Rwanda
Regulation on Corporate Governance, Risk Management and Internal Controls Requirements for Insurance Business
Regulation 11 of 2017
- Published in Official Gazette 49 bis on 4 December 2017
- Assented to on 23 November 2017
- Commenced on 4 December 2017
- [This is the version of this document from 4 December 2017.]
Chapter One
General provisions
Article one – Definition of terms
In this Regulation, the following terms shall be defined as follows:1.“Corporate governance”: the manner in which the board of directors and senior management oversee the insurance business and encompasses the means by which members of the board and senior management are held accountable and responsible for their actions. It includes corporate discipline, transparency, independence, accountability, responsibility, fairness and social responsibility, timely and accurate disclosure of material information, and compliance with legal and regulatory environment.2.Compliance function: a function of reporting independently and directly to the Board or a committee of the Board that identifies, assesses, advises, monitors and reports on the institution’s compliance risk referring to the risk of legal or regulatory sanctions, financial loss, or loss to reputation that an insurer may suffer as a result of its failure to comply with all applicable laws, guidelines, codes of conduct and standards of good practice.3.Fit and proper: minimum requirements that a member of the Board of Directors or senior officer of insurer must fulfil.Fit and proper criteria are but not limited to the following:A.Honesty, integrity and reputation, include but not limited to:1°no record of criminal conviction;2°no adverse finding or any settlement in civil proceedings, particularly in connection with investment or financial business, misconduct, fraud;3°a person has not been subject to any proceedings of a disciplinary nature;4°a person has not infringed any regulatory requirements and standards and/or equivalent requirements and standards;5°a person has not been involved with a company, partnership or other organization that have been refused registration or license, whose license was revoked, withdrawn or terminated, or has been expelled by a regulatory or government body;6°a person has not been refused the right to carry on a trade, business or profession requiring a license, registration or other authorization, as a result of the removal of the relevant license, registration or other authorization;7°person has not been a director, partner, or concerned in the management of a business that has gone into insolvency, liquidation or administration;8°a person, or any business with which the person has been involved, has been investigated, disciplined, censured or suspended or criticized by a regulatory or professional body, a court or Tribunal, whether publicly or privately;9°a person has not been dismissed, nor asked to resign and resigned, from employment or from a position of trust, fiduciary appointment or similar;10°person has never been disqualified from acting as a director or disqualified from acting in any managerial capacity;11°in the past, a person has been candid and truthful in all his dealings with any regulatory body and whether the person demonstrates a readiness and willingness to comply with the requirements and standards of the regulatory system and with other legal, regulatory and professional requirements and standards.B.Competence and capability, include but not limited to:1°a person demonstrated skills and experience in relevant financial operations commensurate with the intended activities of the insurer;2°a person received trainings in relation to responsibilities and functions a person is expected to exercise;3°a person has adequate time to perform functions he/she is expected to exercise.C.Financial soundness, include but not limited to:1°no judgement debt or award remaining outstanding;2°a person has made any arrangement with his creditors;3°a person’s assets were not subjected to seizure4.Independent director: a director who has no relationship or interest in the institution or any of its subsidiaries or affiliates or their related interests which could interfere with the exercise of independent judgment in carrying out the responsibilities of a board member;5.Mutual insurer: insurer, which has no share capital and of which by its constitution only and all policyholders are members;6.Recidivism: Recidivism occurs when a person who was previously punished by the Central Bank for a financial misconduct or found by the Tribunal to have committed a financial misconduct commits another misconducts of the same nature within a period of three (3) years after the initial punishment or judicial decision condemning him/her.7.Rehabilitation: Restoration of rights to conduct insurance business or related services after dismissal or suffering any other punishment imposed by the Central Bank or any other institution for financial misconduct.8.Senior officer: Any staff of any insurer reporting directly to the senior management or to the board.Article 2 – Purpose
This regulation establishes requirements for corporate governance, risk management and internal controls requirements for insurance business to ensure effective oversight of the insurance business basing on the nature, scale and complexity of the insurance business being regulated. It provides further the means by which members of the board and senior management are held accountable and responsible for their actionsArticle 3 – Scope
This regulation applies to private insurance companies and mutual insurers.For public insurers, the corporate governance frameworks are generally prescribed in the laws establishing them and the relevant supporting orders.Chapter II
Requirements for shareholders
Article 4 – Responsibilities of shareholders of private insurers
The shareholders of a private insurer shall jointly and severally protect, preserve and actively exercise their authority through the general meetings of the shareholders.They have a duty, jointly and severally, to exercise that authority:1°to the extent that the duty is vested in general meetings, to ensure that only credible persons of good standing in society who can add value to the insurance business are elected or appointed to the board of directors;2°to ensure that, in general meetings and related forums, the board is held accountable and responsible for the efficient and effective governance of the insurer;3°to ensure that the institution’s by-laws and rules set out the roles and responsibilities of the board of directors, which must include a formal and documented process for the nomination, selection and removal of board members, and a specified term of office appropriate to the roles and responsibilities of board members.The shareholders shall ensure that the insurer applies to the Central Bank for approval, using the forms specified in the licensing regulation, in the following circumstances:1°transfer of existing shareholding of 10% or more of the share capital;2°acquisition of qualifying holdings which refers to having directly or indirectly shares of at least 10% or of voting rights or having any other way to influence the management of the insurer or of the voting rights in which such shares are held in;3°allotment of the shares involving qualifying holdings.Article 5 – Responsibilities of members of mutual insurers
The policyholders or members of a private insurer organised as a mutual company are the owners and have the same responsibilities and authority as the shareholders of a private share company insurer.The corporate governance framework in place for a mutual insurer must include specifics governing the voting system and the rights of members or representatives to participate in general meetings and any other means by which they may exercise their ownership rights and responsibilities.Article 6 – Restrictions on shareholding
No natural person including his or her related party or a body corporate including its related party owned or controlled by one natural person other than a reputable financial institutions, a reputable public company authorized by the Central Bank, or the Government of Rwanda and its institutions shall directly or indirectly own or acquire more than twenty-five 25% of the shares of a private insurer.The provisions of Paragraph One of this Article shall not apply to the Government of Rwanda and its institutions. It does not also apply to foreign governments, international institutions and any other person on conditions that they have been approved by the Central Bank.Article 7 – Responsibilities of the owner of public insurers
In case of public insurers, references to shareholders or stakeholders shall be interpreted as reference to government authorities, where relevant.The owner of a public insurer is the Government, and the latter holds the responsibility to exercise its authority to ensure that the board of a public insurer is composed of competent and credible persons and to hold the board accountable and responsible for the governance of the insurer.This authority is exercised through the relevant government ministry.The requirements for nomination, selection and dismissal of board members, term of office of board members and roles and responsibilities of the board are prescribed by the governing legislation of each public insurer, along with the relevant presidential and ministerial orders.Chapter III
Appropriate allocation of oversight and management responsibilities
Article 8 – Board oversight
The board is responsible for ensuring that the insurer has a well-defined corporate governance framework that provides for the separation of oversight and management functions.The board is responsible for oversight functions, which are defined as those providing overall strategy and direction for the insurer, as well as checks and balances to ensure the effective implementation of strategies and policies by the management.Key executives and management are responsible for management functions, which includes the dayto-day management of the insurer and implementation of approved strategies and policies.The board is responsible for oversight of key employees including the chief executive officer/managing director, other members of senior management/general directorate, and key persons in control functions. The board exercises its oversight function through organisational and governance policies and established performance objectives.The board holds senior management accountable for results, which ensures the separation of the board from management and reinforces its authority over management.The board shall establish clear and objective performance goals and measures for the insurer and senior management to ensure effective implementation of approved strategies.The board shall regularly assess the performance of senior management against the established performance goals.Board responsibility for oversight extends to third parties contracted to perform functions related to governance, as well as any outsourced functions.Article 9 – Allocation of roles and responsibilities
The board shall ensure there is a clear allocation of the roles and responsibilities of the board as whole of any of established board committees and senior management.Allocation of roles and responsibilities to individual board members must take into consideration the need for independence or objectivity required for the specific role. Independent directors are more suitable for performing oversight functions, as they are not involved in the ongoing management of the insurer.Article 10 – Management of public insurer
Requirements for members of the general directorate or management function, including qualifications, appointment, approval and responsibilities, are determined by the governing legislation of the public insurer.Chapter IV
Structure and governance of the board
Section one – Appointment of the board
Article 11 – Focal point of corporate governance system
