Regulation on the audit of insurance and reinsurance undertings

NATIONAL BANK OF MOLDOVA

D E C I S I O N on the approval of the Regulation on the audit of insurance and reinsurance undertakings

No 71 of 29.02.2024 (in force as of 14.03.2024)

Official Monitor of the Republic of Moldova No 98-100 Art. 223 of 14.03.2024

---

REGISTERED: by the Ministry of Justice of the Republic of Moldova No 1920 of March 5, 2024 Minister _____ Veronica MIHAILOV-MORARU

Pursuant to Art.53 paragraphs (1) and (11), Art.54 paragraphs (1) and (3), Art.118 paragraphs (1) and (2) of the Law No 92/2022 on the activity of insurance or reinsurance (Official Monitor of the Republic of Moldova, 2022, No 129-133 Art.229), with subsequent amendments, Art.X, paragraph (6) of the Law No 214 /2023 on the amendment of some normative acts (ensuring the transfer of powers according to Law No.178/2020 on the amendment of some normative acts), (Official Monitor of the Republic of Moldova, 2023, No 287-290, Art.504), the Executive Board of the National Bank of Moldova DECIDES:

1. To hereby approve the Regulation on the audit of insurance and reinsurance undertakings (attached).
2. To repeal the Decision of the National Commission for Financial Markets No 19/3/2019 on the approval of the Regulation on the audit of insurers (reinsurers) (Official Monitor of the Republic of Moldova, 2019, No 178-184, Art.914), registered at the Ministry of Justice of the Republic of Moldova under No 1455 of May 22, 2019.
3. This Decision shall enter into force on the date of its publication in the Official Monitor of the Republic of Moldova. VICECHAIRMAN OF THE EXECUTIVE BOARD Vladimir MUNTEANU No 71. Chisinau, February 29, 2024.

Approved by the Decision of the Executive Board of the National Bank of Moldova No 71 of February 29, 2024

REGULATION on the audit of insurance and reinsurance undertakings

Chapter I GENERAL PROVISIONS

1. This Regulation lays down the regulatory framework for carrying out audits of financial statements and audits for supervisory purposes at the insurance or reinsurance undertaking, the manner of acceptance/approval (hereinafter - approval), including the criteria for the audit entity and the manner of withdrawal of approval of the audit entity, the requirements for preparing the auditor's reports.
2. The terms used in this Regulation shall have the meanings stipulated in Law No 92/2022 on the activity of insurance or reinsurance (hereinafter - Law No 92/2022), the Law on accounting and financial reporting No 287/2017 (hereinafter - Law No 287/2017) and Law No 271/2017 on the audit of financial statements (hereinafter - Law No 271/2017).
3. For the purposes of this Regulation, the notion "insurance undertaking or reinsurance undertaking" shall include an insurance undertaking or a reinsurance undertaking whose head office is situated in the Republic of Moldova, as well as branches of insurance or reinsurance undertakings in third countries.
4. The audit entity which will carry out the audit of the insurance or reinsurance undertaking shall be approved by the National Bank of Moldova before the conclusion of the audit contract. Chapter II REQUIREMENTS FOR THE AUDIT ENTITY

Section 1 Requirements for the audit entity and the audit engagement team 5. The National Bank of Moldova shall approve the audit entity to carry out the audit of financial statements and/or the audit for supervisory purposes, if it meets all of the following criteria:

1. is registered in the Public Register of audit entities;
2. no disciplinary measures have been applied to the audit process in the last 3 years;
3. has at least 3 years' experience in auditing financial statements of public interest entities;
4. the approval of the National Bank of Moldova has not been withdrawn in the context of non-compliance with the provisions of the regulatory framework related to the activity in the field of insurance or reinsurance in the last 3 years;
5. has not less than two auditors, as employees, holding a valid auditor's qualification certificate, registered in the Public Register of Auditors;
6. the audit engagement team meets the following criteria: a) at least 1/3 of the audit engagement team shall have at least 3 years' experience in the field of auditing financial statements under International Financial Reporting Standards (IFRS);

