the type of business for which they are licensed;
Public
• whether they are independent or act on behalf of one or more
insurers;
• information on the basis on which they are remunerated;
• the services provided, including whether they offer products
from a full range of insurers, from a limited range or from a single
insurer;
• charging arrangements for the intermediation services;
• cancellation rights in respect of the intermediation services;
• notification of complaints;
• client money arrangements, including treatment of interest;
• confidentiality of information provided; and
• the relevant law governing the agreement.
18.5.4 Insurance intermediaries should provide information on terms of business
to customers and do so prior to an insurance contract being entered into.
Where there is an ongoing business relationship between an intermediary
and a customer, or once terms of business information has initially been
provided in the case of policy renewals, the intermediary should review
whether reiterating this information is necessary. Further information on
terms of business might only be necessary where there are changes to
the terms.
18.5.5 When insurance cover needs to be arranged immediately it may not be
possible to provide documentation of terms of business at the point of
arranging the contract. In such situations the information may be provided
orally and followed up with written documentation within a reasonable
period of time.
18.5.6 The supervisor may recommend, or require, that a copy of the terms of
business, signed by the customer, is retained as part of the insurance
intermediary’s records. Where insurance is intermediated over the
internet, the customer may be required to acknowledge the terms of
business before a policy can be proceeded with. Electronic records
should also be retained by the intermediary.
Intermediary status
18.5.7 An insurance intermediary’s status may provide information to a customer

on the extent of products from which recommendations are made and
provide an indication of potential conflicts of interest. Where the insurance
intermediary is only able to select products from a single insurer or from
a limited range, the customer may wish to carry out their own research to
see whether they can obtain better terms or a more suitable product
elsewhere in the market.
18.5.8 It is particularly important that insurance intermediaries provide
customers with information on their relationship with the insurers with
whom they deal, specifically whether they are independent or act for one
or more insurance companies, and whether they are authorised to
conclude insurance contracts on behalf of an insurer or not.
Public
18.5.9 Potential conflicts of interest can arise for some intermediaries if the
intermediary is part of a wider group or if the intermediary has a financial
interest, such as a shareholding, in an insurer or insurance group. Such
relationships should be disclosed to customers.
18.5.10 Information on the insurance intermediary’s status may be provided as
part of a terms of business agreement or separately. Because of its
importance, this information may also be highlighted verbally to the
customer.
Remuneration
18.5.11 Insurance intermediaries are generally remunerated by way of fees and

commissions, such as:
• fees paid directly by the customer;
• fees or commissions paid indirectly by the customer, by way of
deduction from premiums or funds invested; or
• fees or commissions paid by the insurer.
18.5.12 Where insurers’ direct sales staff carry out insurance intermediation as
employees of the insurer, they may be salaried as well as receive any
applicable commission.
18.5.13 Information on charging structures may be important information to
customers. For example, for insurance products with an investment
element, information on any fees or other costs deducted from the initial
amount invested, as well as on fees or commissions deducted from the
investment thereafter will be important.
18.5.14 Information on charging may be provided as part of a terms of business
agreement, or separately. As fees and commissions vary by product and
between product providers, they may need to be provided separately for
each product recommended, often by inclusion in product documentation.
Given their significance to some types of product, this information might
also be highlighted verbally to the customer.
18.5.15 The supervisor may also require that, upon a customer’s request to the
intermediary, the customer is provided with further information on fees
and commissions, including the level of fees and commissions. The
intermediary should make the customer aware of his/her right to request
information on fees and commissions. Communication should be clear
and not misleading. In view of the impact of fees and commissions upon
insurance products with an investment element, the supervisor may
require that disclosure of fees and commissions is provided to customers
prior to contracts being entered into in respect of all such products.
18.5.16 Some forms of remuneration of insurance intermediaries potentially lead
to a conflict of interest. For example, an intermediary may be tempted to
recommend a product which provides higher fees or commissions than
another. Potential conflicts of interest for intermediaries may exist in a
variety of circumstances (see ICP 19 Conduct of Business).
18.5.17 The supervisor should be satisfied that the intermediary has robust
procedures in place to identify and avoid, or manage, conflicts of interest,
Public
and deliver outcomes aligned with customers’ best interests. Where they
cannot be avoided, or managed satisfactorily, this would result in the
intermediary declining to act. Conflicts of interest may be managed or
avoided in different ways depending on the nature and severity of the
conflict of interest (discussed further in Application Paper on Supervising
the Conduct of Intermediaries).
Additionally, circumstances in which conflicts of interest may arise may
be covered in the codes of conduct issued by SROs or other professional
bodies.
18.5.18 The supervisor should be aware of the use of non-monetary benefits,
including, for example, “soft” commissions, offered by insurers to
intermediaries. These may include less tangible inducements such as
professional support, IT support, or corporate entertainment at sporting
or cultural events. Such inducements may lead to conflicts of interest and
are less transparent than fees or commissions and also need to be
avoided, managed or prohibited as appropriate.
18.6 The supervisor requires an insurance intermediary who handles client monies
to have safeguards in place to protect these funds.
18.6.1 In the course of carrying out its business, an insurance intermediary may:
• receive monies from a client for the payment of premiums to an
insurer; and/or
• receive monies from an insurer in respect of claims or refunded
premiums for onward payment to a client.
18.6.2 Some jurisdictions have specific legal requirements in respect of the cash
flows where monies are transferred via an intermediary from the customer
to the insurer, and vice versa, including in determining whether the
customer or the insurer is at risk in respect of such funds.
18.6.3 Where funds are held at the risk of the client, they may be referred to as
“client monies” or “client’s money”. The intermediary should have
adequate policies and procedures in place for the safeguarding of such
funds in the interests of their customers.
18.6.4 In some jurisdictions, premiums are deemed to have been paid to the
insurer as soon as the customer pays premiums to the intermediary. In
these circumstances the insurer, rather than the customer, bears the risk
of allowing intermediaries to collect premiums on its behalf.
18.6.5 The supervisor may require that an insurance intermediary’s client money
policies and procedures cover matters such as the following:
• client accounts are separate and clearly distinguishable from the
intermediary’s own bank accounts;
• client accounts are held with licensed banks within the
jurisdiction, or specified other jurisdictions;
• disallowing monies other than client monies within the account,
except in specific circumstances such as to achieve or maintain
a minimum balance, to receive interest, or to receive
commission due to the intermediary;
Public
• monies are paid into the account promptly;
• adequate financial systems and controls are maintained,
including authorisation of payments from the account;
• adequate books and records are maintained and subject to
audit;
• reconciliations are performed on a regular basis and reviewed;
• discrepancies on the account are followed up promptly and
resolved satisfactorily;
• for each client, payments from a client account are not made
before sufficient monies paid into the account have cleared, thus
ensuring that any balance held in respect of each client is not
negative; and
• the treatment of interest.
18.6.6 In the interest of safeguarding clients’ money, it is important that client
accounts cannot be used to reimburse creditors of the insurance
intermediary.
18.6.7 Where insurance intermediaries operate client accounts, the supervisor
may require that the terms and conditions of such accounts are disclosed
to their customers, including whether funds held in such accounts are at
the risk of clients or at the risk of the insurer.
18.7 Where appropriate, the supervisor takes supervisory measures against licensed
insurance intermediaries.
18.7.1 The supervisor should initiate measures to prevent or respond to poor
conduct or breaches of regulatory requirements by an intermediary, with
a view to mitigating adverse outcomes for customers. Where necessary,
the supervisor may use sanctions.
18.7.2 The supervisory framework should allow for the exercise of judgement
and discretion, and provide flexibility in the use of preventive measures,
corrective measure and sanctions.
18.7.3 In some instances, the supervisor may need to work with other relevant
authorities or bodies in order to take or enforce supervisory measures or
sanctions against an intermediary.
Preventive measures
18.7.4 Where the supervisor assesses that there may be a significant risk of an
insurance intermediary breaching supervisory requirements or to
consumer or policyholder interests in general, it should require insurance
intermediaries to take appropriate measures to mitigate both market-wide
risks as well as risks from specific entities or individuals.
18.7.5 In this regard, the supervisor may take proactive measures, such as
publishing guidance on good practices or warnings to the industry or
consumers.
Corrective measures
Public
18.7.6 Where the insurance intermediary fails to meet supervisory requirements,
or where consumers may otherwise be at risk, the supervisor should
require corrective measures to be taken by the insurance intermediary.
This may occur, for example, where:
• there is evidence of unfair treatment;
• required information is not provided to customers;
• policies and procedures are inadequate (particularly where this
results in inadequate due diligence work);
• internal controls, file keeping or documentation are inadequate;
• conflicts of interest are not adequately identified or managed; or
• there are concerns over business continuity.
18.7.7 Supervisory measures should apply at either the entity level or individual
level, as appropriate. These may include, for example:
• requiring the implementation of enhanced policies and
procedures;
• requiring further training;
• restricting business activities;
• suspending or barring specific individuals from engaging in
intermediary business or being responsible for the corporate
governance of an intermediary organisation; or
• suspending, revoking or not renewing the licence.
Sanctions
18.7.8 Where appropriate, the supervisor should impose sanctions on entities or

individuals. The range of sanctions may include, for example:
• imposing fines;
• barring individuals from acting in key roles or holding similar
roles in the future; or
• requiring remediation, including compensation to policyholders
where appropriate.
18.7.9 Sanctions imposed should be commensurate with the nature and severity
of the shortcomings. Minor offences may be dealt with through oral or
written communications with the intermediary’s management and then
followed up, whereas more significant deficiencies may warrant
immediate or more significant action.
18.7.10 Jurisdictions should provide due process for an intermediary to appeal
supervisory measures.
18.8 The supervisor checks that the intermediary is taking the measures required and
escalates such measures if its concerns are not being addressed.
18.8.1 The supervisor should review the results of measures that it has required
of an intermediary and the effectiveness of the actions taken.
Public
18.8.2 If the action taken by the intermediary does not adequately address the
supervisor’s concern, the supervisor should require further measures.
18.8.3 Supervisory measures should be escalated in line with the supervisor’s
concern about the intermediary and the risk to consumers.
18.9 The supervisor takes measures against individuals or entities that conduct
insurance intermediation without the necessary licence.
18.9.1 The supervisor should have in place mechanisms to identify when
unlicensed insurance intermediation is being carried out. Examples of
such mechanisms include monitoring media and advertising, review of
consumer complaints and encouraging industry and other stakeholders
to notify the supervisor of suspicious activity.
18.9.2 When unlicensed insurance intermediation is identified, the supervisor
should act to address the issue. Examples include seeking court orders
to require the unlicensed individual or entity to stop the activity, informing
law enforcement authorities of criminal and/or civil concerns, and
publicising the fact that the individual/entity is not licensed to conduct
insurance intermediation.
Public
ICP 19 Conduct of Business 76
The supervisor requires that insurers and intermediaries, in their conduct of
insurance business, treat customers fairly, both before a contract is entered into
and through to the point at which all obligations under a contract have been
satisfied.
19.0.1 Requirements for the conduct of insurance business help to:

• protect policyholders and promote fair consumer outcomes;
• strengthen public trust and consumer confidence in the
insurance sector;
• minimise the risk of insurers and intermediaries following
business models that are unsustainable or pose reputational
risk, thereby complementing the risk management framework of
a solvency regime; and
• support a sound and resilient insurance sector by creating level
playing fields in terms of the basis on which insurers and
intermediaries can compete while maintaining business
practices that support the fair treatment of customers.
19.0.2 Fair treatment of customers encompasses achieving outcomes such
as:
• developing, marketing and selling products in a way that pays
due regard to the interests and needs of customers;
• providing customers with information before, during and after
the point of sale that is accurate, clear, and not misleading;
• minimising the risk of sales which are not appropriate to
customers’ interests and needs;
• ensuring that any advice given is of a high quality;
• dealing with customer claims, complaints and disputes in a fair
and timely manner; and
• protecting the privacy of information obtained from customers.
19.0.3 Conduct of business, including business practices, is closely linked with
jurisdictions’ tradition, culture, legal regime and the degree of
development of the insurance sector. For this reason, supervisory
approaches to the conduct of business also tend to vary. Such diversity
should be taken into consideration in implementing this ICP, and
related standards and guidance material, in order to achieve the
outcome of fair treatment of customers. The fair treatment of customers

Public
encompasses concepts such as ethical behaviour, acting in good faith
and the prohibition of abusive practices.
19.0.4 Requirements for the conduct of insurance business may differ
depending on the nature of the customer with whom an insurer or
intermediary interacts and the type of insurance provided. The scope
of requirements for conduct of insurance business should reflect the
risk of unfair treatment of customers, taking into account the nature of
the customer and the type of insurance provided.
19.0.5 As part of assessing the fulfilment of requirements for conduct of
insurance business, the supervisor should consider the consumer
outcomes that are being achieved under these requirements. This
includes consumer outcomes that arise due to industry-wide – as well
as firm-specific – factors.
19.0.6 Supervisors may wish to issue guidelines or rules on their expectations
to help insurers and intermediaries achieve fair treatment of customers.
In addition, the supervisor could support industry guidelines or best
practices with this objective.
19.0.7 Detailed conduct of business rules may not be appropriate for
reinsurance transactions, where benefits under a policy are not
affected by the reinsurance arrangements (see ICP 13 Reinsurance
and Other Forms of Risk Transfer). Nonetheless, this does not relieve
insurers and reinsurers of their duty to provide each other with complete
and accurate information.
Respective responsibilities
19.0.8 The insurer has a responsibility for good conduct throughout the
insurance life-cycle, as it is the insurer that is the ultimate risk carrier.
However, where more than one party is involved in the design,
marketing, distribution and policy servicing of insurance products, the
good conduct in respect of the relevant service(s) is a shared
responsibility of those involved.
19.0.9 Intermediaries typically play a significant role in insurance distribution
but may also be involved in other areas. Their interface between
customers and insurers gives them a key role, and their good conduct
in performing the services in which they are involved is critical in
building and justifying public trust and confidence in the insurance
sector.
19.0.10 Insurers sometimes outsource specific processes, such as claims
handling, to third parties (including intermediaries). Where an insurer
outsources processes, the insurer should only deal with third parties
whose policies, procedures and processes are expected to result in fair
treatment of customers; the insurer retains ultimately responsibility for
those functions.
Cross-border and group considerations
Public
19.0.11 Legislation should provide requirements with which insurers and
intermediaries must comply, including foreign insurers and
intermediaries selling products on a cross-border basis.
19.0.12 Effective assessment of the quality of conduct of insurance business
requires, to a large extent, supervisory consideration of strategies,
policies, processes, procedures and controls that apply to the provision
of insurance products and services to customers, and which are more
easily assessed through supervision at the insurance legal entity,
rather than group, level.
19.0.13 Where insurance legal entities are part of an insurance group, the
application of appropriate policies and procedures on conduct of
business should be consistent across the group, recognising local
requirements and specificities, and should result in the fair treatment of
customers on a group-wide basis. In addition, there are a number of
other group-related aspects that are relevant to the supervision of
conduct of business by insurers and intermediaries, such as:
• public disclosure by the supervisor of the regulatory
requirements in respect of the offering of cross-border
insurance;
• disclosure to customers of the group to which an underwriter
belongs; and
• the potential risks from group entities that could affect policies
being sold or administered.
The supervisor should consider the implications arising from group
structures in applying the Standards of this ICP.
Supervisory cooperation
19.0.14 Supervisors should be aware of the conduct of business requirements

set by the regulators of other financial services sectors with a view to
minimising unnecessary inconsistencies, possible duplication and the
potential for regulatory arbitrage.
19.0.15 In some jurisdictions responsibility for the supervision of insurers or
intermediaries is shared between more than one authority, or between
different departments within a single authority, with different authorities
or departments responsible for conduct and prudential supervision.
Where this is the case, the relevant authorities or departments should
communicate, and cooperate where possible, to ensure that there is an
understanding of all the relevant risks.
19.0.16 The supervisor should also consider having in place adequate
coordination arrangements to deal with conduct of business issues
arising in cross-border business.
Fair treatment of customers
19.1 The supervisor requires insurers and intermediaries to act with due skill, care
and diligence when dealing with customers.
Public
19.1.1 The supervisor should require insurers and intermediaries to have
policies and procedures in place to achieve this outcome, including
taking appropriate measures to ensure that their employees and agents
meet high standards of ethics and integrity.
19.2 The supervisor requires insurers and intermediaries to establish and implement
policies and procedures on the fair treatment of customers, as an integral part
of their business culture.
19.2.1 Supervisors should require insurers and intermediaries to have policies
and procedures in place to achieve the fair treatment of customers and
should monitor whether such policies and procedures are adhered to.
19.2.2 Proper policies and procedures dealing with the fair treatment of
customers are likely to be particularly important with respect to retail
customers, because of the greater asymmetry of information that tends
to exist between the insurer or intermediary and the individual retail
customer.
19.2.3 Supervisory requirements with respect to fair treatment of customers
may vary depending on the legal framework in place in a particular
jurisdiction. The desired outcome of fair treatment of customers may be
achieved through a variety of approaches, with some jurisdictions
favouring a principles-based set of requirements, some favouring a
rules-based approach, and others following some combination of
approaches.
19.2.4 Ensuring the achievement of fair outcomes for customers will tend to
require that insurers and intermediaries adopt the fair treatment of
customers as an integral part of their business culture, and that policies
and procedures to support this objective are properly embedded in the
organisation. Embedding a culture of fair treatment of customers may
include the following:
• Strategy: Fair treatment of customers should be an objective
taken into consideration in the design of the business strategy,
product design, product distribution, and product performance.
• Leadership: Overall responsibility for fair treatment of customers
should be at the level of the Board and Senior Management,
who should design, implement, and monitor adherence to,
policies and procedures aimed at ensuring that customers are
treated fairly. This sets the tone for the business.
• Decision making: All decisions that impact on customers should
be subject to particular scrutiny in terms of whether they support
the fair treatment of customers.
• Internal controls: Monitoring the fair treatment of customers
requires relevant management information to be identified,
collected and evaluated. Internal reports should include the
most useful information and indicators to allow the Board and
Senior Management to measure the insurer’s or intermediary’s
performance with respect to fair treatment of customers.
Mechanisms and controls should be established to ensure that
departures from policies and procedures as well as other
Public
situations that jeopardise the interests of customers, are
promptly remedied.
• Performance management: Appropriate attention should be
paid to the recruitment of staff and agents who meet high
standards of ethics and integrity. Relevant staff should be
trained to deliver appropriate outcomes in terms of fair treatment
of customers. Evaluation of performance should include the
contribution made to achieving these outcomes. There should
be appropriate performance management consequences for
staff who fail to meet these standards.
• Reward: Remuneration and reward strategies should take
account of the fair treatment of customers. Reward structures
need to reflect quality issues and not encourage or reward the
unfair treatment of customers. Remuneration structures that
create conflicts of interest may lead to poor customer outcomes.
19.2.5 Insurers’ and intermediaries’ strategies, policies and procedures
dealing with the fair treatment of customers should be made available
to the supervisor. The supervisor should encourage insurers and
intermediaries to make relevant policies and procedures publicly
available as good practice, in particular their claims handling,
complaints handling and dispute resolution policies and procedures.
19.3 The supervisor requires insurers and intermediaries to avoid or properly
manage any potential conflicts of interest.
19.3.1 In their dealings either with each other or with customers, insurers and
intermediaries may encounter conflicts of interest.
19.3.2 Where conflicting interests compete with duties of care owed to
customers, they can create risks that insurers and intermediaries will
not act in customers’ best interests. Conflicts of interest can arise from
compensation structures as well as other financial and non-financial
incentives.
19.3.3 Where compensation structures do not align the interests of the insurer
and intermediary, including those of the individuals carrying out
intermediation activity, with the interests of the customer, they can
encourage behaviour that results in unsuitable sales or other breach of
the insurer’s or intermediary’s duty of care towards the customer.
19.3.4 Other incentives that may create a conflict of interest include
performance targets or performance management criteria that are
insufficiently linked to customer outcomes. They also include the
soliciting or accepting of inducements where this would conflict with the
insurer’s or intermediary’s duty of care towards its customers.
19.3.5 An inducement can be defined as a benefit offered to an insurer or
intermediary, or any person acting on its behalf, incentivising that
firm/person to adopt a particular course of action. This can include, but
is not limited to, cash, cash equivalents, commission, goods and
hospitality. Where intermediaries who represent the interests of
customers receive inducements from insurers, this could result in a
conflict of interest that could affect the independence of advice given
by them.
Public
19.3.6 As an insurance intermediary interacts with both the customer and the
insurer, an intermediary is more likely than an insurer to encounter
conflicts of interest. For an insurance intermediary, examples of where
a conflict of interest may occur include:
• where the intermediary owes a duty to two or more customers
in respect of the same or related matters – the intermediary may
be unable to act in the best interests of one without adversely
affecting the interests of the other;
• where the relationship with a party other than the customer
influences the advice given to the customer;
• where the intermediary is likely to make a financial gain, or avoid
a financial loss, at the expense of the customer;
• where the intermediary has an interest in the outcome of a
service provided to, or a transaction carried out on behalf of, a
customer which is distinct from the customer’s interest;
• where the intermediary has significant influence over the
customer’s decision (such as in an employment relationship)
and the intermediary’s interest is distinct from that of the
customer;
• where the intermediary receives an inducement to provide a
service to a customer other than the standard or “flat” fee or
commission for that service; and
• where the intermediary has an indirect interest in the outcome
of a service provided to, or a transaction carried out on behalf
of, a customer due to an association with the party that directly
benefits (such as soliciting insurance products which are sold
together with other financial services in a bancassurance
relationship) and where such indirect interest is distinct from the
customer’s interest (such as the cross-selling or self-placement
of business).
19.3.7 The supervisor should require that insurers and intermediaries take all
reasonable steps to identify and avoid or manage conflicts of interest,
and communicate these through appropriate policies and procedures.
19.3.8 Appropriate disclosure can provide an indication of potential conflicts
of interests, enabling the customer to determine whether the sale may
be influenced by financial or non-financial incentives. It can thus help
in managing conflicts of interest where it empowers consumers to
identify and challenge or avoid potentially poor advice or selling that
may arise through the conflict of interest. However, managing conflicts
of interest through disclosure or obtaining informed consent from
customers, has limitations, including where the customer does not fully
appreciate the conflict or its implications, and could be seen to place
an unreasonable onus on the customer.
19.3.9 Where conflicts of interest cannot be managed satisfactorily, this
should result in the insurer or intermediary declining to act. In cases
where the supervisor may have concerns about the ability of insurers
Public
and intermediaries to manage conflicts of interest adequately, the
supervisor may consider requiring other measures.
19.4 The supervisor requires insurers and intermediaries to have arrangements in
place in dealing with each other to ensure the fair treatment of customers.
19.4.1 The supervisor should require insurers to conduct business only with
intermediaries that are licensed, and to verify that the intermediaries
under such arrangements have the appropriate knowledge and ability
with which to conduct such business.
19.4.2 The supervisor may require insurers to report any significant issues of
which they become aware and have transparent mechanisms to handle
complaints against intermediaries. This might include identifying
whether particular intermediaries or particular matters are the subject
of regular or frequent complaints. Documentation on this will enable
insurers to report recurring issues to the supervisor where the matters
identified may be relevant to the supervisor’s assessment of the
intermediaries concerned.
19.4.3 Supervisory measures to prevent or respond to a breach of regulatory
requirements by an intermediary may include action against insurers in
the case of direct sales or where an insurer knowingly cooperates with
an intermediary that is in breach of its regulatory requirements.
19.4.4 Insurers and intermediaries should ensure that written agreements are
established in respect of their business dealings with each other, to
clarify their respective roles and promote the fair treatment of
customers. Such agreements would include, where relevant,
respective responsibilities on matters such as:
• product development;
• product promotion;
• the provision of pre-contractual and point of sale information to
customers;
• post-sale policy servicing;
• claims notification and handling;
• complaints notification and handling;
• management information and other documentation required by
the insurer;
• remedial measures; and
• any other matters related to the relationship with customers.
Product development and pre-contractual stage
19.5 The supervisor requires insurers to take into account the interests of different
types of consumers when developing and distributing insurance products.
19.5.1 This can be achieved through a product approval approach, a
“principles-based” approach or a combination of both. In a product
approval approach, the supervisor requires insurers to submit
insurance product proposals for supervisory review and approval prior
Public
to product launch. In a “principles-based” approach, the onus is placed
on the insurer’s Board and Senior Management to ensure that products
and distribution strategies are developed in accordance with the
principles.
19.5.2 In some cases, product development is undertaken by intermediaries
on behalf of insurers for whom they act. In such cases, the
intermediaries involved are responsible for taking customers’ interests
and needs into account in performing this work. Nevertheless, the
insurer should retain oversight of, and remains accountable for, the
development of its products and its distribution strategies.
Product approval approach
19.5.3 Where supervisors have the power to approve contract conditions or

pricing, the approval process should balance the protection of
customers against the potential benefits to customers of innovation and
choice in insurance products. For example, supervisory approval of
contract conditions or pricing is likely to be more appropriate in certain
circumstances, such as where the insurer is dealing with less
financially-capable or vulnerable customers, where products are new
to the market or complex, or insurance contracts that are required by
law such as automobile liability insurance or health insurance.
19.5.4 In such situations the supervisor may review products for compliance
with things such as:
• mandated policy limits;
• coverage of specified risks, procedures or conditions;
• absence of prohibited exclusions; and
• compliance with specifically required policy language.
Principles-based approach
19.5.5 Where supervisors follow a more principles-based approach,