The board of directors of an insurer must be the focal point of the corporate governance system of the organisation.The shareholders of an insurer are responsible for the appointment of a competent and dedicated board of directors whose task is to lead the insurer and ensure its success, set its strategic aims, provide a framework of prudent and effective controls which enable risks to be controlled and managed, set the corporate values and standards, and ensure that obligations to shareholders and other stakeholders are understood and met.The appointment of board members, chair and vice chair of the board of directors shall ensure the principle of continuity for the smooth functioning of the board and its committees.In no case, foreign parent insurance company shall not appoint more than a third (1/3) of the board members in its subsidiary company operating on Rwandan territory.Article 12 – Board composition and term of office
The board shall have a sufficient number of members with relevant experience to provide effective leadership and oversight of the insurer. The number and mix of board members, as well as the overall level of knowledge and expertise, shall be appropriate to the nature, scale and complexity of the insurer’s business.To ensure that this responsibility is met adequately, all licensed private insurers, including mutual insurers, shall have a minimum of seven (7) directors. Larger insurers with more complex products and risks shall have a larger number of appropriately qualified board members in order to adequately oversee the insurer’s business.The board of a private insurer shall be responsible for selecting one of its members to be the chairperson.The chairperson shall be an independent director. The Board shall report to the Central Bank any resignation or removal of any of its members within seven (7) days.For public insurer, appointment of board members including the appointment of the chairperson and deputy chairperson, are provided for by its governing legislation.Every board member must be appointed for (3) three years renewable only twice.The renewal of a Director's term referred to in paragraph 7 and 8 of this Article must be approved by the Central Bank.The nomination for re-election of a board member shall not be assumed but be based on disclosed procedures and continued satisfactory performance.After his/her removal or resignation from the office or after his/her expiration of his/her term of office, a board member or a senior manager may assume the same or other responsibilities in any other insurer.However, the former board member or senior manager shall not perform any act deliberately aiming at destabilizing activities of the former employing insurer.Article 13 – Fit and proper test and related effects
The Central Bank must make sure that the relevant person is fit and proper prior to the approval and taking up his/her position as a board member or senior officer.The Central Bank rejects any application for approval of any prospective board member or senior officer if it finds that the concerned person is not fit and proper.Board members must avoid commercial or business conflicts of interest with the insurers.Article 14 – Criteria to assess suitability of the Board of Directors
When selecting candidates for the composition of the Board of Directors as well as in case of its self-evaluation, an assessment of collective suitability of the Board must be done.In assessing the collective suitability of the board, the following must be taken into account:1°knowledge and experience in relevant areas and have varied backgrounds to promote diversity of views. Relevant areas of competence include, but are not limited to, law, actuarial and underwriting risks, investment analysis, management compensation and fair treatment of customers;2°The board collectively must have a reasonable understanding of local, regional and, if appropriate, global economic and market forces and of the legal and regulatory environment. International experience, where relevant, should also be considered;3°individual board members’ attitude should facilitate communication, collaboration and critical debate in the decision-making process.Board members are required to have the professional qualifications or knowledge and experience necessary to assess the risks to which the insurer is exposed and to assess the risk management system.Board members shall be recruited from as large a pool as necessary to ensure that the board as a whole possesses an adequate mix of knowledge and expertise to ensure appropriate oversight of the insurer’s business.The board shall implement measures to address any inadequacies, including training programmes for board members.The board may also request an evaluation by a third party to enhance the objectivity of the assessment process.Directors shall have a working knowledge of all applicable laws, regulations, guidelines and directives affecting the insurer to ensure that compliance with them receives the highest priority and that any non-compliance is not knowingly committed.Article 15 – Removal of directors
Where the Central Bank considers that a director or senior officer of a licensed insurer does not satisfy the requirements for fitness and propriety, or other qualifications prescribed by this regulation, it may request the removal of the director and replacement by another person approved by the Central Bank.Section 2 – Independence and accountability of board members
Article 16 – Requirements for independent directors
The board of private and mutual insurers must include at least four (4) independent directors.To guide against potential conflicts of interest, the chairperson of the board of an insurer shall be an independent director, and no individual shareholder with a qualifying holding shall be eligible to be appointed as the chair or deputy chairperson of the board.Article 17 – Separation of responsibilities
The responsibilities of the chairperson of the board must be clearly separated from those of the Managing Director or Chief Executive Officer to ensure an appropriate balance of power, increased accountability and greater capacity of the board for independent decision-making.The positions of chairperson or the vice chairperson of the board and Chief Executive Officer/Managing Director shall not be combined by any insurer.Two members of the same extended family shall not be permitted to hold the position of chairperson and Chief Executive Officer/Managing Director of an insurer at the same time.The board of a licensed insurer that is part of a financial group must be able to demonstrate independence from undue influence by related parties.The responsibility of the board includes ensuring that shared services between entities belonging to a financial group are treated as outsourced functions on an arms-length basis, and that costs are allocated appropriately to the local insurer.Article 18 – Prohibition on multiple directorships
No director of an insurer or insurance broker shall be permitted to hold a position of director in more than one licensed insurer or insurance broker unless the said institutions are subsidiaries or holding companies.Article 19 – Board self-assessment
A formal and rigorous evaluation or self-assessment of the performance of the board shall be undertaken using the format set out in Appendix.The evaluation or self-assessment shall be conducted annually and the fact that it has been done shall be disclosed in the annual report.The Managing Director or Chief Executive Officer shall also conduct his/her self-assessment in accordance with the manner prescribed by the Board.Copies of both assessments shall be submitted to the Central Bank by 30th June of every year.While this self-assessment is not mandatory for public insurers, it is recommended as good practice.The findings and recommendations of the current evaluation should be the basis for the next self-assessment and the report on the improvement or failures therein should be included in the report to be submitted to the Central Bank.Article 20 – Corporate governance framework
The board has overall responsibility for demonstrating to the Central Bank that the corporate governance framework is effective and operates as intended.The Central Bank may include an assessment of the governance framework and the insurer’s compliance with the framework in its regular supervisory process and may also assess the effectiveness and competence of the board, collectively and individually, and may recommend training if appropriate. The Central Bank may also attend and observe board meetings.While the composition of the board and senior management of public insurers, as well as roles and responsibilities are largely prescribed by governing legislation, the supervisory role of the Central Bank shall be utilised to ensure that their governance structure is operating as intended and is effective.All insurance entities are required to be able to demonstrate that their governance framework is appropriate and effective, and in compliance with relevant laws and regulations.Notwithstanding any implementation of group wide corporate governance and practices, the local board of a licensed insurer is ultimately responsible for the operations and success of the insurer on a stand-alone legal entity basis, and must demonstrate compliance with relevant laws and regulations in Rwanda.Section 3 – Powers, duties and responsibilities of board members
Article 21 – Duty of care, due diligence and independent judgement
Board members are required to act in good faith, exercise due care and diligence, and act in the best interests of the insurer and policyholders.Every board member has a duty to exercise independent judgment in his or her decision making and not to use his or her position to gain undue personal advantage or cause detriment to the insurer.Board members shall not solicit or otherwise accept inducements either directly or indirectly whether in cash or in kind in order to provide any favors in conducting the business of the insurer to which they are entrusted either jointly or individually.Article 22 – Attendance at Board meetings
Every director has a duty to attend board meetings regularly and to effectively participate in carrying out the business of the Board.Attendance of board meetings for every board member must be at least 75% for the whole financial year.Insurers shall establish a policy that documents the minimum attendance requirements of board members, including appropriate actions and penalties for board members who fail to comply with the minimum attendance rulesThe board shall review the suitability of a director who has failed to comply with the minimum attendance rule without valid reason and may require the resignation of board members who do not comply with minimum attendance requirements.Board member attendance shall be disclosed in the annual report.Article 23 – Sound and prudent management
The board of an insurer is ultimately responsible for the sound and prudent management of the organisation. Members of the board have a duty to act in good faith and must exercise their powers in the best interests of policyholders and shareholders, in compliance with the law and related regulations.The board is responsible for the oversight of the conduct of the insurer’s business to ensure that the business is being properly managed and that dealings with policyholders, claimants and creditors are fair and equitable.The board must have a formal charter that sets out its roles and responsibilitiesBoard members must provide clear objectives and policies within which senior executive officers are to operate. The policies and systems must be appropriate to the complexity, size and nature of the insurance business.At minimum, these policies and systems shall cover core areas of operations, which, specifically for insurers, include underwriting and pricing, investments, reinsurance and claims management.Article 24 – Information on business condition and performance