b) at least one auditor of the audit engagement team shall have a minimum of 3 years' experience in the audit of financial statements of public-interest entities, including one year in the audit of financial statements of insurance or reinsurance undertakings; c) at least one member of the audit engagement team shall hold a certificate of qualification of the actuary, provided that the actuary does not have and has not had, for at least the previous two consecutive management periods, contractual relations with the insurance or reinsurance undertaking being audited; d) the audit work performed and responsibilities exercised lead to the conclusion that it has a good professional reputation. The professional reputation shall be assessed by the insurance or reinsurance undertaking in accordance with the documents and information specified in point 8, subpoint 8); e) at least one auditor has an international certification of qualification in accounting and/or auditing; f) at least one member of the audit engagement team has an audit certification in the field of information systems CISA (Certified Information Systems Auditor), a certification issued by the international professional association Information Systems Audit and Control Association (ISACA), in the case of an audit for supervisory purposes ordered under point 25, subpoint 7); g) at least one appointed member of the audit engagement team has experience and/or certification in the field of prevention and combating money laundering and terrorist financing, in the case of an audit for supervisory purposes ordered according to point 25, subpoint.4). 6. The actuary appointed in the audit engagement team must comply with the professional and ethical standards, as well as with the provisions of the normative acts of the National Bank of Moldova, having the obligation to allocate sufficient time in order not to affect the quality of the actuarial analysis necessary for the fulfillment of the audit mission. 7. The audit contract shall be in written form and shall contain at least the following:

1. the subject matter and scope of the audit;
2. the management period for which the audit will be carried out, in accordance with Law No 287/2017;
3. the obligation of the audit entity to transmit the information obtained during the audit missions to the National Bank of Moldova, according to Art.53 paragraph (3) and paragraph (4) of the Law No 92/2022;
4. the obligation of the audit entity to prepare reports in accordance with Art.28 and 46 of Law No 271/2017, Art.53 and/or Art.54 of Law No 92/2022 and this Regulation, as well as the information on identified material misstatements or material inconsistencies disclosed in a letter addressed to the management of the insurance or reinsurance undertaking, in accordance with auditing standards;
5. the audit entity's obligation to inform the insurance or reinsurance undertaking about the modification in the information related to the criteria specified in point 5 within a maximum of 5 working days from the date of occurrence of the modification;
6. the audit entity's obligation to review the expertise of the actuary who was part of the audit team as an integral part of the auditor's report, and in case of disagreement with the actuary’s expertise, the audit entity's obligation to appoint another actuary to the audit team, with the reasoning regarding the disagreement with the expertise of the originally designated actuary. Section 2 How to endorse/withdraw an audit entity approval

8. The application for obtaining the approval of the audit entity shall be submitted to the National Bank of Moldova by the insurance or reinsurance undertaking, enclosing the following documents and information:

1. in the case of an audit of financial statements, an extract from the minutes of the general meeting of the shareholders of the insurance or reinsurance undertaking where the decision on the confirmation of the audit entity to carry out the audit of financial statements was taken;

2. in the case of an audit for supervisory purposes, the extract from the minutes of the management body of the insurance or reinsurance undertaking empowered by law or statute with the right to take the decision on the confirmation of the audit entity for carrying out the audit for supervisory purposes;

3. a detailed description of the schedule of the activities planned in the context of the audit for the planned management period, signed by the auditor/partner responsible for the audit mission;

4. a sworn statement on the independence of the auditors in the audit entity team, as required by audit legislation, signed by the partner responsible for the audit mission/head of the audit entity;

5. a sworn statement on the absence of criteria for affiliation of the audit entity with the insurance or reinsurance undertaking, signed by the partner responsible for the audit mission/head of the audit entity;

6. the agreed draft of the audit contract to be concluded between the insurance or reinsurance undertaking and the audit entity, drawn up in Romanian, and which meets the requirements set out in point 7;

7. information on the audit entity and the experience of the appointed members of the audit engagement team, completed in accordance with the Annex to the Regulation and supporting documents attesting the experience of the members of the audit engagement team in the field of auditing financial statements under IFRS, information systems in the financial sector and audit for supervisory purposes, as appropriate, as referred to in point 5, certified by the signature of the person responsible within the insurance or reinsurance undertaking;

