Consultation Paper No. 9 Prudential Rules for Insurers

June 2003

These draft rules are published for consultation purposes only. The regulatory authority reserves the right to amend this draft at its sole discretion. The enactment of these draft rules is conditional upon the official publication of a federal decree, the amendment of Dubai Decree No.3 of 2002, and the Issuance of a DIFC Regulatory Law.

Prudential Rules for Insurers of the Dubai International Financial Centre

1. Introduction

1.1 General

The draft Regulatory Law for the DIFC requires the Regulatory Authority ("the Authority") to consult on its proposals for "Tier 4" legislation1 Rules. This paper consults on the proposed prudential rules for insurance companies, and on some associated Guidance ("Tier 5").

Please note that, although each draft is in near final form, it is still "work in progress" and may therefore undergo changes before issue. Comments are invited on any aspect of the regime proposed in this paper, on both the principles and the detailed drafting. The Authority would be particularly interested to have the views of firms considering establishing themselves in the DIFC, and views on how this regime compares with those in other major insurance centres. In the light of the comments received, the Authority may determine to adopt in whole, or in part, the proposals outlined in these papers, or may amend the proposals.

Anyone wishing to submit comments should, where applicable, provide details of the organisation he or she represents. The names of commentators and the content of their submissions may be published on the Regulatory Authority website and in other documents to be published by the Authority. If you wish your name to be withheld from publication, please indicate this when you make your submission.

Any comments should be addressed to Mr Nicholas Alves, Legal Counsel, DIFC Regulatory Authority, PO Box 74777, Dubai, UAE, or e-mailed to All comments should be provided in writing, no later than 9th July 2003.

1.2 Context

The draft rules need to be considered in the context of the draft DIFC Regulatory Law2, and the other modules of the Rulebook. Among other provisions set out in these other modules, Insurers will be subject to "fit and proper" rules for senior managers, requirements on governance, systems and controls, and anti-money laundering requirements.

The draft rules also need to be considered in the context of the DIFC as a centre for wholesale insurance, including reinsurance, but excluding direct personal lines business.

The Authority will have power to waive or modify rules, and it will be prepared to use this to adapt the rules to the specific circumstances of individual firms.

1.3 Content

These draft prudential rules contain, principally:

• limitations on the way in which Insurance Business may be conducted;
• systems and controls requirements specific to insurers;
• capital adequacy requirements; and
• reporting requirements, including provisions for audit and actuarial certification.

They cover Islamic (Takaful) companies and protected Cell companies3, as well as conventional Insurers.

The capital adequacy regime is risk-based, and the minimum Capital Requirement will, for most Insurers, correspond approximately to a BBB rating from Standard & Poor's.

The Authority intends that its regime will meet the best international standards, and will comply with the Principles and Standards of the IAIS4.

1 The five Tiers of legislation relating to the DIFC were explained in the Legal and Regulatory Blueprint published in October 2002.

2 A second draft of this Law was published for consultation in May 2003

3 The underlying provisions for protected Cell companies are contained in Chapter 18 of the draft Companies Law published in January 2003. Protected Cell companies are likely to be particularly appropriate to captive Insurance Business.

4 The International Association of Insurance Supervisors.

2. Background

2.1 The DIFC as an insurance centre

The DIFC is to be a centre for wholesale insurance. Firms operating within the DIFC will be prohibited from offering long-term life products, or entering into insurance contracts with individuals. These prohibitions are implemented through these rules. It is, however, possible that firms will reinsure long-term life business, or that firms with Branches in the DIFC will do direct personal lines general business in other jurisdictions. The rules therefore cover these possibilities.

Insurers may choose to operate in the DIFC as DIFC-incorporated independent companies, as DIFC-incorporated subsidiaries of other companies, or as Branches of companies incorporated elsewhere. It is also possible that in time DIFC-incorporated companies may themselves establish Branches elsewhere. These draft rules cater for all these possibilities, as well as for protected Cell companies and for Islamic (Takaful) Insurers. They do not as yet cater for Insurers in run-off; the necessary provisions will be published in due course.

This paper does not deal with Insurance Brokers or other Insurance Intermediaries.

2.2 The DIFC rulebook

The draft Regulatory Law provides the DIFC Regulatory Authority with a wide range of powers, including powers to make Rules (Tier 4) and to issue Guidance (Tier 5). This Guidance is not binding, nor does it create a "safe harbour" protecting those who comply with it from action for breach of the underlying rule.