supervisors may issue guidance in terms of what is expected of
insurers and intermediaries. This may include the following:
• Development of products and distribution strategies should
include the use of adequate information to assess the needs of
different consumer groups.
• Product development (including a product originating from a
third party) should provide for a thorough assessment of the
main characteristics of a new product and of the related
disclosure documents by every appropriate department of the
insurer.
• Before bringing a product or service to the market, the insurer
should carry out a diligent review and testing of the product in
relation to its business model, the existing rules and regulations
and its risk management approach. In particular, the policies,
procedures and controls put into place should enable the insurer
to:
Public
− offer a product that delivers the reasonably expected
benefits;
− target the consumers for whose needs the product is
likely to be appropriate, while preventing, or limiting,
access by consumers for whom the product is likely to
be inappropriate;
− ensure that distribution methods are appropriate for the
product, particularly in light of the legislation in force and
whether or not advice should be provided;
− assess the risks resulting from the product by
considering, among other things, changes associated
with the environment or stemming from the insurer’s
policies that could harm customers; and
− monitor a product after its launch to ensure it still meets
the needs of target customers, assess the performance
of the various methods of distribution used with respect
to sound commercial practices and, if necessary, take
the necessary remedial action.
• Insurers should provide relevant information to intermediaries to
ensure that they understand the target market (and thus reduce
the risk of mis-selling), such as information related to the target
market itself, as well as the characteristics of the product.
• The intermediary should, in return, provide information to the
insurer on the types of customers to whom the product is sold
and whether the product meets the needs of that target market,
in order to enable the insurer to assess whether its target market
is appropriate and to revise its distribution strategy for the
product, or the product itself, when needed
19.5.6 Supervisors may require insurers to submit specific information relating
to the manner in which the development of insurance products
complies with the legislated principles at any time, including prior to the
launch of the product (pre-notification).
19.6 The supervisor requires insurers and intermediaries to promote products and
services in a manner that is clear, fair and not misleading.
19.6.1 The insurer should be responsible for providing promotional material
that is accurate, clear and not misleading not only to customers but also
to intermediaries who may rely on such information.
19.6.2 Before an insurer or intermediary promotes an insurance product, it
should take reasonable steps to ensure that the information provided
is accurate, clear and not misleading. Procedures should provide for an
independent review of promotional material intended for customers
other than by the person or organisation that prepared or designed it.
For example, where promotional material is developed by an
intermediary on behalf of an insurer, the insurer should verify the
accuracy of promotional material before it is used.
Public
19.6.3 If an insurer or intermediary becomes aware that the promotional
material is not accurate and clear or is misleading, it should:
• inform the insurer or intermediary responsible for that material;
• withdraw the material; and
• notify any person that it knows to be relying on the information
as soon as reasonably practicable.
19.6.4 In addition, to promote products in a fair manner, the information
provided by an insurer or intermediary should:
• be easily understandable;
• accurately identify the product provider;
• be consistent with the coverage offered;
• be consistent with the result reasonably expected to be
achieved by the customers of that product;
• state prominently the basis for any claimed benefits and any
significant limitations; and
• not hide, diminish or obscure important statements or warnings.
19.7 The supervisor requires insurers and intermediaries to provide timely, clear and
adequate pre-contractual and contractual information to customers.
19.7.1 The insurer or intermediary should take reasonable steps to ensure that
a customer is given appropriate information about a product in order
that the customer can make an informed decision about the
arrangements proposed. Such information is also useful in helping
customers understand their rights and obligations after sale.
19.7.2 Where insurers use intermediaries for the distribution of insurance
products, the insurer should be satisfied that the intermediaries
involved are providing information to customers in a manner that will
assist them in making an informed decision.
Timing of the provision of information to customers
19.7.3 Customers should be appropriately informed before and at the point of

sale. Information should enable an informed decision to be made by
the customer before entering into a contract. In determining what is
“timely”, an insurer or intermediary should consider the importance of
the information to the customer's decision-making process and the
point at which the information may be most useful.
Clear delivery of information to customers
19.7.4 Information should be provided in a way that is clear, fair and not
misleading. Wherever possible, attempts should be made to use plain
language that can easily be understood by the customer.
19.7.5 Mandatory information should be prepared in written format, on paper
or in a durable and accessible medium (electronic, for instance).
Public
19.7.6 Focus should be on the quality rather than quantity of information, as
there is a risk that if the disclosure becomes too voluminous then the
customer may be less likely to read the information.
19.7.7 The quality of disclosure may also be improved by the introduction of a
standardised format for disclosure (such as a product information
sheet), which will aid comparability across competing products and
allow for a more informed choice. Standard formats should be tested to
ensure that they help understandability.
19.7.8 There is likely to be an enhanced need for clear and simple disclosure
for more complex or “bundled” products, which are difficult for
consumers to understand, such as packaged retail insurance-based
investment products (PRIIPS), particularly regarding the costs, risks
involved and performance.
19.7.9 Insurers and intermediaries should be able to demonstrate to the
supervisor that customers have received information necessary to
understand the product.
Adequacy of information provided to customers
19.7.10 The information provided should be sufficient to enable customers to

understand the characteristics of the product they are buying and help
them understand whether and why it may meet their requirements.
19.7.11 The level of information required will tend to vary according to matters
such as:
• the knowledge and experience of a typical customer for the
policy in question;
• the policy terms and conditions, including its main benefits,
exclusions, limitations, conditions and its duration;
• the policy's overall complexity;
• whether the policy is bought in connection with other goods and
services; and
• whether the same information has been provided to the
customer previously and, if so, when.
Disclosure of product features
19.7.12 While the level of product information required may vary, it should
include information on key features, such as:
• the name of the insurer, its legal form and, where relevant, the
group to which it belongs;
• the type of insurance contract on offer, including the policy
benefits;
• a description of the risk insured by the contract and of the
excluded risks;
Public
• the level of the premium, the due-date and the period for which
the premium is payable, the consequences of late or non-
payment, and provisions for premium reviews;
• the type and level of charges to be deducted from or added to
the quoted premium, and any charges to be paid directly by the
customer;
• when the insurance cover begins and ends; and
• prominent and clear information on significant or unusual
exclusions or limitations. A significant exclusion or limitation is
one that would tend to affect the decision of consumers
generally to buy. An unusual exclusion or limitation is one that
is not normally found in comparable contracts. In determining
what exclusions or limitations are significant, an insurer or
intermediary should, in particular, consider the exclusions or
limitations that relate to the significant features and benefits of
a policy and factors which may have an adverse effect on the
benefit payable under it. Examples of significant or unusual
exclusions or limitations may include:
− deferred payment periods;
− exclusion of certain conditions, diseases or pre-existing
medical conditions;
− moratorium periods;
− limits on the amounts of cover;
− limits on the period for which benefits will be paid;
− restrictions on eligibility to claim such as age, residence
or employment; and
− excesses.
19.7.13 Where a policy is bought in connection with other goods or services,
the premium should be disclosed separately from any other prices. It
should be made clear whether buying the policy is compulsory and, if
so, whether it can be purchased elsewhere.
19.7.14 For investment-based insurance products, information on investment
performance is generally provided. Where this includes an indication of
past, simulated or future performance, the information should include
any limits on upside or downside potential and a prominent warning
that past performance is not a reliable indicator of future performance.
19.7.15 A helpful means to ensure that accurate and comprehensible
information is provided to the customer is a product information sheet
containing information on key product features that are of particular
significance to the conclusion or performance of the insurance contract.
The product information sheet should be clearly identified as such and
it should be pointed out to the customer that the information is not
exhaustive. Insofar as the information concerns the content of the
contract, reference should be made as appropriate to the relevant
provisions of the contract or to the general policy conditions underlying
Public
the contract. Insurers, and intermediaries where they are involved,
should consider the use of evaluation by third parties, such as
consumer testing, in developing product information sheets in order to
ensure their understandability.
Disclosure of rights and obligations
19.7.16 Retail customers, in particular, often have only limited knowledge about
the legal rights and obligations arising from an insurance contract.
Before an insurance contract is concluded, the insurer or intermediary,
should inform a retail customer on matters such as:
• General provisions – including applicable law governing the
contract;
• Obligation to disclose material facts – including prominent and
clear information on the obligation on the customer to disclose
material facts truthfully. Ways of ensuring a customer knows
what he or she must disclose include explaining the duty to
disclose all circumstances material to a policy and what needs
to be disclosed, and explaining the consequences of any failure
to make such a disclosure. Alternatively, rather than an
obligation of disclosure, the customer may be asked clear
questions about any matter material to the insurer;
• Obligations to be complied with when a contract is concluded
and during its lifetime, as well as the consequences of non-
compliance;
• Obligation to monitor cover – including a statement, where
relevant, that the customer may need to review and update the
cover periodically to ensure it remains adequate;
• Right to cancel – including the existence, duration and
conditions relating to the right to cancel. If there are any charges
related to the early cancellation or switching of a policy, this
should be prominently disclosed;
• Right to claim benefits – including conditions under which the
policyholder can claim and the contact details to notify a claim;
• Obligations on the customer in the event of a claim;
• Right to complain – including the arrangements for handling
policyholders' complaints, which might include an insurer’s
internal claims dispute mechanism or the existence of an
independent dispute resolution mechanism.
19.7.17 Where applicable, the customer may also be provided with information
on any policyholder protection scheme or compensation scheme in the
case of an insurer not being able to meet its liabilities and any
limitations on such a scheme.
19.7.18 If the insurance undertaking is a foreign insurer, the insurer or
intermediary should be required to inform the customer, before any
commitment is entered into, of details such as:
Public
• the home authority responsible for the supervision of the insurer;
• the jurisdiction in which the head office or, where appropriate,
the branch with which the contract is to be concluded is situated;
and
• the relevant provisions for making complaints or independent
dispute resolution arrangements.
Disclosure specific to internet sales or sales through other digital means
19.7.19 Insurers and intermediaries are increasingly using digital distribution

channels to market and sell insurance products, including internet and
mobile phone solutions
19.7.20 It may be more difficult for consumers to understand from which
location the insurer or intermediary is operating, their identity, and by
whom and where they are licensed. This may especially be the case
where more than one insurer or intermediary is involved in the
distribution chain.
19.7.21 In conducting insurance business through digital channels, insurers
and intermediaries should take into account the specificities of the
medium used, and use appropriate tools to ensure that customers
receive timely, clear and adequate information that helps their
understanding of the terms on which the business is conducted.
19.7.22 The supervisors should require that insurers and intermediaries which
offer insurance products through digital means disclose relevant
business and contact information (eg on their website), such as:
• the address of the insurer’s head office and the contact details
of the supervisor responsible for the supervision of the head
office;
• contact details of the insurer, branch or intermediary, and of the
supervisor responsible for the supervision of the business, if
different from the above;
• the jurisdictions in which the insurer or intermediary is legally
permitted to provide insurance;
• procedures for the submission of claims and a description of the
claims handling procedures; and
• contact information on the authority or organisation dealing with
dispute resolution and/or consumer complaints.
19.7.23 The supervisor should apply to digital insurance activities requirements
on transparency and disclosure so as to provide an equivalent level of
protection to customers as those applied to insurance business
conducted through non-digital means.
19.8 Where customers receive advice before concluding an insurance contract the
supervisor requires that the advice provided by insurers and intermediaries
takes into account the customer’s disclosed circumstances.
Public
19.8.1 Advice goes beyond the provision of product information and relates
specifically to the provision of a personalised recommendation on a
product in relation to the disclosed needs of the customer.
19.8.2 The insurer or the intermediary should make it clear to the customer
whether advice is provided or not.
19.8.3 Insurers and intermediaries should seek the information from their
customers that is appropriate for assessing their insurance demands
and needs, before giving advice. This information may differ depending
on the type of product and may, for example, include information on the
customer’s:
• financial knowledge and experience;
• needs, priorities and circumstances;
• ability to afford the product; and
• risk profile.
19.8.4 The supervisor may wish to specify particular types of policies or
customers for which advice is not required to be given. Typically, this
may include simple to understand products, products sold to customer
groups that have expert knowledge of the type of product or, where
relevant, mandated coverage for which there are no options. Even if no
advice is given the supervisor may require the insurer or intermediary
to take into account the nature of the product and the customer’s
disclosed circumstances and demands and needs.
19.8.5 In cases where advice would normally be expected, such as complex
or investment-related products, and the customer chooses not to
receive advice, it is advisable that the insurer or intermediary retains an
acknowledgment by the customer to this effect.
19.8.6 The basis on which a recommendation is made should be explained
and documented, particularly in the case of complex products and
products with an investment element. All advice should be
communicated in a clear and accurate manner, comprehensible to the
customer. Where advice is provided, this should be communicated to
the customer in written format, on paper or in a durable and accessible
medium, and a record kept in a “client file”.
19.8.7 The insurer or intermediary should retain sufficient documentation to
demonstrate that the advice provided was appropriate, taking into
account the customer’s disclosed circumstances.
19.8.8 In addition, insurers and intermediaries should review the “client files”
of those under their responsibility to exercise control after the fact on
the quality of the advice given, take any necessary remedial measures
with respect to the delivery of advice and, if applicable, be in a position
to examine fairly any complaints submitted to it.
19.8.9 There should be a responsibility on the insurer and the intermediary to
promote quality advice. In order to ensure the delivery of quality advice,
the insurer and intermediary should, in particular, establish continuous
training programmes that allow the persons giving advice to:
Public
• keep abreast of market trends, economic conditions,
innovations and modifications made to the products and
services;
• maintain an appropriate level of knowledge about their industry
segment, including the characteristics and risks of the products
and services;
• know the applicable legal and regulatory requirements;
• know the requirements for the communication of information
regarding the products and services and for appropriate
disclosure of any situation liable to compromise the impartiality
of the advice given or limit such advice; and
• be familiar with the documentation regarding the products and
services and answer reasonably foreseeable questions.
This could include insurers providing training to their sales staff and to
intermediaries in respect of specific products.
Policy servicing
19.9 The supervisor requires insurers to:

• service policies appropriately through to the point at which all
obligations under the policy have been satisfied;
• disclose to the policyholder information on any contractual changes
during the life of the contract; and
• disclose to the policyholder further relevant information depending on
the type of insurance product.
19.9.1 For the purposes of this standard, “policyholder” refers only to the party
to whom a contract of insurance is issued by an insurer (as opposed to
the broader IAIS definition).
19.9.2 Supervisors should require insurers to satisfy obligations under a policy
in an appropriate manner and in accordance with the contractually
agreed terms and legal provisions. This should include fair treatment in
the case of switching between products or early cancellation of a policy.
To enable them to do so, insurers should maintain a relationship with
the customer throughout the policy lifecycle.
19.9.3 Although ongoing policy servicing is traditionally seen as primarily the
responsibility of the insurer, intermediaries are often involved,
particularly where there is an ongoing relationship between the
customer and the intermediary. The insurer should remain ultimately
responsible for servicing policies throughout their life-cycle, and
ensuring that intermediaries have appropriate policies and procedures
in place in respect of the policy servicing activities that they perform on
the insurer’s behalf.
19.9.4 Policy servicing includes the provision of relevant information to
customers throughout the life of the policy.
Information on the insurer
Public
19.9.5 Information to be disclosed by the insurer to the policyholder includes:
• any change in the name of the insurer, its legal form or the
address of its head office and any other offices as appropriate;
• any acquisition by another undertaking resulting in
organisational changes as far as the policyholder is concerned;
and
• where applicable, information on a portfolio transfer (including
policyholders’ rights in this regard).
Information on terms and conditions
19.9.6 Insurers should provide evidence of cover (including policy inclusions

and exclusions) promptly after inception of a policy.
19.9.7 Information to be provided on an ongoing basis, including changes in
policy terms and conditions or amendments to the legislation applicable
to the policy, will vary by type of policy and may cover for example:
• main features of the insurance benefits, in particular details on
the nature, scope and due-dates of benefits payable by the
insurer;
• the total cost of the policy, expressed appropriately for the type
of policy, including all taxes and other cost components;
premiums should be stated individually if the insurance
relationship comprises several independent insurance contracts
or, if the exact cost cannot be provided, information provided on
its basis of calculation to enable the policyholder to verify the
cost;
• any changes to the cost structure, if applicable, stating the total
amount payable and any possible additional taxes, fees and
costs not levied via or charged by the insurer, as well as any
costs incurred by the policyholder for the use of communication
methods if such additional costs are chargeable;
• duration of the contract, terms and conditions for (early)
termination of the contract and contractual consequences;
• means of payment of premiums and duration of payments;
• premiums for each benefit, both main benefits and
supplementary benefits;
• information to the policyholder about the need to report
depreciation/appreciation;
• information to the policyholder about other unique
circumstances related to the contract;
• information on the impact of a switch option of an insurance
contract;
• information on a renewal of the contract; and
Public
• information on the ongoing suitability of the product, if such a
service is provided by the insurer or intermediary.
19.9.8 Additional information provided to the policyholder regarding products
with an investment element should at a minimum include:
• participation rights in surplus funds;
• the basis of calculation and state of bonuses;
• the current surrender value;
• premiums paid to date; and
• for unit-linked life insurance, a report from the investment firm
(including performance of underlying funds, changes of
investments, investment strategy, number and value of the units
and movements during the past year, administration fees, taxes,
charges and current status of the account of the contract).
19.9.9 Where there are changes in terms and conditions, the insurer should
notify the policyholder of their rights and obligations regarding such
changes and obtain the policyholder’s consent as appropriate.
19.10 The supervisor requires insurers to handle claims in a timely, fair and
transparent manner.
19.10.1 Supervisors should require that insurers have fair and transparent
claims handling and claims dispute resolution policies and procedures
in place.
Claims handling
19.10.2 Insurers should maintain written documentation on their claims

handling procedures, which include all steps from the claim being
raised to its settlement. Such documentation may include expected
timeframes for these steps, which might be extended in exceptional
cases.
19.10.3 Claimants should be informed about procedures, formalities and
common timeframes for claims settlement.
19.10.4 Claimants should be given information about the status of their claim in
a timely and fair manner.
19.10.5 Claim-determinative factors such as depreciations, discounting or
negligence should be illustrated and explained in comprehensive
language to claimants. The same applies where claims are denied in
whole or in part.
19.10.6 Sometimes intermediaries serve as an initial contact for claimants,
which may be in the common interest of the policyholder, intermediary
and insurer.
19.10.7 A fair claims assessment process requires avoidance of conflicts of
interest, as well as appropriate competence and ongoing training of the
staff involved.
Public
19.10.8 Competence requirements for claims assessment differ depending on
the type of insurance policy and generally include technical and legal
expertise.
Claims disputes
19.10.9 In the course of claims settlement, a dispute may arise between the
claimant and the insurer on the claims settlement amount, or coverage.
Staff handling claims disputes should be experienced in claims
handling and be appropriately qualified.
19.10.10 Dispute resolution procedures should follow a balanced and impartial
approach, bearing in mind the legitimate interests of all parties involved.
Procedures should avoid being overly complicated, such as having
burdensome paperwork requirements. Decisions should include the
reasoning in clear language relating closely to the specific disputable
issues.
19.10.11 Supervisors may encourage insurers to have mechanisms in place to
review claims disputes within the insurer to promote fair play and
objectivity in the decisions.
Outsourcing
19.10.12 If any of the claims handling processes are outsourced in part or in full,
then supervisors should require insurers to maintain close oversight
and ultimate responsibility for the provision of fair and transparent
claims handling and claims dispute resolution.
19.11 The supervisor requires insurers and intermediaries to handle complaints in a
timely and fair manner.
19.11.1 A complaint can be defined as an expression of dissatisfaction about
the service or product provided by an insurer or intermediary. It may
involve, but should be differentiated from, a claim and does not include
a pure request for information.
19.11.2 Insurers and intermediaries should establish policies and procedures
to deal in a fair manner with complaints which they receive. These
should include keeping a record of each complaint and the measures
taken for its resolution.
19.11.3 Insurers and intermediaries should make information on their policies
and procedures on complaints handling available to customers.
19.11.4 Insurers and intermediaries should respond to complaints without
unnecessary delay; complainants should be kept informed about the
handling of their complaints.
19.11.5 Insurers and intermediaries should analyse the complaints they receive
to identify trends and recurring risks. Analysis of what leads to
individual complaints can help them to identify, and enable them to
correct, common root causes.
19.11.6 Insurers should analyse complaints that they receive against
intermediaries in respect of products that the intermediaries have
distributed on their behalf, to enable them to assess the complete
Public
customer experience and identify any issues that need to be
addressed.
19.11.7 Supervisors may choose to have their own complaints monitoring
systems in place in order to benefit from the findings resulting from
policyholder complaints.
19.11.8 Some insurers and intermediaries may decide to establish a
mechanism to review complaints, in order to ensure respective policies
on complaint handling are in place.
Independent dispute resolution mechanisms
19.11.9 It is important that there are simple, affordable, easily accessible and
equitable mechanisms in place, independent of insurers and
intermediaries, to resolve disputes that have not been resolved by the
insurer or intermediary. Such mechanisms, collectively referred to here
as Independent Dispute Resolution (“IDR”) mechanisms, may vary
across jurisdictions and may include mediation, an independent review
organisation, or an ombudsman. These are out of court mechanisms.
19.11.10 IDR mechanisms often operate on the basis of a code of procedure, or
in some cases legislative rules, and may be restricted to retail
policyholders. They are sometimes free of charge for such
policyholders. Decisions are generally non-binding for the policyholder
but may be binding for the insurer or intermediary within certain limits.
As consumers may still avail themselves of court processes if the
dispute is not satisfactorily resolved, it is usually agreed that the period
of limitation is suspended during an IDR procedure.
19.11.11 Mediators serving IDR mechanisms should meet high standards of
professional knowledge, integrity and competence. This would be
evidenced, for example, where the mediator is qualified to exercise the
functions of a judge and is well grounded in the field of insurance law.
Although IDR mechanisms are usually financed by insurers and/or
intermediaries, their mediators must be independent from them. Doubts
over independence might be expected if the mediator:
• is subject to instructions from insurers/intermediaries;
• is a former employee of an insurer/intermediary; or
• simultaneously performs other functions which could affect their
independence.
19.12 The supervisor requires insurers and intermediaries to have policies and
procedures for the protection and use of information on customers.
19.12.1 Insurers and intermediaries collect, hold, use or communicate to third
parties information on their customers in the course of their business.
It is important that they have in place policies and procedures on the
appropriate use and, in the case of personal information, the privacy of
such data.
Protecting the privacy of personal information
19.12.2 Significant amounts of the information collected, held or processed
represent customers’ financial, medical and other personal information.
Public
Security over such information is extremely important, regardless of the
format of the information (eg whether physical or electronic). Hence
safeguarding personal information on customers is one of the key
responsibilities of the financial services industry.
19.12.3 Legislation identifies the provisions relating to privacy protection under
which insurers and intermediaries are allowed to collect, hold, use or
communicate personal information on customers to third parties.
Generally, the legislation also identifies who is the competent authority.
19.12.4 Although data protection laws vary from jurisdiction to jurisdiction,
insurers and intermediaries should have a clear responsibility to
provide their customers with a level of comfort regarding the security of
their personal information.
19.12.5 In view of the sensitivity of private information and the risks to
consumers and to the insurance sector in the event of failures to protect
the privacy of such information, the supervisor should be satisfied that
insurers and intermediaries have sufficient safeguards in place to
protect the privacy of personal information on customers. To achieve
this the supervisor should require insurers and intermediaries to have
appropriate policies and procedures in place. Such policies and
procedures should seek to embed the importance of protecting the
privacy of personal information within the organisation, as well as
provide appropriate management of the risks. Examples of areas that
might be covered include:
• ensuring that the Board and Senior Management are aware of
the challenges relating to protecting the privacy of personal
information on customers;
• demonstrating that privacy protection is part of the
organisation’s culture and strategy, through measures such as
training to employees that promotes awareness of internal and
external requirements on this subject;
• implementing policies, procedures and internal control
mechanisms that support the objectives of protecting the privacy
of personal information on customers and assess the risks
associated with potential failure to protect the privacy of
personal information;
• assessing the potential impact of new and emerging risks that
could threaten the privacy of personal information, such as the
risk of cyber attacks, and taking appropriate steps to mitigate
these through measures such as internal controls, technology
and training; and
• determining the response measures that may be needed where
a failure to protect the privacy of personal information occurs,
including matters such as timely notification to affected
customers and competent authorities.
In assessing policies and procedures to protect the privacy of personal
information on customers, depending on the jurisdiction, the insurance
supervisor may need to liaise with the relevant competent authority.
Public
Protection against the misuse of customer information
19.12.6 Insurers and intermediaries use personal and other information on
customers for a variety of purposes within the course of business that
include, amongst other things, product development, marketing,
product pricing, and claims management.
19.12.7 The supervisor should not allow insurers and intermediaries to use
customer information that they collect and hold in a manner that results
in unfair treatment. Insurers and intermediaries should have
appropriate policies and procedures in place. The measures that the
supervisor should expect such policies and procedures to cover may
include:
• ensuring that the appropriate technology is available and in
place to manage adequately the personal and other information
an insurer or intermediary is holding on a customer;
• implementing policies and procedures relating to the use of
data, ensuring that the data collected is not used in an unfair
manner including when processed through algorithms or other
technologies;
• ensuring that such policies and procedures provide that
customer data will not be abused to circumvent rules on
prohibitions on aggressive marketing practices or
discrimination;
• ensuring that customers have a right to access and, if needed,
to correct data collected and used by insurers and
intermediaries; and
• ensuring that group structures are not abused to circumvent
prohibitions on the sharing of personal information.
In assessing policies and procedures to prevent the use of customer
information in a manner that results in unfair treatment, depending on
the jurisdiction, the insurance supervisor may need to liaise with the
relevant competent authority.
Outsourcing
19.12.8 Insurers and intermediaries should be aware of outsourcing risk,
especially when the outsourcing agreement is reached with firms in
another jurisdiction. Insurers and intermediaries should ensure that the
firms to which they outsource processes have adequate policies and
procedures in place for the protection and use of private information on
customers they have in their records.
Data access in the event of reorganisation
19.12.9 All the necessary data required in the event of restructuring, resolution
and liquidation should, subject to data protection requirements, be
accessible and readable at the insurer’s or intermediary’s domicile at
any time. This includes all customer-related data, such as claims and
policy data.
Information supporting fair treatment
Public
19.13 The supervisor publicly discloses information that supports the fair treatment of
customers.
19.13.1 The supervisor should publish the policyholder protection
arrangements that are in place for insurance contracts sold within its
jurisdiction and insurers subject to its supervision, and confirm the
position of policyholders dealing with insurers and intermediaries not
subject to oversight or supervision within its jurisdiction.
19.13.2 The supervisor should give information to the public about whether and
how local legislation applies to the cross-border offering of insurance,
such as through digital channels.
19.13.3 The supervisor should issue warning notices to consumers when
necessary in order to avoid transactions with insurers or intermediaries
that are unlicensed or subject to a suspended or revoked licence.
19.13.4 The supervisor should publish information that promotes consumers’
understanding of insurance contracts as well as steps that consumers
can take to protect themselves and make informed decisions.
19.13.5 The supervisor should have requirements regarding the public
disclosure by insurers of information on their business activities,
performance and financial position, in order to enhance market
discipline, consumer awareness, and understanding of the risks to
which insurers are exposed (see ICP 20 Public Disclosure).
Public
ICP 20 Public Disclosure
The supervisor requires insurers to disclose relevant, comprehensive and adequate
information on a timely basis in order to give policyholders and market participants
a clear view of their business activities, performance and financial position. This is
expected to enhance market discipline and understanding of the risks to which an
insurer is exposed and the manner in which those risks are managed.
20.0.1 It is important to improve and maintain the quality, timeliness and

