ICP 10 Preventive Measures, Corrective Measures and Sanctions

The supervisor:
  • requires and enforces preventive and corrective measures; and
  • imposes sanctions
which are timely, necessary to achieve the objectives of insurance supervision, and based on clear, objective, consistent, and publicly disclosed general criteria.

10.1

The supervisor acts against individuals or entities that conduct insurance activities without the necessary licence.

 


10.1.1    
The supervisor should have in place mechanisms to identify when unlicensed insurance activity is being carried out. Examples of such mechanisms include monitoring of media and advertising, review of consumer complaints or encouraging industry and other stakeholders to notify the supervisor of suspicious activity.

10.1.2    
Where unlicensed activity is identified, the supervisor should act to address the issue. Examples include requiring the unlicensed entity to apply for a licence, seeking court orders to require the unlicensed entity to stop the activity, informing law enforcement authorities of criminal and/or civil concerns, imposing sanctions on the individual/entity or publicising the fact that the individual and/or entity is/are not licensed to conduct insurance activities.

10.2

The supervisor requires preventive measures if the insurer seems likely to operate in a manner that is inconsistent with regulatory requirements.

 

10.2.1    

Determining when an insurer seems likely to operate in a manner that is inconsistent with regulatory requirements will require a degree of discretion on the part of the supervisor. Nevertheless, concerns that necessitate preventive measures should be well founded based on the supervisor’s assessment.

10.2.2    

If the insurer operates in a manner that is likely to impact its ability to protect policyholders’ interests or pose a threat to financial stability, the supervisor should act more urgently in requiring preventive measures.

10.2.3    
The supervisor should communicate concerns to the insurer with a promptness that reflects the significance of the concern. Some concerns, such as relating to insurer solvency, policyholder protection, or financial stability, will be sufficiently significant to require immediate communication to the insurer. Other concerns, although significant, may not require such rapid communication, but should still be communicated appropriately. For example, it is unlikely to be appropriate for a supervisor to wait for the next on-site visit to an insurer before communicating a significant concern.

10.2.4    
The supervisor should promptly bring significant concerns to the attention of the Board because it has ultimate responsibility for the insurer and that such concerns are resolved. In addition, the supervisor should also communicate with Senior Management and with Key Persons in Control Functions to bring significant concerns to their attention.

10.2.5    
The supervisor should have available a range of preventive measures broad enough to address insurers of all sizes and complexities. Preventive measures should be chosen to address the severity of the insurer’s problems.

10.2.6    
The supervisor should have the power to issue, and enforce:
  •  restrictions on business activities, such as:
    • prohibiting the insurer from issuing new policies or new types of product;
    • requiring the insurer to alter its sales practices or other business practices;
    • withholding approval for new business activities or acquisitions;
    • restricting the transfer of assets;
    • prohibiting the insurer from continuing a business relationship with an intermediary or othe outsourced provider, or requiring the terms of such a relationship to be varied;
    • ​restricting the ownership of subsidiaries; and
    • restricting activities of a subsidiary where, in its opinion, such activities jeopardise the financial situation of the insurer;
  • directions to reinforce the insurer’s financial position, such as:
    • requiring measures that reduce or mitigate risks (for example, restricting exposures, through either hard or soft limits, to individual counterparties, sectors, or asset classes);
    • requiring an increase in capital;
    • restricting or suspending dividend or other payments to shareholders; and
    • restricting purchase of the insurer’s own shares; and
  • other directions, including:
    • requiring the reinforcement of governance arrangements, internal controls or the risk management system;
    • requiring the insurer to prepare a report describing actions it intends to undertake to address specific activities the supervisor has identified, through macroprudential surveillance, as potentially posing a threat to financial stability (see ICP 24 Macroprudential Supervision);
    • facilitating the transfer of obligations under the policies from a failing insurer to another insurer that accepts this transfer;
    • suspending the licence of an insurer; and
    • barring individuals acting in key roles from such roles in future.

10.2.7    
The supervisor may also have other powers available, including:
  • temporarily delaying or suspending, in whole or in part, the payments of the redemption values on insurance liabilities or payments of advances on contracts;
  • lowering the maximum rate of guarantees for new business or introducing additional reserving requirements; or
  • incentivising the use of a system-wide lending facility, when available, for market-wide liquidity issues extending to insurers.