The rules will, taken together, make up a Rulebook containing a number of modules. A number of these will apply to all Authorised Firms. They will include provisions dealing with high-level management, systems and controls. This module will provide a general context for the more detailed systems and controls requirements in the insurance prudential rules. Other important provisions elsewhere will:

• set high-level principles with which all Authorised Firms must comply;
• set similar principles for authorised individuals;
• specify which individuals in a firm need to be authorised; and
• specify how firms need to deal with the Authority in a wide range of circumstances: for example if there is a change of control.

There will also be Guidance on the way the Authority itself will behave, for example if there is a change in the shareholder control of a firm.

The draft prudential rules presented here thus cover only part, though an important part, of the regime for insurance firms.

As indicated in the Legal and Regulatory Blueprint, the Authority does not propose to regulate insurers' premiums and contract terms ("rate and form"), or to make detailed conduct of business ("market conduct") rules for them.

The draft rules which follow include definitions. The Glossary contains a complete list of the definitions used and their meaning. Where a term starts with a capital letter, it is used in its defined sense. Terms starting in lower case have their natural meaning.

The layout and typography follow the conventions which will be used for the Rulebook as a whole. Rules identified by a three number code in the margin, appear in Arial 11 point type. Guidance appears in Times New Roman 10 point and is not binding either on firms or on the Authority. It is also identified by the sub-title "Guidance" In the Appendices rules are identified by the letter "A" followed by a three number code. The use of Appendices is a convenient means to gather together detailed requirements and Guidance so as not to "clutter" the fundamental rules with detailed provisions.

Square brackets indicate references to material which has not yet been published for consultation.

2.3 Waiver and modification

The draft Regulatory Law gives the Authority wide power to waive or modify rules. One circumstance where it may appropriately be used is where a DIFC Insurer is a Branch of a firm regulated to a high standard in its home jurisdiction by a regulator with which the Authority can reach an understanding on supervision. In this situation it may be appropriate for the Authority to disapply or modify some of its own rules in favour of those of the home jurisdiction.

3. The Insurance Prudential Rules - Overview

3.1 Introduction

The object of prudential rules is to mitigate the risk of financial failure by an insurance company, in particular the risk that it will not be able to meet its policyholders' legitimate claims. Insurers are, by definition, in the business of assuming risk. It is therefore impossible for Regulation to eliminate the risk of financial failure completely without negating the economic basis of an insurance company. The justification for prudential Regulation is, however, that the risk can and should be reduced below the level which might be set by companies pursuing only their own economic interests.

3.2 International standards

The international standards-setting body for insurance is the International Association of Insurance Supervisors (IAIS). The DIFC intends its insurance regime to comply fully with IAIS standards, and the regime has been designed with this in mind.

The IAIS is, however, a much younger organisation than its counterparts in banking and Securities, and its standards are therefore less complete and less detailed. In the area of capital adequacy in particular, the Authority has needed to make more choices about the detail of the regime than would be needed or allowed in implementing the Basel or IOSCO regimes.

3.3 Reducing risk

The IAIS has described Capital Requirements as the last line of defence against financial failure, not the first.

The first line of defence lies in having firms which are competently managed, and this is addressed through the Authority's requirement that individuals who carry out Licensed Functions must be fit and proper and through the Authority's governance requirements.

A firm also needs comprehensive risk management systems to identify, assess and mitigate its own risks. General systems and controls requirements are addressed elsewhere in the Rulebook. There are, however, some requirements that are specific to insurance companies, for example the management of the various risks associated with the placement and collection of reinsurance. This draft addresses these requirements.

Active supervision is also essential. The Authority intends to be an active, risk-based regulator which knows the firms operating in the DIFC, understands their businesses and the risks to which they are exposed and, where necessary, works to develop programmes of risk mitigation.

An essential input to supervision is reporting by firms, both periodically and when certain events occur. The draft makes provision for both types, including specifying the regular financial reporting that will be required.

3.4 The capital adequacy regime

The trends in insurance Regulation internationally are strongly towards risk-based capital regimes, more closely analogous than in the past to those adopted in the banking and Securities fields. The challenge facing the Authority has been to develop a risk-based regime which would be:

• appropriate to an international, wholesale centre with only minimal risks located physically within it;
• usable by a small regulator (which could not, for example, deploy the resources needed to validate the internal capital models used by the most advanced firms); and
• broadly familiar to major international firms.

