ICP 9 Supervisory Review and Reporting

The supervisor uses off-site monitoring and on-site inspections to: examine the business of each insurer; evaluate its financial condition, conduct of business, corporate governance framework and overall risk profile; and assess its compliance with relevant legislation and supervisory requirements. The supervisor obtains the necessary information to conduct effective supervision of insurers and evaluate the insurance market.


Framework for supervisory review and reporting


9.1

The supervisor has a documented framework which outlines its approach for supervisory review and reporting. The supervisor reviews periodically that this framework remains effective and adequate.


9.1.1    

While the framework should encompass all insurers within a jurisdiction, it should be sufficiently flexible with varying supervisory review and reporting requirements that allow for taking a risk-based approach. For example, the supervisory processes and activities which are appropriate for a complex, internationally active insurer may be different than those for a small, local insurer.

9.1.2    

The supervisor should have documented procedures and/or guidelines for consistent and regular supervisory review and reporting at an appropriate level of depth.

9.1.3    

The supervisor should be able to process data in a timely and effective way and have processes and procedures to collect and store reported data securely in an electronic format. The framework should have the necessary protections for confidential information in the possession of the supervisor and for the sharing of information (see ICP 2 Supervisor and ICP 3 Information Sharing and Confidentiality Requirements).

9.1.4    

The framework should enable the supervisor to coordinate on-site inspection and off-site monitoring activities. The supervisor should document the results of these activities in such a way that they are accessible and comprehensible to all involved staff.

9.1.5    
The supervisor should establish both qualitative and quantitative methods for assessing insurers, in a consistent manner and on an ongoing basis. The supervisor should develop monitoring tools to identify potential risks within or affecting the insurer or its customers in a timely manner.

9.1.6    
The framework should enable the supervisor to evaluate the insurer’s business, financial condition, conduct of business and corporate governance framework to determine the insurer’s overall risk profile. In order to achieve this objective, the supervisor should have an understanding of at least the insurer’s:
  • current and prospective solvency, including assets and liabilities and off-balance sheet commitments;
  • capital resources management;
  • technical operations (eg actuarial methods, underwriting policy, reinsurance policy);
  • treatment of customers and whether any activities being engaged in are not fair, lawful or proper;
  • corporate culture, business objectives and strategies and business models;
  • the systems of risk management and internal controls;
  • organisational structure; and
  • compliance with supervisory requirements.

9.1.7    
The supervisor should assess the insurer’s enterprise risk management framework for the identification and quantification of risks, and evaluate whether business activities and/or internal practices/processes reflect the insurer’s risk assessment. The supervisor should compare the risk profile of the insurer with its risk-carrying capacity and seek to detect issues that may adversely affect its capacity to meet obligations towards policyholders. The framework should enable the supervisor to analyse trends and compare risk assessments including against any stress test outcomes.

9.1.8    
The framework should include assessments of the risks to which insurers are exposed and the risks which insurers may pose to policyholders, the insurance sector and financial stability. These assessments should include risks which may lead to an insurer’s distress or disorderly failure or which may be transmitted through collective activities or exposures of a number of insurers and that may have a serious negative impact on financial stability (see ICP 24 Macroprudential Supervision).

9.1.9    
The framework should include sufficiently comprehensive and regular communication between the supervisor and insurers. This communication should involve senior level representatives as well as specialised areas within both the supervisor and insurers, and for insurance groups, may include contact with non-regulated and parent entities. Additionally, there should be appropriate communication channels between the supervisor and the external auditors for the exchange of information relevant to carrying out their respective statutory responsibilities.

9.1.10    
The framework should promote pro-active and early intervention by the supervisor, in order to enable the insurer to take appropriate action to mitigate risks and/or minimise current or future problems.


Review of the Framework


9.1.11    
The supervisor’s review of its framework should pay due attention to the evolving risks which may be posed by insurers and to risks to which insurers may be exposed.