Since the directors are jointly and severally responsible for the effective supervision of the affairs of the institution, they shall be informed of its business condition on a regular basis.For the purpose of deliberating on this information and providing guidance to the management, the Board shall meet regularly, at least once in a quarter.In addition, the Board and each director shall exercise independent judgment in evaluating the performance of the management.This shall be enhanced by the provision of independent reviews of the operations by internal auditors, external auditors and other appointed experts reporting directly to the Board.Directors shall also keep themselves informed of the developments in the insurance industry and business trends in order to safeguard the institution’s competitiveness.As part of its regular monitoring and review of the operations of the insurer, the board shall review at least annually whether those responsible are implementing the policies and procedures, as set by the board, as intended.There shall be the provision of independent reviews of the operations by internal auditors, actuaries, external auditors and other appointed experts reporting directly to the board.Article 25 – Perform corporate planning
Directors shall formulate the future direction of the institution through planning, organizing and controlling.Sound planning must be put in place and projections/targets must be periodically reviewed and amended as circumstances dictate.Management succession, business continuity and disaster recovery shall be included in the planning process.Article 26 – Maintain positive image
The directors shall ensure that the institution maintains a positive image within the industry and the economy as a whole.The insurer shall provide adequate services and facilities both efficiently and competitively in line with safe and sound insurance practicesArticle 27 – Responsibilities of the chairperson of the board
The chairperson of the board is responsible to provide effective leadership.The responsibilities of the chairperson shall be clearly defined in the organisational rules or laws establishing the board.These responsibilities include the following:1°responsibilities for setting the agenda for board meetings;2°ensuring that adequate time is given for discussion of agenda items;3°facilitating the participation of all members of the board as well as communication between the board and senior management;4°oversight management;5°Assessment of the board of directors;6°Chairing the board meetings;7°ensuring smooth communication between directors and shareholders.Article 28 – Delegation of powers
There shall be in place a formal procedure for the board to delegate certain functions in order to enable the board to properly discharge its duties and responsibilities and to effectively execute its decision-making powers.Where duties are delegated, the board is still ultimately responsible for the activities or tasks delegated.When the board delegates any duties or functions, it shall ensure that the delegation is appropriate and is made under a clear mandate with well-defined terms.The board has the authority to monitor and request reports to ensure the delegated tasks are carried out.The board retains the right to withdraw the delegation if it is not conducted properly.Article 29 – Board for public insurers
Powers, duties and responsibilities for board members of public insurers are prescribed by their governing legislation and take precedence in the event of any conflict.Section 4 – Board Committees
Article 30 – Establishment of Board Committees
The board shall establish board committees with formally determined terms of reference, life spans, roles and functions as it deems necessary to promote effective governance of the insurer.The private or mutual insurer, must establish three mandatory Board committees which are the following:1°Underwriting and claims strategy committee;2°audit committee;3°risk management committee.All board committees referred to in Paragraph 2 of this Article for private or mutual insurer must be chaired by an independent Director.A director shall not chair more than one board committee.Public insurer shall establish the following board committees in case it does not conflict with their governing laws:1°audit committee;2°risk management committee;3°investment committee.However, without prejudice to the provisions of Paragraph Two of this Article, the insurer, whether public or private, may establish any other Board committee appropriate to the nature and the risk proofed of the insurer.Article 31 – Mandate of board committees
Where board committees are put in place, they shall have clearly defined and written mandates, authority to carry out their functions, an appropriate degree of independence and objectivity depending on the role of the committee.Board committees shall be established with clearly agreed upon reporting procedures.As a general principle, there shall be transparent and full disclosure from the board committees to the board.Board committees assist the board and its directors in discharging their duties and responsibilities, however, the board remains accountable.Board committees shall be free to solicit independent professional advice when necessary and to invite senior management to provide technical advice when needed.Article 32 – Board Audit Committee
The board of insurer shall establish an audit committee to regularly review at least on a quarterly basis its financial condition and its internal control system, the performance and findings of the internal and external auditors, recommend undertaking appropriate remedial actions.The audit Committee of the board of a private insurer consists of not less than three (3) members, at least two of whom shall be independent directors of the institution.The Chairperson of the Audit Committee must be conversant with financial and accounting matters, and have the appropriate academic degree and sufficient experience to discharge his/her duties effectively.The audit committee shall review on quarterly basis the insurer’s financial condition, its internal control system, the performance and findings of the internal and external auditors, and to recommend appropriate remedial actions if necessary.The audit committee members shall elect a Chairman among them who must be an independent director.The board chairperson shall not be a member of the Audit Committee at all or chair any board committee, but could be invited to attend meetings when necessary, by the chairperson of any committee.The Chief Executive Officer shall not be a member of the Audit Committee but may attend upon invitation for consultation only.Membership of the Audit Committee shall be disclosed in the annual report.Article 33 – Responsibilities of Board Audit Committee
The primary responsibilities of the Board Audit Committee shall include, but not limited to the following:1°overseeing financial statements, financial reporting and disclosure processes;2°monitoring accounting policies and practices;3°overseeing the internal audit process, including reviewing internal audit reports and their overall effectiveness, the scope and depth of audit coverage and implementation of audit recommendations;4°overseeing the external audit process, including reviewing the external auditor’s audit plan, and material findings;5°ensuring coordination between the internal audit function and the external auditors;6°nominating external auditors for appointment by shareholders;7°overseeing the performance and independence of the external auditors, taking into consideration relevant professional and regulatory requirements;8°overseeing the hiring, removal, performance and independence of the internal audit function;9°reviewing intra-group transactions and all transactions with connected persons;10°overseeing governance, regulatory compliance, ethics, processes for the reporting or potential violations, risk management and internal control processes if there is no separate board committee for functions such as compliance, risk management, governance or internal controls.There shall be regular meetings between the audit committee and the external auditor during the audit cycle, including meetings without the presence of senior management.The external and internal auditors of an insurer shall have free access to the audit committee.The auditors shall be allowed to attend and be heard at any meeting of the audit committee.Upon the request of the auditors, the chairperson of the audit committee must convene a meeting to consider any matter that auditors believe shall be brought to the attention of directors or shareholders.The audit committee shall ensure that significant findings and weaknesses in the financial reporting system are corrected as soon as possible.The audit committee shall also review the Central Bank’s supervision reports and ensure implementation of all recommendations within a reasonable timeframe.The audit committee of a mutual insurer ensures that any proposal for distribution of surplus to policyholders or members are appropriate given the financial condition of the insurer and its current business strategies and capital position.Article 34 – Risk management committee
The board of a licensed insurer shall establish a risk management committee, with oversight responsibility for the investments of the insurer.If the nature, size or complexity of the insurer’s business is such that a separate risk management committee is not warranted, audit committee or the full board may carry out the responsibilities.The risk management committee shall be chaired by an independent director but may include non-independent directors as members, including the Chief Executive Officer or Managing Director.The risk management committee is responsible for reviewing and assessing the integrity and effectiveness of the risk management system and ensuring that all material risks are identified, measured, monitored and reported.It shall also ensure that the insurer has in place all the key elements of a sound risk management system which must include:1°board and senior management oversight;2°risk management policies, procedures and limits;3°risk monitoring and information systems;4°internal control system and audit.The risk management committee shall set out the nature, role, responsibility and authority of the insurer’s risk management function and systems and outline the scope of risk management work.The risk management committee monitors external developments and provide independent and objective oversight and review of the information presented by the insurer’s risk management function, taking account of risk concerns raised by the audit committee and other board or management committees.The risk management committee may obtain such independent professional advice as it considers necessary to carry out its duties.The risk management committee shall normally meet on a quarterly basis.Article 35 – Investment committee
The board of a licensed insurer may to establish an investment committee, with oversight responsibility for the investments of the insurer.If the nature, size or complexity of the insurer’s business is such that a separate investment committee is not warranted, the responsibilities may be carried out by the risk management committee or audit committee, or the full board.An independent director chairs investment committee but may include non-independent directors as members, including the Chief Executive Officer/Managing Director.The investment committee normally meets on a quarterly basis.The primary responsibilities of the investment committee include the following:1°review and oversee the overall investment policy of the insurer;2°assess and approve any proposed investments beyond the discretionary limits of senior management, as prescribed in the insurer’s investment policy;3°review the investment portfolio of the insurer and recent transactions to ensure compliance with the insurer’s investment policy and all regulations;4°ensure there are effective procedures and resources to identify and manage non-eating investments, minimize investment loss and maximize recoveries;5°direct, monitor, review and consider all issues that may materially impact on the existing and future quality of the insurer’s investment risk management;6°delegate and review investment authority limits to senior management;7°assist the board with discharging its responsibility to review the quality of the investment portfolio and ensuring adequate provisions for any impairment in values;8°conduct investment reviews independent of any person or management committee responsible for making investment decisions;9°ensure that the investment policy and risk limits are reviewed at least on an annual basis and more often if the environment so dictates.Article 36 – Responsibilities of underwriting and claims strategy board committee
