Financial Regulatory Authority

FINANCIAL REGULATORY AUTHORITY

Guidelines and Procedures for Applying Egyptian Accounting Standard No. 50 on Insurance Contracts

May 2023

---

Financial Literacy Knowledge Hub

FINANCIAL LITERACY KNOWLEDGE HUB Where knowledge is created and disseminated حيث نصنع المعرفة ونتشرها

www.fra.gov.eg

---

Financial Regulatory Authority

FINANCIAL REGULATORY AUTHORITY

Guidelines and Procedures for Applying Egyptian Accounting Standard No. 50 on Insurance Contracts

Insurance companies operating in the Egyptian market are required to adhere to the guidelines set forth in the following procedures manual as a minimum for applying Egyptian Accounting Standard No. 50, aiming to ensure proper application of the standard's requirements and present financial statements that reflect the company's true financial position, achieving high levels of transparency and disclosure.

First: Plan and Mechanisms for Applying the Standard

-1- Developing an action plan approved by the company's board of directors to apply the standard's requirements, commensurate with the nature of the company's activities and application timelines, subject to the Authority's approval by a deadline of May 30, 2023, in accordance with the timeline set out in the roadmap previously communicated to insurance companies.

-2- Forming a standard application committee comprising, at minimum, the CEO or their delegate, CFO, Risk Manager, Underwriting Manager, Reinsurance Manager, Actuarial Manager, IT Systems Manager, Internal Control and Compliance Managers, and any other manager the company deems necessary to join the committee to achieve the standard's application objective.

-3- The committee studies and establishes application mechanisms, determining whether the company possesses sufficient technical, technological, and human capabilities to fully apply the standard internally or will engage one or more consulting entities to provide accounting, electronic, or technological support for application tasks, without compromising the company's responsibility for correct application of the standard's requirements, and presents this to the board of directors.

-4- Identifying training needs for all administrative levels (executive and supervisory) to ensure company staff are adequately equipped with the requirements for applying the standard.

-5- The committee meets periodically to monitor implementation and training activities according to a timeline in the action plan, with meeting results presented to the internal control and risk committees and the board of directors.

Second: Contracting with Consulting Entities to Support Standard Application

The responsibility for "selecting one or more consulting entities to provide accounting and/or electronic and/or technological support for optimal standard application" lies with the insurance company, considering the following:

-1- The insurance company carefully reviews all proposals from consulting entities and verifies whether they possess the expertise required for standard application in accounting, electronic, and technological aspects, as well as having human resources capable of providing technical support optimally, considering quality and cost-effectiveness.

-2- The insurance company verifies the following before contracting with any consulting entity operating within Egypt:

-a- The legal entity of the consulting entity or its representative within the Arab Republic of Egypt, ensuring engagement with a consulting entity supervised by the Authority as a resident person or its natural persons working in one of the professional registers related to standard application, such as (the Authority's Accountants Register – the Actuarial Experts Register – the Outsourcing Companies Register amended according to Financial Technology Law No. 5 of 2022).

-b- The expertise and track record of the consulting entity, both within and outside Egypt.

c- The consulting entity and its members enjoy a good reputation and professional competence in their field regarding application.

d- The suitability and efficiency of the technological system prepared by the consulting entity for standard application, verifying its compatibility with the company's activity nature and integration with the company's information system, ensuring optimal application.

-3- If the company wishes to contract with a foreign consulting entity without a legal entity in Egypt, it must verify the following before contracting:

-a- The legal entity of the consulting entity in its home country, identifying the supervisory authority to which it and its members are subject, with supporting documents.

-b- The expertise and track record of the consulting entity in providing accounting, electronic, and technological services, with a specific environment of prior projects and contracts for applying International Standard No. 17 (equivalent to Egyptian Accounting Standard No. 50).

c- The consulting entity's good reputation and professional competence in its field, both domestically and internationally.

d- When contracting with the external consulting entity, the insurance company may include a third-party "accountant/electronic/technology" provider with a legal headquarters in Egypt, possessing professional expertise in accounting, electronic, or technological services, and registered with the Authority's Accountants or Actuarial Experts Registers.

