PIN App2 PIN App2 Management and Control of Risk
PIN A2.1 PIN A2.1 Introduction
PIN A2.1 Guidance1. This
Guidancerelates to the Ruleson management and control of risk contained in PIN chapter 2. It has been prepared to assist directors of Insurers, their Auditors, and others concerned in applying those Rules.2. The Rulesin PIN chapter 2 require an Insurerto address specific areas of risk, as well as maintain a generally sound risk management system. Insurershave some flexibility in their approach to these requirements.3. This appendix provides some general comment on the objectives of the Rules, risk management and control mechanisms. It also provides specific comment on the following selected aspects of the five broad areas of risk identified in PIN section 2.3, that are considered to be of particular relevance to Insurers:a. Balance sheet and market risk components:i. reserving risk;ii. investment risk (including risks associated with the use of derivatives);iii. underwriting risk;iv. claims management risk;v. product design and pricing risk; andvi. liquidity management risk;b. Credit quality risk;c. Non-financial or operational risk components:i. business continuity planning risk; andii. outsourcing risk;d. Reinsurance risk; ande. Grouprisk.4. It is not the purpose of this appendix to provide guidance in areas that are common to all or many Authorised Firmsother than Insurers. The principal objective is to address areas that are of specific relevance to Insurers.5. The procedures set out in this appendix do not constitute a checklist of necessary procedures. An Insurercannot assume that implementing all of the procedures set out in this appendix will guarantee that the Insurercomplies with the requirements to which it is subject.6. Since this appendix is not intended to be prescriptive or exhaustive, it cannot be regarded as a substitute for reading the Rulesthemselves and taking professional advice. An Insurershould contact the DFSAif there are any areas which it would like to discuss further.
PIN A2.2 PIN A2.2 Objectives of the rules
PIN A2.2 Guidance1. The objective of the
Rulescontained in PIN chapter 2 is that Insurersshould control their own risks through sound and prudent risk management systems, such as to minimise the likelihood that events, internal or external to the Insurer, cause the Insurerto fail financially or operationally.2. The risk management systems required by the Rulesshould be integrated with the operational processes of a business. Insurersare expected to instil a strong risk control culture throughout their operations, so that material risks and potential problems that emerge can be identified, managed and promptly resolved in the normal course of business operations. The absence of such a control culture is likely to be taken as evidence that more specific control objectives are unlikely to be attained.
PIN A2.3 PIN A2.3 Risk management systems
PIN A2.3 Guidance1. The
Rulesrequire an Insurerto develop, implement and maintain sound and prudent risk management systems, appropriate to the size, business mix and complexity of the Insurer'soperations. The responsibility for ensuring compliance lies with the Governing Bodyand senior management of the Insurer.2. The nature and extent of the systems and controls which an Insurerwill need to maintain will depend upon a variety of factors including:a. the nature, size and complexity of its business;b. the diversity of its operations, including geographical diversity;c. the volume and size of its transactions; andd. the degree of risk associated with each area of its operations.3. To enable it to comply with its obligation to maintain appropriate systems and controls, an Insurershould regularly review its management of risk in the context of relevant environmental and operational factors and changes in those factors4. The Ruleslay down certain minimum processes and procedures that must be maintained by Insurers. These include a written risk management strategy, risk management policies and procedures, and allocated responsibilities and controls.5. The risk management strategy should cover not only the identification, assessment, control and monitoring of risks but also contingency plans to deal with the crystallisation of risks or adverse developments in important areas of risk. This will be assisted by stress and scenario testing tailored to the risk characteristics of the Insurer.6. While the risk management systems of an Insurermust address all material risks, PIN section 2.3 lays down specific requirements for an Insurerto maintain risk management systems in respect of the following areas:a. balance sheet and market risk;b. credit quality risk;c. non-financial or operational risk;d. reinsurance risk; ande. Grouprisk.7. An Insurershould have regard to the need for adequate risk management systems at the level of any Groupthe Insureris a member of (subject to exemptions for Groupsthat are intermediate Groupsor Groupsthat are headed by Insurers, in which case the holding company is al subject to the risk management requirements in its own right). The Insurerbears a responsibility to take reasonable actions to ensure that the Groupas a whole complies with the risk management requirements of the Rules. Although an Insurermay not be in a position to control the risk management systems of the Group, Grouprisk