relevance of disclosure of key information needed for credit and
investment decisions as well as policyholder’s decisions.
20.0.2 Whereas accounting standards (including IFRS/IAS and local generally
accepted accounting standards) set out disclosure requirements for
general purpose financial reporting across sectors, this ICP is only
concerned with insurers. So far as practicable, information should be
presented in accordance with any applicable generally accepted national
and international standards and practices so as to aid comparisons
between insurers.
20.0.3 In setting public disclosure requirements supervisors should take into
account the information provided in general purpose financial statements
and complement it as appropriate. Adequate public disclosure supports
the supervisory process. Supervisors should ensure market discipline is
achieved through disclosure and that the relevant market participants
have adequate information available to assess the performance of and
risks taken by insurers and to respond appropriately.
20.0.4 The nature, scale and complexity of insurers is important for the
application of disclosures and applies to these standards. Where it is not
reasonable for some entities in some markets to provide information
precisely in accordance with these standards, the supervisor can ensure
that the intent of the standards is met to ensure market discipline is
achieved through disclosure and that the relevant market participants
have adequate information available for their needs.
20.0.5 So that public disclosure is meaningful to market participants, it may
usefully include an adequate description of how information is prepared,
including methods applied and assumptions used. Such disclosure of
methods and assumptions also assists market participants to make
comparisons between insurers. Accounting and actuarial policies,
practices and procedures differ not only between jurisdictions but also
between insurers within the same jurisdiction. Meaningful comparisons
can thus only be made where there is adequate disclosure of how
information is prepared.
20.0.6 Similarly meaningful comparisons from one reporting period to another
can only be made if the reader is informed how the methods and
assumptions of preparation have changed and, if practicable, the impact
of that change. Changes over time will not be seen as arbitrary if the
reasons for changes in methods and assumptions are explained. If an
Public
insurer uses methods and assumptions in the preparation of information
which are consistent from period to period and discloses these it would
assist in the identification of trends over time.
20.0.7 Where changes in methods and assumptions are made, the nature of
such changes, the reason for them and their effects, where material,
should be disclosed. It is appropriate if information is presented so as to
facilitate the identification of patterns of development over time including
providing comparative or corresponding figures from previous periods
(e.g. by presenting loss triangulations).
20.0.8 Information is decision useful if there is a substantial likelihood that a
market participant would consider it important in making a key decision.
Typically, the key decisions are whether to insure risks with, invest in or
effect other transactions with an insurer.
20.0.9 Excessive disclosure requirements will not lead to effective disclosures
for market participants but will be burdensome for insurers. In developing
disclosure requirements within a jurisdiction, supervisors should consider
the need for disclosures to deliver key information rather than significant
volumes of data.
20.0.10 All insurers, whether or not they are required to report under accounting
standards, must comply with the requirements of this ICP. Insurers that
are entities that provide public general purpose financial reports
(“reporting entities”) may largely comply with the standards through these
reports. To the extent that financial reporting standards, including
generally accepted national or international standards, are consistent
with the standards in this ICP, disclosures that are in accordance with
those financial reporting standards may be regarded as compliant with
this ICP.
20.0.11 Supervisors can decide not to apply these standards to captives, provided
there is no potential threat to the financial system, no public interest need
for disclosure and no legitimately interested party is prevented from
receiving information.
20.0.12 ICP 9 Supervisory Review and Reporting deals with reporting to
supervisors. In some jurisdictions, reporting to supervisors is made public
by supervisors or at least some aspects of that reporting to supervisors is
made public. To demonstrate observance with the standards in this ICP,
disclosure can be made by supervisors rather than direct disclosure by
insurers. There may be some overlap in the standards set out in ICP 9
and the standards set out in this ICP. ICP 9 and this ICP have very
different purposes. ICP 9 covers requirements for reporting to supervisors
in order for supervisors to be able to exercise their functions. Where
requirements for reporting to supervisors and for public disclosure
overlap, supervisors should consider the most efficient way of using
publicly disclosed information.
20.0.13 The IAIS considers it is most desirable that the methodologies for
calculating items for public disclosure can be used for, or are substantially
consistent with, the methodologies used for regulatory reporting
purposes, with as few changes as possible to satisfy regulatory
requirements. However, the IAIS also recognises that this may not be
possible or appropriate in all respects, considering the differing purposes.
Public
To the extent that there are differences, the IAIS believes it is essential
that they are publicly explained and reconciled.
20.0.14 There may be differences in the composition of a group in general
purpose financial reporting because a consolidated group as determined
under applicable accounting standards might differ from a group for the
purposes of insurance supervision (see ICP 23 Group-wide Supervision).
In certain circumstances where this is the case, the insurer could
endeavour to provide disclosures based on the scope of the group for
supervisory purposes to the extent practicable. Where a group has been
unable to disclose information based on the scope of the group for
supervisory purposes, it would be appropriate if reasons are provided and
an explanation given about the basis on which disclosures have been
provided and potential differences to the position for group-wide
supervisory purposes. It is essential to the understanding of market
participants that analysis of differences between consolidated general
purpose financial reporting and consolidated reporting for solvency
purposes based on the scope of a group determined under ICP 23 is
provided. Insurance legal entity disclosures are also vital in
understanding the group from a supervisory perspective.
20.0.15 This ICP applies to both groups and solo legal entities to the extent that
is useful and practical. Policyholders will be concerned with information
about both the group and the individual insurance legal entity within the
group offering the product to the policyholder. A policyholder’s
information needs are also covered in ICP 19 Conduct of Business. Other
market participants such as investors and lenders will be interested in the
legal structure in which they have an interest which is often the group
level.
20.0.16 Where a group conducts activities at a group level that are applicable to
insurance legal entities, the disclosure of these activities should only
occur at group level. Disclosures by the insurance legal entities can
cross-refer to these group level disclosures for completeness.
20.0.17 In applying the standards under this ICP in its jurisdiction, a supervisor
must balance the information needs of the range of market participants
also taking into account the concerns about excessive disclosures raised
in Guidance 20.0.9. In some circumstances it may be possible for the
needs of most market participants to be met with group level disclosures
with some additional insurance legal entity disclosures specifically for
policyholders.
20.0.18 All standards under this ICP are applicable to both non-life and life
insurers. Some paragraphs of guidance are more applicable to either
non-life or life insurers.
20.0.19 Proprietary information comprises information on characteristics and
details of, for example, (insurance) products, markets, distribution and
internal models and systems that would negatively influence the
competitive position of an insurer if made available to competitors.
Information about policyholders and insured parties is usually confidential
on the basis of privacy legislation or contractual arrangements with the
policyholder.
Public
20.0.20 This affects the scope of the required disclosure of information by insurers
about their customer base and details on internal arrangements, for
instance methodologies used, parameter estimates data etc. The IAIS
believes that the requirements set out in this ICP strike an appropriate
balance between the need for meaningful disclosure and the protection
of proprietary and confidential information. In the case that disclosure of
certain items of information required by this ICP should seriously
prejudice the position of the insurer by making public information that is
either proprietary or confidential in nature, an insurer need not disclose
those specific items, but should disclose more general information about
the subject matter of the requirement.
20.1 Insurers disclose, at least annually, appropriately detailed quantitative and
qualitative information in a way that is accessible to market participants on their
profile, governance and controls, financial position, technical performance and
the risks to which they are subject. In particular, information disclosed must be:
• decision useful to decisions taken by market participants;
• timely so as to be available and up-to-date at the time those decisions
are made;
• comprehensive and meaningful;
• reliable as a basis upon which to make decisions;
• comparable between different insurers operating in the same market;
and
• consistent over time so as to enable relevant trends to be discerned.
20.1.1 Disclosures should be presented in a manner that is appropriate to the
nature of the information disclosed and that takes into account items that
comprise the insurer’s financial position. Key accounting methodologies
and assumptions used in preparing the information should be clearly
explained.
20.1.2 Information should be disseminated in ways best designed to bring it to
the attention of market participants, but taking into account the relative
costs of different methods of dissemination. One method of dissemination
that supervisors could strongly encourage is disclosure through electronic
channels (e.g. internet).
20.1.3 Information should be provided with sufficient frequency and timeliness
to give a meaningful picture of the insurer.
20.1.4 The requirement for timeliness needs to be balanced against that for
reliability. Disclosure of information may be delayed for a short period to
allow for proper verification, but only where such delay would not
significantly disadvantage users.
20.1.5 Information needs to be sufficiently comprehensive to enable market
participants to form a well-rounded view of an insurer’s financial condition
and performance, business activities, and the risks related to those
activities. In order to achieve this, it is expected that information be:
• sufficiently well-explained so that it is meaningful to a reader
who is well-informed as to the inherent nature of insurance
Public
business but has no particular knowledge of the insurer except
as derived from public disclosures
• complete so that it covers all material circumstances of an
insurer and, where relevant, those of the group of which it is a
member
• both appropriately aggregated so that a proper overall picture of
the insurer is presented and sufficiently disaggregated so that
the effect of distinct material items may be separately identified.
20.1.6 Information should faithfully represent the facts which it purports to
represent, or could reasonably be expected to represent. In particular, it
needs to, so far as practicable, reflect the economic substance of events
and transactions as well as their legal form. Where the economic
substance of an event or transaction is inconsistent with its legal form,
the former is expected to prevail. The information should be verifiable,
neutral (that is free from material error or bias) and complete in all material
respects. Completeness is important since an omission can cause
information to be false or misleading.
20.1.7 In many instances, insurers may have to balance the interests of reliability
against those of decision usefulness and timeliness. For example, in
some long-tail classes of insurance, realistic projections as to the ultimate
cost of incurred claims are highly relevant. However, due to uncertainties,
such projections are subject to inherent errors of estimation. Qualitative
or quantitative information can be used to convey to users an
understanding of the relevance and reliability of the information disclosed.
20.1.8 To aid comparison, it is important therefore that the methods and
assumptions used in preparing the information are themselves
adequately disclosed. This might include an insurer’s rationale for
applying particular accounting policy choices where such a choice exists
in the standards. While this will assist users in interpreting publicly
disclosed information, it is recognised that international standards need
to be developed and adopted uniformly for true comparability to be
achieved.
20.1.9 It would be usual if disclosures were to include a quantitative analysis of
the insurer’s sensitivity to changes in key assumptions including, where
material, the effect of derivatives and other forms of risk mitigation on that
sensitivity.
20.2 Disclosure about the financial position of the insurer includes appropriately
detailed quantitative and qualitative information about the determination of
technical provisions. Technical provisions are presented by appropriate
segment. This disclosure includes, where relevant to policyholders and market
participants, information about the future cash flow assumptions, the rationale
for the choice of discount rates, and risk adjustment methodology where used
or other information as appropriate to provide a description of the method used
to determine technical provisions.
20.2.1 Presentation of technical provisions and reinsurance assets on a gross
basis is expected. However, it may be useful to present information about
technical provisions on both a net and gross basis depending on typical
Public
measures of performance and solvency that are applied by market
participants.
20.2.2 The purpose of disclosures in respect of technical provisions is to provide
market participants with an understanding of how those technical
provisions are determined. As such, disclosures would be expected to
include information about the amount, timing and uncertainty of future
cash flows in respect of insurance obligations.
20.2.3 Information about the determination and adequacy of technical provisions
may include the run-off result where applicable.
20.2.4 Absent exceptional circumstances, information should be disclosed about
the method used to derive the assumptions for calculating the technical
provisions including the relative weights placed on current experience
and relevant past experience and allowances made for future changes.
Information may also be disclosed about significant changes in
assumptions.
20.2.5 Where the current estimate and margin over the current estimate are
determined separately, the disclosures may include information about the
methods used for each of these components of the technical provisions.
20.2.6 It is proposed that the insurer discloses the methodology by which risk is
taken into account and the reasons why it is regarded as appropriate. If
the methodology has changed since the last reporting period, it would be
useful if the insurer discloses the reasons for the change.
20.2.7 It may be useful if the insurer provides an outline of any model or models
used and describes how the range of scenarios regarding future
experience has been derived.
20.2.8 A description of any method used to treat acquisition costs and whether
future profits on existing business have been recognised would be useful.
20.2.9 It may be appropriate in some circumstances that the insurer discloses
the surrender values payable.
20.2.10 Disclosure of a reconciliation of technical provisions from the end of the
previous year to the end of the current year would be particularly useful.
20.2.11 It would be usual for technical provisions to be disclosed in two parts:
• One part that covers claims from insurance events which have
already taken place at the date of reporting (claims provisions
including IBNR provisions and IBNER provisions) and for which
there is an actual or potential liability
• Another part that covers losses from insurance events which will
take place in the future (the sum of provision for unearned
premiums and provision for unexpired risks also termed
premium deficiency reserve).
This split is particularly important for lines of insurance business for which
claims may take many years to settle.
Life insurers
Public
20.2.12 It may be useful if the insurer discloses key information on the assumed
rates and the method of deriving future mortality and disability rates and
whether customised tables are applied. The insurer should disclose
significant assumptions about future changes of mortality and disability
rates.
20.2.13 It may enhance understanding if the insurer discloses the conditions for
the amount and timing of the allocation of participation features and how
such features are valued in technical provisions. Disclosure could be
made as to whether participation features are based on the performance
of a group of contracts, on the realised/unrealised investment returns
from a pool of assets, on the profit or loss of the company, or on any other
element. Disclosure could also be made of the extent to which such
features are contractual and/or discretionary.
20.2.14 It is suggested that the insurer discloses quantitative information on
minimum participation features and actual distributions to policyholders.
20.2.15 For example, the following quantitative information can be shown by
segment:
• guaranteed policyholder benefits paid
• additional policyholder benefits paid which arise from profit
sharing clauses.
20.2.16 It may be useful if the insurer discloses the assumptions and
methodologies employed to value significant guarantees and options,
including the assumptions concerning policyholder behaviour.
Non-life insurers
20.2.17 In order to enable market participants to evaluate trends, non-life insurers

could disclose historical data about earned premiums compared to
technical provisions by class of business. To assess the appropriateness
of assumptions and methodology used for determining technical
provisions, non-life insurers could disclose historical data on:
• the run off result
• claims development.
20.2.18 To facilitate the evaluation of an insurer’s ability to assess the size of the
commitments to indemnify losses covered by the insurance contracts
issued, it is suggested that insurers disclose historical data on the results
of the run off of technical provisions set aside in previous accounts.
20.2.19 It is suggested that insurers provide information on the run off results
defined below for each part of the technical provisions. The run off result
in relation to provisions for incurred losses is the difference between:
• the claims provisions made at the beginning of the financial
year, and
• the sum of the payments made during the year on account of
claims incurred in previous years and the claims provisions
shown at the end of the year for such outstanding claims.
Public
The run off result in relation to provisions for future losses is the difference
between:
• the sum of provision for unearned premiums and provision for
unexpired risks made at the beginning of the year, and
• an evaluation of the payments made during the year and
provisions made at the end of the year, in both cases relating to
insurance events covered by the unearned premiums at the
beginning of the year.
20.2.20 It may be useful if the run off results are disclosed as a ratio of the initial
provisions for the losses in question. When discounting is used, the effect
of discounting should be shown separately.
20.2.21 It is suggested that insurers disclose the run off results over several years
to enable market participants to evaluate long-term patterns, for example,
how well the insurer estimates the technical provisions. The length of the
time period reflects how long-tailed the distribution of losses is for the
insurance classes in question.
20.2.22 Except for short-tail business, insurers may disclose information on the
development of claims in a claims development triangle (see Table 20.1
for an example). The claims development triangle shows the insurer's
estimate of the cost of claims (claims provisions and claims paid) as of
the end of each year and how this estimate develops over time. This
information should be reported consistently on an accident year or
underwriting year basis and reconcile to amounts reported in the balance
sheet.
Public
Table 20.1: Example: Claims development triangle
This example illustrates a possible format for a claims development triangle.
Accident year 1997 1998 1999 2000 2001
Claims provisions and claims paid at the end of
680 790 823 920 968
the accident year
One year later 673 785 840 903
Two years later 692 776 845
Three years later 697 771
Four years later 702
Total
Estimate of cumulative claims 702 771 845 903 968
Cumulative payments (650) (689) (570) (350) (217)
Claims provisions (undiscounted) 52 82 275 553 751 1,713
Earned premiums 822 933 1,052 1,123 1,215
When discounting is used:
Effect of discounting (5) (14) (68) (175) (285) (547)
Present value recognised in the balance
47 68 207 378 466 1,166
sheet
20.2.23 Figures used to assess the appropriateness of the assumptions and

methodology used for determining technical provisions may usefully be
calculated gross of reinsurance and be supported by an accompanying
narrative.
detailed quantitative and qualitative information about capital adequacy. An
insurer discloses information that enables users to evaluate the insurer’s
objectives, policies and processes for managing capital and to assess its capital
adequacy. This information encompasses the generic solvency requirements of
the jurisdiction(s) in which the insurer operates and the capital available to cover
regulatory capital requirements. If an internal model is used to determine capital
resources and requirements, information about the model must be provided,
having due regard to proprietary or confidential information.
20.3.1 Information about objectives, policies and processes for managing capital
assist in promoting the understanding of risks and measures which
influence the capital calculation and the risk tolerance that is applied.
20.3.2 It may be useful if the insurer discloses quantitative information to allow
market participants to assess the quantity and quality of its capital in
relation to regulatory capital requirements. In particular it may be useful if
it sets out available capital in components and the amount of capital it
holds in each component, referencing changes from previous periods.
Public
20.3.3 It is suggested that the insurer discloses qualitative information about its
management of capital regarding:
• regulatory capital requirements
• instruments regarded as available capital
• the policies and processes for managing capital
• key risks and measures which influence the capital calculation
• the insurer’s risk tolerance policy.
20.3.4 In addition to the differences in the composition of a group for the
purposes of general purpose financial reporting and supervision as
outlined in Guidance 20.0.14, there may be a further difference in the
composition of a group for the purposes of determining capital adequacy
of a group (see ICP 17 Capital Adequacy). It may be useful if a description
of the group as defined for capital adequacy purposes is given and any
variation from the composition of the group for general purpose financial
reporting purposes is explained.
detailed quantitative and qualitative information about financial instruments and
other investments by class. In addition, information disclosed about
investments includes:
• investment objectives;
• policies and processes;
• values, assumptions and methods used for general purpose financial
reporting and solvency purposes, as well as an explanation of the
differences (where applicable); and
• information concerning the level of sensitivity to market variables
associated with disclosed amounts.
20.4.1 Where investment management objectives, policies and processes differ
between segments of the insurer’s investment portfolio, disclosure should
be sufficient to provide an understanding of those differences.
20.4.2 For the purposes of disclosure it may be appropriate if an insurer groups
assets and liabilities with similar characteristics and/or risks into classes
and then discloses sufficient information segregated by those classes.
20.4.3 When providing disclosures around the uncertainty of reported values of
financial instruments and other investments, it may be useful if the effect
of derivatives on that uncertainty is disclosed.
20.4.4 An insurer’s asset portfolio generally consists of many types of
instruments with a variety of characteristics. These instruments may differ
in the manner in which they are valued, their expected returns, sensitivity
to market variables, level of liquidity or constraints on disposal. To allow
effective management and meaningful analysis of risks and performance,
instruments exhibiting similar risk and return behaviour need to be
grouped. The most common way is grouping them by type of asset class.
However, for some jurisdictions, grouping by risk exposure might be
appropriate. It is expected that in those jurisdictions more information will
Public
need to be disclosed about the risk management techniques used to
measure the economic effect of risk exposure. Such disclosure may in
addition include an analysis by type of asset class.
20.4.5 Materiality considerations should be taken into account when setting up
asset classes in accordance with the nature, scale and complexity of the
insurer (see Guidance 20.0.4). Disclosure at an excessive level of
segregation may overwhelm market participants and incur unnecessary
costs for insurers. On the other hand, over-aggregation may conceal
important information.
20.4.6 It may be appropriate if an insurer discloses sufficient information,
including quantifiable information, about its exposure to:
• Currency risk
• Market risk (including interest rate risk)
• Credit risk
• Liquidity risk
• Concentration risk.
20.4.7 Generally, the return achieved may be disclosed together with the risk
exposure and investment objective. Disclosure of risk exposures can
provide market participants with valuable insight into both the level of
variability in performance that one can expect when economic or market
conditions change, and the ability of an insurer to achieve its desired
investment outcome.
20.4.8 Guidance 20.4.6 lists key risks related to investment activities. It should
be noted, however, that these risks may affect both assets and liabilities.
Market risk arising from interest rate movement is an example. Where an
insurer’s liabilities for policies issued are valued using market interest
rates, both asset and liability values change as interest rates move.
Furthermore, changes in interest rates may also change the amounts that
an insurer has to pay for its borrowings. Therefore, it is suggested that
disclosure of risk exposure includes exposure arising from both an
insurer’s assets and its liabilities.
20.4.9 To facilitate the relevant disclosure of risk exposures, it may be
appropriate if an insurer discloses the intra-period high, median and low
exposures where there have been significant changes in exposure since
the last reporting date. The amount bought and sold during a reporting
period may be disclosed as a proxy for turnover. Such risk exposures
may be disclosed for each asset class.
20.4.10 Appropriate disclosure of risk measures may usefully reflect the model
used by the insurer in managing its market risk and where relevant, for
example, include the results of sensitivity tests such as the percentage
change in capital resources or the change in capital resources as a
percentage of total assets corresponding to a 100 basis point change in
interest rates. Such sensitivity measures may also be extended to equity
price, property price or foreign currency sensitivity.
20.4.11 For debt securities, information concerning the sensitivity of values to
market variables including credit spreads may include breakdowns by
Public
credit rating of issue, type of issuer (e.g. government, corporate) and by
period to maturity (see Table 20.2 for example).
20.4.12 On the disclosure of credit risk, in addition to breakdowns on ratings and
types of credit issuers described in Guidance 20.4.11, it is recommended
that an insurer discloses the aggregate credit risk arising from off-balance
sheet exposures.
Table 20.2: Example: Information regarding debt securities

Economic value Historical costs
This year Last year This year Last year
Amount As % Amount As % Amount As % Amount As %
of of of of
total total total total
for for for for
this this this this
class class class class
Breakdown by
credit rating
AA- or better
Worse than AA-
but not worse
than A-
Worse than A- but
not worse than
BBB-
Worse than BBB-
but not worse
than B-
Worse than B-
Unrated
Breakdown by
residual maturity
Up to 1 year
More than 1 year
and up to 3 years
More than 3 years
and up to 7 years
More than 7 years
and up to 10
years
More than 10
years
Public
Breakdown by
type of issuer
Government
Semi-
government 77
Corporate
securities
detailed quantitative and qualitative information about enterprise risk
management (ERM) including asset-liability management (ALM) in total and,
where appropriate, at a segmented level. At a minimum, this information
includes the methodology used and the key assumptions employed in
measuring assets and liabilities for ALM purposes and any capital and/or
provisions held as a consequence of a mismatch between assets and liabilities.
20.5.1 Where derivatives are used, it may be useful that the disclosures include
a description of both the nature and effect of their use.
20.5.2 Asset-liability management is of paramount importance to insurers. An
unmatched position may increase the risk of loss but can enhance
profitability.
20.5.3 It may be appropriate if insurers disclose how they approach asset-liability
management. To achieve this, an insurer could disclose qualitative
information explaining the appropriateness of its management of assets
and liabilities and how it is co-ordinated. The explanation could take into
account the ability to realise its investments quickly, if necessary, without
substantial loss, and sensitivities to fluctuations in key market variables
(including interest rate, exchange rate, and equity price indices) and
credit risks.
20.5.4 Where the insurer’s ALM is segmented, e.g. by different lines of business,
the insurer may disclose information on asset-liability management (ALM)
at a segmented level.
20.5.5 It may be appropriate if the insurer discloses the sensitivity of regulatory
capital resources and provisions for mismatching to:
• changes in the value of assets
• changes in the discount rate or rates used to calculate the value
of the liabilities.
20.6 Disclosure includes appropriately detailed quantitative and qualitative
information on financial performance in total and by segmented financial
performance. Where relevant, disclosures must include a quantitative source of
earnings analysis, claims statistics including claims development, pricing
adequacy, information on returns on investment assets and components of such
returns.
77 Include debt securities issued by statutory bodies or municipalities.