8. an assessment by the insurance or reinsurance undertaking of the compliance of the audit engagement team with the professional reputation requirements, signed by the member of the executive body of the insurance or reinsurance undertaking, performed on the basis of the following documents and information: a) for the resident - the criminal record certificate and the certificate on the absence or existence of budget arrears issued by the competent authorities of the Republic of Moldova and/or the documents issued by the competent authorities of the country/countries where the person under the resident's control carries out his activity, which shall be annexed to the assessment; b) for non-resident - the documents issued by the competent authorities of the country of residence and of the country/countries in which the person under the control of the non-resident is carrying out his/her activities, which shall be annexed to the assessment. Where it is not possible to produce a criminal record, it may be replaced by an equivalent document issued by a competent judicial or administrative authority in the country of origin or by a sworn statement. Foreign natural and legal persons who are not registered for tax purposes in the Republic of Moldova are not obliged to submit the certificate on the absence or existence of budget arrears, and the sworn statement is sufficient, proving that they have not committed any acts and have not been in situations of the nature of those that are included in the record of the certificate on the absence or existence of budget arrears, as well as that they are not registered for tax purposes in the Republic of Moldova; c) information on the audit entity and the experience of the appointed members of the audit engagement team; d) publicly available information;

9. a confirmation issued by the Public Supervisory Board of the audit on the non￾existence of disciplinary measures applied to the audit entity and the auditors appointed to carry out the audit mission for the last 3 years;

10. a copy of the insurance contract for civil liability in the audit entity's professional activity;

11. a sworn declaration of the actuary, as an independent expert - member of the audit engagement team, on: a) the independence and lack of affiliation criteria with the audited insurance or reinsurance undertaking or its related parties; b) the absence during the last two consecutive management periods of contractual relations with the audited insurance or reinsurance undertaking; c) the agreement to be appointed as a member of the audit team;

12. copies of the individual employment contract/service contract and curriculum vitae for the actuary and the actuary qualification certification, as the case may be;

13. copies of the individual employment contracts/service contracts and certificates attesting the relevant competencies of the members of the audit engagement team in the case of audit of information systems and/or in the area of prevention and combating money laundering and terrorist financing, as appropriate;

14. in the case of audit for supervisory purposes, in addition to the documents and information specified in this point, the draft engagement letter of the audit entity shall also be attached.

9. In case of concluding the contract for carrying out the audit of financial statements with the audit entity for a term of no more than three consecutive management periods, the insurance or reinsurance undertaking shall submit the application for obtaining the approval of the audit entity to the National Bank of Moldova under the conditions of point 8 in the first audited management period.

10. The application, as well as the documents and information, specified in point 8, shall be drawn up in Romanian and shall be submitted to the National Bank of Moldova within 10 working days from the confirmation of the audit entity by the general meeting of shareholders of the insurance or reinsurance undertaking or, as the case may be, by the governing body authorized by law or statute.

11. The National Bank of Moldova shall, within 30 days from the date of receipt of the complete set of documents and information specified in point 8, approve or refuse to approve the audit entity, informing the insurance or reinsurance undertaking in writing about its decision.

12. If the documents and information specified in point 8 are incomplete, the National Bank of Moldova shall inform the insurance or reinsurance undertaking in writing about this fact within 5 working days from the date of submission of the application. The insurance or reinsurance undertaking shall, within 10 working days from the date of receipt of the letter of the National Bank of Moldova, complete and submit to the National Bank of Moldova the missing documents and/or information. The 30-day period, set out in point 11, shall start to run from the submission by the insurance or reinsurance undertaking of the complete set of documents and information.

13. In the event that the insurance or reinsurance undertaking has not completed the set of documents and information within the deadlines set out in point 12, the National Bank of Moldova shall inform the insurance or reinsurance undertaking about the termination of the administrative procedure.

14. If the set of documents and information is complete, but the information submitted is insufficient to determine whether the criteria for approval of the audit entity are met, the National Bank of Moldova may take additional measures to verify the fulfillment of the criteria and/or the documents and information, including further investigations, may consult with public authorities and other legal persons.

15. The insurance or reinsurance undertaking shall be obliged to submit the additional information and documents within the deadline specified by the National Bank of Moldova, during which period the deadline referred to in point 11 shall be suspended.