management systems are likely to have a material impact on the exposure of the Insurerto risks arising from its membership of the Group.8. Further considerations in respect of Grouprisk generally are contained in PIN section A2.5.9. The Rulesdo not prohibit an Insurerfrom outsourcing its risk management systems. Where the Insureris a member of a Group, it may be practicable for some processes to be performed on a Group-wide basis. An Insurerwould not normally outsource risk management systems outside the Group. However the Insurerremains responsible under the Rulesfor the adequacy of its risk management systems, whether or not those processes are outsourced. Senior management cannot delegate their regulatory responsibility for ensuring that the Insurer'srisk management systems are adequate. The fact that a system is partially or wholly outsourced would be a factor in the Insurer'sassessment of whether the system was adequate. To decide whether any system is adequate, senior management would be expected to have assessed the design and operation of the system, including the design and the operations of controls over outsourcing decisions and monitoring. Because an Insurermust be in a position to demonstrate that it has complied with its regulatory requirements, adequate documentary evidence of these assessments should be maintained.10. Further considerations in respect of outsourcing generally are contained in PIN A2.13.
PIN A2.4 PIN A2.4 Control mechanisms
PIN A2.4 Guidance1. An
Insurershould have appropriate control mechanisms in place to ensure that the policies and procedures established for risk management are adhered to at all times.2. Control mechanisms would normally include:a. clearly defined management responsibilities;b. adequate segregation of duties;c. a risk committee or audit function to establish and maintain the control processes;d. a system of approvals, limits, authorisations and reporting lines;e. policies to document the Insurer'sprocedural controls;f. activity controls for each division or department;g. verifications of activities such as underwriting, pricing and claims management, and reconciliations of relevant datah. reviews by Governing Body, senior management and internal audit; andi. physical controls.3. The directors should monitor the overall effectiveness of the Insurer'srisk management systems. Depending on the size and complexity of operations of an Insurer, risk management systems may be monitored on an ongoing or periodic basis. At a minimum there should be periodic internal audits with results being reported directly to the Governing Bodyand senior management.4. Where deficiencies are identified as part of the monitoring process or internal audit, these should be reported in a timely manner to the appropriate management and addressed. Material deficiencies should be reported to the Governing Bodyand senior management. A material deficiency can result not only from a single deficiency, but also from a number of small deficiencies that, when considered together, amount to a material deficiency.
PIN A2.5 PIN A2.5 Reserving risk
PIN A2.5 Guidance1. Reserving risk is the risk that
Insurance Liabilitiesrecorded by the Insurer, net of reinsurance and other recoveries in respect of those liabilities, will be inadequate to meet the net amount payable when the Insurance Liabilitiescrystallise. Insurance Liabilitiesinclude the liability for claims incurred up to the reporting date, as well as the Premium Liability. In the case of General Insurance, reinsurance recoveries anticipated in respect of those liabilities are generally recognised as a separate asset. In the case of Long-Term Insurance, Insurance Liabilitiesinclude also the net value of future Policy Benefitsand the effects of reinsurance arrangements are taken into account when these are estimated.2. An Insurer'srisk management system should therefore include a process for ongoing review and appraisal of the Insurance Liabilityvaluation framework (i.e. assumptions made, reinsurance recoveries estimated etc). In conducting this review, consideration should be given to emerging pricing and claim payment trends.3. An Insurershould maintain appropriate systems, controls and procedures to ensure that the provision for Insurance Liabilitiesis, at all times, sufficient to cover any liabilities that have been incurred, or are yet to be incurred on Contracts of Insuranceaccepted by the Insurer, as far as can be reasonably estimated.4. Appropriate methods should be applied in estimating the provision for Insurance Liabilities, including provisions in respect of individual notified incurred claims. In determining a provision estimation method, managers may consider using alternative approaches before selecting those which may be regarded as most appropriate to the nature of the business.5. Appropriate methods should be applied in estimating the amount of the asset in respect of reinsurance recoveries that are expected to arise on crystallisation of the gross Insurance Liabilities. The manner of estimating those assets should be consistent with the manner estimating the gross liabilities, except where there is a sound justification for doing otherwise.6. Suitable systems and controls should be put in place to ensure that the selected approaches are applied accurately and on a consistent