The responsibilities of underwriting and claims strategy are the following:1°review, approve, and monitor overall risk tolerance and risk appetite;2°establishment of policy on fraud detection and prevention;3°establishing company’s models and metrics to evaluate the underwritten risk;4°establishing and reviewing claims policies and procedures;5°to review periodically the policies and guidelines governing the Company's insurance underwriting and reinsurance treaties;6°to review on periodic basis, the Company's insurance underwriting and reinsurance processes and procedures;7°monitor compliance with approved underwriting policies and guidelines;8°review ceded reinsurance programs and practices;9°review and approve acquisitions and disposals of lines of business, joint ventures and strategic equity investments;10°review and assess on a regular basis the policy on technical provisions of an insurer;11°review on a regular basis pricing’s policy and strategy;12°review and approve re-insurance strategy of re-insurer.Article 37 – Remuneration committee
The board of an insurer may establish a remuneration committee as a separate subcommittee of the board to establish and review the insurer’s remuneration policies and practices.The responsibilities of the remuneration committee may include:1°proposing a remuneration policy for the insurer, including remuneration governance and structure, and components of compensation;2°preparing a report or other disclosure on compensation practices;3°making recommendations regarding the specific remuneration of board members, the chief executive officer, senior management and key persons in control functions;4°ensuring that the remuneration approach is consistent with the risk management framework of the insurer.The remuneration committee meets as frequently as needed, but not less than annually, to review the effectiveness of the remuneration policy and to ensure that remuneration practices within the insurer comply with the policy as well as the risk management framework.Article 38 – Nominations committee
The board of an insurer may establish a separate nomination committee to assist the shareholders and board in nominating and selecting appropriate candidates for board members.The responsibilities of the nominations committee may include the following:1°implementing the board’s policy on board renewal to ensure that the board maintains appropriate levels of skills and experience as well as maintaining an appropriate level of independence;2°making recommendations to the shareholders and board regarding the nomination for appointment or reappointment of board members;3°making recommendations to the board for dismissal and retirement of members of the board and senior management;4°making recommendations to the board regarding succession planning for senior management;5°making recommendations to the board for the nomination of members for board committees;6°ensuring that all directors receive appropriate ongoing training to enable them to fulfill their role and discharge their duties effectively.The nominations committee shall meet as frequently as necessary to fulfill its role, but not less than annually.Article 39 – Ethics and compliance committee
The board of an insurer may establish a separate committee on ethics and compliance, with the following responsibilities:1°monitoring the insurer’s compliance function and the insurer’s risk profile, including the insurer’s code of ethics or conduct;2°ensuring compliance with external laws and regulations as well as internal policies;3°receiving reports from the compliance function related to the insurer’s compliance activities, as well as reports on identified weaknesses or violations and remedial actions undertaken;4°Monitoring issues related to the insurer’s mechanisms for allowing confidential reporting by employees of compliance concerns or violations;5°Advising the board on the effect of compliance activities on the insurer’s conduct of business, and supporting the senior management to emphasize the importance of ethics and compliance;6°Approving compliance programmes and policies and reviewing their effectiveness on a regular basis.Chapter V
Specific responsibilities of the board and senior management of a private insurer
Section one – Specific responsibilities of the board of a private insurer
Article 40 – Corporate governance
The board shall establish specific corporate governance principles for the insurer.The board oversees internal reviews of corporate governance principles, processes and outcomes on a regular basis, revising its principles as necessary.The board may also authorise external reviews of its corporate governance structure and practices.Article 41 – Strategies and policies
The board shall adopt a rigorous process for setting and approving the implementation of the insurer’s overall objectives, business strategies and policies.Strategies and policies take into account the long-term financial stability and soundness of the insurer, the interests of stakeholders, and fair treatment of customers.Business objectives, strategies and written policies must be approved by the board prior to implementation and must be reviewed at least annually.The board may conduct more frequent reviews, if necessary, with respect to product portfolio, risk strategy or marketing, or in the event of external events that may have a material impact on the insurer.Key areas to be addressed in the development of appropriate business objectives and strategies include:1°strategic direction and market position;2°risk appetite and risk profile;3°choice of insurance lines and products pricing;4°pricing, underwriting and reinsurance;5°mergers, acquisitions and strategic alliances;6°corporate structure;7°annual budget and financing strategies;8°outsourcing;9°remuneration policies.Article 42 – Strategy and policy in respect of capital and solvency requirements
The board must set the strategy and policy of the insurer with respect to its level of capital and overall solvency needs.The board also has the responsibility of ensuring that the insurer maintains an adequate level of capital and meets the minimum solvency requirements required by law and regulations at all times.The board has a duty to inform the shareholders of the insurer’s capital adequacy and margin of solvency and to advise them on the appropriate manner of increasing capital levels when necessary.In the case of a mutual insurer, the board has the responsibility of assessing the need for any additional capital requirements and to oversee any resulting call for capital. The capital may be raised from the policyholders or members.The board must ensure that the equity of individual policyholders or members is monitored and maintained on a fair basis.Article 43 – Risk management policies and systems
The board must ensure that the insurer has in place a comprehensive set of risk management policies and systems capable of promptly identifying, measuring, assessing, reporting and controlling their financial and non-financial risks.Risk management policies and systems shall address risks in key areas including: pricing and underwriting, reinsurance, sales and distribution, valuation of technical provisions, credit default, investments, liquidity, legal risks, operational risks and risks arising from money laundering and financing of terrorism.The Board must ensure that the insurer has in place an effective system of internal controls, and a clear allocation of responsibilities within the insurer to design, implement and monitor the internal control system.The board shall also determine the control functions that shall report to the board or any board committee in respect of the internal controls system.Risk management policies and internal control systems shall be appropriate to the complexity, size and nature of the insurer’s business.Any change in the policies and systems of an insurer shall be submitted to the Central Bank for review within seven (7) days from the date of change.Article 44 – Financial reporting
The board shall ensure that the insurer establishes a reliable financial reporting process for both public and supervisory processes that is supported by clearly defined roles and responsibilities of the board, senior management and the external auditor.The board shall carry out specific oversight functions to ensure that the insurer establishes adequate systems and controls so that financial reports present a balanced and accurate report of the insurer’s business and financial condition.These specific oversight functions are generally the responsibility of the audit committee.The board must ensure that an effective internal reporting system is in place and regularly evaluate it.Effective decision-making by the board depends on receiving quality and timely information through a reliable and comprehensive internal reporting system.Internal reporting systems shall include information on all risks to which the insurer is exposed, including risks at the group or parent company level and wider systemic risks.Section 2 – Specific responsibilities of the management of a private insurer
Article 45 – Major duties and responsibilities of Managing Director/Chief Executive Officer
Chief Executive Officer or Managing Director is accountable to the board for the day-to-day running of the insurer.Chief executive officer shall identify and recommend to the board competent senior officers to manage the operations of the insurer.In the fulfillment of this duty, the Chief Executive shall ensure that a clear and transparent process for engaging persons with appropriate competencies and integrity is implemented and followed.The major responsibilities of the chief executive officer/managing director, along with senior management, are as follows:1°ensure that the policies established and approved by the board in the insurer’s overall corporate strategy are implemented;2°co-ordinate the operations of the various departments within the insurer, including clear lines of communication between senior management and key persons in control functions;3°establish and maintain efficient and adequate internal control systems, without interfering in the rightful exercise of the independent responsibilities of those in control functions;4°establish and implement standards of business conduct and code of ethics for senior management and other employees to promote a culture of risk management and compliance;5°design and implement the necessary management information systems in order to facilitate efficient and effective communication within the insurer, and to comply with all reporting requirements to external stakeholders and the Central Bank.Article 46 – Required approval from the Central Bank
The chief executive officer/managing director shall be approved by the Central Bank prior to taking up his or her position. The institution shall submit to the Central Bank duly completed Personal Declaration form as prescribed in the licensing regulations.Where a board member who has been cleared by the Central Bank is subsequently appointed as the managing director/chief executive officer, specific approval of the appointment shall be obtained prior to the person taking up the position.Approval of the appointment may be granted by the Central Bank with the understanding that the Central Bank may later disqualify any chief executive officer/managing director if adverse information is later revealed, or if he/she acts in any manner contrary to or not in compliance with the requirements of the applicable laws and regulations, or in any manner detrimental to or not in the best interest of the policyholders and the public.Article 47 – Responsibility of the board to notify resignation, removal of Chief Executive Officer/Managing Director
The board shall report to the Central Bank the resignation or removal of the chief executive officer/managing of the insurer within seven (7) days.Article 48 – Major duties and responsibilities of Management