Public
General financial performance
20.6.1 The insurer may provide a statement of changes in equity showing gains
and losses recognized directly in equity as well as capital transactions
with and distributions to shareholders, and profit-sharing with
policyholders.
20.6.2 The insurer may disclose information on its operating segments. For each
segment, the factors used to identify the reportable segments have to be
disclosed, e.g. the number of contracts or of policyholders.
20.6.3 An operating segment is a component of an entity that engages in
business activities from which it may earn revenues and incur expenses
and whose operating results are regularly reviewed by the entity’s
management to make decisions about resources to be allocated to the
segment. Examples of features by which business is segmented are:
• Type of business: life insurance, non-life insurance, investment
management
• Mix of organisational and geographic approach: e.g. Insurance
Country X, Insurance Country Y, Insurance (other), asset
management Country Z.
20.6.4 These standards do not intend to prescribe a specific format for the
disclosure of segments and the disclosure of portfolios. Jurisdictions may
develop a format as well as the threshold of disclosure which is applicable
to the insurance industry. 78
Technical performance
20.6.5 The insurer may be expected to provide statements of profit and loss
(including the technical underwriting account gross and net of
reinsurance by broad lines of business).
20.6.6 If the insurer is a cedant, it may disclose gains and losses recognised in
profit or loss on buying reinsurance.
20.6.7 It may be appropriate if an insurer provides qualitative and quantitative
information on technical performance in the areas of pricing adequacy,
appropriateness of technical provisions, claims statistics, risk
concentrations, reinsurance and capital and their interaction. Note that
the analysis of past performance is a major foundation on which the
assessment of future risks is based.
Technical performance for non-life insurers
78 Under IFRS generally a segment should represent at least 10% of total external revenue to be
reportable. However, if after determining the reportable segments, the entity should ensure that the
total external revenue attributable to those reportable segments is at least 75% of the entity’s total
revenue. When the 75% threshold is not met, additional reportable segments should be identified
(even if they do not meet the 10% thresholds), until at least 75% of the entity’s total external revenue
is included in its reportable segments.
Public
20.6.8 In order to judge how well insurance premiums cover the underlying risk
of the insurance contracts and the administration expenses of the insurer
(pricing adequacy), an insurer may disclose data on:
• loss ratio
• expense ratio
• combined ratio
• operating ratio.
20.6.9 These ratios should be calculated from the profit and loss account of the
reporting year and be gross of reinsurance in order to neutralize the effect
of mitigation tools on the technical performance of the direct business.
Gains on reinsurance cannot be expected to continue indefinitely without
price adjustments from reinsurers. Disclosure on reinsurance is
described in Guidance 20.7.2. If the net ratios are materially different from
the gross ratios, then both ratios should be disclosed. The ratios should
be measured either on an accident year or an underwriting year basis.
20.6.10 When discounting is used, information on the discount rates used and
method of discounting may be provided. The discount rates should be
disclosed at an appropriate level of aggregation by duration for example:
• for each of the next five years
• average rate for claims expected to be paid after five years.
20.6.11 The disclosure in Guidance 20.6.10 should be accompanied by
supporting narrative, over several years as appropriate, to enable market
participants to better evaluate long term trends. Information relating to
previous years should not be recalculated to take into account present
information. The length of the time period may reflect the historical
volatility of the particular class of insurance business.
20.6.12 It may be appropriate in the case of high volume, homogeneous classes,
for direct insurers to disclose statistical information on claims. For
instance, they could describe the trend in the number of claims and the
average size of claims. To be relevant, this information needs to be linked
to the level of business (e.g. number of policies, earned premiums, etc.).
20.6.13 In principle, the trend in claims may reflect the development in insurance
risks. As it is difficult to point to one good measurement method of
insurance risk, several can be considered but, at a minimum, it would be
normal for insurers to disclose historical data accompanied by supporting
narrative on:
• the mean cost of claims incurred – i.e., the ratio of the total cost
of claims incurred to the number of claims – in the accounting
period by class of business
• claims frequency - for example, the ratio of the number of claims
incurred in the reporting period to the average number of
insurance contracts in existence during the period.
20.6.14 For non-homogeneous classes, qualitative information will suffice.
Source of earnings analysis for life insurers
Public
20.6.15 It may be useful if life insurers disclose expected earnings on in-force
business. This represents the earnings on the in-force business that were
expected to be realised during the reporting period based on achieving
the assumptions used to calculate the technical provisions. Examples of
this include expected release of risk margins, net management fees, and
earnings on deposits.
20.6.16 Life insurers may be expected to disclose the impact of new business.
This represents the point-of-sale impact on net income of writing new
business during the reporting period. This is the difference between the
premium received and the sum of the expenses incurred as a result of
the sale and the new technical provisions established at the point of sale.
This item is also affected by any methodology used to defer and amortise
acquisition expenses.
20.6.17 It may be useful if life insurers disclose experience gains and losses. This
represents gains and losses that are due to differences between the
actual experience during the reporting period and the technical provisions
at the start of the year, based on the assumptions at that date.
20.6.18 Life insurers may be expected to disclose the impact on earnings of
management actions and changes in assumptions.
20.6.19 An example source of earnings analysis for a life insurer is provided in
Table 20.3 below.
Table 20.3: Example: Source of Earnings

Segment A Segment B Total
Current Previous Current Previous Current Previous
Year Year Year Year Year Year
Expected earnings
on in-force business
Impact of new
business
Experienced gains
and losses:
Investment
Mortality
Expenses
Other
Management
actions:
Changes in
assumptions
Public
Earnings on
surplus
Other
Income taxes
= Net income
Investment performance
20.6.20 Investment performance is one of the key determinants of an insurer’s

profitability. In addition, for many life insurance policies, returns that
policyholders receive may be either directly or indirectly influenced by the
performance of an insurer’s investments. Disclosure of investment
performance is therefore essential to market participants.
20.6.21 It may be expected that disclosure of investment performance is made on
appropriate subsets of an insurer’s assets (for example, assets belonging
to the insurer’s life insurance business, assets belonging to statutory or
notionally segregated portfolios, assets backing a group of investment-
linked contracts, assets grouped as the same asset class).
20.6.22 For investment performance disclosure related to equity securities, debt
securities, properties and loans, an insurer may disclose a breakdown of
income (e.g. dividend receipts, interest income, rental income), realised
gains/losses, unrealised gains/losses, impairments including changes in
loan loss provisions and investment expenses.
20.6.23 It may be appropriate if an insurer separately discloses the impact of
amortisation and impairment of intangible assets on financial
performance.
detailed quantitative and qualitative information on all reasonably foreseeable
and relevant material insurance risk exposures and their management. This
disclosure must include information on its objectives and policies, models and
techniques for managing insurance risks (including underwriting processes). At
a minimum, disclosures must include:
• information about the nature, scale and complexity of risks arising from
insurance contracts;
• how the insurer uses reinsurance or other forms of risk transfer;
• an understanding of the interaction between capital adequacy and risk;
and
• a description of risk concentrations.
20.7.1 This disclosure may include a description of the insurer’s appetite for
insurance risks and its policies for identifying, measuring, monitoring and
controlling insurance risks. Such disclosure should be consistent with
how the risks are being managed, including information on the models
and techniques used.
Public
20.7.2 It may be useful if insurers provide information on their reinsurers, the
adequacy of their reinsurance cover, how reinsurance is obtained and on
the credit risk of the reinsurance cover.
20.7.3 The reason for requiring information about how an insurer uses
reinsurance and other forms of risk transfer is to enable market
participants to understand how it controls its exposure to insurance risks.
20.7.4 Since reinsurance programs are often very complex and highly individual,
quantitative data may be supplemented by qualitative information. A
description of the insurer’s overall reinsurance cover may be disclosed
explaining the net risk retained and the types of reinsurance
arrangements made (treaty, facultative, proportional or non-proportional)
as well as any risk mitigating devices that reduce the risks arising out of
the reinsurance cover. It may be appropriate that the reinsurance result –
the cost of reinsurance less recovery from reinsurance of incurred claims
– is disclosed. The cost of reinsurance includes reinsurance premiums as
well as foregone investment return from these reinsurance premiums.
20.7.5 It may be beneficial if the insurer discloses the total amount of
reinsurance assets included in the balance sheet, showing separately the
reinsurers’ share of technical provisions and receivables from reinsurers
on settled claims. Further quantitative information on reinsurance may be
given including:
• the credit quality of the reinsurers, for example, by grouping
reinsurance assets by credit rating
• credit risk concentration of reinsurance assets
• the proportion of the reinsurers that are supervised
• the nature and amount of collateral held against reinsurance
assets
• the development of reinsurance assets over time
• the ageing of receivables from reinsurers on settled claims.
20.7.6 It may be useful if the insurer discloses the impact and planned action
when the expected level or scope of cover from a reinsurance/risk
transfer contract is not obtained.
20.7.7 Disclosure of risk concentrations includes the significance of those
concentrations and a description of the extent to which the risk is reduced
by reinsurance and other risk mitigating elements.
20.7.8 It would be advantageous if the description of the insurer's risk
concentrations includes, as a minimum, information on the geographical
concentration of insurance risk, the economic sectoral concentration of
insurance risk, and if relevant, the risk concentration inherent in the
reinsurance cover.
20.7.9 It may be appropriate if, as a minimum, the geographical concentration of
premiums is disclosed. The geographical concentration may be based on
where the insured risk is located, rather than where the business is
written.
Public
20.7.10 It would be helpful if insurers disclose information on the risk
concentration inherent in the reinsurance cover. It is suggested that as a
minimum, insurers disclose the number of reinsurers that it engages, as
well as the highest concentration ratios. For example, it would be
appropriate for insurers to disclose their highest premium concentration
ratios, which shows the premiums ceded to an insurer’s largest reinsurers
in aggregate, as a ratio of the total reinsurance premium ceded.
20.7.11 It may useful if insurers consider which other concentrations, in addition
to those mentioned above, need also to be disclosed.
20.7.12 It may be useful if insurers include information on the use of derivatives
to hedge risks. This information could include a summary of internal
policies on the use of derivatives.
20.7.13 Where a group (as defined for any of the purposes set out in Guidance
20.0.15) includes insurers and entities in other businesses, disclosures
about risks could include the risk exposure of the insurers to those other
entities and procedures in place to mitigate those risks.
20.7.14 It is suggested that an insurer discloses whether or not it carries out stress
tests or sensitivity analysis on its investment risk exposures, and, if so, it
discloses the process and types of assumptions used and the manner in
which the results are used as part of its investment risk management
practices.
20.8 Disclosure includes appropriately detailed information about the company
profile, including the nature of its business, a general description of its key
products, the external environment in which it operates and information on the
insurer’s objectives and the strategies in place to achieve them.
20.8.1 Often the disclosures provided in the company profile section will
describe the intrinsic nature of the business and the external environment
in which the insurer operates. The purpose of this section is to assist
market participants in assessing the strategies adopted by the business.
It is the responsibility of the insurer to decide how best to structure and
present the information.
20.8.2 Disclosure at an excessive level of detail may overwhelm market
participants and incur unnecessary costs for the insurer. It is also
expected that the insurer should avoid generic disclosure. The overall aim
of the disclosures is to provide a contextual framework to the quantitative
information made public.
20.8.3 It is suggested that the insurer discloses information about its corporate
structure focusing on material aspects both in terms of the legal entities
within the corporate structure and the business functions undertaken
within the group. The disclosures may include any material changes that
have taken place during the year. Information on and changes in the
management, structure and organisation of its key functions including
investment, risk management, underwriting and claims could be
disclosed. In the event of differences in the composition of a group for
supervisory purposes and for public reporting purposes (as outlined in
Guidance 20.3.4), it is suggested that a description of the entities
constituting those differences is provided.
Public
20.8.4 It would be appropriate if the insurer also discloses the main trends and
factors that have contributed positively or negatively to the development,
performance and position of the firm.
20.8.5 It may be useful that the insurer discloses its competitive position and its
business models (such as its approach to dealing and settling claims,
acquiring new business, etc) as well as significant features of regulatory
and legal issues affecting the business.
20.8.6 The insurer may disclose its financial and non-financial objectives, along
with the time frames and the strategies for achieving them. This
disclosure will enable market participants to assess these objectives and
the insurer's ability to achieve them. It may be appropriate if the insurer
also explains significant changes in strategy compared to prior years.
Disclosures include information about the general strategy and
objectives, performance management, business rationale and underlying
risks, the approach to risk tolerance and methods used to reduce and/or
mitigate risks.
20.8.7 It may be useful if the insurer discloses the range of risks it faces,
including the key external and internal risks and opportunities that may
affect its ability to achieve its objectives. It may also be useful if the insurer
also discloses the impact of such risks and how the entity is planning to
manage them.
20.8.8 Suitable disclosure may include a description of the key resources and
the risks that could have an impact on the insurer’s objectives. Key
resources include both the financial and non-financial resources
available. For non-financial resources the insurer may, for example,
provide information about its human and intellectual capital, processes,
systems and reputation.
20.8.9 Disclosures could include a quantitative analysis of the insurer’s
sensitivity to changes in key factors taking into account, the effect of
derivatives and other forms of risk mitigation on that sensitivity (see Table
20.4 for an example of the type of sensitivity analysis that could be
disclosed).
20.8.10 It may be appropriate if life insurers disclose sensitivity analysis to the
changes in mortality and disability assumptions.
Public
Table 20.4: Example: Sensitivity Analysis of Technical Provisions by Major
Assumption
Segment A Segment B Total
Current Previous Current Previous Current Previous
Year Year Year Year Year Year
Interest Rates:
Expected Income
Actual Income
Ratio A/E
Effect of 1% Decrease
in Yield Curve
Mortality Rates:
Expected Claims
Actual Claims
Ratio A/E
Effect of 1% increase
in mortality rates
Admin Expenses:
Expected expenses
Actual expense
Ratio A/E
Effect of 1 % increase
in expenses
Surrenders:
Expected surrenders
Actual surrenders
Ration A/E
Effect of 10 %
increase in surrenders
Public
Effect of 10%
decrease in
surrenders
Etc
20.9 Disclosures include the key features of the insurer’s corporate governance
framework and management controls including how these are implemented.
20.9.1 Where a key business function of an insurer is outsourced in part or in
whole to external parties (including outsourcing to related entities within
the insurance group or financial conglomerate), it may be appropriate if
the insurer describes its outsourcing policy and how it maintains control,
ownership and oversight over the outsourced function.
20.9.2 An insurer’s disclosures may appropriately include the manner in which
key business functions are organised within its organisation structure, the
mechanism used by the Board to oversee the functions, changes to key
personnel and other management infrastructure. Such a discussion also
demonstrates how the key business functions fit into an insurer’s overall
risk management framework.
20.10 Subject to the nature, scale and complexity of an insurer, supervisors require
insurers to produce, at least annually, audited financial statements and make
them available to market participants.
20.10.1 As part of considering the nature, scale and complexity of an insurer for
the purposes of this standard, where audited financial statements are not
available (for example some small mutual insurers in some jurisdictions),
it may be appropriate if supervisors ensure that similar information is
publicly available by other means.
Public
ICP 21 Countering Fraud in Insurance
The supervisor requires that insurers and intermediaries take effective measures to
deter, prevent, detect, report and remedy fraud in insurance.
21.0.1 Fraud in insurance (including reinsurance) is a deceptive act or omission

intended to gain advantage for a party committing the fraud (the fraudster)
or for other parties. Most jurisdictions have legal provisions against fraud
in insurance. In many jurisdictions, instances of fraud are criminal acts.
21.0.2 Fraud in insurance can take many forms and be perpetrated by any party
involved in insurance, including insurers, insurers’ managers and staff,
intermediaries, accountants, auditors, consultants, claims adjusters, third
party claimants and policyholders.
21.0.3 Fraud poses a serious risk to all financial sectors; fraud in insurance
results in reputational as well as financial damage and social and
economic costs. In the insurance sector, both insurers and policyholders
bear the costs. Losses caused by fraudulent activities affect insurers’
profits and potentially their financial soundness. To compensate, insurers
raise premiums and this results in higher costs for policyholders. Fraud
may also result in the policyholder discovering that they are not insured
for risks they believed were covered, which can have a material impact
on both customers and businesses. For these reasons, fraud may reduce
consumer and shareholder confidence. It can affect the reputation of
individual insurers, insurance groups, the insurance sector and,
potentially, economic stability more broadly.
21.0.4 Countering fraud is in principle the concern of the individual insurers and
intermediaries. Insurers and intermediaries need to understand and take
steps to minimise their vulnerability to fraud.
21.0.5 Responsibility for ensuring that insurers and intermediaries have
adequate fraud risk management ultimately lies with the Board and
Senior Management of the insurer or intermediary.
21.0.6 The supervisor is one of the competent authorities that has an important
role to play in countering fraud in insurance in its jurisdiction. There may
be jurisdictions where several authorities have a responsibility for
deterring, preventing, detecting, reporting and remedying fraud in
insurance.
21.0.7 Fraud in insurance is an issue for supervisors if the risk of fraud is not
addressed adequately. Therefore, supervisors should pay appropriate
attention as to whether insurers and intermediaries have adequate and
effective policies, procedures and controls in place to deter, prevent,
detect, report and remedy fraud.
21.0.8 The increasing integration of financial markets and the growing number
of internationally active insurers and intermediaries make fraud and its
potential global implications an important issue to address at the
Public
international level. Therefore, it is important that supervisors
communicate with one another in addressing fraud across jurisdictions.
21.0.9 The supervisor should consider the application of these standards,
particularly for intermediaries, taking into account that there are various
business models ranging from sole traders to large enterprises.
21.0.10 The IAIS Application paper on deterring, preventing, detecting, reporting
and remedying fraud in insurance includes guidance on how insurers and
intermediaries can deter, prevent, detect, report and remedy fraud
effectively.
21.1 Fraud in insurance is addressed by legislation which prescribes adequate
sanctions for committing such fraud and for prejudicing an investigation into
fraud.
21.1.1 Legislation should contain offences and sanctions for committing fraud
and for prejudicing an investigation into fraud. It should also provide the
ability:
• to obtain documents and information, together with statements
made by relevant individuals, for intelligence and investigation
purposes, for disclosure to appropriate authorities;
• to restrain assets which represent, or are believed to represent,
the proceeds of fraud; and
• to confiscate assets which are, or are believed to be, the
proceeds of fraud.
21.1.2 It may be helpful for anti-fraud legislation to provide appropriate civil and
criminal immunity for fraud reporting in good faith, including where no
fraud was subsequently found to have occurred.
21.2 The supervisor has a thorough and comprehensive understanding of the types
of fraud risk to which insurers and intermediaries are exposed. The supervisor
regularly assesses the potential fraud risks to the insurance sector and requires
insurers and intermediaries to take effective measures to address those risks.
21.2.1 The supervisor should identify the main vulnerabilities in its jurisdiction,
taking into account independent risk assessments where relevant, and
address them accordingly. These are not static assessments. They will
change over time, depending on how circumstances develop, and how
threats evolve.
21.2.2 The supervisor should have a thorough and comprehensive
understanding of:
• the activities undertaken and products and services offered by
insurers and intermediaries; and
• internal, policyholder, claims and intermediary fraud.
21.2.3 The supervisor should consider the potential fraud risks alongside other
risk assessments (including governance and market conduct) arising
from its wider duties and be aware of the relevance of fraud to the duties
it carries out in respect of other ICPs and standards.
Public
21.3 The supervisor has an effective supervisory framework to monitor and enforce
compliance by insurers and intermediaries with the requirements to counter
fraud in insurance.
21.3.1 The supervisor should issue anti-fraud requirements by way of
regulations, instructions or other documents or mechanisms that set out
enforceable requirements with sanctions for non-compliance with the
requirements.
21.3.2 The supervisor should issue guidance to insurers and intermediaries that
will assist them to counter fraud effectively and to meet the requirements
set by the supervisor.
21.3.3 The supervisor should have sufficient financial, human and technical
resources to counter fraud, including the resources needed to be able to
issue and enforce sanctions in relation to complex cases where insurers
or intermediaries oppose such sanctions.
21.3.4 The staff of the supervisor engaging in anti-fraud activity should be
appropriately skilled and provided with adequate and relevant training on
countering fraud. Examples of issues to be covered under adequate and
relevant training for the staff of the supervisor include fraud legislation
(including offences), fraud typologies, techniques to be used by
supervisors to ensure that insurers and intermediaries are complying with
their obligations, and the issue and enforcement of sanctions. Similarly,
insurers and intermediaries should provide relevant training on anti-fraud
measures to Board Members, Senior Management and other staff as
appropriate.
21.3.5 The supervisor should take account of the risk of fraud at each stage of
the supervisory process, where relevant, including the licensing stage.
21.3.6 The supervisor should assess whether insurers and intermediaries have
adequate fraud risk management systems in place which are reviewed
regularly. Insurers and intermediaries should be able to demonstrate to
the supervisor that they have effective management of their fraud risk and
possible risks to their solvency or continuity caused by fraud. At a
minimum the supervisor should assess whether insurers and
intermediaries:
• have effective policies, procedures and controls in place to
deter, prevent, detect, report and remedy fraud;
• have an independent internal audit function and periodically
carry out fraud-sensitive audits; and
• have allocated appropriate resources to deter, prevent, detect,
record and, as required, promptly report fraud to the relevant
authorities.
21.3.7 The supervisor should use both off-site monitoring and on-site
inspections to:
• evaluate the effectiveness of the internal control system of
insurers and intermediaries to manage fraud risks; and
Public
• recommend or require appropriate remedial action where the
internal control system is weak and monitor the implementation
of such remedial actions.
21.3.8 As particular fraud risks arise from claims, the supervisor should cover
claims management processes in its supervision. This may include
reviewing and assessing claims data, the quality of client acceptances,
and claims handling processes. Regarding the risks of fraud occurring in
the underwriting process, the supervisor should review relevant
processes and controls, in particular those concerned with verification of
customer information.
21.3.9 The supervisor should have the power to take appropriate corrective and
remedial action where insurers and intermediaries do not implement anti-
fraud requirements effectively or in cases of fraud committed by the
insurer or intermediary. Depending on the severity of the situation and
level of supervisory powers, this could include letters to management,
directions, fines, the suspension of business, the appointment of
alternative management and redress to customers.
21.3.10 Where a supervisor identifies suspected criminal activities in an insurer
or intermediary it should ensure that relevant information is provided to
the financial intelligence unit (FIU) and appropriate law enforcement
agency and any other relevant supervisors.
21.4 The supervisor regularly reviews the effectiveness of the measures insurers and
intermediaries and the supervisor itself are taking to deter, prevent, detect,
report and remedy fraud. The supervisor takes any necessary action to improve
effectiveness.
21.4.1 The review of effectiveness should take risk into account and assess
whether established regulations and supervisory practices are being
enforced.
21.4.2 This review could cover aspects such as:
• the risks of fraud in the insurance sector and whether these are
adequately addressed by the risk-based approach of the
supervisor
• the adequacy of the supervisor’s resources and training
• whether the number and content of on-site inspections relating
to anti-fraud measures are adequate
• whether off-site supervision of anti-fraud measures is adequate
• the findings of on-site inspections, including the effectiveness of
training and implementation by insurers and intermediaries of
anti-fraud measures
• action taken by the supervisor against insurers and
intermediaries
• input from other authorities with anti-fraud responsibilities, such
as information on fraud prosecutions and convictions
• the number and nature of requests for information from other
authorities concerning anti-fraud matters, and
Public
• the adequacy of the requirements, guidance and other
information provided by the supervisor to the sector which may
vary on the basis of the business undertaken.
Such reviews should enable the supervisor to identify any necessary
actions which need to be taken to improve effectiveness.
21.4.3 The supervisor should consider contributing to or promoting anti-fraud
initiatives such as:
• working with relevant industry and trade associations to
encourage and maintain an industry-wide approach to deterring,
preventing, detecting, reporting and remedying fraud
• the establishment of anti-fraud committees consisting of
industry or trade organisations, law enforcement agencies,
other supervisors, other authorities and possibly consumer
organisations as a platform to address fraud in insurance – for
example, by discussing trends, risks, policy issues, profiles and
modus operandi
• the establishment of a fraud database on suspected and/or
confirmed fraud attempts; insurers could be requested or
required to submit information and statistics with respect to
these attempts
• the exchange of information between insurers and
intermediaries on fraud and fraudsters including, as appropriate,
through the use of databases to the extent permitted by local
legislation
• the enhancement of consumer/policyholder awareness on
insurance fraud and its effects through effective education and
media campaigns
• cooperation between organisations involved with combating
fraud in the insurance sector, such as organisations for
accountants, forensic auditors and claims adjustors.
21.4.4 Whenever a supervisor is informed of substantiated suspicious fraudulent
activities which might affect insurers, intermediaries or the insurance
industry as a whole, it should consider whether to convey warning
information to insurers and intermediaries to the extent permitted by local
legislation.
21.4.5 The supervisor should maintain records on the number of on-site
inspections relating to the combating of fraud measures and on sanctions
it has issued to insurers and intermediaries with regard to inadequate
anti-fraud measures.
21.5 The supervisor has effective mechanisms in place, which enable it to cooperate,
coordinate and exchange information with other competent authorities, such as
law enforcement authorities, as well as other supervisors concerning the
development and implementation of policies and activities to deter, prevent,
detect, report and remedy fraud in insurance.
21.5.1 Mechanisms of cooperation and coordination should normally address:
Public
• operational cooperation and, where appropriate, coordination
between supervisors and other anti-fraud competent authorities;
and
• policy cooperation and, where appropriate, coordination across
all relevant anti-fraud competent authorities.
21.5.2 Where the supervisor identifies suspected fraud in insurers or
intermediaries it should ensure that relevant information is provided to the
FIU and appropriate law enforcement agency and any other relevant
supervisors.
21.5.3 The supervisor should take all necessary steps to cooperate and
exchange information with other relevant authorities. There should be
contact by the supervisor with the FIU and appropriate law enforcement
agency to ascertain any concerns it has and any concerns expressed by
insurers and intermediaries and to obtain feedback on trends in reported
cases.
21.5.4 The supervisor should consider appointing within its office a contact for
anti-fraud issues and for liaising with other competent authorities to
promote an efficient exchange of information.
21.5.5 The supervisor should maintain records on the number and nature of
formal requests for assistance made by or received from supervisors or
law enforcement agencies concerning fraud or potential fraud, including
whether the request was granted or refused.
Public
ICP 22 Anti-Money Laundering and Combating the Financing of Terrorism 79
The supervisor requires insurers and intermediaries to take effective measures to
combat money laundering and the financing of terrorism. In addition, the supervisor
takes effective measures to combat money laundering and the financing of terrorism.
22.0.1 Money laundering is the processing of criminal proceeds to disguise their

