Corporate Governance Code of Practice for Designated Insurers

Corporate Governance Code of Practice for Designated Insurers Index c SD No. 2019/0254 Page 1 c CORPORATE GOVERNANCE CODE OF PRACTICE FOR DESIGNATED INSURERS Index Paragraph Page 1 Title....................................................................................................................................3 2 Commencement................................................................................................................3 3 Interpretation ....................................................................................................................3 4 Approach to corporate governance ..................................................................................4 5 Corporate Governance Code of Practice for Commercial Insurers...................................4 6 Requirements of insurance group’s corporate governance framework ...........................4 7 ERM system and ORSA process at group-level..................................................................5 ENDNOTES 8 TABLE OF ENDNOTE REFERENCES 8

Corporate Governance Code of Practice for Designated Insurers Paragraph 1 c SD No. 2019/0254 Page 3 Statutory Document No. 2019/0254 Insurance Act 2008 c CORPORATE GOVERNANCE CODE OF PRACTICE FOR DESIGNATED INSURERS1 Laid before Tynwald: 18 June 2019 Coming into Operation: 1 July 2019 The Isle of Man Financial Services Authority issues the following binding Guidance Notes under section 51(1) of the Insurance Act 2008, after carrying out the consultations required by section 51(6) of that Act. 1 Title These Guidance Notes are the Corporate Governance Code of Practice for Designated Insurers. 2 Commencement These Guidance Notes come into operation on 1 July 2019. 3 Interpretation “the Act” means the Insurance Act 2008; “CGC” means the Corporate Governance Code of Practice for Commercial Insurers1 ; “ERM system” means enterprise risk management system; “governance approach” in relation to an insurance group, means the approach it uses as referred to in paragraph 4; “group-level” has the meaning given in the Group Supervision Regulations; “the Group Supervision Regulations” means the Insurance (Group Supervision) Regulations 20192 ; “insurance group” has the meaning given in the Group Supervision Regulations;

1 SD 2018/0247 2 SD 2019/0255

Paragraph 4 Corporate Governance Code of Practice for Designated Insurers Page 4 SD No. 2019/0254 c “intra-group transactions” has the meaning given in the Group Supervision Regulations; “ORSA process” means own risk and solvency assessment process; “SCR” means solvency capital requirement; “wider group” in relation to an insurance group, includes the widest group in respect of which the insurance group is a part. 4 Approach to corporate governance An insurance group may, in respect of its approach to corporate governance, adopt a centralised or decentralised approach, or a combination of both approaches, provided that the adopted approach complies with the Group Supervision Regulations and these Guidance Notes. 5 Corporate Governance Code of Practice for Commercial Insurers In relation to the corporate governance system of an insurance group and its group undertakings, the CGC, with the necessary amendments, is to be taken to be information published and advice given by the Authority under section 34 of the Act as to what constitutes sound and prudent management. 6 Requirements of insurance group’s corporate governance framework (1) The corporate governance framework of an insurance group must address its governance needs at group-level. (2) The framework must – (a) take account of, and be suitable for, the insurance group’s organisational structure; (b) ensure effective, comprehensive and consistent governance, including direction and coordination; (c) include objectives and strategies for achieving those objectives; (d) ensure effective communication and adequate and timely information at all levels; (e) promote a sound and consistent risk management system and compliance culture; (f) include clearly defined responsibilities and accountabilities; (g) include allocation and separation of responsibilities and accountabilities that ensure the operation of effective checks and balances (including separation between oversight and management responsibilities); (h) ensure that persons in key roles have the integrity, competence, experience, qualifications, commitment and, where appropriate, independence commensurate with those roles;