The board of the insurer must ensure that appropriate policies and procedures are in place to govern the roles and responsibilities of senior management.Senior management shall ensure that the board is frequently and adequately apprised about the operations of the insurer through presentation of relevant board papers, which shall cover, at minimum, the following areas:1°actual performance compared with the past performance and the budget together with explanations of any material variances;2°capital adequacy and margin of solvency;3°performance of the investment portfolio;4°income and expenses;5°claims settlements;6°all transactions with connected persons;7°report on non-compliance with laws and regulations and the corresponding corrective or remedial measures undertaken;8°large risk exposures;9°adequacy of technical provisions including actuarial liabilities;10°reports from external and internal auditors and from the audit committee;11°any other areas relevant to the insurer’s operations.Senior management shall ensure there are adequate procedures in place for assessing their performance relative to the objectives set by the board. Performance assessment shall be conducted at least annually, preferably by an independent third party, or the board itself.The management of an insurer which is a subsidiary of a foreign financial group must be directly accountable to the local board of the subsidiary, even if they have reporting obligation to the parent entity.Article 49 – Management committees
The Chief Executive Officer/Managing Director and senior management of an insurer must establish distinct management-level committees for the purpose of managing specific areas of the insurer’s business.These committees are established subject to the nature, scale and complexity of the insurer’s business.Management committees may include senior managers who are also members of the board, provided that they are not also members of the audit committee.Management committees shall be established with a clear and written mandate, including membership, roles, responsibilities, and minimum requirements for scheduled meetings.They report appropriately to the board or relevant board committee on matters that require board involvement or approval.Article 50 – Executive Committee
Insurers must establish an executive committee to act as the link between the management and the board and to be responsible for the implementation of operational and strategic plans, identification of business risks and opportunities, annual budgeting, and period reviews of insurance operations.The executive committee assists the chief executive officer to guide and control the overall direction of the business of the insurer and acts as a link for communication and coordination between business units and the board.Article 51 – Risk Management Committee
Insurers must establish a management-level risk management committee to be responsible for the ongoing risk management function and systems within the company.The management’s risk management committee co-ordinates and centralizes the risk management function within the insurer and ensures that risk management practices are integrated throughout the business.This committee shall report on a regular basis to the risk management committee of the board, if there is one or otherwise to the audit committee.Article 52 – Asset and Liability Committee (ALCO)
Insurers may establish a management-level committee responsible for the asset and liability management of the insurer.Where the nature, scale and complexity of the insurer’s business indicate that a separate ALCO is not warranted, the responsibilities of an ALCO may be delegated to the management’s risk management committee.An insurer engaged in long-term insurance business shall establish an asset and liability committee unless the responsibilities of an ALCO are explicitly delegated to a sub-committee of the risk management committee with a clear mandate and line of reporting that includes reporting to the board or an appropriate board committee.Asset liability management (ALM) involves managing the insurer’s business so that decisions taken regarding assets and liabilities reflect the interdependence of their respective risks and any impact of variations in the value of one on the other.The ALCO shall formulate appropriate strategies for the insurer in terms of the mix of assets and liabilities given its expectations of the future and the potential consequences of interest rate and foreign-exchange-rate movements, liquidity constraints, actuarial liabilities and capital adequacy.The committee shall ensure that all strategies conform to the insurer’s risk appetite and risk limits as established and approved by the board.The ALCO shall report periodically to the board or to a designated board committee on the performance of its strategies for asset liability management and any material impacts or changes.The ALCO shall meet periodically with the risk management function of the insurer to ensure that all risks related to asset liability management strategies are identified, assessed and monitored appropriately.Chapter VI
Risk management and internal control systems
Section one – General requirements for risk management and internal controls
Article 53 – Requirement to establish risk management policies and internal control systems and functions
A licensed or authorised insurer shall have effective risk management systems and internal controls, including risk management, internal audit, compliance and actuarial functions. These must be included in the insurer’s overall corporate governance framework and shall be appropriate to the nature, scale and complexity of the insurance business.The specific control systems and functions established for a given insurer shall reflect the nature, scale and risk profile of its insurance business and be reviewed and adapted as circumstances change.Article 54 – Internal control systems and control function
Internal control systems must be designed and implemented to provide reasonable control over key business and processes, including accounting and financial reporting, risk management and compliance, in order to provide assurance that the business is being operated in accordance with the strategies and policies set by the board.Key persons and staff in control functions must possess integrity, competence and relevant expertise and qualifications.The insurer is responsible for ensuring that persons in control functions meet appropriate fit and proper requirements.Appointment, performance assessment and dismissal of the head of each control function shall be subject to the approval of the board or relevant board committee.The control functions of an insurer, including the risk management and internal audit functions must have the authority and independence necessary to effectively discharge its duties.The authority and responsibilities of each control function shall be set out in writing as part of the insurer’s governance framework and approved by the board.The internal controls system must provide for appropriate segregation of duties to promote checks and balances and avoid conflicts of interest.For public insurers, the principles included in this article are also relevant as long as there is no conflict with their governing laws.The board of directors shall ensure that effective systems and controls are in place, and that adequate and competent resources are available to implement them. Senior management, or the general directorate of a public insurer, has responsibility to implement these systems properly.For insurers that are part of an insurance group or financial conglomerate, group-wide risk management and controls systems may be implemented in addition to those at the legal entity level.The Central Bank may request the insurer to demonstrate that the risks are managed appropriately at both the legal entity level and the group-wide level.Article 55 – Requirement of internal control system
The board shall develop a strong internal control culture within its organization and establish and maintain an effective internal control system to ensure that:1°the business of the insurer is conducted in a prudent manner in accordance with policies and strategies established by the board;2°transactions are only performed with appropriate authority;3°assets are safeguarded;4°accounting and other records provide complete, accurate, verifiable and timely information;5°management is able to identify, assess, manage and control the risks of the business and hold sufficient capital for these risks;6°all outsourced functions have proper oversight and clear accountability.Article 56 – Powers to issue directives and guidelines
The Central Bank may issue additional guidelines to assist insurers in establishing and implementing appropriate risk management and internal control functions and systems.The Central Bank may require an insurer to demonstrate that its control functions and systems, including risk management, are adequate and appropriate to the nature, scale and complexity of the insurer’s business.The Central Bank may issue specific directives prescribing appropriate remedial actions to an insurer who does not comply with this regulation.Section 2 – Risk management
Article 57 – Requirement of risk management policy
Insurers are required to have:1°a clearly defined and written risk management policy which includes strategies, objectives, key principles and responsibilities for managing relevant categories of risks. This policy must be approved by the board;2°a clearly defined risk appetite that is approved by the board and which must be implemented by the risk management function.The responsibility to ensure quality, integrity and reliability of the insurer’s risk management systems may be delegated to a management-level risk management committee that reports to the board or appropriate board committee.Article 58 – Risk management function
The insurer shall establish a risk management function that is integrated into the insurer’s organisational structure and includes clear lines of reporting.The risk management function shall be independent from business operations and may be headed by a chief risk officer.The board is responsible for ensuring that an effective risk management system is established by the risk management function and that it is implemented and monitored.A risk management system consists of strategies, policies, processes, and reporting procedures that are used to identify, assess, monitor, and control foreseeable material risks at both an individual and aggregate level. It takes into account the probability, impact and time horizon of such risks.The risk management function shall report to the board on a regular basis matters relating to risk exposures, the insurer’s risk profile, and any risk-related events.The head of the risk management function has the authority and obligation to inform the board promptly of any material circumstances that affect the risk management system.If the risk management function consists of several sub-functions in respect of different risk categories, these sub-functions shall report to a common control function that aggregates the information and reports to present an overall view of the risk management system.The risk management function shall maintain an aggregate view of the insurer’s risk profile. It shall include an evaluation of the insurer’s capacity to absorb risk given the nature, probability and impact of identified risks. It shall consider risks arising from the internal and external environments as well as risks arising from remuneration and incentive structures.Article 59 – Risk management system
The insurer shall implement an effective risk management system that is appropriate to the nature, scale and complexity of the insurer’s business.Subject to these considerations, the risk management system shall include the following:1°written policies which include a definition and categorization of the relevant material risks to which the insurer is exposed, the acceptable risk limits for each type of risk and definition of specific obligations of employees dealing with these risks;2°suitable processes and tools for identifying, assessing, monitoring, managing and reporting on risks;3°regular reviews of the risk management system and implementation of corrective or additional measures if necessary.The risk management system takes into account all reasonably foreseeable and material risks which the insurer is exposed to.New activities and products that may increase an existing risk or create a new risk exposure shall be subject to review and approval by the board and senior management.Material changes to the risk management system shall be documented and subject to board approval.Appropriate documentation must also be available to internal and external audit and to the Central Bank to assist in their evaluation of the risk management system.The risk management system shall be integrated into the business such that appropriate risk management practices are part of the insurer’s operations on an enterprise-wide basis.Appropriate training and communication for employees are conducted on a regular basis to help employees understand the risk management system and their responsibilities.Article 60 – Enterprise risk management ERM