The Authority has therefore chosen to base its regime on a Rating Agency model and to adapt it and extend it as necessary for regulatory use. This was the approach taken by both Canada and Australia, which have recently introduced fundamental changes to their capital adequacy regimes for Insurers. We have also drawn on the UK Financial Services Authority's thinking on systems and controls and on the regimes of other centres, especially in relation to captives, protected Cell companies and Takaful Insurers.

Although the capital adequacy model is complex, it should be broadly familiar to firms used to dealing with the major rating agencies. The Authority understands that, for most firms, its minimum Capital Requirement will be roughly equivalent to that required for a Standard & Poor's BBB rating. (The Authority would, however, expect any applicant for licensing to hold capital significantly above the minimum, so that it can withstand some initial adverse developments without breaching its requirement.)

3.5 Protected Cell companies

The draft Companies Law makes provision for protected Cell companies (PCCs). This structure, pioneered in Guernsey and now adopted in several jurisdictions around the world, has particular advantages for captive insurance, since it allows a captive to be set up quickly and easily. The draft rules cover PCCs, and impose very similar substantive requirements to those imposed on normal Insurers. There are inevitably some complexities of drafting, reflecting the relative complexity of a PCC as compared with a normal company.

3.6 Omissions

As noted above, this draft does not include any special rules for Insurers in run-off. Nor does it include financial reporting forms. Both of these will be published for consultation later.

4. The Insurance Prudential Rules - Detail

4.1 Introduction

The draft Rules and Glossary are attached. The Glossary will in due course cover the whole of the Authority's Rulebook. The following sections provide a commentary on some parts of the draft, using the numbering used there.

Prudential Rules

Section 1.1

This section sets out the application rule. The associated Guidance refers to some key definitions, and to the fact that only Bodies Corporate will be permitted to carry on Insurance Business in the DIFC. The reference to the DIFC Companies Law is to the draft published on the Authority's website in January 2003.

Section 1.2

The provisions of this section establish some important limitations on what insurance companies may do in the DIFC.

Rule 1.2.1

This implements the bar on entering into insurance contracts with natural persons. Exemptions allow:

• insurance for partnerships etc;
• the placing of reinsurance at Lloyd's; and
• insurers based elsewhere, but with a Branch in the DIFC, to continue to do general business with natural persons Win their other establishments.

Long-term (life) business is confined to reinsurance.

Rules 1.2.2 and 1.2.3

These Rules implement the requirement that Insurers should not undertake any business other than insurance or activities directly ancillary to it. This is a normal regulatory requirement, in line with the standards of the International Association of Insurance Supervisors (IAIS).

It also implements the IAIS standard which generally does not allow Insurers to undertake both life and non-life business within the same firm. (The Rules do, however, permit non-life firms to do some short-term life business. This would allow them, for example, to provide a business with a complete insurance solution including key Person cover.)

The standard exemption allowing firms to mix life business with accident and health business is contained in sub-Rules (4) and (5). (5) protects the position of some firms which have existing rights (usually "grandfathered") to mix life and non-life business; they will be able to continue to do so outside the DIFC, but not within a DIFC Branch.

Sub-Rule (6) requires a PCC to conduct all its Insurance Business through its Cells. This simplifies the prudential regime, since Non-Cellular Assets are not directly exposed to insurance risk.

Section 1.3

This section, and Appendices 1 & 2, define the Classes of Insurance Business on the basis of which firms must account and report. They are based on the standard European Classes, but some of the General Insurance Classes have been merged to produce eight Classes in all. The Authority hopes that this will simplify firms' accounting and reporting requirements without any disadvantage to prudential supervision.

Chapter 2

This Chapter sets requirements for firms' management and control of risks. General systems and controls requirements applicable to all firms will be set out elsewhere in the Rulebook. This Chapter expands on them as they apply in the context of an Insurer. Appendix 10 provides further, non-binding, Guidance on how these rules may be implemented in a practical context.

Section 2.2

This section sets the overall requirement for risk management and control systems appropriate to the insurer's size and business, including a written risk management strategy.

Section 2.3

This section identifies specific risks which the firm must identify and address. These include the risks associated with the insurer's membership of a Group.

Section 2.4

This section complements the systems and controls requirement by setting a general record-keeping requirement.

Chapter 3

Chapter 3 deals with Long-Term Insurance business. Since Insurers in the DIFC will not be permitted to deal with natural persons, it is expected that the long-term business conducted within the DIFC will be confined to reinsurance.

Section 3.2

An important Principle of the IAIS is the separation of long-term from other business. rule 1.2.1(5) prevents firms mixing general and long-term business within their DIFC operations. It is, however, possible that firms Undertaking only general business within the DIFC will be conducting long-term business elsewhere, and vice versa.

