• a risk management strategy that defines the insurer’s risk appetite;
• a risk management policy outlining how all material risks are managed within the risk appetite; and
• the ability to respond to changes in the insurer’s risk profile in a timely manner.

The supervisor requires the insurer to establish, and operate within, an effective and documented system of internal controls.

The supervisor requires the insurer to have effective control functions with the necessary authority, independence and resources.

• identify, assess, monitor, mitigate and report on its key risks in a timely way; and
• promote and sustain a sound risk culture.

The supervisor requires the insurer to have an effective compliance function capable of assisting the insurer to i) meet its legal, regulatory and supervisory obligations and ii) promote and sustain a compliance culture, including through the monitoring of related internal policies.

The supervisor requires the insurer to have an effective actuarial function capable of evaluating and providing advice regarding, at least, technical provisions, premium and pricing activities, capital adequacy, reinsurance and compliance with related statutory and regulatory requirements.

The supervisor requires the insurer to have an effective internal audit function capable of providing the Board with independent assurance in respect of the quality and effectiveness of the insurer’s corporate governance framework.

The supervisor requires the insurer to retain at least the same degree of oversight of, and accountability for, any outsourced material activity or function (such as a control function) as applies to non-outsourced activities or functions.