Insurers may elect to embed their risk management function and systems into an enterprise risk management system in order to align their risk management activities directly with business strategies and capital allocation decision-making processes.Insurers which are part of an insurance group or financial conglomerate who establish a group-wide ERM function shall still comply with all regulations for risk management and internal controls on a legal entity basis.An ERM framework established by an insurer or parent company of an insurer must be included in the oversight activities of the board of the legal entity as well as the parent company, if applicable and it shall be implemented and managed by a central risk management function at the legal entity level.The board of the legal entity must approve independently the ERM policy for the insurer.The ERM policy shall be consistent with other strategies and policies developed by the board and implemented by senior management.The ERM policy shall correspond with the risk appetite statement and risk capacity of the insurer at the legal entity level as approved by the board.An ERM policy shall be expected to include the following:1°processes and responsibilities to identify underlying risks, causes of risk, sources and types of uncertainty, and the dependencies and relationships between them;2°a clearly articulated risk appetite statement that includes integrated risk limits and capacities at the legal entity level and links these to strategic objectives and allocation of risk capital;3°the type and level of stress testing and scenario analysis to be performed on a periodic basis;4°process and responsibility for developing responses to risks;5°responsibility and oversight for managing strategic, project and operational risks;6°process and responsibility for developing any internal risk models to be used as part of the erm system.Article 61 – Use of internal models
Insurers may choose to develop and use an internal model to develop a comprehensive quantitative analysis of their risks as part of their risk management system.Such an internal model may be used as part of an enterprise-wide risk management system to investigate the relationships of risks to capital adequacy and business strategies.For insurers using an internal model, on either a partial or full basis, the risk management function shall be involved in:1°designing and implementing the internal model;2°testing and validating the internal model;3°documenting the model and any changes to the model;4°analysing the results of the internal model and producing reports;5°communicating results and performance from the internal model to the board and senior management, in particular any concerns with the risk management framework or potential impact of risks on the insurer;6°providing appropriate documentation as requested by the Central Bank.Use of any internal model for solvency purposes must comply with regulation on capital adequacy and must be subject to approval of the Central Bank.The Central Bank may issue additional guidance or specific directives on ERM systems and internal models if appropriate and necessary.Article 62 – Internal audit function
The board must set-up an effective internal audit function of a nature and scope appropriate to the business which has:1°unfettered access to all of the insurer’s business lines and support departments;2°appropriate independence, including reporting lines to the board or the board audit committee;3°the necessary authority to ensure that senior management reacts to and acts upon its recommendations;4°sufficient resources and staff who are suitably trained and have relevant experience to understand and evaluate the business they are auditing.The internal audit function shall have in place an audit charter, audit manual, audit program and internal control questionnaires in order to help the board to establish and maintain the best possible internal control environment within the insurer.The internal audit function provides assurance to the board relative to:1°the means by which the insurer protects its assets and those of its policyholders, and prevents fraud and misappropriation of assets;2°the reliability, accuracy and completeness of the accounting, financial reporting, and management information systems;3°the design and effectiveness of the internal controls system;4°any other matters requested by the board or senior management.The head of the internal audit function reports to the board or the board audit committee the audit function’s annual audit plan, any factors which have an impact on the effectiveness or independence of the internal audit function, and the extent of management’s compliance with agreed upon recommendations as a result of an internal audit report.The head of the internal audit function may communicate directly with the chairperson of the audit committee or chairperson of the board without management present.The audit function shall carry out all activities that are necessary to fulfill its responsibilities and ensure that all material areas of risk of the insurer are subject to appropriate audit within a reasonable timeframe.The audit functions activities shall include the following:1°establishing and implementing a risk-based audit plan;2°evaluating the adequacy of the insurer’s policies and processes;3°reviewing levels of compliance with established policies, procedures and controls;4°evaluating the means of safeguarding insurer and policyholder assets, and if appropriate;5°verifying segregation in respect of insurer and policyholder assets;6°monitoring and evaluating governance and control processes;7°coordinating activities with the external auditors;8°conducting regular assessments of the internal audit function and implementing improvements as needed.A signed audit report that incorporates management’s comments shall be issued after each audit assignment and a copy submitted to the audit committee and to the Central Bank, on request.Article 63 – Compliance function
The board of a licensed insurer shall establish an independent and effective Compliance Function to assist the insurer in meeting its legal and regulatory obligations and promote a culture of compliance and integrity.Where necessary, such as in small companies, the compliance function may be combined with other relevant internal control functions as long as it is able to maintain its independence and perform its role effectively.For insurers that are members of insurance groups or financial conglomerates, the compliance function may be integrated with the compliance function at the group-wide level and shall keep the board informed with compliance obligations at both the group-wide and legal entity level.Article 64 – Responsibilities of the compliance function
The compliance function identifies, assesses, and monitors the insurer’s compliance risk with respect to the risk of legal or regulatory sanctions, financial loss, or loss of reputation that an insurer may suffer as a result of its failure to comply with all applicable laws, regulations, and guidelines, codes of conduct and standards of good practice.The compliance function shall establish and implement appropriate mechanisms to:1°Promote an ethical corporate culture, including managing the implementation of and compliance with the insurer’s code of conduct and code of ethics;2°ensure that the insurer has appropriate policies and controls in respect of legal, regulatory and ethical obligations;3°hold regular training on key legal and regulatory obligations for employees;4°facilitate confidential reporting by employees of concerns, potential or actual violations (whistle-blowing), ensuring the protection of such employees from retaliation;5°address compliance shortcoming and violations, including any disciplinary actions required.At least once a year, the board or committee of the board shall review the insurer’s compliance policy and its ongoing implementation to assess the extent to which it is managing its compliance risk.Article 65 – Compliance officer
The board shall appoint a Compliance Officer as the head of the compliance function who shall be responsible for coordinating, monitoring and facilitating compliance with existing laws and regulations, and reporting appropriately to senior management and the board.The board shall ensure that the Central Bank is informed if the Compliance Officer leave his/her position and the reasons thereof.The compliance officer shall have the authority and obligation to promptly inform the board of any material instance of non-compliance.The compliance officer shall report to the board on the following:1°assessment of the key compliance risks and steps being taken to address them;2°assessment of how various business units or departments are performing against compliance standards;3°any compliance issues involving management or persons with key responsibilities within the insurer;4°material instances of non-compliance and any associated investigations;5°any fines or disciplinary actions taken by the Central Bank or any other regulatory authority in respect of the insurer or any employee.Article 66 – Actuarial function
The board must ensure that the insurer establishes an effective actuarial function capable of providing advice to the insurer regarding technical provisions, premium and pricing activities and compliance with related regulatory requirements.The actuarial function is entitled to have access to the board and relevant board committees as well as senior management. It reports periodically to the board on the adequacy of technical provisions and other liabilities, the solvency position of the insurer, and any issue that may have a material impact on the insurer from an actuarial perspective.The actuarial function may seek external professional advice or assistance if necessary or if required by the board or the Central Bank.The actuarial function shall evaluate and provide advice on the following:1°actuarial and financial risks;2°investment policies and valuation of assets;3°solvency and capital adequacy, including any calculations required for minimum regulatory capital requirements;4°risk management policies and controls relevant to actuarial matters;5°policy of dividends distribution and other discretionary participation benefits, taking into account fairness and equity among policyholders;6°underwriting and pricing policies;7°reinsurance arrangements;8°product development and design;9°sufficient and quality of data available for the calculation of technical provisions;10°risk modeling for the use of any internal models.The Central Bank may request the actuarial function to certify premium adequacy, documentation of the methodology used to calculate premiums or a statement of actuarial opinion.Actuarial certifications or statements of actuarial opinion required by the Central Bank shall be provided by a qualified actuary who is a full member of a recognised actuarial society, and who demonstrates knowledge and experience appropriate to the nature, scale and complexity of the business for which the certification or actuarial opinion is being provided.The Central Bank may issue guidelines or directives to prescribe specific assumptions or methods to be used in the actuarial valuation of insurance liabilities for any product or class of business, whether short-term or long-term.The Central Bank may issue additional guidance and/or standards for the specific content and format of actuarial information and reports to be provided.Article 67 – Appointed actuary for long-term insurers