Separation of the two kinds of business is commonly achieved by establishing a long-term business fund within a firm. Such a requirement is set out in this section, but a firm that is subject to a substantially similar requirement in another jurisdiction may apply to the Authority to follow that requirement instead. Where a firm carries on only long-term business, it may simplify matters by deeming the firm to constitute a single fund.

The following sections contain more detailed requirements enforcing the separation between a Long-Term Insurance Fund and the remainder of the company's business.

Chapter 4

Chapter 4 contains the core capital adequacy provisions. Much of the detail is in Appendices which are discussed separately below.

Section 4.2

Section 4.2 requires all Insurers at all times to have resources that are, in the opinion of its Directors, adequate for its business. This is an over-riding requirement for the Directors of the firm to take their own view of the capital required (even if this leads to a higher figure than the minimum imposed by the Authority).

Section 4.3

This section sets the basic capital adequacy rule. Each Insurer is required to have "adjusted capital resources" equal to or higher than its "minimum capital requirement". The calculation of Adjusted Capital Resources - basically the firm's assets subject to certain adjustments - is set out, for a normal Insurer, in Appendix 3. The calculation of the firm's minimum Capital Requirement is set out in Appendix 4.

Section 4.4

This section sets rules for protected Cell companies similar to those in 4.3.

Section 4.5

The rules do not contain detailed Capital Requirements for credit and surety business - Class 7. Under section 4.5, any Insurer wishing to undertake this business must notify the Authority, which will set bespoke requirements for this Class.

The reason is that some business of this kind, for example bond insurance of the kind often done by specialist Insurers, is in practice a capital markets business, and Capital Requirements are most appropriately set on an Exposure basis, similar to that applied in such markets. Other business, for example mortgage guarantee business, or the insurance of credit card debt, is closer in character to classic Insurance Business, albeit that its fortunes tend to be correlated with economic cycles. The European insurance Classes on which the Authority's proposals are based do not distinguish well between the different types of credit and surety business. Rather than create a new set of definitions, which would impose additional accounting requirements on firms, the Authority has chosen to approach the issue in the way stated here.

Section 4.6

This section requires an Insurer that undertakes Long-Term Insurance business through a fund to maintain Capital Resources for the fund. The relevant calculations are set out in Appendices 8 and 9.

Section 4.7

This section deals with DIFC Branches of Insurers incorporated elsewhere. It requires the Branch to have identifiable assets, of particular types, sufficient to meet a capital adequacy requirement calculated as set out in this section. It does not require those assets to be held in the DIFC, or in the UAE. The Authority has considered an asset localisation requirement, but believes that such a requirement would not be appropriate given the limited assets initially available to be held in the DIFC, and also the possibility that the mismatch between those assets and the liabilities of an international Insurer would create additional risks for its policyholders.

Section 4.8

Under this section, if an Insurer does not meet its Capital Requirement, it must notify the Authority, stop accepting new business, and refrain from making any distribution until given permission to do so. If an Insurer believes that it may not meet its requirements, or may not meet them in the future, it must notify the Authority and explain what it is doing to avoid non-compliance.

Section 4.9

This section provides that no Insurer may make any distribution which would cause it to fail to meet its Capital Requirement.

Chapter 5

This Chapter deals with the valuation of assets and liabilities. The Authority expects in the longer term to require firms to use International Financial Reporting Standards (IFRS) or, in the period before these are fully implemented, US or UK GAAP. All these standards are, broadly speaking, based on fair value principles. Islamic firms will be required to use the AAOIFI5 standards. Chapter 5 sets specific rules for certain types of asset or liability.

Rules 5.3.1-5.3.6

These paragraphs deal with the timing of Recognition of certain General Insurance assets and liabilities.

Rules 5.3.7-5.3.11

These Rules require an Insurer to treat as liabilities the values of future claims payments, whether from events that have already occurred, or from future events covered under policies in force. Reinsurance recoveries are to be recognised as assets. Both assets and liabilities are to be recognised at net present value, using discount rates calculated as set out in section 5.4.

Section 5.5

This section deals with the Recognition and valuation of Long-Term Insurance assets and liabilities.

Section 5.6

Under this section, Investments in subsidiaries or Associates must be valued after taking account of any regulatory Capital Requirements to which the Subsidiary or Associate is subject.

Chapters 6 and 7

Chapter 6 sets out the requirements for reporting to the Regulatory Authority. The reporting forms are not yet available, and will be published later. They will form Appendices 11 and 12 to the rules.