-4- If the insurance company seeks accounting, electronic, or technological support from a consulting entity contracted by one of its shareholders (global insurance companies) or an affiliated company, it must verify before contracting the consulting entity's legal entity, expertise and track record in providing services, its possession of required expertise, good reputation, professional competence, and the suitability/efficiency of the technological system to be used for optimal application.

-5- The committee formed by the company and responsible for applying Accounting Standard No. (50) is committed to establishing criteria for negotiating with consulting entities providing necessary support, conducting comparisons among them, and ensuring the selected consulting entity is approved by the board of directors based on these criteria.

-6- The company must ensure upon contracting with the consulting entity providing support that the contract contains specific data confidentiality conditions according to governing laws, as well as penalties commensurate with the nature of services provided, and must avoid conflicts of interest between the insurance company and the consulting entity (or its representative), with full disclosure to the board of directors.

-7- The company must establish conditions for data storage, preservation, confidentiality, and protection mechanisms when contracting, verifying data storage locations, providing backups, and establishing a disaster recovery and business continuity plan.

Third: Standard Application Requirements

-1- Regarding Insurance: Insurance companies must fully comply with standard application requirements regarding determining the issued contracts and their profitability, which meet the definition of an insurance contract under standard guidelines within the scope of insurance contracts, including classifying and grouping these contracts according to nature, risk level, similarity, segmentation by issuance periods and profitability, and recognition dates, considering treatments for contract modifications or cancellations.

-2- Regarding Non-Insurance Components in Contracts: The company must establish a mechanism to separate non-insurance components from the insurance contract and determine the standard to be applied for processing these components.

-3- Regarding Future Cash Flows: Insurance companies must estimate expected future cash flows, their collection, and expected cash flows resulting from insurance contracts, including all related circumstances upon contract recognition, considering determining acquisition costs and assessing insurance contract profitability, while adhering to all assumptions used within the standard that affect net cash flows.

-4- Regarding Discount Rates: Companies must determine the discount rate to be used, specifying the calculation mechanism according to standard requirements, exercising caution in its calculation so as not to negatively affect the company's financial position and ensuring alignment with the currency in which contract liabilities are recorded.

-5- Regarding Risk Adjustment: Insurance companies must define and determine non-financial risks according to standard requirements, specifying the method for determining value and the confidence level used in calculation.

-6- Regarding Contract Measurement Approaches: Insurance companies must determine the approach to be used for measuring and processing insurance contracts and retained reinsurance contracts.

-7- Regarding Disclosures: Insurance companies must comply with the disclosure requirements mandated by standard application.

Fourth: Information Technology Systems

-1- The insurance company's board of directors must approve the IT system to be used, prepared by the company itself or through any consulting entity providing technical support for standard application, which must include at minimum:

-a- System capability to: aggregate contracts and separate their components (insurance/non-insurance).

-b- Apply all accounting measurement approach requirements compatible with the company's activity nature.

c- Estimate future cash flows, with the system including electronic assumptions for estimating these flows.

d- Calculate the present value of future cash flows using the calculated and approved discount rate.

e- Calculate the value of non-financial risk adjustments and contractual service margin according to used electronic assumptions.

f- Manage retained reinsurance contract operations separately.

g- Process changes in used electronic assumptions.

h- Prepare accounting entries technically and post them to general and subsidiary ledgers, preparing trial balances.

i- Store data at the contract level and archive it.

j- Integrate with the core accounting system used and prepare financial reports and required disclosures according to the standard.

-2- Internal control and risk committees, as well as the manager overseeing IT system review processes, must be sufficiently familiar with best practices for the review process in light of standard application requirements.