16. As grounds for refusal to approve the audit entity, the following are considered:

1. submission to the National Bank of Moldova of erroneous, inauthentic and/or contradictory documents and information; and/or
2. failure of the audit entity and/or members of the audit engagement team to meet at least one of the criteria specified in point 5; and/or
3. failure to comply with one of the conditions referred to in Article 53 paragraphs (2) and (6) of Law No 92/2022; and/or
4. failure of the audit contract to comply with the requirements specified in point 7;
5. failure to comply with the provisions of the legal framework applicable to the audit of insurance or reinsurance undertakings in the last 3 years.

17. The insurance or reinsurance undertaking shall be obliged to notify in writing the National Bank of Moldova, within 5 working days from the occurrence of any of the situations specified in Article 53 paragraph (10) of the Law No 92/2022.
18. During the audit, the insurance or reinsurance undertaking is obliged to notify the National Bank of Moldova in writing within 5 working days of the changes in the documents and information submitted in the approval process, including changes in the composition of the audit engagement team.
19. If the audit entity and/or the members of the audit engagement team violate the provisions of the Law No 92/2022, do not meet the criteria specified in point 5, or the changes in the documents and information submitted in the approval process do not meet the conditions specified in point 8, the National Bank of Moldova shall withdraw the approval or may set a deadline for the removal of the non-compliances and deficiencies, by informing in writing the insurance or reinsurance undertaking.
20. If the audit entity does not remove the non-conformities and deficiencies within the deadline set by the National Bank of Moldova, the approval of the audit entity shall be withdrawn.
21. After informing the insurance or reinsurance undertaking of the refusal to approve the audit entity or the withdrawal of the approval granted to the audit entity, or in the event of early termination of the audit contract, the insurance or reinsurance undertaking shall without delay convene the general meeting of shareholders or, where applicable, the management body empowered by law or the statutes to approve another audit entity under the terms of this Regulation.

Chapter III AUDIT OF FINANCIAL STATEMENTS 22. Following the audit of the financial statements, the audit entity shall issue the auditor's report, the letter addressed to the management of the insurance or reinsurance undertaking, as required by audit legislation, and the additional report to the Audit Committee. 23. The letter addressed to the management of the insurance or reinsurance undertaking, in accordance with auditing standards, shall contain at least the following information:

1. matters arising from the audit of the financial statements that are relevant to the management of the insurance or reinsurance undertaking in the supervision of the financial reporting process;

2. material misstatements or inconsistencies in the information contained in the audited financial statements, which have been corrected, if any;

3. deficiencies in internal control which the audit entity has identified, including those found in the methods and procedures used by the internal audit of the insurance or reinsurance undertaking, if any;

4. the audit entity's findings, including its views on the qualitative aspects of accounting policies;

5. the audit entity's views on accounting estimates at fair value;

6. the risk assessment of deficiencies, visions and findings with appropriate recommendations;

7. any other information considered by the audit entity to be significant and which is required to be communicated to the board of the undertaking and/or the general meeting of shareholders.

Chapter IV AUDIT FOR SUPERVISORY PURPOSES 24. The audit for supervisory purposes is a specific control on certain areas for which verifications are required, under the conditions laid down by law, and is carried out on the basis of an audit contract concluded between the insurance or reinsurance undertaking and the audit entity. The audit for supervisory purposes shall be performed in accordance with audit and/or related standards. 25. The audit for supervisory purposes comprises a set of specific verification and analytical procedures required to be carried out by the National Bank of Moldova, in respect of, but not limited to, one or more of the following:

1. the adequacy of the management framework of the insurance or reinsurance undertaking's activity in accordance with the normative acts of the National Bank of Moldova, including the analysis: a) shareholding and capital adequacy; b) professional and organizational capacity; c) distribution network;
2. the veracity and completeness of the specialized reports submitted to the supervisory authority in accordance with its regulatory acts, including the analysis: a) methods for calculating and reporting the structure and components of solvency ratios, own funds, minimum capital requirement and other indicators determined by the National Bank of Moldova; b) formation and maintenance of technical reserves; c) establishment and maintenance of categories of assets and their valuation at fair value, as well as the structure of investments; d) keeping records of insurance contracts and claims; e) compulsory and voluntary (optional) reinsurance contracts;
3. the veracity and completeness of the individual and consolidated specialized financial statements, as the case may be, prepared in accordance with the normative acts of the National Bank of Moldova;
4. the adequacy and implementation of the internal policies and procedures of the insurance or reinsurance undertaking in the area of prevention and combating money laundering and terrorist financing, as well as the analysis of transactions (in the case of insurance or reinsurance undertakings carrying out activity within the limits of life insurance classes, including those with investment participation);
5. the adequacy and implementation of the insurance or reinsurance undertaking's internal rules on outsourcing of functions and activities, assessing at least, but not limited to, the following aspects: a) compliance of the provider's internal regulations with the outsourced functions and activities;