9.1.12    
As part of the framework review, the supervisor should confer regularly internally as well as externally with other relevant authorities and stakeholders so that all relevant information is being appropriately assessed and analysed, and to facilitate the identification of potential new risks or emerging market trends that the framework may need to address. While the framework should be updated accordingly, the supervisor should be mindful that such updates are not done so frequently or in a manner that causes unnecessary disruption to the supervisory process and/or excessive costs to the supervisor and insurers.

9.1.13    
The framework should be suitably flexible so that it may adapt easily and in a timely manner to domestic and global developments in, for example, legislation, the insurance and broader financial markets, or international standards.


Group Perspectives


9.1.14    
The framework of the group-wide supervisor should take into account all entities identified within the scope of the insurance group (see ICP 23 Group-wide Supervision). While insurance groups may have different approaches to governance structures – either more centralised or more decentralised – the framework should include appropriate tools for supervisory review and reporting for all relevant entities (see Issues Paper on Approaches to Group Corporate Governance).

9.1.15    
Although the group-wide supervisor may not have the power to conduct supervisory review and reporting of non-regulated entities, it should assess, at least, the potential adverse impact of such non-regulated entities on the group.

9.1.16    
Similarly, where the group-wide supervisor does not have the power to conduct supervisory review and reporting of a group legal entity in another jurisdiction, it should communicate and coordinate with the other involved supervisor accordingly. For example, the group-wide supervisor could approach the other involved supervisor to propose a joint on-site inspection or recommend that the other involved supervisor undertake such an inspection, when deemed necessary.

9.2

As part of the supervisory framework, the supervisor develops supervisory plans which set priorities and determine the appropriate depth and level of off-site monitoring and on-site inspection activity.


9.3

The supervisor reviews outsourced material activities or functions to the same level as non-outsourced material activities or functions.



9.3.1    

The supervisor should review outsourced material activities or functions through the insurer itself, but should also obtain information from, and conduct on-site inspections of, entities engaged in providing outsourced activities or functions for the insurer, where necessary.

9.3.2    

The supervisory review process for outsourced material activities or functions may differ from the process used for non-outsourced activities or functions, provided that the supervisory outcomes are met.

9.3.3    

Agreements between the insurer and entities providing the outsourced material activities or functions should be drawn up in such a way that the supervisor’s ability to conduct its review is not restricted.


Supervisory Reporting


9.4
The Supervisor:
  • establishes documented requirements for the regular reporting of qualitative and quantitative information from all insurers licensed in its jurisdiction;
  • defines the scope, content and frequency of the information to be reported;
  • sets out the relevant accounting and auditing standards to be used;
  • requires that an external audit opinion is provided on annual financial statements;
  • requires insurers to report on any material changes or incidents that could affect their condition or customers;
  • requires insurers to correct inaccurate reporting as soon as possible; and
  • requires more frequent reporting and/or additional information from insurers as needed.

9.4.1    

Supervisory reporting requirements should apply to all insurers licensed in a jurisdiction, and form the general basis for off-site monitoring. Supervisory reporting requirements are a reflection of the supervisor’s needs and will thus vary by jurisdiction according to overall market structure and conditions and by insurer according to its nature, scale and complexity.

9.4.2    

In setting supervisory reporting requirements, the supervisor may make a distinction for foreign insurers who are allowed to conduct insurance activities within the jurisdiction by way of a local branch or subsidiary or on a cross-border provision of services basis.

9.4.3    
The supervisor should require insurers to report both quantitative and qualitative information, including at least:
financial reports, which include at least a balance sheet and income statement as well as a statement of comprehensive income if appropriate;
  • an external audit opinion on annual financial statements;
  • off-balance sheet exposures;
  • material outsourced functions and activities;
  • a description of the insurer’s organisational structure, corporate governance framework and risk management and internal control systems; and
  • information on complaints, claims, surrenders and lapses.

9.4.4    

The supervisor should require insurers to utilise a consistent and clear set of instructions and definitions for any element in required reports that is not self-evident, in order to maximise comparability.

9.4.5    

The supervisor may require that certain reports and information, such as solvency ratios or technical provisions, are subject to independent (internal or external) review, including audit and/or actuarial review.