10.2.8    
The supervisor should take steps to address problems arising from Board Members, Senior Management, Key Persons in Control Functions, significant owners, external auditors and any other person who plays a significant role within the insurer. For example, the supervisor should require the insurer to replace or restrict the power and role of those involved (listed above) in the governance processes if the supervisor has material concerns with management or governance.

10.2.9    
The supervisor should reject, rescind and/or request a court to revoke the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to, or does not adhere to, established professional standards.

10.2.10    
Supervisors should take action to address insurer audit quality concerns, including, where possible, requiring replacement or appointment of a supplementary auditor and the sanctioning of an external auditor if necessary. Supervisors should watch for indicators of potential major audit quality concerns, such as when:
  • the auditor does not have adequate insurance industry knowledge and competence;
  • there is an identified issue with auditor objectivity and independence;
  • the auditor does not disclose to the supervisor matters that it is required to disclose;
  • clear audit quality concerns are identified, such as if the auditor fails to test internal control systems sufficiently, the auditor is not appropriately sceptical, or does not appropriately challenge the insurer’s management regarding the major accounting figures; or
  • the auditor’s system of internal quality control appears ineffective.

CF 10.2.a    
The group-wide supervisor requires the Head of the IAIG to take preventive measures if:
  • a legal entity within the IAIG seems likely to operate in a manner that would have a material adverse effect on the IAIG as a whole; or
  • the IAIG as a whole seems likely to operate in a manner that is inconsistent with regulatory requirements.

CF 10.2.a.1    
The situation described in the first part of the Standard could arise, for example, where one regulated legal entity in the group seems likely to fail to meet its capital requirement, causing the IAIG as a whole to be likely to fail to meet a group capital requirement to which it is subject.

CF 10.2.a.2    
The group-wide supervisor should not require the Head of the IAIG to take additional preventive measures if the supervisor of an insurance legal entity within the IAIG has already required that entity to take preventive measures and the group-wide supervisor has assessed that the preventive measures adequately mitigate the risk to the IAIG as a whole.

CF 10.2.a.3    
The situation described in the second part of the Standard could arise, for example, where every regulated legal entity in the IAIG meets its capital requirement, but the group as a whole seems unlikely to meet a group capital requirement to which it is subject.

10.3

The supervisor requires corrective measures if the insurer fails to operate in a manner that is consistent with regulatory requirements.

 


10.4
The supervisor:
  • requires the insurer to take actions that address the supervisor’s identified concerns;
  • periodically checks that the insurer is taking action; and
  • assesses the effectiveness of the insurer’s actions.


10.5

The supervisor escalates, including enforcing, preventive or corrective measures if its concerns are not addressed by the insurer’s actions.

 


10.5.1    

The supervisor should require further measures if its concerns with the insurer become worse, including if the insurer fails to take the actions in a plan.

10.5.2    
Supervisory measures should escalate in line with the supervisor’s concerns about the insurer. If the insurer’s inaction leads to an increased risk to policyholders, then the supervisor should respond by requiring stronger measures to mitigate this risk.

10.5.3    
Enforcement of preventive or corrective measures could involve the supervisor issuing a formal direction to an insurer to take particular actions or to cease conducting particular activities. It could also involve the supervisor seeking the assistance of other authorities, or the courts, to enforce a measure.

CF 10.5.a    
The group-wide supervisor coordinates with other involved supervisors if the Head of the IAIG, or an insurance legal entity within the IAIG, fails to take action to address the group-wide supervisor’s, or other involved supervisor’s, identified concerns.

CF 10.5.b    
Where an insurance legal entity within the IAIG fails to take preventive or corrective measures, as required by the involved supervisor, the group-wide supervisor informs the Head of the IAIG of that lack of compliance and assists the involved supervisor, to the extent possible, in achieving compliant outcome.

10.6

The supervisor imposes sanctions on insurers and individuals proportionate to the breach of regulatory requirements or other misconduct.