An insurer engaged in long-term insurance business shall have an appointed actuary at all times.The appointment, assessment and dismissal of the appointed actuary is the responsibility of the board.An actuary may serve as the appointed actuary for a long-term insurer provided, he or she meets the following requirements:1°full qualification as an actuary and membership in good standing in a recognised actuarial society that is a full member of the International Actuarial Association;2°a minimum of three (3) years of working experience appropriate to the nature, scale and complexity of the insurer’s business.The appointment of an Appointed Actuary shall be approved by the Central Bank. The Central Bank may not approve the appointment of an actuary unless it is satisfied that the individual concerned fulfills the requirements above and is competent to act as the Appointed Actuary of the long-term insurer.The Appointed Actuary may be an employee of the insurer or may be an external professional contracted by the insurer to perform the role of Appointed Actuary.In either case, the Appointed Actuary must have sufficient independence from management interference to perform his or her role objectively.In case an Appointed Actuary is an employee of the insurer, he/she shall not hold another position as a senior officer of the insurer.For an appointed actuary who is not an employee mentioned in the preceding paragraph, the board must determine whether or not the external actuary has any potential conflicts of interest and take appropriate actions to control such conflicts.The Appointed Actuary may serve as the Appointed Actuary for a related insurance entity within the same financial group if the appointment is made by the board of the insurer at the legal entity level and approved by the Central Bank and that the cost of any of such shared service is allocated appropriately to each entity.The Appointed Actuary shall have direct access to the board or appropriate board committee and may report directly to the board without management present.The duties of an Appointed Actuary for a long-term insurer shall include:1°Preparation of periodic actuarial investigations or reports required by law or regulation;2°certification of any additional actuarial investigations or reports requested by the Central Bank;3°preparation and delivery of an annual report to the board on the financial condition of the insurer, including any stress testing or additional invest situations conducted by the Appointed Actuary during the course of the year;4°investigation and preparation of a report in the event of any significant merger, transfer of business or wind-up undertaken by the insurer;5°any other actuarial work as requested by the board.If an Appointed Actuary resigns or is replaced, the insurer must notify the Central Bank within seven (7) days and provide any reasons for the resignation or replacement.An Appointed Actuary who replaces another actuary shall take all necessary steps to familiarize him or herself with the actuarial work conducted by the previous Appointed Actuary for the insurer, and shall have reasonable access to the working papers of the previous Appointed Actuary for that purpose.Article 68 – Actuarial report for long-term insurers
An insurer authorized to engage in long-term insurance business must ensure that its appointed actuary conducts an investigation into the insurer’s financial condition on a basis not less than annually.At minimum, an actuarial investigation must be conducted at the end of the insurer’s financial year.The Appointed Actuary shall produce a report of the investigation and submit it to the board of the insurer and to the Central Bank within three (3) months of the insurer’s financial year end.The financial condition report to be submitted by the Appointed Actuary shall include the following:1°A description of the nature of the business, classes of business and products and performance by growth and market share;2°Assessment of the separation of insurance funds and related assets;3°assessment of the reinsurance program, including details and suitability;4°comments on data quality and its suitability with respect to calculating (technical provisions), including any steps taken to verify its relevance, completeness, and accuracy;5°description of risks underwritten, including policy guarantees and any contractual options;6°assessment of adequacy of premium rates related to underwriting strategy;7°experience analysis of all insurance risks (including lapses and surrenders), investment earnings and costs, acquisition expenses (including commissions), and administrative expenses;8°evaluation of the insurer’s investment policy and its suitability and implementation;9°a summary of the quality and mix of assets, changes from previous year, and suitability to liabilities;10°valuation of all policyholder liabilities (technical provisions), including details of the methods and assumptions used for the valuation and an appropriate justification and quantification of assumption changes from the previous year;11°an assessment of the profit or surplus for each separate insurance fund, including an opinion on the distribution of policyholder dividends and other discretionary participating features from any participating insurance funds that provides for equity and fairness among cohorts of policyholders;12°assessment of solvency and capital adequacy, including the future needs shown by observed trends and/or business plans and identification of potential adverse scenarios that might impact capital adequacy.The Central Bank may at any time, by notice in writing and at the cost of the insurer, direct an insurer to request that its Appointed Actuary investigate further such aspects of its financial condition as the Central Bank may specify in the notice.Article 69 – Actuarial report for public insurers
Public insurer may engage a qualified actuary to conduct an investigation into the insurer’s financial condition at least once every three (3) years.The actuary engaged for this purpose must meet the qualifications of an Appointed Actuary specified in article 65 of this regulation and be appointed by the board of the public insurer.The actuary shall produce a report of the investigation and submit it to the board of the insurer and to the Central Bank within three (3) months of the insurer’s financial year end.The financial condition report shall include the following, at minimum:1°a description of the nature of the business, products and performance by growth and market share;2°assessment of the separation of insurance funds related to different insurance programs or groups, and the related assets;3°assessment of adequacy of contribution rates related to the benefits provided under the insurance scheme;4°experience analysis of all insurance risks, investment earnings and costs, and administrative expenses;5°evaluation of the investment policy and its suitability and implementation, particularly in relation to regulatory capital requirements;6°a valuation of all current technical provisions, including details of the methods and assumptions used for the valuation;7°assessment of solvency and capital adequacy, including the future needs shown by observed trends and/or business plans and identification of potential adverse scenarios that might impact capital adequacy;8°A projection of future enrolment, contributions and claims under the program, including the impact of potential adverse scenarios on the viability of the business, and identification of appropriate remedial actions.Article 70 – Outsourcing arrangements
An insurer may outsource a control function, in whole or in part, if appropriate, given the nature, scale and complexity of the insurer’s business. In this case, ultimate responsibility for the function and oversight of the function still remains with the board.The board must approve and review any outsourcing arrangements.The Central Bank may request appropriate disclosures of any outsourcing arrangements to satisfy itself that these functions are performed adequately.Outsourcing a material function or activity to an external party, or within the same insurance group, shall not result in increased risk to the insurer or affect the insurer’s ability to manage its risks and meet its obligations.If an insurer outsources any material function or activity, it must establish an appropriate policy for this purpose that includes the reviews required and any risks that must be assessed. The policy shall include limits on the level of outsourced activities for the insurer or number of activities that may be outsourced to the same provider.Prior to approving any outsourcing arrangement of any material function, the board must verify that an assessment was conducted of the risks of the outsourcing arrangement and be satisfied as to the expertise and effectiveness of the proposed outsourcing provider.Outsourcing arrangements shall be governed by written contracts and subjected to regular reviews and reporting to management and the board.Shared services between entities belonging to a financial group are treated as outsourced functions on an arms-length basis, and costs for such shared services shall be allocated appropriately (and not excessively) to the local insurer.If the shared service is related to any financial function, the board has an additional responsibility to ensure that the financial statements for the legal entity are true and accurate and may solicit independent professional advice as necessary to assist in this process.Article 71 – Outsourcing policy
Prior to the outsourcing of services, an authorized insurer should develop an outsourcing policy, approved by the board and which at minimum must include the following:1°the objectives of outsourcing and criteria for approving outsourcing arrangement;2°the framework for evaluating the materiality of outsourcing arrangements;3°the framework for a comprehensive assessment of risk involved in outsourcing;4°the framework for monitoring and controlling outsourcing arrangements;5°the identities of the parties involved and their roles and responsibilities in approving, assessing and monitoring the outsourcing arrangements, and how those responsibilities may be delegated and details of any authority limits;6°the review mechanism to ensure the outsourcing policy and the monitoring and control procedures are capable to accommodate changing circumstances of the insurer and cater for market, legal and regulatory developments.This policy must be communicated to the Central Bank within 30 days of calendar month prior to its implementationThe Board and Senior Management remain responsible in respect of functions or activities that are outsourced.Article 72 – External auditor
The external auditor must provide an opinion as to whether the financial statements have been prepared in accordance with International Financial Reporting Standards (IFRS) and that they represent a true and accurate picture of the financial condition of the insurance business.In addition to requirements set by existing regulations, external auditors accepting an appointment for an insurer must demonstrate adequate knowledge of and experience with IFRS standards and guidance that are specific to insurance contracts.Audit firms must have expertise in insurance accounting and financial reporting in order to receive approval from the Central Bank to be appointed as external auditor for an insurer.Audit firms without such expertise at a local level may be approved by the Central Bank if they obtain appropriate assistance from their parent company and their work is subject to an internal peer review by a person with such expertise.The Central Bank may exercise its power to require a further audit by a different external auditor or to have the auditor replaced if it deems necessary.The external auditor shall notify the Central Bank of any material fraud or regulatory breaches or any significant findings resulting from an external audit.Such findings may be provided to the Central Bank without the need for prior consent of the insurer and the external auditor shall be protected from liability for any information provided to the Central Bank in good faith.Chapter VII