basis.7. Procedures should be in place to review and monitor, on a regular basis, the out-turn of provisions made in previous years for Insurance Liabilities, both gross and net of reinsurance recoveries.8. An Insureris required by PIN chapter 7 to obtain an annual report by an Actuaryon the valuation of its Insurance Liabilitiesand associated assets. The Rulesdo not require the performance of an actuarial valuation at other times, however an Insurershould consider the use of actuaries or other appropriately qualified and experienced loss reserving specialists to estimate Insurance Liabilitiesperiodically through the year. The Insurershould in any case undertake periodic testing of its reserving processes and the level of its reserves, including continual reassessment of assumptions used, and testing the sensitivity of the valuation of Insurance Liabilitiesto stress arising from realistic scenarios relevant to the circumstances of the Insurer. Whether in-house or outside experts are used, appropriate procedures should be in place to ensure that the specialist selected possesses the appropriate level of skill and experience and has available the necessary information to carry out the estimation required.9. Suitable controls should be in place to ensure that the data used in determining the Insurance Liabilitiesare extracted from the underlying records accurately and to the necessary level of detail. The level of detail should be sufficient to ensure that the data available to managers in their assessment of Insurance Liabilitiescovers the whole of its liabilities and exposures under insurance contracts.10. Scenario testing should cover a period of several years into the future, particularly in the case of an Insurercarrying on Long-Term Insurance Business.
PIN A2.6 PIN A2.6 Investment risk
PIN A2.6 Guidance1. Investment risk refers to the possibility of an adverse movement in the value of an
Insurer'son-balance sheet assets or certain off-balance sheet obligations. Investment risk derives from a number of sources including market risk (e.g. equity, interest rate and foreign exchange risk), credit quality risk (dealt with separately in this appendix), investment concentration risk and asset and liability mismatch risk (e.g. in terms of currency, maturity, and location). Associated risks include political risk, e.g. the risk of inability to realise assets in a particular location, and the risk of correlation such that a single event has adverse impacts on both assets and liabilities. Investment risk includes risk associated with the use of derivatives and other complex investment instruments, including asset backed securities, credit linked notes and insurance linked notes.2. Suitable controls and management information systems should be in place to enable an Insurerto implement an appropriate investment strategy.3. Appropriate procedures should be in place to enable an Insurerto monitor the interaction of its assets and liabilities so as to ensure that exposure to equity, interest rate and foreign exchange risk is contained within limits approved by the Insurer. Procedures should include testing of sensitivity to realistic scenarios that are relevant to the circumstances of the Insurer.4. Appropriate procedures should be in place to enable an Insurerto monitor the location of its assets and liabilities, so as to ensure that risk of localisation mismatch is contained within limits approved by the Insurer. Procedures should include testing of sensitivity to realistic scenarios, including political risk scenarios that are relevant to the circumstances of the Insurer.5. Insurersshould remain to the need to consider asset and liability risks on an integrated basis. Systems should not consider only risks taken in isolation, but should consider how even when individual risks are addressed, combinations of circumstances may still expose an Insurerto loss. This is of particular relevance where a single outcome is exposed to more than one risk, for example where assets need to be available not only in a particular location but also in a specific currency.6. Appropriate procedures should be in place for assessing the credit-worthiness of counterparties to whom the Insureris significantly exposed. Further guidance in this area is provided in PIN A2.11.7. Appropriate procedures should be in place for setting prudent limits for the Insurer'saggregate exposure to certain categories of asset. Such limits should take account of the suitability of assets covering Insurance Liabilities. They may take account of the Insurer'sother assets bearing in mind the possibility that such assets might in future be needed to meet Insurance Liabilities.8. The investment strategy should be reflected in clear terms of reference from the Insurerto its investment managers, who should be qualified and competent to carry out their assigned task. The work of the investment managers should be monitored sufficiently closely by management to ensure that the Insurer'sstrategy is being followed and that the systems are effective.9. Insurersshould ensure that controls over derivatives and other complex investment instruments have been implemented and are adequate to ensure that risks are properly assessed, regularly reviewed in the light of changing market conditions and experience, and consistent with the overall investment