Article (10) Risk Governance Framework and Internal Controls
10-1 | An Insurance Broker must have in place an appropriate Risk Governance Framework that includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report and control or mitigate material sources of risk on a timely basis. | ||||
10-2 | The Risk Governance Framework must address, amongst other key risks, the following areas: | ||||
a. | operational risk; | ||||
b. | conduct risk; | ||||
c. | insurance fraud; | ||||
d. | cybercrime and attacks; and | ||||
e. | money laundering and terrorist financing. | ||||
10-3 | An Insurance Broker’s definition and assessment of material risks must take into account nature, scale and complexity of its operations. | ||||
10-4 | An Insurance Broker must have in place mitigating action plans for key material risks and monitor them on an ongoing basis. | ||||
10-5 | The Insurance Broker’s Representatives are ultimately accountable for the Risk Governance Framework. | ||||
10-6 | An Insurance Broker’ Risk Governance Framework must be: | ||||
a. | kept up-to-date; | ||||
b. | reviewed annually; and | ||||
c. | proportionate to the nature, scale and complexity of their operations. | ||||
10-7 | An Insurance Broker must have an Internal Controls system that ensures effective operations, adequate control of risks, prudent conduct of business, reliability of financial and non-financial information reported and compliance with Central Bank Laws and Regulations. | ||||
10-8 | a. | An Insurance Broker must have effective Control Functions with the necessary independence, authority and resources covering risk management, compliance and internal audit. The effectiveness of the Control Functions must be assessed periodically by the Insurance Broker’s Representatives. | |||
b. | Control Functions must have an appropriate level of authority. The head of the Control Function must not participate in operational business responsibilities, such as underwriting, sales or accounting. | ||||
c. | Control Functions must avoid Conflicts of Interest. Where any conflicts remain and cannot be resolved by Senior Management, they must be brought to the attention of the Insurance Broker’s Representatives for resolution. | ||||
10-9 | The existence of Control Functions does not relieve the Insurance Broker’s Representatives of their responsibilities. | ||||
10-10 | The head of each Control Function must have access to the Insurance Broker’s Representatives and must submit periodic reports on the matters determined by them. | ||||
10-11 | Heads of Control Functions must submit annual reports to the Central Bank, as follows: | ||||
a. | risk management function: | ||||
I. | assessment of risk positions, exposures and the steps being taken to manage them; | ||||
II. | risk management issues resulting from strategic affairs of the Insurance Broker such as corporate strategy, mergers and major projects; and | ||||
III. | assessment of risk events and the identification of appropriate remedial actions and the assessment of results after implementation. | ||||
b. | compliance function: | ||||
I. | assessment of the key compliance risks the Insurance Broker faces and the steps being taken to address them; | ||||
II. | assessment of how the various parts of the Insurance Broker such as divisions, major business units are performing against compliance standards and goals; | ||||
III. | any compliance issues involving management or Persons in positions of major responsibility within the Insurance Broker, and the status of any associated investigations or other actions being taken. | ||||
c. | Internal audit function: | ||||
I. | assessment of all material areas of risk, including, but not limited to, concentration of risk, operational risk, risk-mitigation techniques and conduct of business; | ||||
II. | ensuring that controls are in place to preserve the assets of the Insurance Broker, preventing fraud and assessing the effectiveness of the controls in place in this regard; and | ||||
III. | assessing the reliability and efficiency of the accounting, financial, risk and compliance reporting information and the effectiveness of the controls in place. | ||||
12-10 | The heads of risk management, compliance, and internal audit must promptly report to the Central Bank any violations of the Central Bank Laws and Regulations, and any Matters of Significance. Heads of risk management, compliance and internal audit making such reports in good faith shall not be considered to have breached any of their obligations. | ||||
13-10 | The Insurance Broker must not dismiss the head of Control Functions without first obtaining the non-objection of the Central Bank. | ||||
14-10 | Insurance Brokers must promptly notify the Central Bank in case of resignation of their heads of risk management, compliance or internal audit and the reasons thereto. | ||||
15-10 | Outsourced activities must remain fully in scope of the Insurance Broker’s Control Functions’ responsibilities. | ||||
16-10 | Excluding Control Functions, an Insurance Broker may combine positions at the Insurance Broker, subject to the Central Bank’s approval. The Central Bank shall approve the combination of positions on a case-by-case basis, with due consideration of the size, complexity, volume and lines of business of the Insurance Broker. | ||||