b) provider's capacity (financial, technological, organizational, etc.) to perform the outsourced functions and activities in a qualitative, safe and continuous manner; c) management of risks and incidents related to outsourcing; d) compliance with the contractual framework of outsourcing; 6) the adequacy of the system of governance (the auditor will also assess the internal control system and decide the extent to which it can be relied on); 7) the assessment of the internal risk management framework related to information and communication technology and, where appropriate, the assessment of information systems within the meaning of the Regulation on the registration/licensing of insurance or reinsurance undertakings and branches of insurance or reinsurance undertakings in third countries, approved by the Decision of the National Commission for Financial Markets No 31/1/2023; 8) the adequacy of risk management related to the insurance or reinsurance undertaking's business and, where appropriate, the presentation of recommendations for mitigating risks; 9) the confirmation, at the time the application is submitted, of the sufficiency of own funds for the initial contribution to the Compensation Fund and the share in the external bank guarantee and of the fact that the funds are free of obligations and are not encumbered by impediments, in order to obtain the right to conduct compulsory external motor third party liability insurance activity (MTPL). 26. The audit for supervisory purposes referred to in sub-points 3) and 4) of point 25 shall be carried out on an annual basis and the audit for supervisory purposes referred to in sub-point 5) of point 25 shall be carried out simultaneously with the audit of the financial statements by an audit entity approved by the National Bank of Moldova, under the conditions set out in this Regulation. 27. The National Bank of Moldova may request an audit for supervisory purposes to be carried out for each insurance or reinsurance undertaking individually, indicating the scope of verification and analysis. The National Bank of Moldova may submit requirements on the manner, form and period of carrying out the verification and review, including the deadline for submission of the auditor's report. 28. The audit entity shall express an opinion on the adequacy of the system for preventing and combating money laundering and terrorist financing implemented by the insurance or reinsurance undertaking (which carries out activity within the limits of life insurance classes, including those with investment participation), taking into account the requirements and standards in the field, including those approved by the National Bank of Moldova, assessing at least:

1. implementing and updating the internal program on preventing and combating money laundering and terrorist financing;

2. money laundering and terrorist financing risks and the application of the risk￾based approach;

3. verifying the existence and implementation of the approved action plan for minimizing risks in the area of preventing and combating money laundering and terrorist financing as a result of the assessment carried out;

4. the role and function of compliance in the area of preventing and combating money laundering and terrorist financing;

5. customer acceptance procedures;

6. customer due diligence, including simplified and enhanced customer due diligence;

7. the appropriate categorization of customers in the appropriate risk category, as well as the transition from one risk category to another;

8. applying appropriate precautionary measures associated with politically exposed persons and other high-risk categories of clients;

9. identifying suspicious and unusual activities and transactions;

10. customer and transaction monitoring, automation of the monitoring process and the existence of specialized IT solutions;

11. internal reporting to the management of the insurance or reinsurance undertaking;

12. reporting suspicious transactions or activities to the Money Laundering Prevention and Combating Service and other competent authorities;

13. access and collection of information and documents; protection of confidentiality of information; prohibition of disclosure;

14. continuous training program for employees in the field of prevention and combating money laundering and terrorist financing;

15. internal control and internal audit processes;

16. testing a relevant sample of customer transactions and activities, recorded in the last year, for compliance with the requirements of the legislation on preventing and combating money laundering and terrorist financing;

17. checking compliance with data retention requirements;

18. verification of the degree of elimination of the violations and shortcomings detected during the controls carried out by the National Bank of Moldova;

19. verifying compliance with restrictive measures and international sanctions;

20. verification of the degree of implementation of the recommendations made during the previous audit mission.

