System of Governance Articles 41 to 49 of Directive 2009/138/EC 11 th May 2010

1. System of GovernanceArticles 41 to 49 of Directive 2009/138/EC11th May 2010 Eamonn Henry

2. System of Governance – Directive Articles • General governance requirements (Article 41) • Fit and proper requirements (Article 42) • Proof of good repute (Article 43) • Risk management (Article 44) • Own risk and solvency assessment (Article 45)

3. System of Governance – Directive Articles • Internal control (Article 46) • Internal audit (Article 47) • Actuarial function (Article 48) • Outsourcing (Article 49)

4. General governance requirements • Adequate structure with clear allocation/segregation of duties • Effective transmission of information • Written policies with prior approval by Board and annual review: • risk management, internal control, internal audit, outsourcing (where relevant)

5. Fit and proper requirements • Applies to Directors/managers/key functions • Adequate qualifications, knowledge and experience • Good repute/integrity

6. Proof of good repute • Evidence of good repute • Evidence of no bankruptcy • Mutual recognition between Member States

7. Risk management • Risk management function to be established to implement risk management system • Effective risk management system to identify, measure, monitor, manage and report all risks and interdependencies • Integrated into organisational structure and decision making

8. Risk management • Cover risks included in the SCR calculation and any other risks • Cover underwriting/reserving/ALM/investment, etc. and have written policies • Cover approved partial or full internal models: • design & implementation, testing & validation, document & make changes, analyse performance, report to Board & recommend improvements

9. Own risk and solvency assessment (ORSA) • Company’s own view of its risks and capital needs • ORSA is part of the risk management system • Overall solvency based on risk profile, risk tolerance and business strategies • Continuous compliance with SCR/MCR/technical provisions • Identification of significant deviations of the risk profile from the SCR assumptions

10. Own risk and solvency assessment (ORSA) • Integrated into business strategy and strategic decision making • To be performed regularly and after change in risk profile • Results to be provided to the supervisory authority • ORSA is not a parallel method to calculate the SCR

11. Internal control • Effective internal control system • Sound administrative and accountancy procedures, reporting arrangements • Compliance function to be established

12. Internal audit • Internal audit function to be established • Evaluate internal control and other aspects of governance • Objective and independent from operational functions • Recommendations reported to Board

13. Actuarial function • Staffed by persons with knowledge of actuarial/financial mathematics • Responsible for coordinating the calculation of the technical provisions • Appropriate methodologies, assumptions, data sufficiency and quality • Compare best estimate against experience

14. Actuarial function • Advise Board on reliability/adequacy of the calculation of the technical provisions • Provide an opinion on overall underwriting policy and on reinsurance arrangements

15. Outsourcing • Responsibility for outsourced functions remain with insurance undertaking • Governance should not be impaired and operational risk should not be unduly increased • Supervisor’s ability to monitor compliance should not be impaired • Supervisors to be notified in advance of any planned outsourcing

16. Proportionality • Principle included in the Directive • Based on the nature, scale and complexity of operations • CEIOPS guidance still being developed • Same rules for all but different implementation

17. Lessons learnt • Governance is important – pay attention to it! • Risk management is fundamental • Start thinking in terms of the ORSA • Start working on written policies!

18. Thank you Thank you