9.4.6    

While the supervisor sets out the relevant accounting and auditing standards to be used for supervisory reporting, the actual standards are generally established by a party other than the supervisor. To help accounting and auditing standards reflect the nature of insurance business, the supervisor could provide guidance and practices to be used for areas such as fair value estimations and technical provisions.

9.4.7    

The external audit of the annual financial statements should be conducted in accordance with auditing standards that are generally accepted internationally.

9.4.8    

The supervisor should consider using the work of external auditors in order to support the supervisory review process. For example, the supervisor may utilize the external audits to identify: internal control weaknesses and possible audit material risks; issues resulting from regulatory and accounting changes; changes in insurance and financial risks; and issues encountered in applying the audit approach.

9.4.9    

The supervisor should require the external auditor to report matters that are likely to be of material significance without delay. Such matters would include (indication of) material fraud and regulatory breaches or other significant findings identified in the course of the audit. Such information should be provided to the supervisor without the need for prior consent of the insurer and the external auditor should be duly protected from liability for any information disclosed to the supervisor in good faith.

9.4.10    

Depending on the nature, scale and complexity of the insurer, more frequent reporting and/or additional information may be requested from specific insurers on a case-by-case basis.

9.4.11    

The supervisor should require that information on changes that could materially impact the insurer’s risk profile, financial position, organisational structure, governance or treatment of its customers is provided by the insurer in a timely manner.

9.4.12    

The supervisor periodically reviews its reporting requirements to ascertain that they still serve their intended objectives and to identify any gaps which need to be filled. Assessing the results of off-site monitoring and on-site inspections may help inform such a review.


Group Perspectives


9.4.13    
The supervisor should require an insurance legal entity which is part of an insurance group to describe its group reporting structure, and to provide timely notification of any material changes to that structure and significant changes or incidents that could affect the soundness of the insurance group. The description of the reporting structure should include information on the relationships between entities within the insurance group, and on the nature and volume of material intra-group transactions. The supervisor may require information on the impact on the insurance legal entity of being part of an insurance group.

9.4.14    
The supervisor may request and obtain relevant information about any entity within an insurance group, subject to applicable legal provisions and coordination with the supervisors of affected jurisdictions.

9.4.15    
The group-wide supervisor should establish its supervisory reporting requirements on a group-wide basis in coordination with the other involved supervisors. Such coordination may help the group-wide supervisor understand what information is being reported and avoid any gaps as well as facilitate the submission of information on group entities in other jurisdictions.

9.4.16    
In order to better understand the group and its risks, the group-wide supervisor should require the group to submit information on the group structure, business operation and financial position of material entities within the insurance group and relationship among entities within the insurance group, including participation in other group entities and material intra-group transactions.

CF 9.4.a    
The group-wide supervisor requires the Head of the IAIG to report the reference ICS and, at the option of the group-wide supervisor, any additional reporting related to the ICS.

CF 9.4.a.1    
Reporting to the group-wide supervisor should be on a confidential basis for the purpose of discussion in the supervisory college.


Off-site monitoring


9.5

The supervisor monitors insurers on an ongoing basis, based on communication with the insurer and analysis of information obtained through supervisory reporting as well as market and other relevant information.


9.5.1    
The supervisor should be proactive and forward-looking in conducting effective off-site monitoring, and not rely only on historical data. The supervisor should analyse information obtained in a timely manner.

9.5.2    
The results of off-site monitoring should influence the supervisory plan and help determine the content, nature, timing and frequency of on-site inspections. Off-site monitoring may also enable the early detection of problems so that prompt and appropriate supervisory responses can be taken before such problems become more serious.

9.5.3    
Analysis by the supervisor may provide a deeper understanding of developing trends affecting an insurer and its customers. Analysis by business lines, customer grouping and/or distribution channels may provide insights into the insurer’s overall risk profile.

9.5.4    
The supervisor should establish and follow documented procedures for the analysis and monitoring of the supervisory reporting that it receives. These may be conducted by individual supervisory staff using monitoring tools and/or specialised resources, as appropriate.

9.5.5    
Examples of ways in which this Standard and its corresponding guidance can be pursued include the following [see text in Annex].