29. The audit entity is required to issue the Supervisory Audit Report, which shall include at least the following findings on:

1. the results of checks and evaluations carried out on the areas audited;
2. the deficiencies identified during the audit in the areas audited or any other deficiencies which may affect the ability of the insurance or reinsurance undertaking to continue to operate, if identified during the audit mission;
3. internal policies, processes and procedures related to the areas audited, as well as recommendations for their efficiency/improvement and mitigation of identified risks;
4. implementing the recommendations issued following the audit mission for the previous management period in these areas;
5. breaches of the regulatory framework or any other illegal action committed by employees of the insurance or reinsurance undertaking, if identified;
6. where appropriate, the reason for refusing to express an opinion or expressing an opinion with reservations.

Chapter V COMMUNICATION WITH THE AUDIT ENTITY APPROVED BY THE NATIONAL BANK OF MOLDOVA 30. The insurance or reinsurance undertaking and the audit entity shall submit, in original, to the National Bank of Moldova, the board of the undertaking or the audit committee, as the case may be, no later than April 30 of the year following the year audited, the report on the audit of the financial statements, as well as the letter addressed to the management, enclosing the financial statements and the actuary's report, and, where applicable, the report on the supervisory audit requested in accordance with point 26. The auditor's report shall be dated and signed by the auditor/partner responsible for the audit engagement and the actuary's report shall be signed by the actuary who was part of the audit team. 31. In the case of the audit for supervisory purposes requested by the National Bank of Moldova under point 27, the insurance or reinsurance undertaking and the audit entity shall submit to the National Bank of Moldova and, where appropriate, to the board of the undertaking or the audit committee, the auditor's report prepared under the conditions

specified in point 29, which shall be signed by the auditor or partner responsible for the audit assignment. 32. The insurance or reinsurance undertaking shall facilitate the complete and timely submission by the audit entity of the documents and information required in accordance with this Regulation. 33. The insurance or reinsurance undertaking shall keep the original of the documents specified in points 30 and 31 at its head office. 34. During the conduct of the audit, as well as after the completion of the audit mission, the National Bank of Moldova shall communicate, as appropriate, with the audit entity to discuss issues of common interest related to the business of the insurance or reinsurance undertaking, which need to be clarified and/or communicated to the party that initiated the discussions.

Annex to the Regulation on the audit of insurance and reinsurance undertakings

Information on the audit entity and the experience of the appointed members of the audit enagagement team

---

(of financial statements/for supervisory purposes)

---

(indicate the name of the insurance or reinsurance undertaking) for the year ___________________________________ (indicate the audited reporting period) performed by the audit entity ______________________ (indicate the name, headquarters, IDNO, individual number of the entity)

No. Name, first name, contact (phone, e￾mail) Function held within the audit entity, including the expert (individual auditor number) Responsibilities within the audit mission Information on studies/certifications (name of the institution, year, series and number of the diploma /certificate) Information on experience in auditing financial statements according to IFRS, information systems in public interest entities (entity name, year of participation in the engagement, responsibilities within the audit entity team)

Additional information:

• Specify whether in the last 10 years any of the entities to which the audit entity carried out the audit of the financial statements has been subject to a judicial reorganization procedure/insolvency/liquidation/ special administration/financial reorganization/resolution. If so, please provide details (including: entity name, field of activity, audit period, auditor's opinion, date of entry into the specified procedures, authority/body ordering the procedure, decision and reasons for initiating the procedure) . . . . . . .

• Indicate whether in the last 10 years the audit entity or the shareholders/associates of the audit entity has been subject, in the Republic of Moldova or abroad, to any professional, disciplinary, administrative or judicial investigations or proceedings, which have resulted in any action, or is/are currently subject to any such investigations or proceedings. If so, please give details (indicate: the authority ordering the measure, the sanctioned act, the measure and the date of its application).

• Mention whether the audit entity or its representative has been convicted of any criminal offenses. . . . . . . . .

• Provide any additional information that might be considered relevant to the assessment of your skills, professional experience, reputation or financial behaviour.

---

Signature: ________________________________ (auditor/partner responsible for the audit mission /head of the audit entity)

Date: _____________