strategy decided upon and approved by the Insurer. In particular senior management and directors of Insurersshould:a. fully understand the nature of derivatives trading and trading in any other complex investment instruments being undertaken by the organisation and the related risks, and where relevant, are suitably qualified and competent to transact the range and type of transactions being undertaken and understand the nature of the exposures (including both counterparty and market risk) which their use will create;b. have documented clearly the objectives and policies for the use of derivatives contracts and other complex investment instruments, and monitor their use (including by way of compliance audits of investment managers) to ensure their use is in line with those objectives and policies. Insurersshould ensure that policies are sufficiently clear and precise to ensure that new types of instrument are not dealt in without due prior consideration. They should also define any associated limits on exposures or volumes that are considered appropriate;c. have due regard to uncovered transactions in the context of the above controls so that in no circumstances is the Insurer'scapital adequacy endangered. Systems should be adequate to prevent exposure to unacceptable, exceptionally volatile risks and to monitor transactions with a frequency commensurate with volatility and risk. The systems should trigger a hedge or close out a transaction whenever adverse movements or events threaten a significant worsening of the Insurer'scapital adequacy position;d. have ensured that those who have responsibility for the control investments in of derivatives and other complex instruments, are sufficiently independent of the day-to-day operators to ensure effective control;e. be capable of analysing and monitoring the risk of all transactions undertaken by the Insurerindividually and in aggregate (including interest rate risk, foreign exchange risk, fraud, error, unauthorised access to information and other operational risks);f. be provided regularly with appropriate statistics and information on the trading volumes of derivatives contracts by type of product including regular reports of all off-balance sheet transactions, contingencies and commitments;g. be satisfied that sufficient systems and controls relevant to derivative products and other complex investment instruments have been put in place, including independent agreement and reconciliation of positions, independent checking of prices, appropriate authorisation where dealing limits have been exceeded, etc; andh. have tested adequately and approved valuation models which are used to value open positions and derivative contracts and other complex investment instruments, including controls preventing unauthorised programme amendments. Such models should include appropriate testing of the robustness of the portfolio in changing investment conditions, using realistic scenarios relevant to the circumstances of the Insurer.10. Stress and scenario testing should consider the impact of possible deteriorations in investment conditions, including where relevant the impact of simultaneous deteriorations in more than one market. It should also consider effects on liquidity, including where relevant those from an inability to repatriate assets from elsewhere. Where the insurance industry's holdings are large in relation to the turnover of the domestic market, scenario modelling should take account of the possible effect on the market of simultaneous liquidation of assets.
PIN A2.7 PIN A2.7 Underwriting risk
PIN A2.7 Guidance1. Underwriting is the process by which an
Insurerdetermines whether and under what conditions to accept a risk. Weaknesses in the systems and controls surrounding the underwriting process can expose an Insurerto the risk of unexpected losses which may threaten the capital adequacy of the Insurer.2. The risk management system for underwriting risk should normally include at least the following policies and procedures:a. clear identification and quantification of the Insurer'swillingness and capacity to accept risk;b. clear identification of the classes and characteristics of insurance business that the Insureris prepared to underwrite including:i. geographical areas;ii. the types of risk that may be underwritten; andiii. criteria for the use of policy exclusions and reinsurance;c. formal evaluation processes for the effective assessment of risks underwritten including:i. criteria for assessing risk;ii. methods for monitoring emerging experience; andiii. methods by which emerging experience is taken into account in updating the underwriting process;d. appropriate approval authorities and limits to those authorities that are definitive and specific (including controls surrounding any delegations that are given to intermediaries of the Insurer);e. concentration limits; andf. methods for monitoring compliance with underwriting policies and procedures such as:i. minimum standards of documentation;ii. internal audit;iii. peer review of policies underwritten;iv. assessments of brokers' procedures and systems to ensure the quality of information provided to the Insureris of a suitable standard; andv. in the case of reinsurers, audits of ceding companies to ensure that reinsurance assumed is in accordance with treaties in place.