On-site inspection


9.6

The supervisor sets the objective, scope and timing for on-site inspections of insurers, develops corresponding work programmes and conducts such inspections.


9.6.1    
On-site inspections help the supervisor to identify strengths and weaknesses within an insurer, and to assess and analyse the risks to which an insurer and its customers are exposed.

9.6.2    
On-site inspections may supplement the analysis from off-site monitoring and provide the supervisor with the opportunity to verify information it has received. On-site inspection may also help detect problems that may not be apparent through off-site monitoring. It is important that on-site inspections are coordinated with off-site monitoring to increase efficiency and avoid duplication of work.

9.6.3    
On-site inspections should be tailored to the particular insurer and its risks. However, an on-site inspection work programme should remain flexible since new priorities might arise.

9.6.4    
The on-site inspection work programme should take account of the insurer’s distribution model, the nature, size and profile of its customer base and its relative importance in the market. On-site inspections should be more frequent and more in- depth for insurers which are in a difficult financial position or where there is concern that their business practices pose a high risk of negative customer outcomes.

9.6.5    
The supervisor may use independent experts (see ICP 2 Supervisor) to conduct part of an on-site inspection, for instance when additional resources or specific expertise is needed.

9.6.6    
The supervisor can conduct on-site inspections on either a broad or targeted basis. The purpose of a broad on-site inspection is to assess the overall condition, activities and risk-profile of the insurer. A targeted on-site inspection is focused on a specific area or areas of an insurer, such as a particular key activity or process. Targeted on-site inspections can also be carried out across a number of insurers based on a specific theme, activity or risk (sometimes called "thematic reviews"). Targeted on-site inspections can be very effective in focusing supervisory resources quickly on those areas requiring immediate attention. If a targeted on-site inspection leads to other areas of supervisory concern, the supervisor may determine that a broad on-site inspection is necessary.

9.6.7    
Advance notice is normally given to the insurer before the supervisor conducts an on-site inspection so that both parties may plan accordingly. However, the supervisor may decide not to provide advance notice in certain circumstances.

9.6.8    
Examples of ways in which this Standard and its corresponding guidance can be pursued include the following [see text in Annex].

CF 9.6.a    
The group-wide supervisor performs on-site inspections at the level of the Head of the IAIG.

CF 9.6.a.1    
The group-wide supervisor’s on-site inspections should consider group-wide activities and major risks that impact legal entities within the IAIG.

CF 9.6.a.2    
During on-site inspections, the group-wide supervisor should have access to the IAIG Board, Senior Management and Key Persons in Control Functions responsible for the group-wide functions wherever these functions are performed. Where the group-wide functions are performed by an insurance legal entity within the IAIG, which is outside the jurisdiction of the group-wide supervisor, the group-wide supervisor should inform the relevant other involved supervisor prior to approaching this insurance legal entity as part of the on-site inspection carried out at the level of the Head of the IAIG.

CF 9.6.a.3    
Other involved supervisors should inform the group-wide supervisor of significant planned on-site inspections and communicate the main findings to the supervisory college where they are material to the IAIG or to another insurance legal entity within the IAIG.

CF 9.6.b    
Where appropriate, the group-wide supervisor, or other involved supervisors with reasonable supervisory interest, join on-site inspections of an insurance legal entity in another jurisdiction, coordinated by the relevant involved supervisor, with prior consent from that supervisor.

CF 9.6.b.1    
Relevant involved supervisors should consider organising a joint on-site inspection to address issues that are material to the IAIG or to another insurance legal entity within the IAIG. The relevant involved supervisor should share the main outcomes of a joint on-site inspection within the supervisory college.


Supervisory feedback and follow-up


9.7

The supervisor discusses with the insurer as soon as practical any relevant findings of the supervisory review and the need for any preventive or corrective measures.



9.7.1    

The supervisor should provide appropriate feedback in a timely manner to the insurer during the ongoing supervisory review process. The supervisor should issue in writing the findings of the review and the actions required. In many circumstances, the supervisor’s initial action will be to discuss the issue with the insurer, which may resolve the issue and require no further action. However some issues may require preventive or corrective measures, and in some cases imposing sanctions (see ICP 10 Preventive Measures, Corrective Measures and Sanctions).