-3- The Authority receives an annual report, after presentation to the board of directors, detailing how accurately IT systems ensure the review methodology originating from the company, along with a summary of results and corrective actions in case of system issues.

Fifth: Rights and Obligations of Contracting Parties for Providing Technological Services

1- Rights and Obligations of the Insurance Company (Service Recipient/Outsourcing Entity):

-a- The insurance company has the right to outsource performance of required technological services for applying Egyptian Accounting Standard No. (50) to one entity (outsourcing company), ensuring the insurance company is fully independent from the outsourcing entity's operational results technically and legally.

-b- The insurance company must have technical staff capable of evaluating the integrity and quality of work executed by the service provider.

c- The insurance company's board of directors must approve a comprehensive outsourcing plan for required services, detailed and presented by the committee formed for standard application.

d- The insurance company must, upon signing the agreement for outsourcing technological services, include at minimum the terms detailed in Paragraph (3) with the service provider.

e- The insurance company must take preventive measures for outsourcing entities aiming to apply the standard, or when making any material amendment to the existing outsourcing agreement.

f- The insurance company must prepare a specific and clear outsourcing policy ensuring performance evaluation indicators (KPIs) to monitor outsourcing service providers' performance.

2- Rights and Obligations of the Service Provider (Outsourcing Company):

-a- The outsourcing service provider must assist the insurance company (the principal entity) optimally with guidelines issued by the Authority governing operations, business processes, and outsourcing arrangements, including examples such as "guidelines for entities, technological infrastructure, information systems, protection and insurance means, and main technological functions."

-b- Ensure security of the insurance company's customer data, as well as the outsourcing provider not retaining the company's customer and service data, using appropriate means to protect privacy and confidentiality, ensuring unauthorized access is prevented.

c- Establish precautionary measures regarding data security and business continuity plans.

d- Carry out necessary corrective actions when any deficiency appears in the level of services outsourced to them.

e- Record all related events, enabling the insurance company and Authority to review these events.

f- Notify the insurance company and Authority if a supervisory authority requests dedicated outsourcing monitoring to exercise its review and inspection functions, along with the results of these activities.

3- Outsourcing Agreement:

The outsourcing agreement is legally binding between the insurance company (the principal entity) and the service provider (outsourcing company), containing at minimum:

-a- The agreement's duration, specifying the start date, end date, and renewal date.

-b- Defining the service provider's scope of work, performance measurement criteria, and clearly measurable risks.

c- Specifying clear performance indicators for continuous service quality verification.

d- Guidelines and procedures followed regarding data security and the service provider's responsibility toward such data.

e- Scope of data to be protected, and the scope of exchanging data and information as necessary for executing the defined work scope.

f- Including a clause on data confidentiality, as well as signing a non-disclosure agreement to ensure data security and determine liability in case of security breaches and leakage of confidential information.

g- Necessary provisions to compensate service recipients (insurance companies) for any losses or liabilities arising from security breaches attributed to the service provider.

h- Compensation methods for the service provider to the service recipient (insurance company) in case of security breaches and leakage of confidential information.

i- Including provisions ensuring the service recipient fulfills its supervision and monitoring role effectively, with full and continuous access rights to all data and information exchanged with the service provider.

j- Ensuring the service recipient's actual ability to fully access its customers' data in case of contract termination or dispute between the parties.

k- Obligation of employees assigned by the service provider and participating in providing standard application services to comply with data confidentiality standards.

l- The Authority's right to directly and immediately obtain, without conditions, any information or documents related to the provided service or access the system used, as well as inspect the service provider's work regarding the status of the provided service.

m- Including dispute resolution procedures between the insurance company and the outsourcing entity (service provider).

---

Financial Regulatory Authority

FINANCIAL REGULATORY AUTHORITY

Financial Literacy Knowledge Hub FINANCIAL LITERACY KNOWLEDGE HUB Where knowledge is created and disseminated حيث نصنع المعرفة ونتشرها

www.fra.gov.eg