PIN A2.8 PIN A2.8 Claims management risk
PIN A2.8 Guidance1. Claims management is the process by which
Insurersfulfil their contractual obligation to policyholders. An Insurer'sduties when a claim is made under a Contract of Insurancemay be summarised as:a. verify the contractual obligation to pay the claim;b. make an assessment of the amount and incidence of the claim liability, including loss adjustment expenses; andc. manage the claim settlement process.2. The risk management system for claims management risk should normally include at least the following policies and procedures:a. clear definition and appropriate levels of delegations of authority;b. clear claim settlement procedures, including claim determination and investigation procedures and the criteria for accepting or rejecting claims;c. clear and objective loss estimation procedures (including estimation of reinsurance recoveries); andd. methods for monitoring compliance with claims management processes and procedures such as:i. minimum documentation standards;ii. internal audit;iii. peer review of claims paid;vi. assessment of brokers' procedures and systems to ensure the quality of information provided to the Insureris of a suitable standard; andvii. audits of ceding companies to ensure that the value of claims paid is in accordance with treaties in place.3. In establishing and maintaining effective claims handling systems and procedures, senior management of Insurersshould consider factors including the following:a. appropriate systems and controls should be in place to ensure that all liabilities or potential liabilities notified to the Insurerare recorded promptly and accurately. Accordingly, the systems and controls in place should ensure that a proper record is established for each notified claim;b. suitable systems should be in place to identify and quantify, for the key claims handling procedures, timeliness of processing, the effects of processing backlogs and the need for any corrective action;c. suitable controls should be maintained to ensure that estimates for reported claims and additional estimates based on statistical evidence are appropriately made on a consistent basis and are properly categorised;d. regular reviews of the actual outcome of the estimates made should be carried out to check for inconsistencies and to ensure that procedures remain appropriate. The reviews should include the use of statistical techniques to compare the estimates with the eventual cost of settling the claims, after deducting the amounts al paid at the time the estimates were made;e. appropriate systems and procedures should be in place to ensure that claim files without activity are reviewed on a regular basis;f. appropriate systems and procedures should be in place to assess the validity of notified claims by reference to the underlying Contracts of Insuranceand reinsurance treaties;g. suitable systems and procedures should be in place to accommodate the use of suitable experts such as loss adjusters, lawyers, actuaries, accountants etc. as and when appropriate, and to monitor their use; andh. there should be suitable systems and procedures in place to identify and handle large or unusual claims, including systems to ensure that senior management are involved from the outset in the processing of claims that are significant because of their size or nature.
PIN A2.9 PIN A2.9 Product design and pricing risk
PIN A2.9 Guidance1. The pricing of an insurance product involves the estimation of claims and costs arising from that product and the estimation of investment income arising from the investment of premium income attaching to the product. An
Insurermay be exposed to significant loss where the claims, costs or investment returns arising from the sale of a product are inaccurately calculated. This risk is particularly acute in the case of Long-Term Insurance, where the Insurerdoes not have the option to cancel an unprofitable policy, but is also relevant to General Insurance.2. The risk management system for product design and pricing should normally include at least the following policies and procedures:a. minimum requirements for documentation of pricing and design decisions;b. clear identification of product lines that the Insureris prepared to engage in or has chosen not to engage in;c. clearly defined and appropriate levels of delegation for approval of all material aspects of product design and pricing;d. processes for assessing specific risks, including risks arising from:i. inflation;ii. anti-selection (the tendency of poorer risks in a population to seek insurance while better risks self-insure);iii. moral hazard (the tendency of insured persons to manage their own risk less effectively, in the knowledge that they are insured);iv. changes in mortality and morbidity patterns;v. technology changes;vi. catastrophes, natural or man-made;vii. legal decisions;viii. changes in government policy; andix. investment returns;e. procedures for limiting risk through, for example, diversification, exclusions and reinsurance;f. processes to ensure that policy documentation is adequately drafted to give effect to the proposed level of coverage under the product;g. how emerging experience is to be reflected in price adjustments;h. how the Insurer'sproduct pricing responds to competitive pressures; andi. methods for monitoring compliance with product design and pricing policies and procedures.