illegal origin. Terrorist financing is the wilful provision or collection of funds
by any means, directly or indirectly, with the unlawful intention that they
should be used, or in the knowledge that they are to be used, in full or in
part:
• to carry out a terrorist act(s);
• by a terrorist organisation; or
• by an individual terrorist.
The insurance sector and other financial services sectors are potentially
at risk of being misused, knowingly or unknowingly, for money laundering
(ML) and the financing of terrorism (FT). This exposes them to legal,
operational and reputational risks.
22.0.2 This ICP and related standards and guidance on anti-money laundering
(AML) and combating the financing of terrorism (CFT) apply at a minimum
to the supervision of those insurers and intermediaries underwriting or
placing life insurance and other investment-related insurance.
22.0.3 The supervisor should have a risk-based approach towards the measures
that it takes as well as towards those required of insurers and
intermediaries.
22.0.4 The supervisor should, on the basis of an analysis of the risk of ML/FT,
consider whether or not and to what extent this ICP and related standards
and guidance should apply to the non-life sector.
22.0.5 The IAIS Application Paper on combating money laundering and terrorist
financing 80 provides instructive information on what the Financial Action
Task Force (FATF) requires by way of law and enforceable means, and
provides information on how insurers and insurance intermediaries can
meet the FATF’s AML/CFT requirements.
The FATF Recommendations and the IAIS approach
79 ICP 22 Anti-Money Laundering and Combating the Financing of Terrorism was revised in 2013. The
new ICP 22 was adopted at the IAIS General Meeting on 19 October 2013.
80 This Application Paper is intended to provide specific information for insurance supervisors and the
insurance sector in tailoring AML/CFT standards to the specific practices and features of the insurance
sector. The ICP and the Application Paper do not replace the FATF’s requirements.
Public
22.0.6 The FATF is an inter-governmental body, established to set international
standards for AML/CFT. The FATF has developed recommendations on
AML/CFT (collectively referred to here as “FATF Recommendations”),
some of which are applicable to the insurance sector.
22.0.7 The FATF Recommendations apply at a minimum to the underwriting and
placement of life insurance and other investment-related insurance. In
addition, where the non-life sector, or part of that sector, is assessed by
a jurisdiction as posing a ML/FT risk the FATF standards require that the
jurisdiction considers applying the FATF standards to that sector.
22.0.8 The FATF requires jurisdictions to designate a competent authority or
authorities to have responsibility for ensuring that financial institutions
(including insurers and intermediaries) adequately comply with the FATF
Recommendations to combat ML/FT. The AML/CFT competent authority
is often designated by a jurisdiction’s legislation. There may be
jurisdictions where several authorities have AML/CFT responsibilities for
the insurance sector.
22.0.9 Insurance supervisors are not always designated as the competent
authority for AML/CFT in their jurisdiction. Other competent authorities
could include law enforcement agencies, and a financial intelligence unit
(FIU) which serves as a national centre for receiving and analysing
information (such as suspicious transaction reports) and disseminating
information regarding potential ML/FT. However, while the insurance
supervisor may not be the designated competent authority, this does not
absolve it from understanding the risk of ML/FT to the insurance sector and
taking steps to help combat ML/FT.
22.0.10 Therefore the standards and guidance related to this principle are divided
into two parts. Part A applies where the insurance supervisor is a
designated AML/CFT competent authority or acts on behalf of a
designated competent authority. Part B applies where the insurance
supervisor is not a designated AML/CFT competent authority for the
insurance sector. To demonstrate observance of this ICP the supervisor
must meet the requirements of the standards in either part A or part B
according to the circumstances of the jurisdiction.
Part A: Where the insurance supervisor is a designated AML/CFT competent authority
22.1 The supervisor has a thorough and comprehensive understanding of the ML/FT
risks to which insurers and intermediaries are exposed, and uses available
information to assess the ML/FT risks to the insurance sector in its jurisdiction
on a regular basis.
Understanding ML/FT risks
22.1.1 The supervisor should have a thorough and comprehensive

understanding of the ML/FT risks to which insurers and intermediaries
are exposed arising from the activities undertaken and products and
services offered by insurers and intermediaries. 81
81The Financial Action Task Force has published a paper: Risk-Based Approach: Guidance for the Life
Insurance Sector (October 2009). The IAIS expects this paper to be revised after 2013.
Public
22.1.2 The following features may increase the ML/FT risk profile of an
insurance product/service:
• acceptance of payments or receipts from third parties
• acceptance of very high value or unlimited value payments or
large volumes of lower value payments
• acceptance of payments made in cash, money orders or cashier
cheques
• acceptance of frequent payments outside a normal premium
policy or payment schedule
• allowance of withdrawals at any time with limited charges or fees
• acceptance to be used as collateral for a loan and/or written in
a discretionary or other increased risk trust
• products with features that allow loans to be taken against the
policy (particularly if frequent loans can be taken and/or repaid
with cash)
• products that allow for high cash values
• products that accept high amount lump sum payments, coupled
with liquidity features
• products with cooling off provisions 82 where the request is made
to send the refunded monies to an unrelated third party, a
foreign financial institution, or to an entity located in a high risk
jurisdiction
• products that allow for assignment without the insurer being
aware that the beneficiary of the contract has been changed
until such time as a claim is made
• the extent and nature of cross-border activity.
It should be noted that some of the above features can be expected over
the course of a long-term insurance contract and are not necessarily
inherently suspicious.
22.1.3 Examples of how ML/FT can occur in insurance are provided in the IAIS
Application Paper on combating money laundering and terrorist financing.
Assessing ML/FT risks
22.1.4 The supervisor should use available information to assess the main
ML/FT risks83 to the insurance sector in their jurisdiction and address
them accordingly. Such risk assessments may provide for
recommendations on the allocation of responsibilities and resources at
the jurisdictional level based on a comprehensive and up-to-date
understanding of the risks. These are not static assessments. They will
change over time, depending on how circumstances develop, and how
82 Provisions that allow a policy to be cancelled within a stipulated timeframe and the premiums paid to
be refunded (in some jurisdictions these are known as “free look”).

83 For the purposes of this ICP ‘risk’ encompasses the concepts of vulnerabilities and threats.
Public
risks evolve. For this reason risk assessments should be undertaken on
a regular basis and kept up to date.
22.1.5 The supervisor should consider the potential ML/FT risks alongside other
risk assessments (including governance and market conduct) arising
from its wider duties and be aware of the relevance of ML/FT to the duties
it carries out in respect of other ICPs and standards.
22.1.6 When a jurisdiction-wide risk assessment has been conducted, the
supervisor should have access to it and take account of it. The supervisor
should participate in such an assessment to inform the assessment and
also to improve its understanding of the risks. 84
22.2 The supervisor:

• issues to insurers and intermediaries enforceable rules on AML/CFT
obligations consistent with the FATF Recommendations, for matters
which are not in law;
• establishes guidance that will assist insurers and intermediaries to
implement and comply with their respective AML/CFT requirements; and
• provides insurers and intermediaries with adequate and appropriate
feedback to promote AML/CFT compliance.
22.2.1 Whilst the FATF requires the basic obligations of customer due diligence,
record keeping and the reporting of suspicion to be set in law, the more
detailed elements for technical compliance may be set in law or
enforceable means. 85 For the purpose of this standard these “enforceable
means” are described as “enforceable rules”.
22.2.2 Enforceable rules are a document or mechanism that sets out
enforceable AML/CFT requirements in mandatory language with
sanctions for non-compliance and which are issued or approved by the
supervisor.
22.2.3 The supervisor should require insurers and intermediaries to take
appropriate steps to identify, assess and understand their ML/FT risks
(for customers, jurisdictions, countries or geographic areas; and
products, services, transactions or delivery channels). The supervisor
should also require insurers and intermediaries to manage and mitigate
the ML/FT risks that have been identified.
22.2.4 The supervisor should promote a clear understanding by insurers and
intermediaries of their AML/CFT obligations and ML/FT risks. Examples
of ways to achieve this are to engage with insurers and intermediaries
and to provide information on supervision. This might include the
supervisor providing guidance which gives assistance on issues covered
84 In February 2013 the FATF published guidance on National Money Laundering and Terrorist
Financing Risk Assessment.

85
The FATF’s Methodology for assessing compliance with the FATF Recommendations and the effectiveness of AML/CFT
systems refers to “law”, which is any legislation issued or approved through a Parliamentary process or other equivalent means
provided for under the country’s constitutional framework, which imposes mandatory requirements with sanctions for non-
compliance; and “enforceable means”, which are regulations, guidelines, instructions or other documents or mechanisms that set
out enforceable requirements in mandatory language with sanctions for non-compliance.
Public
under the relevant FATF Recommendations, including, as a minimum,
possible techniques and methods to combat ML/FT and any additional
measures that insurers and intermediaries could take to ensure that their
AML/CFT measures are effective. Such guidance may not necessarily be
enforceable but will assist insurers and intermediaries to implement and
comply with AML/CFT requirements.
22.2.5 Examples of appropriate feedback mechanisms by supervisors may
include information on current ML/FT techniques, methods and trends
(typologies), sanitised examples of actual ML/FT, examples of failures or
weaknesses in AML/CFT systems by insurers and intermediaries and
lessons to be learned. It may be appropriate for the supervisor to refer to
guidance or contribute to feedback from other sources, for example
industry guidance.
22.3 The supervisor has an effective supervisory framework to monitor and enforce
compliance by insurers and intermediaries with AML/CFT requirements.
22.3.1 The supervisor should take account of the risk of ML/FT at each stage of
the supervisory process, where relevant, including the licensing stage.
22.3.2 The supervisor should have adequate financial, human and technical
resources to combat ML/FT, including resources needed to be able to
impose sanctions effectively in relation to complex cases where
supervisory action is resisted by insurers or intermediaries.
22.3.3 The supervisor should subject insurers and intermediaries to supervisory
review (off-site monitoring and/or on-site inspection) of their compliance
with the AML/CFT requirements and, on the basis of the information
arising from such monitoring and any other information acquired, assess
the ML/FT risk profile of the insurer or intermediary.
22.3.4 The frequency and intensity of supervisory review should be based on:
• the ML/FT risks and the policies, internal controls and
procedures of each insurer and intermediary, as identified by the
supervisor’s assessment of their risk profile;
• the ML/FT risks present in the jurisdiction;
• the characteristics of insurers or intermediaries, in particular
their number and diversity and the degree of discretion allowed
to them under the risk-based approach.
22.3.5 Staff of the supervisor should be appropriately skilled and provided with
adequate and relevant training for combating ML/FT, including the
necessary skills and knowledge to assess the quality and effectiveness
of firms’ AML/CFT systems and controls.
22.3.6 The supervisor should require insurers and intermediaries to undertake
AML/CFT assessments and develop risk profiles of their customers,
business relationships, distribution channels, products and services and
to put in place risk management and control measures to address
identified risks.
22.3.7 The supervisor should have the power to take appropriate corrective,
remedial and enforcement action where insurers and intermediaries do
not implement AML/CFT requirements effectively.
Public
22.3.8 The supervisor should also require insurers and intermediaries to provide
relevant training in AML/CFT to Board Members, Senior Management
and other staff as appropriate.
22.4 The supervisor regularly reviews the effectiveness of the measures that insurers
and intermediaries and the supervisor itself are taking on AML/CFT. The
supervisor takes any necessary action to improve effectiveness.
22.4.1 The review should include an assessment of the effectiveness of
implementation of AML/CFT requirements and of the supervisory
approach, including but not limited to the extent to which the supervisor’s
actions have an effect on compliance by insurers and intermediaries.
22.4.2 This review could cover aspects such as:
• the risks of ML/FT in the insurance sector and whether these
are adequately addressed by the risk-based approach of the
supervisor;
• the adequacy of the supervisor’s resources and training;
• whether the number and content of on-site inspections relating
to AML/CFT measures is adequate;
• whether AML/CFT off-site supervision is adequate;
• the findings of on-site inspections, including the effectiveness of
training and implementation by insurers and intermediaries of
AML/CFT measures;
• action taken by the supervisor against insurers and
intermediaries;
• input from other authorities on the insurance sector, such as the
number and pattern of suspicious transaction reports made by
insurers and intermediaries, and ML/FT prosecutions and
convictions in the insurance sector;
• the number and nature of requests for information from other
authorities concerning AML/CFT matters;
• the adequacy of the requirements, guidance and other
information provided by the supervisor to the sector;
• the number and type of ML/FT prosecutions and convictions in
the insurance sector.
Such reviews should enable the supervisor to identify any necessary
actions which need to be taken to improve effectiveness.
22.4.3 The supervisor should maintain records on the number of on-site
inspections relating to AML/CFT measures and on sanctions it has issued
to insurers and intermediaries with regard to inadequate AML/CFT
measures.
22.5 The supervisor has effective mechanisms in place which enable it to cooperate,
coordinate and exchange information with other domestic authorities, such as
the financial intelligence unit, as well as with supervisors in other jurisdictions
for AML/CFT purposes.
Public
22.5.1 Mechanisms of cooperation, coordination and exchange of information
should normally address:
• operational cooperation and, where appropriate, coordination
between the FIU, law enforcement agency and supervisors; and
• policy cooperation and, where appropriate, coordination across
all relevant AML/CFT competent authorities.
Effective prevention of ML/FT is enhanced by close cooperation among
supervisors, the FIU, law enforcement agencies, other competent
authorities, and insurers and intermediaries.
22.5.2 Where a supervisor identifies suspected ML/FT in insurers and
intermediaries, it should ensure that relevant information is provided to
the FIU, any appropriate law enforcement agency and other relevant
supervisors.
22.5.3 The supervisor should take all necessary steps to cooperate, coordinate
and exchange information with the other relevant authorities. There
should be contact by the supervisor with the FIU and appropriate law
enforcement agency to ascertain any concerns it has and any concerns
expressed on AML/CFT compliance by insurers and intermediaries, to
obtain feedback on trends in reported cases and to obtain information
regarding potential ML/FT risks to the insurance sector.
22.5.4 The supervisor should consider appointing within its office a contact for
AML/CFT issues and to liaise with other AML/CFT competent authorities
to promote an efficient exchange of information.
22.5.5 The exchange of information is subject to confidentiality considerations.
These are discussed in ICP 3 Information Exchange and Confidentiality
Requirements.
Part B: Where the insurance supervisor is not a designated AML/CFT competent

authority
22.6 The supervisor is aware of and has an understanding of ML/FT risks to which
insurers and intermediaries are exposed. It liaises with and seeks to obtain
information from the designated competent authority relating to AML/CFT by
insurers and insurance intermediaries.
22.6.1 Where another body is the AML/CFT designated competent authority, 86
the supervisor should consider what effect this may have on its ability to
ensure that insurers and insurance intermediaries meet supervisory
requirements.
22.6.2 The supervisor should have an understanding of the ML/FT risks to which
insurers and intermediaries are exposed arising from the activities
undertaken and products and services offered by insurers and
intermediaries.
22.6.3 The supervisor is able to make a more informed evaluation and judgment
on the soundness of insurers and intermediaries by receiving information
from the AML/CFT designated competent authority. Such information
86 Including where more than one body is designated as a competent authority for AML/CFT.
Public
may be relevant to the risk profile of the insurer or intermediary or to the
effectiveness of risk management by the insurer or intermediary. The
contents of this information may include the level of ML/FT risks to which
insurers and intermediaries are exposed, and the designated competent
authority’s views on the risk management, corporate governance and
internal control measures of supervised entities relevant to AML/CFT.
22.6.4 The AML/CFT designated competent authority may have information on
breaches of AML/CFT requirements that should be taken into
consideration by the supervisor in its supervisory activities, such as when
evaluating the Board, Senior Management and Key Persons in Control
Functions on the basis of suitability requirements including when
reviewing licence applications.
22.7 The supervisor has effective mechanisms in place which enable it to cooperate,
coordinate and exchange information with other domestic authorities, such as
the financial intelligence unit, as well as with supervisors in other jurisdictions
for AML/CFT purposes.
22.7.1 Mechanisms of cooperation, coordination and exchange of information
should normally address operational cooperation and, where appropriate,
coordination between the FIU, law enforcement agencies and other
supervisors. Effective prevention of ML/FT is enhanced by close
cooperation among supervisors, the FIU, law enforcement agencies,
other competent authorities, and insurers and intermediaries.
22.7.2 Where in the course of exercising its supervisory responsibilities the
supervisor becomes aware of information on ML/FT risks, it should
provide relevant information to the designated competent authority.
Where a supervisor identifies suspected ML/FT in insurers and
intermediaries, it should ensure that relevant information is provided to
the FIU, appropriate law enforcement agency and any other relevant
supervisors.
22.7.3 As part of its cooperation with the AML/CFT designated competent
authority, the supervisor should provide input into the effectiveness of the
AML/CFT framework. This may help the designated competent authority
in its consideration of effectiveness.
22.7.4 The exchange of information is subject to confidentiality considerations.
These are discussed in ICP 3 Information Exchange and Confidentiality
Requirements.
Public
ICP 23 Group-wide Supervision 87
The group-wide supervisor, in cooperation and coordination with other involved
supervisors, identifies the insurance group and determines the scope of group
supervision.
23.0.1 Involved supervisors should seek agreement amongst themselves on the

identification of the insurance group, including the head of the insurance
group, and the scope of group-wide supervision to ensure that gaps or
duplication in regulatory oversight between jurisdictions do not occur. If
agreement cannot be reached in a timely manner, the ultimate
responsibility for determining the identification of the insurance group and
scope of group-wide supervision rests with the group-wide supervisor.
Decisions should be undertaken on a case-by-case basis and may
include discussion with the insurance group.
23.0.2 The group-wide supervisor cooperates and coordinates with other
involved supervisors, and should be accountable for the appropriateness
of the identification of the insurance group and the determination of the
scope of group supervision. In particular, in the case of insurance groups
that operate on a cross-border basis, the group-wide supervisor should
be able to explain the appropriateness of the identification of the
insurance group and the determination of the scope of group supervision
to involved supervisors in other jurisdictions. The identification of the
insurance group and scope of group supervision should be reviewed
regularly by the group-wide supervisor, in cooperation and coordination
with other involved supervisors.
23.0.3 The group-wide supervisor should require the head of the insurance
group to provide information needed on an ongoing basis to identify the
insurance group and to determine the scope of group-wide supervision.
The head of the insurance group provides the information to the group-
wide supervisor, who disseminates it to the other involved supervisors as
needed.
23.1 The group-wide supervisor, in cooperation and coordination with other involved
supervisors, identifies all legal entities that are part of the insurance group.
23.1.1 To ascertain the identity of an insurance group, supervisors should first
identify all insurance legal entities within the corporate structure.
Supervisors should then identify all entities which have control over those
insurance legal entities in the meaning provided for in the definition in ICP
6 (Changes in Control and Portfolio Transfers). If this results in only one
identified entity, this entity is the head of the insurance group. If there is
more than one entity with control over the insurance legal entities,
supervisors should identify the head of the insurance group such as the
entity which has the greatest level of control over the insurance business.

Public
23.1.2 A practical method for determining the entities within the insurance group
is often to start with entities included in the consolidated accounts. The
head of an insurance group including an insurance-led financial
conglomerate is at least one of the following:
• an insurance legal entity
• a holding company
The identified insurance group includes the head of the insurance group
and all the legal entities controlled by the head of the insurance group.
Legal entities within a group could include:
• operating and non-operating holding companies (including
intermediate holding companies);
• other regulated entities such as banks and/or securities
companies;
• non-regulated entities; and
• special purpose entities.
In addition to considering the consolidated accounts, the supervisor
should consider other relationships such as
• common Directors;
• membership rights in a mutual or similar entity;
• involvement in the policy-making process; and
• material transactions.
The insurance group may be
• a subset/part of a bank-led or securities-led financial
conglomerate; or
• a subset of a wider group, such as a larger diversified
conglomerate with both financial and non-financial entities.
23.1.3 Examples of the types of group structures that could be captured by the
definition of insurance groups are provided in the diagrams below (Figure
23.1, 23.2, 23.3 and 23.4). These examples are for purposes of
illustration only, and are not intended to set forth all possible forms of
insurance groups.
23.1.4 The ICPs’ definition of “insurance group” may be different from the
definitions used in other contexts, such as accounting or tax purposes.
23.2 The group-wide supervisor, in cooperation and coordination with other involved
supervisors, determines the scope of group-wide supervision.
23.2.1 Involved supervisors should consult and agree on the scope of group-
wide supervision of the insurance group to ensure that there are no gaps
and no unnecessary duplication in supervision among jurisdictions.
A practical method to determine the entities to capture within the scope
of group-wide supervision is to start with entities included in the
consolidated accounts. Entities that are not included in consolidated
accounts should be included if they are relevant from the perspective of
Public
risk (non-consolidated entities also subject to supervision) or control. The
entities that may be captured within the scope of group-wide supervision
may either be incorporated or unincorporated.
23.2.2 In considering the risks to which the insurance group is exposed it is
important to take account of those risks that emanate from the wider
group within which the insurance group operates.
23.2.3 Individual entities within the insurance group may be excluded from the
scope of group-wide supervision if the risks from those entities are
negligible or group-wide supervision is impractical.
23.2.4 The exclusion or inclusion of entities within the scope of group-wide
supervision should be regularly re-assessed.
23.2.5 It should be noted that the supervisory approach to entities/activities
within the insurance group may vary depending on factors such as their
types of business, legal status and/or nature, scale and complexity of
risks. Although an insurance group as a whole should be subject to group-
wide supervision, not all quantitative and qualitative supervisory
requirements applied to an insurance legal entity should necessarily be
applied to other entities within the group, to the insurance group as a
whole, or to a sub-group collectively.
23.3 The group-wide supervisor and other involved supervisors do not narrow the
identification of the insurance group or the scope of group-wide supervision due
to lack of legal authority or supervisory power over particular legal entities.
23.3.1 In some jurisdictions, the supervisor may not be granted legal authority
or supervisory power for the direct supervision of some entities within the
identified insurance group or the scope of group-wide supervision. These
may include legal entities regulated in another sector or non-regulated
entities within the same jurisdiction.
23.3.2 Where a supervisor has no direct legal power over certain legal entities
in the scope of the group-wide supervision, the supervisor will use its
power over regulated entities and/or consult with other involved
supervisors to obtain similar supervisory outcomes.
Public
Illustrations to assist the identification of insurance groups
Figure 23.1 Insurance Group
Insurance Group
Head of the Insurance group
Insurance Legal Insurance Legal Non-regulated

Entity Entity Subsidiary
Public
Figure 23.2 Financial Conglomerate
Public
Figure 23.3 Insurance-led Financial Conglomerate
Insurance-led Financial Conglomerate
Head of the Financial Conglomerate,
Head of the Insurance group
Insurance Legal Non-regulated

Entity Subsidiary
Banking Group Securities Group
Banking Holding Company Securities Holding Company
Banking Legal Non-regulated Securities Legal Non-regulated

