System of Governance Articles 41 to 49 of Directive 2009/138/EC 11th May 2010 Eamonn Henry System of Governance – Directive Articles • General governance requirements (Article 41) • Fit and proper requirements (Article 42) • Proof of good repute (Article 43) • Risk management (Article 44) • Own risk and solvency assessment (Article 45) System of Governance – Directive Articles • Internal control (Article 46) • Internal audit (Article 47) • Actuarial function (Article 48) • Outsourcing (Article 49) General governance requirements • Adequate structure with clear allocation/segregation of duties • Effective transmission of information • Written policies with prior approval by Board and annual review: – risk management, internal control, internal audit, outsourcing (where relevant) Fit and proper requirements • Applies to Directors/managers/key functions • Adequate qualifications, knowledge and experience • Good repute/integrity Proof of good repute • Evidence of good repute • Evidence of no bankruptcy • Mutual recognition between Member States Risk management • Risk management function to be established to implement risk management system • Effective risk management system to identify, measure, monitor, manage and report all risks and interdependencies • Integrated into organisational structure and decision making Risk management • Cover risks included in the SCR calculation and any other risks • Cover underwriting/reserving/ALM/investment, etc. and have written policies • Cover approved partial or full internal models: – design & implementation, testing & validation, document & make changes, analyse performance, report to Board & recommend improvements Own risk and solvency assessment (ORSA) • Company’s own view of its risks and capital needs • ORSA is part of the risk management system • Overall solvency based on risk profile, risk tolerance and business strategies • Continuous compliance with SCR/MCR/technical provisions • Identification of significant deviations of the risk profile from the SCR assumptions Own risk and solvency assessment (ORSA) • Integrated into business strategy and strategic decision making • To be performed regularly and after change in risk profile • Results to be provided to the supervisory authority • ORSA is not a parallel method to calculate the SCR Internal control • Effective internal control system • Sound administrative and accountancy procedures, reporting arrangements • Compliance function to be established Internal audit • Internal audit function to be established • Evaluate internal control and other aspects of governance • Objective and independent from operational functions • Recommendations reported to Board Actuarial function • Staffed by persons with knowledge of actuarial/financial mathematics • Responsible for coordinating the calculation of the technical provisions • Appropriate methodologies, assumptions, data sufficiency and quality • Compare best estimate against experience Actuarial function • Advise Board on reliability/adequacy of the calculation of the technical provisions • Provide an opinion on overall underwriting policy and on reinsurance arrangements Outsourcing • Responsibility for outsourced functions remain with insurance undertaking • Governance should not be impaired and operational risk should not be unduly increased • Supervisor’s ability to monitor compliance should not be impaired • Supervisors to be notified in advance of any planned outsourcing Proportionality • Principle included in the Directive • Based on the nature, scale and complexity of operations • CEIOPS guidance still being developed • Same rules for all but different implementation Lessons learnt • Governance is important – pay attention to it! • Risk management is fundamental • Start thinking in terms of the ORSA • Start working on written policies! Thank Thank you you