9.7.2    

Whether and how the insurer has subsequently addressed issues identified by the supervisor should be considered in the evaluation of the insurer and should be factored into the ongoing supervisory plan.

CF 9.7.a    
The group-wide supervisor communicates the results of the group-wide supervisory review of the IAIG, including the group-wide risk assessment, to the supervisory college and, as appropriate, to the Head of the IAIG.

Annex:     
Examples of ways in which Standards 9.5 and 9.6 and their corresponding guidance can be pursued include the following:
 
A) The evaluation of the effectiveness of the insurer’s corporate governance framework, including its risk management and internal control systems, can be done through:
  • reviewing and analysing the minutes of the Board and its committees;
  • examining communications provided by the auditors to the Board and/or the Audit Committee, such as the auditors’ reports;
  • analysing information obtained from and/or received through direct engagement with the external auditor on substantial insights into the insurer’s corporate governance framework, control environment, and financial reporting;
  • evaluating the suitability of significant owners by analysing the ownership structure and sources of finance/funding;
  • evaluating the independence of the Board Members, the suitability of the Board Members, Senior Management and Key Persons in Control Functions, their effectiveness, and their ability to acknowledge improvement needs and correct mistakes (especially after such needs or mistakes have been identified by the insurer, its auditors, or the supervisor and after changes of management and in the Board);
  • testing the insurer's internal policies, processes and controls in order to assess compliance with regulations and/or adequacy of these in light of the insurer's risk profile;
  • testing the accounting procedures in order to assess accuracy of the financial and statistical information periodically sent to the supervisor and its compliance with the regulations; and
  • evaluating the organisational structure and the management of the insurer.
B) Analyses of the nature of the insurer’s activities can be done through:
  • analysing business lines, the type of products offered, policyholders and location of business;
  • analysing the distribution model(s) used;
  • meeting with the management to get information and a deeper understanding about current and future business plans;
  • analysing material contracts;
  • analysing the sales and marketing policies of the insurer, in particular, policy conditions and remuneration paid to the intermediaries; and
  • evaluating the reinsurance cover and its security. In particular, the reinsurance cover should be appropriate with regard to the financial means of the insurer and the risks it covers.
C) Analyses of the relationships with external entities can be done through:
  • analysing organisational charts, the group structures and the intragroup links;
  • analysing the relationships with major investors and among branches and subsidiaries;
  • analysing intragroup transactions, fees and other arrangements, including identifying instances of cross-subsidisation of businesses within a group or non-arm's length fees and charges;
  • analysing agreements with external service providers;
  • identifying financial problems originating from an entity in the group to which the insurer belongs; and
  • identifying of conflicts of interest arising from intra-group relationships or relationships with external entities.
D) Evaluation of the insurer's financial condition can be done through:
  • analysing audited financial statements and off-balance sheet commitments;
  • analysing the settlement of claims and the calculation of technical provisions according to current regulations;
  • analysing the operations and financial results by line of business;
  • analysing the investment policy (including derivatives policy) and the assets held to cover the technical provisions;
  • valuation of the insurer’s investments;
  • assessing litigation in which the insurer is a party; and
  • analysing the forecasted balance sheets and profit
E) Assessment of the insurer's fair treatment of customers can be done through:
  • assessing the culture of the insurer in relation to customer treatment, including the extent to which the insurer’s leadership, governance, performance management and recruitment, complaints handling policies and remuneration practices demonstrate a culture of fair treatment to customers;
  • assessing how conflicts of interests with customers are identified, managed and mitigated;
  • reviewing how products are designed and distributed to ensure they fulfil the customers’ demands and needs;
  • checking the adequacy, appropriateness and timeliness of the information and advice given to customers;
  • reviewing the handling and timing of claims and other payments;
  • reviewing the handling, frequency and nature of customer complaints, disputes and litigation; and
  • reviewing any customer experience reports used by the insurer or from other sources, such as an ombudsman.