Entity subsidiary Entity Subsidiary
Public
Figure 23.4 Wider group
Public
ICP 24 Macroprudential Surveillance and Insurance Supervision
The supervisor identifies, monitors and analyses market and financial
developments and other environmental factors that may impact insurers and
insurance markets and uses this information in the supervision of individual
insurers. Such tasks should, where appropriate, utilise information from, and
insights gained by, other national authorities.
24.1 The supervisor identifies underlying trends within the insurance sector by
collecting data on, but not limited to, profitability, capital position, liabilities,
assets and underwriting, to the extent that it has information available at the
level of legal entities and groups. The supervisor also develops and applies
appropriate tools that take into account the nature, scale and complexity of
insurers, as well as non-core activities of insurance groups, to limit significant
systemic risk.
24.1.1 The supervisor should identify macroeconomic factors such as, but not
limited to, level of interest rates, financial market indices, inflation,
interconnectedness with other financial market participants, catastrophes
and pandemics that may impact insurers and insurance markets. The
supervisor should have processes in place to conduct regular market
analyses. This enables the supervisor to be aware of material changes in
market conditions that may impact individual insurers, the whole
insurance sector, and other financial sectors.
24.2 The supervisor, in performing market analysis, considers not only past
developments and the present situation, but also trends, potential risks and
plausible unfavourable future scenarios with the objective and capacity to take
action at an early stage, if required.
24.2.1 Macroprudential surveillance is defined as a set of systems and
processes that monitors the vulnerability of the financial system with
respect to economic and financial shocks. One of the aims of
macroprudential surveillance and regulation is to:
• Identify systemic risk (including shocks, interconnectedness and
feedback effects);
• Reduce the likelihood of systemic risk; and
• Mitigate spillover effects within the financial system and into the
real economy.
24.2.2 The supervisor should design macroprudential surveillance approaches
from a multi-disciplinary and cross-sectoral perspective to identify trends
and developments that might negatively impact the risk profile of insurers.
It should consult and coordinate with all relevant stakeholders, including
public and private sector organisations.
24.2.3 The supervisor should identify the key sources of market and industry
information, have a regular communication strategy in place with respect
to those sources and take into account all relevant factors when
assessing that information. The supervisor should ensure that it has an
appropriate internal focus on regularly reviewing macroprudential
Public
surveillance issues and, where appropriate, initiates senior level
communication with insurers on these issues.
24.3 The supervisor performs both quantitative and qualitative analysis and makes
use of both public and other sources of information, including horizontal
reviews of insurers and relevant data aggregation.
24.3.1 A horizontal review is one that is performed across many insurers around
a common subject with the goal of revealing the range of practice among
the insurers. There are two objectives of such horizontal analysis. First,
an insurer-by-insurer review should provide a relative ranking to
determine which insurers are outliers, whether to bring those insurers
back in line with their peers, and, if so, what areas need to be addressed.
The second and less often used objective is to determine whether the
industry practice as a whole is strong enough to address the risks
embedded in the activity.
24.3.2 To make horizontal reviews effective, the following parameters need to
be taken into account:
• Where peer groups are utilised, the choice of the peer group can
have an impact on the quality of the outcome of the review. The
supervisors should carefully consider the criteria for inclusion in
the peer group.
• The sequential execution of reviews over a long period of time
reduces the effectiveness of horizontal, or peer, comparison.
Reviews should be performed within as short a period of time as
practical.
• When reviewing internationally active insurance groups, the
group-wide supervisor should seek out a global perspective.
This global perspective can come from a peer authority or a third
party (including international financial institutions such as, but
not limited to, the IAIS, IMF and World Bank) which might have
a broader perspective on the state of global practice.
• The supervisor should have an established communication
strategy in place for horizontal reviews, which addresses the
need for assessments to go to the insurer’s Board and to Senior
Management. Where appropriate, some higher level
aggregated peer group information may be provided to insurers,
who may or may not have participated in the review, so that they
can gain from the lessons learned.
• The results of horizontal reviews performed within a single
jurisdiction can be beneficial to the global supervisory
community as a whole, especially as it may relate to systemic
risk to the insurance sector. The supervisor may also consider
suitable forums for the communication of information that is not
necessarily insurance or firm specific.
• Horizontal reviews need not always be sizeable undertakings.
Simple horizontal outlier analysis on readily available insurer
reports can often provide helpful supervisory insight. Simple
analysis of some of these reports, including trends and peer
Public
comparisons, can help the supervisor to identify areas of
potential risk and help it to better target future work.
24.3.3 The supervisor should evaluate its data needs and data processing
capabilities in order to determine whether it is able to accommodate
additional requirements arising from the supervision of more complex
insurers, such as internationally active insurance groups. Deficiencies in:
• the type of data collected;
• the supervisor’s ability to process the data in a timely and
complete way; or
• its ability to collect ad-hoc data in a timely manner
should be addressed as soon as possible.
24.4 The supervisor uses market-wide data to analyse and monitor the actual or
potential impact on the financial stability of insurance markets in general and of
insurers in particular and takes appropriate action. The supervisor also makes
sufficiently detailed aggregated market data publicly available.
24.4.1 Insofar as international relationships affect the supervisor’s internal
insurance and financial markets, the analysis is not limited to domestic
markets, but includes also regional and/or global developments.
24.4.2 It is the supervisor’s responsibility to ensure access to sufficiently detailed
aggregated market data either by publishing data itself or by providing
others with adequate means for publishing required data. This could be
achieved by engaging a government statistical office or cooperating with
the local insurance sector, provided the supervisor is satisfied with
content, frequency and timeliness of such data publication.
24.5 The supervisor assesses the extent to which macro-economic vulnerabilities
and financial market risks impinge on prudential safeguards or the financial
stability of the insurance sector.
24.5.1 Supervisors should monitor insurers’ connections with financial markets
and the real economy in order to obtain early identification of potential or
existing build-up of risks in other sectors that could adversely impact the
insurance sector.
24.5.2 When necessary, the supervisor cooperates with other financial market
supervisors (such as banking, securities and pension supervisors, central
banks and government ministries). For additional information on
supervisory cooperation, refer to ICP 25 Supervisory Cooperation and
Coordination.
24.6 The supervisor has an established process to assess the potential systemic
importance of insurers, including policies they underwrite and instruments they
issue in traditional and non-traditional lines of business.
24.6.1 In assessing the systemic importance of insurers, the supervisor should
deploy processes with adequate depth and quality to support effective
supervision given the nature, scale and complexity of the supervised
entities and taking into account the results of market analysis and
macroprudential surveillance.
Public
24.7 If the supervisor identifies an insurer as systemically important, it develops an
appropriate supervisory response, which is commensurate with the nature and
degree of the risk.
Public
ICP 25 Supervisory Cooperation and Coordination 88
The supervisor cooperates and coordinates with other relevant supervisors and
authorities subject to confidentiality requirements.
25.1 The supervisor takes steps to put in place adequate coordination arrangements
with involved supervisors on cross-border issues on a legal entity and a group-
wide basis in order to facilitate the comprehensive oversight of these legal
entities and groups. Insurance supervisors cooperate and coordinate with
relevant supervisors from other sectors, as well as with central banks and
government ministries.
25.1.1 The main benefits of increased coordination and cooperation among
involved supervisors are:
• It facilitates all involved supervisors in holistically reviewing
international groups through regular face-to-face discussions
and other processes;
• It provides an efficient platform for information sharing across
the group and for contribution of involved supervisors to group-
wide decisions;
• Broader exposure and greater influence for involved supervisors
in examining group-wide situations than would be the case
under legal entity reviews;
• It facilitates comparison of supervisory methodologies and
assumptions across the group;
• Ability to share the application of group-wide methodologies and
assumptions among involved supervisors; and
• It facilitates the application of coordinated decisions when
appropriate.
25.1.2 There are various mechanisms for fostering cooperation, promoting
communication and information exchange and facilitating enhanced
coordination of group-wide supervision. The benefits of designating a
group-wide supervisor can be further enhanced through mechanisms
such as a memorandum of understanding (MoU) between involved
supervisors and establishment of a “supervisory college” of involved
supervisors. In fact the work of a supervisory college is usually based on
the conclusion of a MoU between all parties involved.
25.1.3 Coordination arrangements may include supervisory recognition of
involved supervisors and how their various supervisory roles interrelate
within group-wide supervision.
25.1.4 Coordination arrangements for group-wide supervision include
supervisory colleges and/or other coordination mechanisms intended to
foster cooperation, promote common understanding, communication and

Public
information exchange, and facilitate enhanced coordination for group-
wide supervision. These arrangements are organised in accordance with
the nature, scale and complexity of the group and of the risks the group
poses to supervisory objectives and are commensurate with the legal and
organisational structure and business activities of the group. They also
have due regard to the legislative frameworks applicable and authorities
of the various supervisors involved.
25.1.5 Coordination mechanisms provide added value in terms of prudential
supervision of the group. The arrangement enhances the quality of
supervision of legal entities within the group.
25.1.6 Supervisory colleges and other coordination mechanisms should be
established on the basis of common agreements of all involved
supervisors, taking into consideration the nature, scale and complexity of
the group including its legal and organisational structure and business
activities of the group and the risks the group poses to supervisory
objectives.
Memorandum of Understanding (MoU)
25.1.7 An MoU could take the form of a bilateral (between two jurisdictions) or
multilateral (between more than two jurisdictions) agreement. The scope
of an MoU could also vary, to reflect the circumstances of the particular
group and involved supervisors. An MoU may relate to the exchange of
information, based on formal request and/or in particular circumstances,
such as emergency circumstances. In order for an MoU to work
effectively, it is important that a strict confidentiality regime is ensured
among all involved jurisdictions.
25.1.8 An MoU may extend to the allocation of identified aspects of group-wide
assessment to particular involved supervisors or the allocation of all
aspects of group-wide assessment to the designated group-wide
supervisor. An MoU may indicate a level of accepted reliance by one
supervisor on the work of another supervisor (a limited form of
supervisory recognition). Such an arrangement may be an initial stage in
the negotiation of a more formal supervisory recognition arrangement, as
the level of cooperation and trust between involved supervisors grows.
(Refer to ICP 13 Reinsurance and Other Forms of Risk Transfer, and
Guidance 25.1.15 to 25.1.71 on criteria for supervisory recognition in
group-wide supervision.) In particular, an MoU may indicate a level of
accepted reliance on the part of other involved supervisors on the work
of the group-wide supervisor. Such an arrangement contributes to the
objectives of streamlined group-wide supervision and avoidance of
unwarranted supervisory duplication.
Supervisory college
25.1.9 A mechanism for coordination of activities and cooperation among

involved supervisors is through the establishment of a supervisory
college. A supervisory college could take various forms, depending on
the structure and organisation of the group, the activities of the group and
the jurisdictions involved in its supervision.
Public
25.1.10 Members of the supervisory college would comprise supervisors involved
in the supervision of insurers which are part of the group. Where relevant,
other sector supervisors could be invited.
25.1.11 Where designated, the group-wide supervisor would normally act as the
chair or key coordinator of the supervisory college. The group-wide
supervisor could be responsible for initiating a supervisory college,
inviting the involved supervisors to be members and arranging
supervisory college meetings. Members of the supervisory college could
agree on procedures for the allocation of responsibilities among the
group-wide supervisor and other involved supervisors in relation to group-
wide supervision.
25.1.12 Through regular supervisory college meetings, greater interaction and
exchange of relevant information among involved supervisors can be
facilitated. The supervisory college also provides an opportunity for
supervisors from different jurisdictions to meet and build contacts that
might not otherwise be readily available. In times of stress, when the
effectiveness of supervisory collaboration is most likely to be tested, the
contacts that have been built through participation in a supervisory
college may be of great benefit.
25.1.13 The primary purpose of a supervisory college would be to discuss
supervisory issues and exchange information that is relevant to a group.
Typically a supervisory college would focus on the following:
• Agree on the cooperation and coordination process including
the planning and setting of procedures for supervisory
cooperation during emergency situations;
• Produce an overview of the group setting out its formal and
operational structure;
• Carry out a risk analysis on a group-wide basis, identifying the
most relevant entities and the most important relationships in
the group;
• Discuss issues supervisors have found within the entities they
supervise that they believe could be systemic throughout the
group;
• Where practicable, agree on areas of supervisory work to avoid
unnecessary duplication; possible joint inspections could also
be decided;
• Agree on the information supervisors should gather from the
group and exchange with other members of the supervisory
college, including the form and the frequency with which this
happens; and
• Agree on whether the supervisory college should set out any
arrangements in respect of group-wide supervision in written
form (bilateral or multilateral agreements).
25.1.14 On request, the members of a supervisory college should communicate
to one another all relevant information which may allow or facilitate
supervision on a group-wide basis. Members of a supervisory college
Public
should also consider whether to communicate, on their own initiative,
information which appears to be essential for other involved supervisors.
The information that can be exchanged is facilitated by cooperation
agreements concluded between the involved supervisors, including for
instance whether the supervisors involved in the supervisory college have
signed the IAIS Multilateral MoU (MMoU).
Guidance on criteria for supervisory recognition in group-wide supervision
25.1.15 Guidance 25.1.15 to 25.1.71 are collectively called Guidance on criteria

for supervisory recognition in group-wide supervision and they are meant
to support ICP 25 Supervisory Cooperation and Coordination directly.
Supervisory recognition is a tool that can be used to enhance cross-
border cooperation and coordination. The guidance presents criteria that
insurance supervisors can use to assess the extent to which another
supervisory regime can be recognised and relied upon for the purpose of
group-wide supervision. Supervisory recognition could also be relevant
for the supervision of insurance legal entities.
25.1.16 In providing guidance on criteria for supervisory recognition in group-wide
supervision, it is not the intention to lessen the importance of legal entity
supervision or to replace the role of the legal entity supervisor in respect
of insurers within its jurisdiction. Nor is it the intention of this guidance to
imply that supervisory recognition is compulsory.
25.1.17 This guidance does not modify or supersede any legal or regulatory
requirements in force in, or applying to, the respective jurisdictions of
involved supervisors.
25.1.18 This guidance considers the approaches by which an insurance
supervisor could assess the extent to which to recognise another
supervisory regime and consequently, the level of reliance that could be
placed on the other supervisor. It is not the intention of this guidance to
prescribe one specific approach, as the form of recognition and the
criteria used for assessment will vary depending on its purpose.
Basis of supervisory recognition
25.1.19 A key element of assessment and recognition is that the regime being
assessed can, at a minimum, demonstrate compliance with relevant IAIS
ICPs and standards. However, this does not exclude the possibility of an
assessment of equivalence with the assessor’s own regime.
25.1.20 When establishing the recognition of another jurisdiction’s supervisory
regime, analysis should focus more on the outcomes that are achieved,
than on the process to achieve them.
25.1.21 Supervisory recognition is not designed to necessarily grant an open
passport for any insurance company from the recognised jurisdiction to
establish an operation or activity in the assessing jurisdiction. Depending
on the purpose of the recognition, and the level of reliance and
cooperation between the parties, recognition might allow certain types of
insurance activity or products, but not others, or allow a limited threshold
of activity.
Public
25.1.22 The different perspectives (and any different issues to take into account)
of home-host supervisors should be considered - a home supervisor
would be concerned with assessing whether to recognise the supervision
of host supervisors of entities within the group; while a host supervisor
would be concerned with assessing whether to recognise the supervision
of the home supervisor as group-wide supervisor.
25.1.23 Also, it should not be assumed that once recognition has been achieved
that reliance can be automatically continued without further review.
Recurring review, in respect of the jurisdiction or on an individual case
basis, may be required.
25.1.24 Again, it should not be assumed that once recognition, and even a degree
of reliance, has been achieved there can be an automatic delegation of
tasks. If supervisory recognition is achieved, the supervisor may decide
to delegate certain tasks but not its responsibilities.
25.1.25 Supervisory recognition can be achieved through unilateral, bilateral or
multilateral agreement.
• Unilateral recognition refers to a situation where a supervisor
recognises the supervision exercised by another, without
requiring that the latter recognise the supervision exercised by
the former.
• Bilateral recognition refers to a situation where two supervisors
recognise each other’s supervision.
• Multilateral recognition refers to a situation where several
supervisors (3 or more) recognise the supervision exercised by
the others.
Objective and purpose of supervisory recognition
25.1.26 The primary purpose of making an assessment for supervisory

recognition is to provide insurance supervisors with sufficient confidence
that the corresponding supervisory regimes have the necessary
regulatory and supervisory framework, as well as sufficient quality of
resource and expertise, to achieve supervisory outcomes at an
acceptable level in order for them to place reliance on one another if
required.
25.1.27 Effective supervisory recognition should assist in reducing redundancy of
work in cross-border supervision of insurance groups. The supervisory
recognition approach should be organised in a manner that minimises
unwarranted duplication of regulatory and supervisory requirements to
the extent possible, thereby reducing burdens on both supervisors and
insurance groups alike.
25.1.28 Supervisory recognition between jurisdictions may also assist in greater
consistency in the approaches taken by each jurisdiction, thus removing
the potential for gaps and misunderstandings between jurisdictions.
25.1.29 Supervisors looking to recognise another supervisory regime should
carry out an assessment of the acceptability of the counterpart’s regime
based on the specific level or objective of supervisory recognition sought.
Public
25.1.30 The form of supervisory recognition sought will vary according to the
outcomes that are expected and should therefore be aligned accordingly.
25.1.31 Types of recognition along with illustrations that may assist in their
consideration could include:
• An elementary form of supervisory recognition focused primarily
on fostering the exchange of information and thereby providing
the ability to rely sufficiently on the information being
exchanged. Examples may include memorandum of
understanding (MoU) or multilateral memorandum of
understanding (MMoU).
• Recognition of host supervisors by the home supervisor. For the
supervision of insurance legal entities, this degree of
supervisory recognition would identify the degree of reliance by
a home supervisor on the supervision of affiliates in another
jurisdiction. Successful supervisory recognition of host
supervisors may provide the home supervisor with sufficient
confidence in the supervision conducted at an insurance legal
entity level, reducing redundancy of processes and operations
by the involved jurisdictions and a lower burden on the
insurance group. This may include a wide range of qualitative
and quantitative requirements, such as suitability of persons, or
solvency assessments.
• Recognition of the home supervisor by host supervisors. For
group-wide supervision, this degree of supervisory recognition
would identify the ability of the host supervisor to rely on the
home supervisor at the insurance group level. For example, this
would enable the host supervisor to rely on the qualitative and
quantitative assessments made by the home supervisor at the
level of the insurance group. Effective supervisory recognition
here could assist the host supervisor in deciding whether the
level of capital held in the insurance legal entity is sufficient for
their local requirements.
• For supervision at the level of a financial conglomerate,
supervisory recognition would be expected to follow that of
group-wide supervision but extend even further to allow for the
recognition of cross-sector authorities that perform oversight on
non-insurance activities of the financial conglomerate in
question. Supervisory recognition in this form should assist
insurance supervisors in appreciating further cross-sectoral
issues and risks as well as gaining comfort from the abilities of
supervisors from the other financial sectors. In turn, when
mapping against the scope of group-wide supervision in its own
jurisdiction, an insurance supervisor may gain greater
awareness of the appropriateness of this scope.
25.1.32 It would also be possible for one jurisdiction to fully recognise another
supervisory regime. This could extend insofar that authorisation is
granted by which the insurer from another jurisdiction is able to operate
in the local jurisdiction with reduced local supervision. This does not
Public
remove the obligation on insurers to continue to meet local regulatory
requirements such as market conduct rules.
25.1.33 The above classifications of levels in which recognition may be applied
are by no means limited and other variations may be appropriate, subject
to the individual needs of the jurisdictions seeking to identify and apply
supervisory recognition.
Criteria for supervisory recognition
25.1.34 The assessment of another supervisory regime should seek to establish

the acceptability of that regime by an analysis of the outcomes it achieves
and not necessarily by an analysis of the process by which it achieves
them.
25.1.35 The expected outcomes will vary according to the level of supervisory
recognition sought and should therefore be aligned accordingly.
25.1.36 Assessment should not only cover the regulatory and/or supervisory
framework but also cover supervisory practice.
25.1.37 The other supervisory regime should be able to demonstrate appropriate
adherence to the relevant IAIS ICPs and standards. Supervisors should
also take into consideration adherence with, and relevance of, other legal
statutes.
25.1.38 While the precise form of a supervisory recognition assessment is a
matter of individual jurisdictional discretion, supervisors should take into
account the criteria described in the following paragraphs.
Criteria for supervisory recognition - pre-requisites
25.1.39 The supervisor should assess certain pre-requisites that might be

considered mandatory requirements to be met before continuing with
further assessment of other criteria.
25.1.40 Pre-requisite conditions include the other supervisory regime’s legal
framework and the application of supervisory powers and resources.
25.1.41 The supervisor may look to verify that the other supervisory regime has:
• a sound legal basis and transparent legal regime that clearly
specifies appropriate supervisory responsibilities and powers,
including enforcement powers;
• appropriate protection for the supervisor against liability arising
from actions within its mandate;
• freedom from any undue political, governmental and industry
interference in the performance of supervisory responsibilities;
• adequate number and quality of resources; and
• the ability to perform suitability assessments at insurance legal
entity and insurance group (on both a national and cross-border)
level.
Public
25.1.42 Upon satisfactory review of the pre-requisites, further assessment of
additional elements may need to be considered depending upon the
outcomes sought. These could include:
• Licensing requirements
• Regulatory requirements
• Intervention and enforcement powers of supervisor
• Winding-up requirements
• Supervisory cooperation and exchange of information
requirements.
Criteria for supervisory recognition - licensing requirements
25.1.43 The other supervisory regime should be able to demonstrate:

• the necessary regulatory requirements to ensure the insurer
meets basic standards, both prior to licensing and on a
continuous basis including the ability to supervise the suitability
of persons, adequacy of internal control and risk management
systems as well as the robustness of accounting and audit
frameworks; and
• sufficient powers over licensing to either refuse or withdraw the
licence on appropriate grounds (including as result of
shareholder requirements or when close links may impede
supervision).
Criteria for supervisory recognition - regulatory requirements
25.1.44 The other supervisory regime has the ability:

• to sufficiently identify the adequacy of capital and put in place
requirements on investments; and
• to verify the state of solvency of the insurer, the effectiveness
and properness of administrative and accounting procedures
and the appropriateness of the internal controls including risk
management and governance.
Criteria for supervisory recognition - intervention and enforcement powers of

supervisor
25.1.45 The other supervisory regime has sufficient powers to pursue

enforcement, if necessary, and:
• is able to ensure the adherence with laws, regulations and
administrative provisions through enforcement action if
required;
• in the event of non-compliance with legal provisions can impose
measures to prevent further infringements from occurring; and
• is able to cooperate with other relevant authorities when taking
enforcement actions.
Public
Criteria for supervisory recognition - winding-up requirements
25.1.46 For insurers that are experiencing difficulties, the other supervisory
regime is able to take appropriate measures, including imposing
requirements that will lead to an orderly winding-up to protect
policyholders in an appropriate manner. These measures may include:
• prohibition of the disposal of assets
• implementation of a recovery plan
• withdrawal of authorisation
• imposition of actions directly on individual directors, managers
or controllers.
Criteria for supervisory recognition - supervisory cooperation and exchange of

information requirements
25.1.47 The other supervisor should have the ability to enter into confidentiality
and information sharing agreements and observe the appropriate
treatment of confidential information; and identify the terms of any existing
memorandum of understanding (MoU) or multilateral memorandum of
understanding (MMoU).
25.1.48 The other supervisor should be able to ensure secure communication
channels exist and jurisdictional confidentiality rules are respected.
25.1.49 The other supervisor should be able to demonstrate that it is able to
obtain a sufficient degree of information in a timely fashion from its
insurers in order to exercise effective supervision. This may be at both
the insurance legal entity and insurance group (cross-border) level.
Process for establishing supervisory recognition - basis for undertaking assessment
25.1.50 The first stage of establishing supervisory recognition involves

confirmation of the underlying rationale for the assessment and the form
and purpose of supervisory recognition. In particular the supervisor
undertaking the assessment needs to be identified as does the
supervisory regime being assessed. If recognition is only being
considered for part of a supervisory regime, the part being assessed
needs to be confirmed and documented.
25.1.51 The reason or reasons for undertaking the assessment should be agreed
between the parties concerned and documented.
Process for establishing supervisory recognition - identification of existing

agreements
25.1.52 Before undertaking the assessment, any existing agreements which may
influence the outcome of the assessment should be identified. These may
include an existing bilateral MoU between the jurisdiction being assessed
and the assessor and whether either party is a signatory to a relevant
MMoU.
Public
25.1.53 The existence of any other formal or informal unilateral agreements to
exchange information should be identified together with any special
conditions that may be attached to such an agreement.
25.1.54 The existence of any supervisory recognition agreements in place
between the jurisdiction being assessed and any other jurisdictions
should be noted.
Process for establishing supervisory recognition - other information
25.1.55 Any other relevant background information should be obtained, for

example whether the jurisdiction has been subject to an IMF FSAP or
other assessment, including a self-assessment. If there has been an IMF
FSAP, details of the assessment report should be obtained and analysed.
25.1.56 Other background information could include the existence of recognition
agreements with other jurisdictions, such as for part or all of the
supervisory regimes of the European Union.
Process for establishing supervisory recognition - obtaining information
25.1.57 Prior to undertaking the assessment, information regarding the regulatory

and supervisory frameworks should be obtained regarding the
supervisory regime being assessed. This can be obtained directly from
the other supervisor or through other sources.
25.1.58 Information can also be obtained through carrying out visits to the other
supervisor’s jurisdiction and talking to the supervisory authorities and
other relevant parties.
25.1.59 Consideration should be given to any need to verify the information
obtained.
Process for establishing supervisory recognition - carrying out the assessment
25.1.60 The next stage of assessing the supervisory regime is to consider the
relevant assessment criteria by specifying the specific areas to be
assessed. Once the areas are confirmed, the assessment can be carried
out against the criteria and fully documented.
25.1.61 Consideration ought to be given to a quality check on the assessment,
ideally by persons who are independent from the assessors who carried
out the initial assessment.
25.1.62 Once the assessment is complete a decision has to be made as to
whether or not to recognise the supervisory regime in the jurisdiction
being assessed. The decision should ideally be based on a pre-
determined set of rules, such as meeting the required criteria in all cases
or a certain percentage of cases. It may also be acceptable for some of
the criteria to be partially satisfied.
25.1.63 It may be necessary to apply subjective judgment in determining whether
or not a jurisdiction should be recognised, particularly if some criteria are
deemed to carry more weight than others.
Public
Process for establishing supervisory recognition - due process and communicating
the decision
25.1.64 Feedback should be provided to the supervisory regime being assessed