PIN A2.10 PIN A2.10 Liquidity management risk
PIN A2.10 Guidance1. An
Insurershould have access to sufficient liquidity to meet all cash outflow commitments to policyholders (and other creditors) as and when they fall due. The nature of insurance activities means that the timing and amount of cash outflows are uncertain. This uncertainty may affect the ability of an Insurerto meet its obligations to policyholders or may require Insurersto incur additional costs through, for example, raising additional funds at a premium on the market or through the sale of assets.2. The risk management system for liquidity should normally include at least the following policies and procedures:a. procedures to identify and control the level of mismatch between expected asset and liability cash flows under normal and stressed operating conditions (using realistic scenarios relevant to the circumstances of the Insurer);b. procedures to monitor the liquidity and realisability of assets;c. procedures to identify and monitor commitments to meet liabilities including Insurance Liabilities;d. procedures to monitor the uncertainty of incidence, timing and magnitude of Insurance Liabilities;e. procedures to identify and monitor the level of liquid assets held by the Insurer; andf. procedures to identify and monitor other sources of funding including reinsurance, borrowing capacity, lines of credit and the availability of intra-group funding, and to identify the need for such sources to be made available.3. When assessing its liquidity requirements an Insurershould also consider the currency in which the assets and liabilities are denominated, and the locations in which those assets and liabilities are situated or payable.
PIN A2.11 PIN A2.11 Credit quality risk
PIN A2.11 Guidance1. Credit exposures can increase the risk profile of an
Insurerand adversely affect financial viability. Credit exposure includes both on-balance sheet and off-balance sheet exposures (including guarantees, derivative financial instruments and performance related obligations) to single and Relatedcounterparties.2. An Insurer'srisk management system in respect of credit quality risk will normally be expected to include at least the following policies and procedures:a. limits (where relevant, at both an individual and consolidated level) for credit exposures to:i. single counterparties and groupings of counterparties that are related to each other;ii. entities to which the Insureris Related;iii. single industries; andiv. single geographical locations;b. processes to monitor and control credit exposures against pre-approved limits;c. processes for identifying breaches of limits and for ensuring that breaches of limits are brought within the pre-approved limits within a set timeframe;d. processes for reducing or cancelling limits to a particular counterparty where the counterparty is known to be experiencing problems;e. processes for approving requests for temporary increases in limits;f. processes to review credit exposures (at least annually but more frequently in cases where there is evidence of a deterioration in credit quality);g. a management information system that is capable of aggregating exposures to any one counterparty (or group of Relatedcounterparties), asset class, industry or region in a timely manner; andh. a process for reporting to the Governing Bodyand senior management:i. significant breaches of limits; andii. large exposures and other credit risk concentrations.3. Further guidance in respect of credit quality risk in respect of reinsurance counterparties is contained at PIN A2.14.