It is proposed that there should be an audited annual Return, submitted within 4 months of the insurer's reporting date, and a shorter, unaudited, quarterly Return submitted within 2 months of the quarter end.

Annual returns are also subject to actuarial review, under arrangements set out in Chapter 7.

Chapter 8

This Chapter provides for a degree of consolidated supervision of any Group of which an Insurer operating in the DIFC is part. There is a growing trend to consolidated supervision worldwide, as evidenced in Europe by the Insurance Groups Directive. Consolidated supervision is standard practice in other areas of Financial Services. The Chapter places some restraints on intra-group and other major transactions and allows the Authority to require a consolidated financial statement for any Group of which the DIFC Insurer is part. Where the Insurer is subject to consolidated supervision outside the DIFC, however, the Authority would normally expect to defer to an external lead regulator.


Appendices 1 and 2 define the insurance Classes for general and Long-Term Insurance respectively. Of the remaining appendices published here, Appendices 3 and 4 set out the detail of the capital adequacy regime for normal insurers; Appendices 5 and 6 apply the same principles to PCCs, and Appendices 7 and 8 apply broadly similar principles to Long-Term Insurance Funds. Appendix 10 provides additional Guidance on the systems and controls requirements set out in Chapter 2. Commentary is therefore provided only on Appendices 3 and 4.

Appendix 3

This sets out how an Insurer should calculate its Adjusted Capital Resources. The starting point is "base capital", a concept broadly equivalent to "shareholders' equity" for a normal company, but including any hybrid capital. Certain items are then added or subtracted, as specified in section A3.4, to reach a figure referred to as the "adjusted equity". (For example, any dividends to be paid in Shares must be added, if they have been excluded, and the charity fund of a Takaful Insurer must be subtracted.) A further adjustment is then applied, the effect of which is to limit hybrid capital, such as subordinated debt, or preference Shares, to 15 % of the adjusted equity.

Appendix 4

This sets out how an Insurer should calculate its minimum Capital Requirement. The requirement is the sum of a number of risk components, each of which has a specified algorithm. The components are:

• Default risk component, covering the risk of default on the insurer's assets, principally bonds, loans and reinsurance recoverables.
• Investment volatility risk component, covering the risk of changes in value of the insurer's assets.
• Off-balance sheet asset risk component, covering the risks from Derivative contracts (with exclusions, including certain exchange-traded instruments).
• Off-balance sheet liability risk component, covering the risks from guarantees, letters of credit, etc which the Insurer may have issued.
• Concentration risk component, allowing for risks associated with aggregate exposures to a single Counterparty which exceed 10% of the insurer's Adjusted Capital Resources. (AAA-rated Governments and Government agencies are excluded from this provision.)
• Size factor component, which adjusts the aggregate of the default risk, Investment volatility risk and Concentration Risk components for Invested Assets by a factor dependent on the size of those assets.
• Underwriting risk component, covering the risk that the cost of claims will vary from the cost implicit in the premiums being charged. This factor is calculated by multiplying the premiums for each Class by a factor that varies by Class, and also between direct insurance, proportional reinsurance and non-proportional reinsurance.
• Reserving risk component, covering the risk that the cost of claims will vary from the amounts recorded as liabilities on the insurer's balance sheet. This is calculated in a similar way to the Underwriting risk component, but starting from the liabilities figures and using different percentages. In essence, it addresses the risks associated with adverse variation on business already done, while the Underwriting risk component addresses the risk of unprofitable current and future business.
• Long-term insurance risk component. The previous two items cover General Insurance only; this one makes provision for any long-term business.
• Asset management risk component. The circumstances in which an Insurer may conduct asset management are limited but include, for example, managing its employees' pension fund. This component imposes a risk Charge based on the value of the assets managed.

This appendix also sets underpinning minimum size requirements for Insurers. These are found in A4.2.3. The figure for a pure Captive Insurer is US$150,000. For a captive allowed up to 20% of premium from unrelated entities it is US$250,000, and for any other Insurer which is not a PCC it is US$100,000,000. (This figure applies to the legal entity, i.e. in the case of a Branch to the whole company of which it is a part.) The corresponding figures for protected Cell companies are in A6.2.4-A6.2.6. The minimum for the company as a whole is US$250,000, with US$50,000 in each Cell and US$50,000 in Non-Cellular Assets.

5 The Accounting and Auditing Organisation for Islamic Financial Institutions.