Code of ethics and standards of business conduct
Article 73 – Establishment of code of ethics and its applicability
The board shall establish formal policies that define a code of ethics and standards of business conduct for the insurer as well as effective policies to ensure compliance with them.The code of conduct must be applicable to members of the board, senior managers, and to all staff members in general.The board must ensure that all directors, senior officers and staff members adhere to the code of conduct.The code of conduct must, at minimum, include standards of business conduct related to the following:1°obligations to comply with applicable laws and regulations;2°conflict of interest;3°decision-making guidelines;4°methods whereby employees may raise concerns or report possible breaches without fear of retaliation;5°fair treatment of policyholders and employees;6°professional development of employees;7°information sharing and communications with shareholders, policyholders, member-policyholders, supervisors and other stakeholders.Article 74 – Conflict of interest
Directors and senior officers shall not engage directly or indirectly in any business activity that competes or conflicts with the insurer’s interest. Whenever possible, they must avoid situations that would give rise to a conflict of interest.If a transaction with the insurer cannot be avoided, it is done in the regular course of business and upon terms not less favorable to the insurer than those offered to others.For mutual insurers, insurance policies for directors and senior officers, including the level of premiums and benefits payable, must be transacted on terms not less favourable than availableDirector or officer shall not use his/her position to make profit or to acquire benefit or advantage for him/herself or his/her or any related interests.Where a director or senior officer has a financial interest in a transaction undertaken by the insurer, such an interest must be disclosed immediately to the management. Following such disclosure, the affected director or senior officer shall not be directly involved in any decision affecting that particular transaction as long as the interest continues to exist.Insurance policies held by directors or senior officers of mutual insurers may be exempt from this provision.Directors and senior officers shall not use their positions to further their personal interests and shall ensure that the licensed insurer complies with the restrictions on exposures, loans and advances to connected persons as provided for in the Law governing the organization of insurance business and applicable regulations.An employee shall not serve as a director of another for-profit company without approval of the board of the insurer. Employees who hold directorships without such approval must seek approval if they wish to remain as directors of other companies.However, employees may act as directors of non-profit public service corporations subject to policy guidelines of the institution.The code of conduct established by the board may provide for a board-level review of key transactions, including intra-group transactions, as well as require public disclosure of reported conflicts of interest in order to manage and control potential conflicts of interest.Article 75 – Remuneration policy
The board must establish and oversee appropriate remuneration policies for directors and senior management and review them at least annually.The board must be satisfied that the remuneration policy and practices are consistent with the insurer’s statement of risk appetite and the long-term interests of the insurer, policyholders and shareholders. A board committee on remuneration may be established to assist the board with this responsibility.The board ensure that relevant key persons in control functions are involved in the setting of remuneration policies in order to ensure that such policies and practices do not create incentives for inappropriate risk-taking.Given the nature of the insurance business, compensation packages shall not encourage management to take unacceptable risks in return for short-term compensation.The potential for conflicts of interest that may compromise the integrity of key persons in control functions must be minimised. Remuneration and performance measure for staff in control functions shall be primarily based on the effective achievement of objectives appropriate to such control functions and shall not be linked to the performance of any business units which are subject to their control or oversight.Variable remuneration practices shall give due consideration to the current and future risks associated with performance, and include adjustments over a multi-year period to reflect an appropriate time horizon for the emergence of future risks.Share-based components of variable remuneration must be implemented with appropriate safeguards to ensure that performance incentives are aligned with the longer-term interests of the insurer.Discretionary payments on termination of employment must be subject to appropriate controls and limits such that they are aligned with the insurer’s overall financial condition over a relevant time horizon. Such payments shall not normally be made in the case of failure or potential failure of the insurer, particularly to an individual whose actions have contributed to the failure.Article 76 – Fair treatment of policyholders
The board shall give due consideration to the needs and concerns of policyholders in the fulfilment of its responsibilities.This may include explicit consideration of policyholder interests in the event of significant mergers, transfers of business, distribution of surplus funds, or insurer wind-up.The board shall also encourage the insurer’s management to develop and implement a policy of treating customers fairly, including fair treatment in sales and claims practices, or any requirements specified by law or regulation.Relations and dealings between the institution and its policyholders shall be kept confidential.Directors, senior officers and staff members must take precautions to protect the confidentiality of policyholder information and transactions.Business and financial information about any policyholder may be used or made available to third parties only with prior written consent of the policyholder or when disclosure is required by law.The board of Long-term insurers with participating products shall establish a dividend policy for participating insurance products that cover the allocation of surplus between participating policyholders and shareholders to ensure equity and fairness among various cohorts of participating policyholders.This policy shall be available in written form to both prospective and current participating policyholders and to the Central Bank and it must incorporate requirements for the opinion of the Appointed Actuary on the payment of dividends and other discretionary benefits to participating policyholders.Article 77 – Transparency and disclosure
The board shall establish effective systems and controls to promote appropriate and timely communication with the Central Bank and other relevant stakeholders regarding the governance of the insurer.The insurer’s communication policies and strategies shall include information on the insurer’s overall strategic objectives, governance structures, membership of the board and any board committees, processes in place for the board to assess its effectiveness, remuneration policies, major ownership and material third-party transactions.Such disclosures may take into consideration reasonable commercial sensitivities and privacy or confidentiality requirements.The Central Bank may require additional information and details relating to the corporate governance of the insurer in order to assess compliance with this regulation.The insurer’s communication policies shall enable the insurer to provide such information in a timely and efficient manner. The Central Bank may request information that is commercially sensitive or confidential on the basis that it will safeguard such information appropriately.Disclosures related to remuneration shall be sufficient to enable stakeholders to ascertain whether the remuneration system operates as intended, and to evaluate the financial impact of the remuneration policy on the insurer’s business.Disclosures to the Central Bank and other stakeholders related to the corporate governance of the insurer shall be made at least annually, and on a timely basis.Chapter VIII
Rehabilitation
Article 78 – Rehabilitation
Any person who was dismissed by the Central Bank, employing insurer or insurance intermediary or due to a financial fault/misconduct in a financial sector in a such manner that he/she is no longer fit and proper may be rehabilitated by the Central Bank 5 years after the sanction.Rehabilitation after punishment for misconduct other than dismissal is done three (3) years after the execution of sanction where applicable or after the cause that makes him/her not fit and proper is known.A recidivist can only apply for rehabilitation 10 years after the sanction or dismissal.Article 79 – Application for rehabilitation
The Central Bank may grant rehabilitation if, after receiving the opinion of all relevant institutions in regard to misconduct/fault, which resulted into dismissal or into the imposition of another penalty it is satisfied that the concerned applicant has demonstrated remorse and good behavior,The application for rehabilitation can be filed only 5 years after the applicant executed the punishment and/or after the cause that makes him/her not fit and proper is known.Article 80 – Rehabilitation of a convict
Rehabilitation of persons convicted by criminal courts is done in accordance with the provisions of the code of criminal procedure.Article 81 – Criteria for rehabilitation
Application for rehabilitation must demonstrate that:1°the applicant paid damages or restituted any property ordered by the court;2°the applicant has shown continued good behavior and there is no adverse information during and after the punishment;3°the applicant paid sums imposed as pecuniary sanction;4°applicant complied with administrative sanction imposed by the Central Bank;5°the applicant included in the application file the document under which he/she was dismissed, or other penalty was imposed;6°any other requirement that the Central Bank may deem necessary.The Central Bank reserves the exclusive rights to grant or to deny rehabilitation.Application for rehabilitation is addressed to the Governor of the Central Bank in writing.Article 82 – Revocation of rehabilitation
Rehabilitation shall extinguish not only a penalty but also all the deprivation of rights.However, rehabilitation shall be automatically revoked if, within a period of three (3) years, the person granted rehabilitation commits a financial misconduct in a financial sector.In case of revocation, rehabilitation shall be as if it had never been granted.Chapter IX
Transitional and final provisions
Article 83 – Enforcement action
The Central Bank may take action against a licensed institution and its directors or senior officers who fail to comply with this regulation.Article 84 – Terms of office for incumbent directors
Directors approved by the Central Bank before the publication of this regulation in the Official Gazette of the Republic of Rwanda shall maintain their positions in no more than three years after the publication of this Regulation in the Official Gazette of the Republic of Rwanda.Article 85 – Drafting and consideration of this Regulation
This Regulation was drafted and considered in English.Article 86 – Abrogation of previous provisions
Regulation N° 07/2009 of 29/07/2009 on corporate governance requirements for insurance business and all previous provisions contrary to this Regulation are hereby repealed.Article 87 – Transitional period and commencement
Without prejudice to the provisions of articles 83 and 84 which are immediately binding insurers must comply with the provisions of this Regulation after the period not exceeding twelve (12) months from the date of its publication in Official Gazette of Republic of Rwanda.History of this document
04 December 2017 this version
Commenced
23 November 2017
Assented to