PIN A2.12 PIN A2.12 Business continuity planning risk
PIN A2.12 Guidance1. Disruptions in an
Insurer'sbusiness can lead to unexpected losses of both a financial and non-financial nature (e.g. data, premises, reputation etc). Disruptions may occur as a result of events such as power failure, denial of access to premises or work areas, systems failure (computers, data, building equipment), fire, fraud and loss of key staff.2. An Insurer'srisk management system in respect of business continuity planning risk will normally be expected to include at least the following policies and procedures:a. processes for identifying:i. events that may lead to a disruption in business continuity;ii. the likelihood of those events occurring;iii. the processes most at risk; andiv. the consequences of those events.b. a business continuity plan (BCP) describing:i. procedures to be followed if business continuity problems arise;ii. detailed procedures for enacting the BCP, including manual processes, the activation of an off-site recovery site (if needed) and the person(s) responsible for activating the BCPiii. a communications strategy and contact information for relevant staff, suppliers, regulators, market authorities (including exchanges), major clients, the media and other key people;iv. a schedule of critical systems covered by the BCP and the timeframe for restoring these systems;v. the pre-assigned responsibilities of staff and procedures for training staff on all aspects of the BCP; andvi. procedures for regular testing and review of the BCP; andc. procedures for backing up important data on a regular basis and storing the information off site.
PIN A2.13 PIN A2.13 Outsourcing risk
PIN A2.13 Guidance1. Financial firms frequently decide to outsource aspects of their operations to other parties,
Relatedor not. Outsourcing can bring significant benefits to a firm in terms of efficiency, cost reduction and risk management. However, both the process of implementing outsourcing arrangements and the outsourcing relationship itself may expose a firm to additional risk. It is therefore important that firms take care to supervise the conduct of activities that are outsourced. GEN Rule 5.3. requires an Authorised Firmto inform the DFSAabout any material outsourcing arrangement.2. The activities of outsource contractors have the ability to undermine the risk management activities of Insurers. Insurersshould take particular care if outsourcing activities such as underwriting and claims management, where inappropriate performance of the functions can expose the Insurerto serious financial loss, for example through acceptance of inappropriate insurance risks, mis-pricing, failure to obtain appropriate reinsurance cover, or failure to detect invalid claims. These considerations apply to such arrangements as binding authorities and other agencies appointed by Insurers.3. In negotiating a contract with an outsource contractor or in assessing an existing agreement, an Insurershould give consideration to matters relevant to risk management, including the following:a. setting and monitoring of authority limits and referral requirements;b. the identification and assessment of performance targets;c. procedures for evaluation of performance against targets;d. provisions for remedial action;e. reporting requirements imposed on the outsource contractors (including both content and frequency of reports);f. the ability of the Insurerand its risk management functions (for example, internal auditors), and its external auditors, to obtain access to the outsource contractors and their records;g. protection of intellectual property rights;h. protection of customer and firm confidentiality;i. the adequacy of any guarantees, indemnities or insurance cover that the outsource contractor agrees to put in place;j. the ability of the outsource contractor to provide continuity of business; andk. arrangements for change to the outsource contract or termination of the contract.4. Insurersshould take care to manage the risk that the sound and prudent management of the Insurer'sbusiness may be compromised by conflicting incentives in the outsource agreement. In particular, Insurersshould consider whether the remuneration structure creates any perverse incentives. For example, an outsource contractor with underwriting authority may have an incentive to accept poorer quality business if remuneration is based on commission (especially if bonuses are given for volume) and remuneration is not affected by the performance of the insurance contracts accepted.5. Intra-group outsourcing may be perceived as subject to lower risks than using outsource contractors from outside a Group. However it is not risk-free and an Insurermust still assess the associated risks and make appropriate arrangements for their management.