Corporate Governance Code of Practice for Designated Insurers Paragraph 7 c SD No. 2019/0254 Page 5 (i) support objective decision-making by avoiding or managing conflicts of interest; (j) where appropriate, use clear and objective independence criteria in key areas of potential conflict such as membership of remuneration or audit committees; (k) include proper consideration of the legal and regulatory obligations, governance responsibilities and relevant and material individual and aggregate risk exposures; (l) include an effective risk management system appropriate to the insurance group’s corporate governance approach that can – (i) act flexibly and in a timely manner to manage the risks of the insurance group (including ensuring appropriate awareness of relevant and material group risks at the undertaking-level); and (ii) promote a risk management culture consistent with paragraph (e); (m) include an effective compliance system able to ensure adherence to the relevant legal and regulatory obligations and to promote a compliance culture consistent with sub-paragraph (e); (n) include comprehensive and well-coordinated policies (including policies relating to risk appetite, limits and tolerances), procedures and controls, including reporting; (o) include remuneration policies which do not incentivise inappropriate behaviour such as inappropriate risk taking; (p) include risk management, compliance, internal audit and, where appropriate, actuarial functions that provide a reliable view of risks, including how those risks should be managed and how they are being managed; (q) include documentation of the insurance group’s organisational structure and system of governance; and (r) be clear as to how any branches within the insurance group are managed, overseen and held accountable. 7 ERM system and ORSA process at group-level (1) As part of its corporate governance framework, an insurance group, at group-level and with a group-wide perspective, must establish, implement and maintain an effective ERM system (including an ORSA process, that is adequate and appropriate to the nature, scale and complexity of the insurance group, its activities and the risks to which it is or may be exposed). (2) The ERM system of an insurance group must –

Paragraph 7 Corporate Governance Code of Practice for Designated Insurers Page 6 SD No. 2019/0254 c (a) encompass and appropriately categorise all relevant and material risks (including any such risks arising from the insurance group being part of a wider group); (b) have a risk management policy for those risks, outlining how they are managed on a strategic and day to day basis (including consideration of the group-wide risk appetite framework and the integration of the individual risk appetite frameworks at undertaking-level); (c) use forward-looking quantitative methods, including risk modelling, stress testing, reverse stress testing and scenario analysis (including scenarios involving relevant and plausible changes in group structure or integrity in adverse circumstances) as may be adequate and appropriate on a group-wide basis; (d) take account of the real nature and effect of the direct and indirect relationships between members of the insurance group (such as the formality and legal enforceability of potentially relevant and material intra-group transactions); (e) use appropriate assumptions which consider matters such as constraints affecting the fungibility of capital and the transferability of assets which may be different at the group-level from the undertaking-level; (f) have a feedback loop at group-level (including any additional analyses and information as may be needed to address any increased complexity) which enables the insurance group to take timely and appropriate action in response to changes in its risk profile; (g) determine the economic capital needs, regulatory capital requirements, capital adequacy and liquidity adequacy of the insurance group; (h) for the purpose of (g), consideration should be given to factors such as any multiple gearing, intra-group creation of capital and reciprocal financing, leverage of the quality of capital, the fungibility of capital and the free transferability of assets within the insurance group); and (i) include a continuity analysis over a suitable forecast time horizon, which considers capital distribution and cash flows across the insurance group under scenarios involving relevant and plausible adverse circumstances. (3) Subject to sub-paragraph (4), the designated insurer must, as soon as is practicable, inform the Authority of the results of each ORSA it carries out in respect of the insurance group. (4) A designated insurer is exempt from the requirement in sub-paragraph (3) if it has obtained the Authority’s written approval to be so.

Corporate Governance Code of Practice for Designated Insurers Paragraph 7 c SD No. 2019/0254 Page 7 MADE ON 23 MAY 2019

Endnotes Corporate Governance Code of Practice for Designated Insurers Page 8 SD No. 2019/0254 c ENDNOTES Table of Endnote References

1 The format of this legislation has been changed as provided for under section 75 of, and paragraph 2 of Schedule 1 to, the Legislation Act 2015. The changes have been approved by the Attorney General after consultation with the Clerk of Tynwald as required by section 76 of the Legislation Act 2015.