during the assessment process and an opportunity should be provided
for the supervisor to provide additional clarification. Supervisors should
resolve any differences between them in an efficient way.
25.1.65 When the assessment has been finalised, the decision as to whether the
supervisory regime should be recognised should be communicated. If
recognition is not possible, the areas where the criteria were not met
should be communicated. In the case of an adverse decision the
jurisdiction being assessed should be given the opportunity to explain
how it may meet the criteria in future. A process for reassessment could
then be established.
Process for establishing supervisory recognition - format of recognition agreements
25.1.66 A formal agreement is not a pre-requisite to any form of supervisory

recognition, but written agreements have a number of benefits, including
clarification of terms and obligations and facilitating cooperation between
jurisdictions. If a written agreement is entered into, the following points
may be considered.
25.1.67 The agreement should set out the commencement date and specify the
roles and responsibilities of the respective parties. If the agreement is for
a finite term, the end date of the recognition agreement should be
specified together with details of the process for renewal which may
involve reassessment.
25.1.68 The agreement should contain a confidentiality agreement between the
respective parties together with requirements for the provision of
information.
25.1.69 The agreement should include provisions for the respective parties to
regularly exchange information in respect of changes to their regulatory
regime.
25.1.70 The agreement may include details of the process for resolving disputes,
for example in the case of a refusal to respond to a valid request for
information.
25.1.71 The parties should consider whether and to what extent details of any
agreement in respect of supervisory recognition ought be publicised.
25.2 Coordination agreements include establishing effective procedures for:
• information flows between involved supervisors;
• communication with the head of the group;
• convening periodic meetings of involved supervisors; and
• conduct of a comprehensive assessment of the group.
25.3 Supervisors cooperate and coordinate in the supervision of an insurance legal
entity with a branch in another jurisdiction in accordance with their authorities
and powers.
Public
25.4 Supervisors cooperate and coordinate in the supervision of insurance groups
and insurance legal entities that are parts of insurance groups in accordance
with their authorities and powers.
25.5 Supervisors establish a process to identify a Group-wide supervisor for all
cross-border insurance groups.
Identification of a group-wide supervisor
25.5.1 A group-wide supervisor would ultimately be responsible for ensuring

effective and efficient group-wide supervision. The group-wide supervisor
should coordinate and disseminate essential information needed for
reviewing and evaluating risks and assessing solvency on a group-wide
basis. If a group-wide supervisor is to achieve this, there needs to be
open and constructive relationships among the involved supervisors.
Therefore, there needs to be coordination of, and collaboration by,
supervisors to avoid unnecessary duplication.
25.5.2 Experience has shown that it is generally clear who should take the role
of group-wide supervisor for a particular group. However, depending on
the structure of a particular group, the case may arise where several
supervisors fulfil the conditions to be considered as a group-wide
supervisor. In such cases it is necessary to have a clear and transparent
process for identifying and agreeing an appropriate group-wide
supervisor.
25.5.3 In some jurisdictions, the legal or regulatory system may include
provisions which allow or require the designation of a group-wide
supervisor. However, this formal designation may not be recognised in all
jurisdictions in which a particular group operates. The absence of a formal
mechanism should not limit the extension of the group-wide supervisor to
those other jurisdictions, on a de facto basis, given the agreement and
cooperation of the involved supervisors.
25.5.4 In principle the home supervisor of the head of the group should be first
considered to take the role of the group-wide supervisor.
Other factors to consider in determining the group-wide supervisor would
include, but are not limited to:
• the location of the group's head office, given that this is where
the group's Board and Senior Management is most likely to
meet, and ready access of the group-wide supervisor to the
group’s Board and Senior Management is an important factor;
and
• where the registered head office is not the operational head of
the group, the location where:
− the main business activities of the group are undertaken;
and/or
− the main business decisions are taken; and/or
− the main risks are underwritten; and/or
− the group has its largest balance sheet total.
Public
25.5.5 Ultimately the involved supervisors would be expected to determine the
need for a group-wide supervisor and agree the supervisor to take that
role. The emphasis should be on a joint decision between all involved
supervisors to reach an acceptable outcome.
25.5.6 However, regardless of the approach in the jurisdiction of the group-wide
supervisor, this formal designation may not be recognised in all
jurisdictions in which a particular group operates and reliance is placed
on non legislative means - through agreements and/or other coordination
activity among the involved supervisors.
25.5.7 At present, it is not generally possible to consider or establish
international legislation which grants legal power and authority to a group-
wide supervisor across jurisdictional borders. It is important, therefore,
that there are clear agreements (formal or otherwise) between all involved
supervisors in order to allow the group-wide supervisor to fulfil its tasks
and to ensure support from involved supervisors.
25.6 The designated group-wide supervisor takes responsibility for initiating
discussions on suitable coordination arrangements, including establishing a
supervisory college, and acts as the key coordinator or chairman of the
supervisory college, where it is established. Other involved supervisors
participate with the Group-wide supervisor in coordination discussions and in
the supervisory college.
25.6.1 The tasks of the group-wide supervisor would be expected to include the
assessment of:
• group structure and interrelationships, including ownership and
management structure;
• capital adequacy at group level including approval of the use of
a group-wide internal model for group-wide regulatory capital
purposes (where applicable);
• reinsurance and other forms of risk transfer from the group and
risk concentration;
• the group’s own risk and solvency assessment;
• intra-group transactions and exposures, including intra-group
guarantees and possible legal liabilities and any other capital or
risk transfer instruments; and
• internal control mechanisms and risk management processes,
including reporting lines and fit-and-proper assessment of the
Board, Senior Management as well as the propriety of
significant owners.
Interrelationship between group-wide supervisor and supervisory college
25.6.2 The operational effectiveness of a group-wide supervisor may be

enhanced considerably through the establishment of a supervisory
college as a mechanism for enhancing cooperation and information
exchange among involved supervisors. Also, effectiveness and efficiency
of the supervisory college may be improved further through awareness
Public
and understanding of the quality of relationship possible between the
group-wide supervisor and other members.
25.6.3 The group-wide supervisor is expected to take an important role in a
number of areas in the operation of a supervisory college. These can be
summarised as follows:
• initiating the establishment of a supervisory college;
• clarifying the membership/participation of involved supervisors
in the supervisory college, including considering the
establishment of subgroup colleges to enhance the overall
effectiveness of the college;
• clarifying the functions of the supervisory college and the role of
involved supervisors, including of the group-wide supervisor,
which may be formalised in a terms of reference;
• coordinating the ongoing activities of the supervisory college,
including planning meetings, supervisory activities, processes of
information exchange; and
• establishing a crisis management plan.
25.6.4 In all of these areas, while the group-wide supervisor would be expected
to take the initiative as the coordinator or chair of the supervisory college,
the group-wide supervisor should necessarily work in collaboration with
involved supervisors and seek, to the extent possible, agreement among
involved supervisors. In this respect, establishing early agreement and
clarity of understanding on the operational aspects of the college will
contribute to establishing good relationships among the involved
supervisors from the commencement.
25.6.5 An important role of the group-wide supervisor will be the continued
management of these relationships with and among supervisory college
members. The group-wide supervisor should be mindful of the
expectations of involved supervisors from the supervisory college and
their expectations of the role of the group-wide supervisor. Awareness of
these expectations could play a pivotal role, especially in times of a crisis.
This awareness should also include legal and internationally relevant
facts and relationships, which may be critical to the supervisory actions
taken in particular circumstances including crisis.
25.6.6 An efficient and harmonious relationship may only be possible when a
mutual respect and trust is established and observed among involved
supervisors. The group-wide supervisor should regularly consider
opportunities to improve relationships and to reinforce mutual trust.
25.6.7 Access to relevant information for involved supervisors will be one
important measure of the effectiveness of the supervisory college. While
the group-wide supervisor will have a clear role in the gathering of
relevant information, an equally important consideration will be the
appropriate and timely dissemination of that information consistent with
applicable confidentiality requirements. Interim information that has been
received and may be of importance to the supervisory work of the other
involved supervisors should be made available to those supervisors. This
Public
will encourage mutual trust, sharing of information, and further
collaboration and cooperation among all involved supervisors.
25.6.8 While the management of internal relationships is important, the group-
wide supervisor should also play a role in establishing appropriate
contacts with other associated participants who may be of assistance to
the supervisory college, for example other sector participants in the case
of a financial conglomerate. When identifying such participants the group-
wide supervisor should take into consideration the impact and/or
influence that they may have on the existing relationship between college
members and should weigh these issues against the value of information
and wealth of experience these additional members may be able to
provide.
Coordination and chairmanship
25.6.9 There may be various circumstances in which the establishment of a

supervisory college is initiated, and depending on purpose and
membership, various ways in which the roles of involved supervisors –
including chairmanship – are determined. In general, the group-wide
supervisor, where designated, would be expected to take the
responsibility for initiating a supervisory college and to act as the key
coordinator or chairman of the supervisory college, to the extent
practicable.
25.6.10 A supervisory college is expected to meet on a regular basis appropriate
to the nature, scale and complexity of the group. In the case of a group
which is relevant to overall financial stability, the supervisory college
should meet at least annually to be most effective. The chairman should
ensure the prerequisites for the effective operation of a supervisory
college exist, such as coordinating meeting schedules, confidentiality
agreements, etc.
25.6.11 The chairman should propose the agenda for supervisory college
meetings, but should incorporate the views and opinions of other
members. The agenda may be set to discuss specific issues or wide
ranging issues depending on what is happening globally and/or in respect
of a particular group.
25.6.12 Supervisory college meetings should be planned with clarity of the
outcomes that are being sought and, based on this, should clearly record
the outcomes that are achieved, including :
• action points arising from any meeting(s);
• the individual(s) to whom a task has been assigned; and
• the deadline when an action should be complete.
It will be the responsibility of the supervisory college to track individual
items to make sure that the necessary action has been carried out.
25.7 There is appropriate flexibility in the establishment of a supervisory college –
both when to establish and the form of its establishment – and other
coordination mechanisms to reflect their particular role and functions.
Whether and when to establish a supervisory college

Public
25.7.1 Supervisory colleges, where established, can be structured in different
ways. They should, however, be operated in such a way that allows
members of the college to fully understand the major risks to which the
group is subject.
25.7.2 There is a high level of divergence in the insurance industry regarding the
nature of organisations, the nature of regulation and supervision, and the
development of markets and supervisory regimes in different
jurisdictions. While enhanced convergence of supervisory practice is
expected over time, there is currently a need for flexibility in the
considerations of both whether, and when, to establish a supervisory
college.
25.7.3 As a general premise, the establishment of a supervisory college should
be considered where it is necessary to improve the effectiveness and
efficiency of supervision – for example, when significant cross-border
activities and/or intra-group transactions are conducted; where effective
group-wide supervision is essential to the protection of policyholders;
and/or where effective group-wide supervision is essential to the financial
stability of the financial market as a whole.
25.7.4 Consideration should be given to the circumstances and/or other factors
that could be considered in determining whether and when to establish a
supervisory college. Also the principle of materiality and proportionality
should be applied in this determination. Further, a jurisdiction may
determine that there are particular circumstances or minimum criteria
which suggest that the establishment of a supervisory college should be
a requirement.
25.7.5 The factors which are relevant in this context include the following (it is
noted that these factors are also relevant to considerations on the form
and operational structure of a supervisory college):
• Relevance of the group to overall financial stability
− where effective group-wide supervision of a particular
insurance group is relevant to overall financial stability, the
establishment of a supervisory college is expected.
− the relevance of a group to overall financial stability would
be highly dependent on the nature, scale and complexity
of the cross-border activities and/or intra-group
transactions and associated risks of the group.
• The nature and complexity of the business undertaken by the
group
− where the cross-border activities of the group are highly
complex - through intra-group transactions, etc. - the
effectiveness of pure legal entity supervision can be limited
without appropriate cooperation and information exchange
with related supervisors. Therefore, the establishment of a
supervisory college is expected.
• Relevance of the group in a specific insurance market
Public
− where a particular group has significant market share in
one or more specific jurisdictions, the establishment of a
supervisory college may be expected.
• Similarity of supervisory practices (such as risk and capital
assessment, governance assessment and other key
supervisory practices) among the involved supervisors
− where the group operates mainly in jurisdictions with
similar supervisory frameworks and practices (e.g. the
EEA), the establishment of a supervisory college would be
more practicable, and therefore may be expected.
• The operational and management approach of the group:
− where the group functions - risk management, capital
management, corporate governance and internal controls
- are centralised, the establishment of a supervisory
college should be encouraged to facilitate dialogue
between the involved supervisors and management of the
group.
• Legal constraints limiting the effectiveness of supervisory
college in the involved jurisdictions
− Ensuring professional secrecy and confidentiality are vital
elements in allowing supervisors to share and exchange
relevant information. Where there are legal constraints to
information exchange, the effectiveness of a supervisory
college would be limited. In such a case, in considering the
establishment of a supervisory college, supervisors should
be encouraged to address any such legal constraints.
25.7.6 As a general point, where a supervisory college already exists in practice,
but may not be comprehensive in its coverage (e.g. a regional college),
that college may be adapted to meet the needs of the wider number of
involved supervisors to the extent practicable. Involved supervisors
should seek to avoid establishing duplicate supervisory colleges.
Form and operational structure of a supervisory college
25.7.7 The criteria discussed here are important considerations not only in
determining whether and when to establish a supervisory college, but
also where a college is established, in informing the definition of the form
and operational structure of that college, its membership and the focus of
its work.
Overall approach
25.7.8 The legal and regulatory frameworks that exist in jurisdictions where the
group operates may vary considerably. This will place limitations on how
each supervisor carries out its supervision of legal entities and the scope
of its authority. This in turn will have an impact on any work that a
supervisory college agrees to carry out. In particular, a supervisory
college will need to ensure that any work planned does not go beyond the
Public
authority of a supervisor or exceed the legal framework that exists in a
jurisdiction.
25.7.9 The resources and capabilities of each supervisor involved in a
supervisory college may vary considerably. As such the supervisory
college will need to ensure that the activities agreed to are appropriate
and realistic for all of the involved supervisors. This may require that:
• any tasks allocated are achievable for the supervisor carrying
out the work; and
• the supervisory college focuses on the areas of greatest risk.
25.7.10 Supervisory approaches may differ by jurisdiction, for example some
have adopted a principles-based approach to supervision while others
use a rules-based approach. These differences will need to be
considered and appropriately reflected in the form and operations of a
supervisory college.
25.7.11 As already stated, supervisory colleges would generally be expected to
be established on a permanent basis. However, there may be
circumstances where a supervisory college is established on an ad-hoc
basis in order to coordinate a particular issue with regard to the group in
question (e.g. crisis management).
Membership of, and participation in, a supervisory college
25.7.12 The membership of a supervisory college would be expected to comprise

representatives of each of the supervisors responsible for the day-to-day
supervision of the insurers which are part of the group. While participation
in a supervisory college is generally voluntary, broad involvement by the
supervisors of the more significant entities is critical to the effective
operation of that college. The terms, membership and participation should
be interpreted in the context of these sections and in terms of every day
usage. It is recognised that within the regulatory regimes of certain
jurisdictions the terms may be defined for particular purposes and so take
different meanings.
25.7.13 To facilitate effectiveness and efficiency, careful consideration should be
given as to how to approach the participation of members at meetings
and in other activities of the supervisory college. There is a need to
balance the desire for an inclusive membership approach with the need
to maintain manageable operational structures and to avoid the
supervisory college becoming unwieldy and unworkable.
25.7.14 The basis of participation should be agreed among involved supervisors
having due regard for the particular circumstances of the group. However,
pragmatic solutions should be found to facilitate the operational
functioning of the supervisory college in an effective and efficient manner.
25.7.15 In the case of a large group with entities operating in many jurisdictions,
the number of involved supervisors may make it impracticable to involve
all members in supervisory college meetings. A structured approach to
participation could be considered where for example, participation in the
supervisory college meeting is on the basis of regional representatives,
where that representative is responsible for communication to and from
Public
other regional supervisors. Another option may be to adopt a multiple tier
structure of supervisory colleges, with subgroups of members identified
and meetings organised to facilitate discussions at the subgroup levels
(refer to below section on supervisory colleges at subgroup level).
25.7.16 Where participation in supervisory college meetings is limited, it is vital
that other mechanisms, such as a secure members-only website be
adopted to ensure the flow of information to and from all involved
supervisors.
25.7.17 Further, clear criteria should be established for defining the basis of
participation. Issues which should be considered in establishing these
criteria include:
• the relative size and/or materiality of the entities relative to the
group as a whole
• the relative size or materiality of the entity relative to its local
market
• the level of risk in a particular entity
• the role of the supervisory college and its relevance to the
particular entity.
25.7.18 Regardless of the approach to participation in a supervisory college, each
involved supervisor is expected to make every reasonable effort to
cooperate and coordinate in a spirit of mutual trust to ensure the
protection of confidential information shared and to avoid unwarranted
supervisory duplication and unnecessary supervisory burden for both the
insurers and supervisors involved.
25.7.19 The membership and participation approach of a supervisory college
should be reviewed on a regular basis, to reflect changing circumstances
in the group and the effectiveness of the operational structures.
Supervisory colleges at subgroup level
25.7.20 Within a group, it is recognised that subgroups may be, or are required to
be, identified to reflect various structural, operational or supervisory
objectives. Such subgroups may exist within a jurisdiction or on a cross-
border basis.
25.7.21 There may be circumstances where it is appropriate to establish a
supervisory college at the level of such a subgroup (for example on a
regional basis or sectoral basis, as in the case of an insurance group
within a financial conglomerate). In the case of large groups, with many
involved supervisors, such an approach may bring benefits in facilitating
the involvement of all supervisors at an appropriate level.
25.7.22 When it is considered necessary to establish colleges at a subgroup level,
supervisors should carefully consider the appropriate form and
operational structure of the subgroup college, having regard to the
circumstances of the group and supervisory structure, to facilitate its
effective operation. In particular, supervisors may consider the following
practical aspects of implementation:
Public
• whether the subgroup college is established on a temporary or
a permanent basis
• the interrelationships between the various supervisory colleges
for a group, as well as the interrelationship with a designated
group-wide supervisor
• mechanisms to facilitate effective and efficient information
sharing and coordination between the various colleges
• ensuring the best dialogue with the industry without
unnecessarily duplicating regulatory intervention (e.g. a
dialogue at subgroup level).
25.7.23 Further, in these considerations supervisors should be aware of
establishing mechanisms or processes to avoid the potential
inefficiencies that may arise in a structure of subgroup colleges, such as:
• not providing material information at the subgroup level
• insufficient coordinated action/interventions at the subgroup
level
• potential conflicts of interest between the subgroup and whole
group
• duplication of supervision, by adding another layer.
25.7.24 Where supervisory colleges at subgroup level are implemented, regular
assessment of their effectiveness and, in particular, the effectiveness of
coordination between the various supervisory colleges for the group
should be conducted.
Terms of reference of a supervisory college
25.7.25 When a supervisory college is first established, the involved supervisors

may seek to underpin its establishment with a formal document - terms
of reference - which sets out the agreed terms of operation of the
supervisory college. While recognising the need to allow for flexibility in
the operation of a supervisory college, the terms of reference could
generally cover the following matters (this is not an exhaustive list):
• The membership of the supervisory college – including the
approach to participation of members in the college.
• The process for appointing a supervisor for chairing the college.
(This would typically but not necessarily be the group-wide
supervisor, where designated.)
• Roles and functions of the supervisory college and of the
members of the supervisory college, including expectations of
the chair/designated group-wide supervisor.
• Frequency and locations of meetings – The supervisory college
should agree locations that are likely to ensure the participation
of as many of the members as possible. Where it is not feasible
for supervisors to be present at a meeting, best endeavours
should be made with the arrangements, so that where possible,
Public
people can participate by other means – for example, by a
conference call or electronic means.
• Scope of the activities of the supervisory college – It is likely that
the supervisory college will focus on the following issues at a
group level:
− the solvency and financial stability of the insurance group;
− the assessment of intra-group transactions and
exposures;
− internal control and risk management within the insurance
group; and
− appropriate actions to mitigate risks identified.
To be most effective in considering these issues, the supervisory college
may develop a shared view of risk, including:
• the regular information collected by the supervisory college and
any notifications that should be made to it (from both supervisors
and the group). The supervisory college should agree the
frequency at which information is provided. This should be
coordinated in a way so as to avoid duplicative requests and to
reduce the burden on a group. The supervisory college should
have an overview of an insurance group’s strategic plans;
• procedures for dealing with emergencies (including breaches of
solvency positions or the crystallising of risk); and
• procedures for facilitating crisis management.
25.8 The designated group-wide supervisor establishes the key tasks of the
supervisory college and other coordination mechanisms. Other involved
supervisors undertake the functions of the Supervisory college as agreed.
25.8.1 A supervisory college is generally established for the fundamental
purpose of facilitating the effectiveness of supervision of entities which
belong to a group; both facilitating supervision of the group as a whole on
a group-wide basis and improving the supervision of the legal entities
within the group. A supervisory college serves this purpose by providing
a permanent forum for cooperation and communication between the
involved supervisors. Through the sharing of information and discussion
of supervisory issues, involved supervisors gain an improved mutual
understanding of supervisory practices, which may contribute to
enhanced convergence of supervisory practice on a global basis.
25.8.2 The form, membership and operations of a particular supervisory college
can be expected to vary according to the circumstances of the group and
of the jurisdictions in which it operates. Appropriate flexibility in the
establishment of a supervisory college, and the determination of its
functions and operational structure, to reflect its particular circumstances
is therefore important. A supervisory college should be organised in
accordance with the nature, scale and complexity of the group; its form
should be commensurate with the legal and organisational structure,
business activities of the group and the risks the group poses to
supervisory objectives.
Public
25.8.3 Although a supervisory college has no legal or binding authority as a
decision making body, in establishing the role and functions of a
supervisory college, consideration should be given to the facilitation of
coordinated supervisory activities. To the extent agreed among involved
supervisors, and to the extent possible given any legal constraints in
particular jurisdictions, this could include the delegation of tasks (but not
legal responsibilities) and, where necessary, consistent and coordinated
supervisory interventions. Ultimately any supervisory activity (including
delegation of tasks) and coordinated supervisory interventions
undertaken by a supervisory college will rely on cooperation among
involved supervisors and does not override the various individual
jurisdictions’ legal responsibilities or existing supervisory relationships.
To facilitate group supervision
25.8.4 A supervisory college contributes to the coordinated supervision of the

group and facilitates discussion and action on a collaborative approach
to supervising a group, subject to any restrictions or requirements under
each jurisdiction’s legal framework.
25.8.5 A supervisory college supports the role of a group-wide supervisor, where
designated, and assists the group-wide supervisor in undertaking its
functions. A supervisory college facilitates information collection and
analysis at the group level, including compiling and analysing information
available on risk exposures, financial soundness and governance of
group entities. With access to such aggregated information, a supervisory
college may also enhance supervisory assessment of systemic risks.
To improve legal entity supervision
25.8.6 Through information collection and sharing, analysis and discussion, a

supervisory college facilitates the transfer of knowledge and expertise
among involved supervisors, and hence can contribute to improved
supervision of the individual entities within the group. For example,
effective cooperation may provide additional knowledge of the intra-group
risks affecting an entity as a result of being a member of the group and
may precipitate pre-emptive supervisory activities at the legal entity level.
As a permanent forum for cooperation
25.8.7 Where a supervisory college is established, to be most effective it should

generally be established as a permanent, integral part of the group-wide
supervision process. A supervisory college would generally be an
ongoing mechanism, contributing to the ongoing protection of
policyholders’ interests. As such, an effectively operating supervisory
college should contribute to the prevention of financial loss or crisis (as
well as being an important mechanism to foster better crisis management
in the circumstances of financial crisis).
25.8.8 A supervisory college provides a formal and effective permanent forum
for supervisors to build relationships and engender greater cohesiveness
in cooperating with each other and coordinating supervisory activities in
Public
relation to the group and the entities within the group both on a going-
concern basis and in situations of crisis management.
To facilitate improved understanding of supervisory practices and effectiveness of

supervision
25.8.9 There may be significant variances in supervisory practices across

jurisdictions, caused by the diversity of market environments and the
specific features of a market which are better understood by the local
supervisor. As supervisors work together through a supervisory college,
they gain a greater understanding of the nature of the group and its risks.
A supervisory college facilitates the transfer of knowledge and expertise
to other supervisors allowing involved supervisors to become aware of
different supervisory tools and approaches.
25.8.10 An important consequence of improving the understanding of supervisory
practices among involved supervisors is the potential for enhanced
supervisory convergence on a global basis. Also more effective and
efficient group-wide supervision should result, with enhanced
policyholder protection and a possible consequence of minimising
regulatory burden on the industry.
The range of functions of a supervisory college
25.8.11 There is a range of functions which a supervisory college may undertake,