PIN A2.14 PIN A2.14 Reinsurance risk
PIN A2.14 Guidance1. Management of reinsurance risk relates to the selection, monitoring, review and control of reinsurance arrangements — that is, where some part of an
Insurer'sindividual or aggregate insurance risks is ceded to other Insurers, whether by a direct Insurerto a reinsurer or by a reinsurer to other reinsurers.2. An Insurershould inform the DFSAimmediately if there is a likelihood of a problem arising with its reinsurance arrangements that is likely to materially detract from its current or future capacity to meet its obligations, and discuss with the DFSAits plans to redress this situation. Problems that might trigger such a situation could include the insolvency of a reinsurer with a significant share in the Insurer'sprogramme, discovery of exposures without current reinsurance coverage, or exhaustion of reinsurance covers through multiple losses.3. Each Insureris required (by PIN Rule 2.3.5) to maintain a written reinsurance management strategy which must be appropriate to the size and complexity of operations of the Insurerand must define and document the Insurer'sobjectives and strategy for reinsurance management.4. An Insurer'sreinsurance management strategy should, at a minimum, include the following elements:a. systems for the selection of reinsurance brokers and other reinsurance advisers;b. systems for selecting and monitoring reinsurance programmes;c. clearly defined managerial responsibilities and controls;d. clear methodologies for determining all aspects of a reinsurance programme, including:i. identification and management of aggregations of risk exposure;ii. selection of maximum probable loss factors;iii. selection of realistic disaster scenarios, return periods and geographical aggregation areas; andiv. identification and management of vertical and horizontal coverage of the reinsurance programme;e. selection of participants on reinsurance contracts, including consideration of diversification and credit worthiness; andf. systems for identifying credit exposures (actual and potential) to individual reinsurers or Groupsof connected reinsurers on programmes that are al in place.5. Senior management should review an Insurer'sreinsurance management systems on a regular basis. The review should cover:a. the identification and recording of policies underwritten to which reinsurance is attached;b. the identification of the dates when an obligation to pay reinsurance premiums arises;c. the identification of losses triggering recoveries under reinsurance contracts;d. management of the timing of payments to, and collections from, reinsurance counterparties;e. the credit standing and capacity of reinsurance counterparties to meet obligations to which they are subject as a result of claims incurred or to which they would become subject in the event of occurrence of losses;f. any concentration of reinsurance arrangements with reinsurance counterparties which would create large exposures or detract from diversification benefits in the event of occurrence of losses;g. the extent of reliance on reinsurance with related parties, and the accessibility of intra-group funding under a range of realistic conditions; andh. the impact of any adverse trends in estimated Insurance Liabilitieson the adequacy of the Insurer'sreinsurance arrangements, and any implications for the capacity of the Insurerto meet its future policyholder obligations.6. Procedures for assessing the credit standing of reinsurance counterparties may include the following:a. establishment of a security committee with a specific brief to undertake the procedures;b. obtaining appropriate advice from reinsurance brokers;c. review of ratings published by ratings agencies;d. monitoring of key performance indicators in reinsurers' published reports; ande. consideration of general conditions in the relevant reinsurance market.
PIN A2.15 PIN A2.15 Group risk
PIN A2.15 Guidance1. The senior management of an
Insurerremain responsible for its regulatory compliance, including in any areas that are delegated or outsourced to other Groupmembers.2. The overall governance, high-level controls and reporting lines within the Groupshould be clear so far as they affect the Insurer. An Insurershould not, for example, be subject to material control or influence from other Groupmembers that is exercised through informal or undocumented channels.3. Reliance upon functions performed at a Grouplevel (for example, Grouprisk management, capital planning, liquidity and compliance) should be subject to approval and monitoring by senior management of the Insurer.4. Where an Insurerrelies upon functions that are performed at a Grouplevel the protocols for the performance of those functions should be clear.5. Senior management should establish and maintain systems and controls to identify and monitor the effect on the Insurerof its relationship with other members of the Groupand the activities of other members of its Group. These systems and controls should include procedures to monitor the following matters:a. changes in relationships between Groupmembers;b. changes in the activities of Groupmembers;c. conflicts of interest arising within the Group; andd. events in the Group, particularly those that may affect the Insurer'sown regulatory compliance (for example, failures of control or compliance in other Groupmembers).6. The Insurershould have in place procedures to insulate the Insurer, so far as practicable, from potentially adverse effects of Groupactivities (for example, transfer pricing or fronting) or Groupevents that may expose the Insurerto risk. Such procedures could include requirements for transactions with Groupmembers to be at arm's length, and for maintenance of 'Chinese walls', and development of contingency plans.7. Senior management should take reasonable steps to ensure that:a. relevant Groupmembers are aware of the Insurer's Grouprisk management and reporting obligations;b. Groupcapital and Grouprisk reporting requirements are complied with; andc. information in respect of the Groupprovided to the DFSAis of appropriate quality.