10.6.1    
The supervisor should be able to impose a range of sanctions, which could be administrative, civil or criminal in nature. These can include the ability to impose fines, the ability to bar individuals acting in key roles from holding similar roles in future, and the ability to require remediation (such as requiring compensation of policyholders in cases of mis-selling). It is recognised that supervisors will not always be able to take a full range of legally binding actions themselves and may need to act in conjunction with, or refer matters to, other authorities, in particular, in the case of criminal penalties.

10.6.2    
In some cases it may be appropriate to apply sanctions against insurers or individuals when justified by their actions, or inactions.

10.6.3    
The supervisor should, in particular, be able to impose sanctions against insurers and individuals who:
  • fail to provide information to the supervisor in a timely fashion;
  • withhold information from the supervisor;
  • provide information that is intended to mislead the supervisor;
  • deliberately misreport to the supervisor; or
  • do not act in accordance with orders or directions imposed on the insurer.

10.6.4    
The sanctions imposed by the supervisor should be commensurate with the nature and severity of the insurer’s non-compliance with regulatory requirements. Administrative or procedural breaches will generally attract less severe sanctions than breaches arising from an insurer’s intentional disregard of regulatory requirements. The sanction imposed should be sufficiently dissuasive so that the insurer, or other insurers, do not commit a similar breach in the future.

10.6.5    
The supervisor should impose more severe sanctions relative to the gravity of the breach where an insurer’s history demonstrates a pattern of non-compliance with regulatory requirements.

10.6.6    
The supervisor may impose sanctions on insurers or individuals in addition to supervisory measures or in the absence of supervisory measures.

10.6.7    
The imposition of sanctions against an insurer or an individual typically should not delay either supervisory measures or insurer action taken in response to supervisory measures. However, in some instances, the nature of the sanctions may delay supervisory measures. For example, where a supervisor sanctions an insurer by requiring a number of Senior Managers to be replaced with new individuals, supervisory measures intended to improve the governance of the insurer may not be practical until after the new individuals are appointed.

10.6.8    
The supervisor, or another responsible authority in the jurisdiction, should take action to enforce sanctions that have been imposed.

10.6.9    
The supervisor should sanction insurers and individuals within a consistent framework, so that similar violations and weaknesses attract similar sanctions. Supervisors should consider how proposed sanctions relate to previous cases. The supervisor should identify precedents where the supervisor has sanctioned an insurer or individual for similar actions/inactions. Where the supervisor has sanctioned an insurer or individual for similar actions/inactions, then the supervisor should consider carefully whether a comparable sanction is appropriate. If the supervisor concludes that a very different sanction is appropriate, the supervisor should be prepared to explain why it reached this conclusion.

10.6.10    
In order for sanctions to have a deterrent effect on other insurers, the fact of the sanction, and sufficient details of the breach, should in general be published. However, the supervisor should retain the discretion to take a different course of action (for example, not to publish, or to delay publication) where this would further the achievement of supervisory objectives or it is otherwise in the public interest to do so.

CF 10.6.a    
The group-wide supervisor imposes sanctions directly on the Head of the IAIG within the group-wide supervisor’s jurisdiction.

CF 10.6.a.1    
Available sanctions should include the imposition of fines and penalties (even if non-compliance by the Head of the IAIG is due to the actions of a legal entity within the IAIG).

CF 10.6.a.2    
The group-wide supervisor should have flexibility in how it imposes sanctions, which may need to vary according to the legal structure of the group, the jurisdiction in which the legal entities in the group are established, and the supervisory authority over relevant parts of the group.

CF 10.6.a.3    
If the Head of the IAIG is not located in the jurisdiction of the group-wide supervisor, the group-wide supervisor should use indirect powers to impose sanctions.

CF 10.6.b    
An involved supervisor communicates with other involved supervisors before imposing sanctions on:
  • an insurance legal entity;
  • the Head of the IAIG; or
  • an individual involved with the relevant insurance legal entity or the Head of the IAIG
if the sanction will have a material effect on the supervision of the IAIG as a whole or a material effect on the supervision of another insurance legal entity within the IAIG, unless exceptional circumstances preclude such communication.

CF 10.6.b.1    
The involved supervisor should communicate the need for sanctions to other involved supervisors at the earliest opportunity. Where an involved supervisor must act before communicating the need for sanctions, that supervisor should inform the group-wide supervisor and other involved supervisors of the sanction, and the supporting rationale, as soon as possible.