depending on its role and the reasons for its establishment. The
circumstances of the particular group and the legal and supervisory
structures in the involved jurisdictions can also influence the range of
functions of a supervisory college.
25.8.12 Ultimately, the involved supervisors should establish among themselves
the appropriate functions of the supervisory college given its role, and the
allocation of those functions among the involved supervisors. Where
there is a designated group-wide supervisor for the group, that group-
wide supervisor would be expected to play an integral and transparent
role in the establishment and ongoing operation of the supervisory
college, including taking the initiative in establishing and coordinating the
functions of the supervisory college, in consensus with other involved
supervisors.
25.8.13 The roles and functions of the supervisory college and the respective
roles of the involved supervisors should be agreed and clearly defined to
avoid unnecessary duplication of supervisory tasks and to ensure no
gaps exist in the supervision of the group. For example, at its
establishment the functions of a supervisory college may be set out in its
terms of reference and the ongoing operations and activities of the
supervisory college detailed in a supervisory plan. Where agreed among
involved supervisors, delegation of supervisory tasks can be an
appropriate means to increase efficiency of the work of a supervisory
college.
25.8.14 In establishing the functions of a supervisory college, some of the key
activities which should be considered include:
• information sharing;
Public
• assessment of risk exposures, financial soundness and capital
adequacy and group governance, including risk management,
internal control and intra-group relationships;
• coordinated supervisory activities (for example, joint
inspections);
• specialisation, special focus teams;
• liaison with insurer management; and
• regular assessment of effectiveness.
25.8.15 The key functions of supervisory colleges and other coordination
mechanisms include an assessment, on a group-wide basis, of major risk
exposures (including large external exposures). This includes, for
example, supervisory review of the group’s own risk and solvency
assessment, transparency of the group structure and suitability of Senior
Management and the Board. The supervisory review may also cover
capital adequacy including approval of the use of a group-wide internal
model for group-wide regulatory capital purposes (where applicable),
large intra-group transactions and exposures, governance including risk
management and internal controls, group crisis management
arrangements and review of the effectiveness of these functions.
Information sharing
25.8.16 A main function of a supervisory college will be to facilitate enhanced

supervision of the group and the legal entities within the group by
providing greater access for involved supervisors to information and
knowledge about the group and the environment in which it operates.
Adequate information sharing arrangements are intended to provide
supervisors with a vehicle to achieving a comprehensive understanding
of the group and its risks while also protecting confidential information so
that the group can be appropriately supervised.
25.8.17 The effective operation of a supervisory college is based on mutual trust
and confidence among the involved supervisors. This is particularly the
case in terms of sharing and exchanging information. As information is
shared and exchanged in a secure and controlled environment, it both
requires and encourages mutual trust. The supervisory college facilitates
this relationship ultimately leading to greater cooperation.
25.8.18 The ability of each supervisor to share information should be determined
to ensure that information remains confidential. The need to establish
information sharing agreements should be considered to ensure
confidentiality and define the parameters in which the information can be
used. Supervisors are encouraged to initiate dialogue among themselves
in order to identify ways in which they can foster an environment of
cooperation and trust. Establishment of MoUs among involved
supervisors could enhance the effectiveness of the supervisory college.
Jurisdictions that are part of the IAIS MMoU will have had their legislative
regimes assessed to ensure strict confidentiality requirements are met as
a precondition for effective cooperation and coordination of joint
supervisory activity.
Public
Assessment of risks exposures, financial soundness and group governance
25.8.19 The range of functions of a group-wide supervisor could include

consideration of the following issues on a group-wide basis: risk analysis
and capital adequacy assessment (including review of the group’s own
risk and solvency assessment and the sufficiency and adequacy of
allocation of capital across the group), fit and proper requirements and
corporate governance and internal controls. As a mechanism for cooperation
and coordination among involved supervisors and a forum for information
exchange, an effective supervisory college may allow involved
supervisors to gain an enhanced understanding of the group, its inherent
risks, financial position and its business activities.
25.8.20 It is important for the involved supervisors to have a group-wide
understanding of how management decisions are taken and how ERM
frameworks and internal models are established and operated to
complement their legal entity supervision of the entities within the group.
The supervisory college provides a forum for involved supervisors to
focus on risk assessment and capital management from a group-wide
perspective.
25.8.21 A group-wide review and assessment of risks to which the group and its
entities are or might be exposed can ensure a prospective focus of
supervision and foster early warning of major risks to the extent possible.
It can facilitate consideration of the impact of a group on the insurance
industry, on other sectors of an economy, and any systemic risks which
a group may present.
Coordinated supervisory activities
25.8.22 Through a supervisory college, joint activities among involved

supervisors may be organised and coordinated where appropriate and as
agreed on a voluntary basis between the involved supervisors, subject to
any legislative requirements/restrictions. An example of a joint
supervisory activity may be joint inspections of one or more group entities,
or joint inspection of a particular aspect of the group’s functions such as
internal audit, actuarial function or risk management processes. Through
joint activities, all involved supervisors can benefit from the shared
information and expertise, and use this to enhance the supervision of their
local insurer. The undertaking of joint activities should not be taken to
imply joint decision making or any delegation of an individual supervisor’s
responsibilities.
Specialisation, special focus teams
25.8.23 A supervisory college may facilitate the formation of special focus teams
to evaluate areas of particular concern or importance to the supervisors,
or to bring together the requisite expertise to examine a specialised
aspect of the group’s operations. As an example, a specialised focus
team may be established through the supervisory college to assess a
group’s internal model and to share that information with all involved
supervisors.
Public
Liaison with insurer management
25.8.24 The supervisory college provides involved supervisors an opportunity for

discussion of issues with management at the group level. The supervisory
college provides a forum for the supervisors and the insurer to engage in
face-to-face dialogue. The insurer is afforded the opportunity to provide
clarity with respect to its operations and its business strategies at a group-
wide level. For the supervisors, the opportunity to discuss issues with
management at the group level, and with a group-wide focus is valuable.
Regular assessment of effectiveness
25.8.25 Where a supervisory college is established, regular assessment of the

effectiveness of the supervisory college in achieving its agreed role and
functions should be conducted. Where a group-wide supervisor is
designated, it would be expected that the group-wide supervisor would
organise the assessment, ensuring input from all involved supervisors as
well as considering the benefit of seeking input from the supervised
insurers, to the extent appropriate.
Crisis management
25.8.26 Supervisory colleges can be an effective tool in reducing the likelihood of

crises and averting them. In fact, they are a tool for crisis prevention that
contributes to the safeguarding of overall financial stability. While, there
may be circumstances where a supervisory college is established purely
or exclusively as a vehicle for crisis management this would be expected
to be the exception. Nevertheless, a high level of cooperation between
supervisors is necessary for good crisis management which could be
facilitated by the establishment of a supervisory college.
25.8.27 Since a supervisory college is a forum to engender cooperation and
mutual trust among supervisors, an effectively operating supervisory
college would result in established relationships which would be
beneficial particularly in times of financial distress or a crisis. Regular
cooperation and communication can, in fact, facilitate efficient action in
times of crisis. Where a crisis situation arises, an existing supervisory
college could function, and should be well positioned, to contribute to the
management of that situation and to finding coordinated and agreed
solutions.
25.8.28 It is important to be flexible in the use of a supervisory college with
regards to crisis management. In fact the approach chosen needs to be
able to adapt to the particular and individual situation. Other mechanisms
of coordination might also be considered or needed.
25.8.29 To be effective in crisis management, it is essential for a supervisory
college to provide mechanisms to exchange and communicate important
information effectively and efficiently. The timely exchange of information
is crucial, while always preserving confidentiality requirements. This may
mean that, under very exceptional circumstances, highly sensitive
information is only exchanged on a “need to know” basis. In addition,
requirements to consult widely on supervisory actions which may be
Public
appropriate in normal times may need to be limited in crisis situations to
ensure necessary timely responses.
25.8.30 A supervisory college can also be used for the sharing of experiences
and lessons learnt about crisis management i.e. more from the
retrospective view. This way it can provide members with examples of
good practices of crisis management.
Infrastructure in case of emergency/crisis management
25.8.31 While it is not expected to be the ultimate focus of a supervisory college,

a crisis management plan should be discussed. In establishing the role
and functions of any supervisory college it is important to consider the
scenario of a crisis and the expected role of the college in that situation.
25.8.32 A supervisory college should consider, in advance, the due process of
cooperation and coordination during emergency situations in order to
benefit from well established information and cooperation channels and
procedures once the crisis occurs. The channels for communication with
the head of the group as well as other parts of the group should be clearly
established in case a crisis emerges. The group-wide supervisor, where
designated, should establish close liaison channels with group
management and the Board of Directors as well as the owners of the
group.
25.8.33 The supervisory college should have procedures in place which help
involved supervisors to provide and receive all necessary information in
a timely manner to facilitate well informed decisions within their own
jurisdictions. Furthermore, there should be mechanisms in place related
to the sharing of information on a voluntary basis.
25.8.34 The supervisory college may assist in performing and sharing crisis
assessments as well as contribute to the management of a crisis.
Therefore, comprehensive and up-to-date contact lists as well as realistic
simulation exercises should be developed to increase crisis-resilience.
25.8.35 The approach to a crisis situation should appropriately reflect the nature,
scale and complexity of the group and the particular crisis situation. It may
be the supervisory college, as a whole, which responds to a crisis or a
crisis management team. Alternatively, the supervisory college may
establish a subgroup whose focus would be on crisis management
aspects and, therefore, may be better capable to assess systemic risks.
25.8.36 The supervisory college should remain aware of the important role it will
play in supporting the group-wide supervisor, especially in times of
financial stress or crisis. Also the benefit of such a holistic approach is to
provide the supervisory college with solutions for the best overall result
for all jurisdictions and not just some. Members of the supervisory college
should proactively identify, where possible, any conflicts of interest that
may occur between their own jurisdictions and the relevant objectives of
the supervisory college, and agree upon processes within the college to
minimise any adverse and biased effect that may arise.
25.8.37 A supervisory college could also be a means for involved supervisors to
coordinate on the timing and content of information that could be
disclosed to/communicated with third parties (such as local
Public
supervisory/regulatory bodies, international organisations or the public
where appropriate) and the insurance group, both on an ongoing basis
and/or in a crisis situation and in particular, where systemic risks exist
taking into account confidentiality requirements. The supervisory college
should identify any potential areas where the interests of third parties, in
a crisis situation, may be in conflict with the relevant objectives of the
college. As an example, confidentiality rules which determine the ability
of individual authorities to communicate firm specific information may be
a conflict.
25.9 The designated group-wide supervisor understands the structure and
operations of the group. Other involved supervisors understand the structure
and operations of parts of the group at least to the extent of how operations in
their jurisdictions could be affected and how operations in their jurisdictions
may affect the group.
25.10 The designated group-wide supervisor takes the appropriate lead in carrying out
the responsibilities for group-wide supervision. A group-wide supervisor takes
into account the assessment made by the legal entity supervisors as far as
relevant.
Overall responsibilities of a group-wide supervisor
25.10.1 The group-wide supervisor, where designated, should be responsible for

coordinating the input of legal entity supervisors in undertaking the
supervision of a group on a group-wide basis, as a supplement to the
legal entity supervision. However, all involved supervisors should
recognise that group-wide supervision, and the designation of a group-
wide supervisor, should not lessen the importance of legal entity
supervision or replace the role of legal entity supervision in respect of the
insurance entities in its own jurisdiction.
25.10.2 The group-wide supervisor should be responsible for producing an overall
assessment of the risk and solvency of the group on a group-wide basis,
taking into account the input of legal entity supervisors.
25.10.3 Group-wide supervision relies on substantial exchange of information.
The exchange of detailed relevant supervisory information/data between
the group-wide supervisor and the legal entity supervisors involved may
be facilitated by the establishment of formal agreements (MoU/ IAIS
MMoU) which should, necessarily, comprise compliance with a strict
confidentiality regime. In establishing such agreements, involved
supervisors should acknowledge that each supervisor may only provide
information under the agreement to the extent permitted or not otherwise
prevented under their respective jurisdictional laws, regulations and
requirements.
The range of functions of a group-wide supervisor
25.10.4 There is a wide variety of roles and functions which a group-wide

supervisor could take in meeting its overall responsibilities to coordinate
and streamline group-wide supervision, depending on the circumstances
of the group and the legal and supervisory structures in the involved
jurisdictions.
Public
25.10.5 Ultimately, the involved supervisors should establish among themselves
the role and responsibilities of the designated group-wide supervisor and
of the other involved supervisors at group level. The respective roles and
responsibilities should be clearly defined to avoid unnecessary
duplication of supervisory tasks.
25.10.6 The designated group-wide supervisor is expected to take the initiative in
coordinating the roles of, and facilitating communication between, the
involved supervisors. The group-wide supervisor should establish a
supervisory plan in agreement with the involved supervisors. In carrying
out its agreed functions, the group-wide supervisor should ensure that it
acts in consensus with other involved supervisors.
25.10.7 In establishing the responsibilities of a particular group-wide supervisor,
the key functions of a group-wide supervisor which should be considered
include:
• Suitability of persons issues;
• Corporate governance;
• Internal control;
• Group-wide risk analysis;
• Capital adequacy on a group-wide basis; and
• Information sharing and key contact point function.
Suitability of persons issues
25.10.8 The group-wide supervisor assesses the propriety of significant owners

at the group level.
25.10.9 The group-wide supervisor assesses the fitness and suitability of persons
with managing or key control functions on group level. In doing this, the
group-wide supervisor relies as much as possible on the suitability
assessment carried out by the legal entity supervisors involved.
Corporate governance
25.10.10 The group-wide supervisor assesses the overall standard and

compliance of corporate governance of the group. In cases where the
parent company is not itself a supervised entity (e.g. holding company),
the group-wide supervisor should assess the compliance with corporate
governance requirements at the head of the group.
Internal control
25.10.11 The group-wide supervisor monitors whether the group provides internal
control mechanisms, including sound reporting and accounting
procedures, to monitor and to manage the intra-group transactions and
the risk concentration.
25.10.12 In assessing the group’s risk and capital management, the group-wide
supervisor reviews the group’s own risks assessment as required by
Standard 16.16.
Public
25.10.13 The group-wide supervisor assesses whether an insurance group has
robust:
• risk management systems;
• internal control systems; and
• reporting processes
which are implemented and functioning consistently on a group-wide
basis.
This will also include an assessment of the controls a group has in place
around its proper and sound business practices with respect to the
complexity of financial products sold to retail customers.
25.10.14 The group-wide supervisor monitors whether the group provides internal
control mechanisms including adequate mechanisms with regard to
group-wide solvency:
• to identify and measure all material risks incurred on a group-
wide basis; and
• to appropriately allocate sufficient capital to risks.
25.10.15 The group-wide supervisor monitors whether policies on risk
management within the group are laid down by written procedures and
reviewed at least on an annual basis.
Group-wide risk analysis
25.10.16 The group-wide supervisor monitors the risk assessment, risk reporting
as well as risk management on a group-wide basis. For this purpose, the
group-wide supervisor should carry out a risk analysis of the group and
its operating environment. This supervisor should be attentive to any sign
for risk concentration and contagion. If the group has a centralised risk
management function, the group-wide supervisor should monitor its
proper functioning and implementation.
Capital adequacy on a group-wide basis
25.10.17 The group-wide supervisor takes the responsibility to assess and react
to, as necessary, the prudential situation and solvency on a group-wide
basis.
25.10.18 The group-wide supervisor assesses the sufficiency and adequacy of
allocation of capital on a group-wide basis in order to gain a balanced
view of the risk-based and financial situation of the group as a whole.
Further elaboration on this can be found under ICP 17 Capital Adequacy.
Information sharing and key contact point function
25.10.19 To operate most effectively, the group-wide supervisor should receive

from involved supervisors, on a timely basis, all information needed in
order to form a comprehensive view of the overall group business
strategy, financial situation, legal and regulatory position, and the risk
exposure on a group-wide basis, in the most efficient way.
Public
25.10.20 All involved supervisors have a responsibility to keep the group-wide
supervisor updated in relation to the significant changes in the group
structure and main operations.
25.10.21 In particular the involved supervisors should be encouraged to provide
the group-wide supervisor with relevant key information in relation to:
• the legal structure of the entities belonging to the insurance
group;
• any granting and withdrawal of licence for a company forming
part of the group;
• changes on the Board or Senior Management of any insurer
forming part of the group;
• changes in organisation or senior management;
• changes in risk management and internal control system;
• significant developments in the financial position of the
insurance group or entities belonging to the insurance group;
• location of significant business;
• significant investments in group entities;
• significant financial links;
• transfer of risks to/from non–regulated entities;
• events which may endanger the going concern of the insurance
group or major entities belonging to the insurance group;
• potential high risk factors for contagion; and
• operational risk including misselling claims and frauds.
25.10.22 The group-wide supervisor may at any time request further information
needed for the assessment on a group-wide basis.
25.10.23 An involved legal entity supervisor may require information in relation to
the group which proves necessary for a timely legal entity assessment of
the insurer, or part thereof, located in its jurisdiction. The group-wide
supervisor should make information available to the involved legal entity
supervisors:
• on a proactive basis;
• without delay; and
• in a full and detailed manner.
25.10.24 The group-wide supervisor has a key contact point function for all legal
entity supervisors involved. The key contact point function is of
importance both in situations of going concern and in emergency
situations.
Public
ICP 26 Cross-border Cooperation and Coordination on Crisis Management
The supervisor cooperates and coordinates with other relevant supervisors and
authorities such that a cross-border crisis involving a specific insurer can be
managed effectively.
26.0.1 The main objectives of supervisory crisis management are to protect

policyholders and to prevent serious domestic or international financial
instability which could have an adverse impact on the real economy.
Supervisory actions seek to ensure, as far as possible, that insurers
behave prudently; to promote private sector solutions such as portfolio
transfers and run-offs and to avoid the need for using public support to
protect policyholders and to safeguard financial stability; and to minimise
distortions to the efficient operation of the insurance sector as well as
across jurisdictions.
26.0.2 Effective cross-border crisis management requires international
cooperation between supervisors and other relevant authorities (e.g.
Ministries of Finance, central banks, other financial sector supervisors,
guarantee schemes, policyholder protection schemes) through
appropriate mechanisms for information exchange. Furthermore, it
ensures that preparations for and management of a cross-border crisis
including policy measures, crisis response decisions and matters of
external communication are coordinated, timely and consistent.
26.0.3 Supervisors employ existing cross-border frameworks of cooperation
(such as supervisory colleges or subgroups of them, bilateral MoUs or
the IAIS MMoU) to prepare for and manage a cross-border crisis of a
specific insurer. Where such channels do not exist, supervisors set up an
appropriate framework for cooperation in line with other ICPs.
Supervisors consider the application of this ICP in accordance with the
nature, scale and complexity of insurers.
Preparation for a cross-border crisis
26.1 The supervisor meets regularly with other relevant supervisors and authorities
to share and evaluate information relating to specific cross-border insurers and
to analyse and assess specific issues (including whether there are systemic
implications) in non-crisis periods.
26.1.1 These meetings may be held as part of a supervisory college (refer to ICP
25 Supervisory Cooperation and Coordination) or separately if no
supervisory college is held or in place.
26.1.2 Supervisors remain aware of potential contagion channels, conflicts of
interest and possible barriers to coordinated action in a crisis situation at
specific cross-border insurers (such as legally required transparency
rules in case of publicly listed companies or particular legislative
requirements across jurisdictions).
Public
26.1.3 The group-wide supervisor of the insurer will facilitate this process with
involvement from other relevant supervisors (refer to ICP 25 Supervisory
Cooperation and Coordination) and other relevant authorities.
26.2 The supervisor develops and maintains plans and tools for dealing with insurers
in crisis and seeks to remove practical barriers to efficient and internationally
coordinated resolutions.
26.2.1 These will be designed flexibly in order to be able to adapt them to the
specific issues of a cross-border crisis as well as individual insurers.
26.3 The group-wide supervisor coordinates crisis management preparations with
involvement from other relevant supervisors and ensures that all supervisors in
the relevant jurisdictions (at a minimum those where the insurer is of systemic
importance) are kept informed of the crisis management preparations.
26.4 As far as legal frameworks and confidentiality regimes allow, the supervisor
shares with other relevant supervisors, at a minimum, information on the
following:
• group structure (including legal, financial and operational intragroup
dependencies),
• interlinkages between the insurer and the financial system in each
jurisdiction where it operates,
• potential impediments to a coordinated solution.
26.5 The supervisory regime requires that insurers be capable of supplying, in a
timely fashion, the information required to manage a financial crisis.
26.6 The supervisory regime requires insurers to maintain contingency plans and
procedures based on their specific risk for use in a going- and gone-concern
situation.
Managing a cross-border crisis
26.7 The supervisor informs the group-wide supervisor as soon as it becomes aware
of an evolving crisis. The group-wide supervisor coordinates such that this
information and any other relevant information that it has become aware of on
its own is shared among other relevant supervisors and other relevant
authorities promptly.
26.8 Subject to legislative requirements and confidentiality regimes, the supervisor
shares information with relevant supervisors and authorities and in a way that
does not compromise the prospects of a successful resolution. The supervisor
shares information with other relevant authorities or networks as well, whenever
necessary, and subject to the same legislative and confidentiality requirements.
26.9 The group-wide supervisor analyses and assesses the crisis situation and its
implications as soon as practicable and supervisors try to reach a common
understanding of the situation.
26.9.1 This includes the identification of possible sources of systemic risk and
jurisdictional assessment of such implications.
26.9.2 The group-wide supervisor is responsible for coordinating the gathering
and the analysis of information as well as for coordinating supervisory
activities.
Public
26.10 The supervisor cooperates to find internationally coordinated, timely and
effective solutions.
26.10.1 Such cooperation takes account of the impact of the crisis on
policyholders, financial systems and real economies of all relevant
jurisdictions, drawing on information, arrangements and crisis
management plans developed beforehand.
26.11 If a fully coordinated supervisory solution is not possible, the supervisor
discusses jurisdictional measures with other relevant supervisors as soon as
possible.
26.11.1 The supervisor takes into account that other authorities (e.g. Ministries of
Finance) may take part in and be responsible for crisis management,
especially if the crisis is of a very severe nature and may require the use
of public funds.
26.12 In a crisis situation, the group-wide supervisor coordinates public
communication at each stage of the crisis.
26.12.1 The supervisor, where practicable, shares its plan for public
communication with other relevant supervisors from other affected
jurisdictions to ensure that communication is handled in a coordinated
and timely way.
26.12.2 Where appropriate, the supervisor considers when and to what extent to
communicate with the insurers.
Public

All Adopted ICPs (Updated November 2018)

Uploaded by

Copyright:

Available Formats

All Adopted ICPs (Updated November 2018)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

All Adopted ICPs (Updated November 2018)

Uploaded by

Copyright:

Available Formats

Public

INSURANCE CORE PRINCIPLES

UPDATED NOVEMBER 2018

About the IAIS

The International Association of Insurance Supervisors (IAIS) is a voluntary membership

This document is available on the IAIS website (www.iaisweb.org).

1 Insurance refers to the business of insurers and reinsurers, including captives.

- ICP statements – numbered and presented in a box with bold font

- Guidance material – linked to a particular ICP statement and/or standard.

Application of ICPs and standards to group-wide supervision

Implementation and assessment

Preconditions for effective insurance supervision

19. An effective system of insurance supervision needs a number of external elements, or

Review of preconditions for effective insurance supervision

4. In particular, with regard to the presence of sound and sustainable macroeconomic

15. Generally, an assessment should be conducted on a system-wide jurisdictional basis.

Conduct of independent assessments - assessment by experts

Conduct of independent assessments - access to information

1.3.1 While the precise objectives of supervision may vary by jurisdiction, it is

Agreements on the information exchange

3.1.8 Information exchange is particularly important for the operation of a

4.0.1 Licensing contributes to efficiency and stability in the insurance sector.

4.1 The insurance legislation:

4 Amended November 2015

Requirements on the supervisor

4.8 In deciding whether and if so on what basis, to license or continue to license a

5.2.1 Competence is demonstrated generally through the level of an

5 Amended November 2015

Suitability requirements for Significant Owners

5.2.5 At a minimum, the necessary qualities of a Significant Owner relate to:

6 Amended November 2018

6.1 Legislation addresses change of control of insurers, including:

6.3 A change of a mutual company to a stock company, or vice versa, is subject to

7.0.1 The corporate governance framework of an insurer:

7.0.3 The insurer should establish a transparent organisational structure which

7 Amended November 2015

Mutuals and co-operatives

7.0.6 Governance of insurers formed as mutuals or co-operatives is different

7.0.7 Insurance groups should ensure that the corporate governance

7.0.10 If an insurer is a branch, these standards would generally apply to the

Appropriate allocation of oversight and management responsibilities

7.1 The supervisor requires the insurer’s Board to:

2014, para 43-44.

Corporate culture, business objectives and strategies of the insurer

Structure and governance of the Board

Chair of the Board

Independence and objectivity

Duties of individual Board members

7.4 The supervisor requires that an individual member of the Board:

Duties related to risk management and internal controls

Duties related to remuneration

7.6 The supervisor requires the insurer’s Board to:

Overall remuneration strategy and oversight

7.6.2 As a part of effective risk management, an insurer should adopt and

7.6.9 Variable remuneration should be performance-based using measures of

7.6.13 Where share-based components of variable remuneration (such as

7.6.15 Where an insurer provides discretionary pay-outs on termination of

Reliable and transparent financial reporting

Duties of Senior Management

8.0.1 As part of the overall corporate governance framework and in furtherance