Insurance Supervision Prudential Standards 2018

PRUDENTIAL SUPERVISION OF THE GENERAL INSURANCE COMPANIES INSURANCE SUPERVISION PRUDENTIAL STANDARDS (‘ISPS’) DECEMBER 2018 APIA SAMOA

1 Table of Contents Insurance Supervision Prudential Standard (ISPS) No. 1................................................................... 3 GUIDELINES ON CORPORATE GOVERNANCE................................................................................. 3

1. Introduction ...................................................................................................................... 3
2. Background and Outline of the Approach ......................................................................... 3
3. Requirements of the Insurance Act 2007 (the “Act”)......................................................... 4
4. Minimum Corporate Governance Requirements............................................................... 4
5. Implementation and Enforcement .................................................................................... 8 Insurance Supervision Prudential Standard (ISPS) No. 2................................................................... 9 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS ......................................... 9
6. Introduction ...................................................................................................................... 9
7. Objective of the Standard.................................................................................................. 9
8. Requirements of the Standard .......................................................................................... 9
9. Oversight by the Commissioner....................................................................................... 14
10. Implementation Arrangements....................................................................................... 14 Insurance Supervision Prudential Standard (ISPS) No. 3................................................................. 15 FIT AND PROPER REQUIREMENTS............................................................................................... 15
11. Introduction .................................................................................................................... 15
12. Objectives of this Standard:............................................................................................. 15
13. Minimum Requirements of this Standard ....................................................................... 17
14. Implementation and Arrangements ................................................................................ 19 Insurance Supervision Prudential Standard (ISPS) No. 4................................................................. 21 ROLE OF EXTERNAL AUDITORS.................................................................................................... 21
15. Introduction .................................................................................................................... 21
16. Background and Outline of the Approach ....................................................................... 21
17. Requirements under the Insurance Act 2007 (the “Act”)................................................. 22
18. Disclosure of Information by Auditors............................................................................. 23
19. Additional Reports from External Auditors ..................................................................... 23
20. Implementation Arrangements....................................................................................... 23 Insurance Supervision Prudential Standard (ISPS) No. 5................................................................. 24 SOLVENCY REQUIREMENTS......................................................................................................... 24
21. Introduction .................................................................................................................... 24
22. Background and Outline of the Approach ....................................................................... 24
23. The General (Non-Life) Insurance Business ..................................................................... 25
24. Requirements under the Insurance Act 2007 (the “Act”)................................................. 25
25. Recognition of Assets in the Calculation of Solvency....................................................... 26
26. Implementation Arrangements....................................................................................... 26

2 Insurance Supervision Prudential Standard (ISPS) No. 6................................................................. 27 REINSURANCE MANAGEMENT STRATEGY................................................................................... 27

1. Introduction .................................................................................................................... 27
2. Objective ......................................................................................................................... 27
3. Requirements under this Statement ............................................................................... 27
4. Reporting to the Insurance Commissioner ...................................................................... 29
5. Implementation Arrangements....................................................................................... 29 Insurance Supervision Prudential Standard (ISPS) No. 7................................................................. 30 POLICY GUIDELINE ON COMPLAINTS MANAGEMENT ................................................................. 30
6. Introduction .................................................................................................................... 30
7. Objectives of this Guideline............................................................................................. 30
8. Minimum Requirements of this Guideline....................................................................... 30
9. Complaints Management Policy Framework ................................................................... 31
10. Operational Procedures for Complaints Management .................................................... 33
11. Oversight by the Office of the Insurance Commissioner.................................................. 34
12. Implementation and Arrangements ................................................................................ 34

3 Insurance Supervision Prudential Standard (ISPS) No. 1 GUIDELINES ON CORPORATE GOVERNANCE

1. Introduction 1.1. This prudential standard is issued under Section 5 (b) of the Insurance Act 2007 (the “Act”) as part of the Insurance Commissioner1 (the “Commissioner”) standards governing the conduct of insurance business in Samoa. The purpose of this statement is to outline the Commissioner’s minimum requirements relating to corporate governance of insurers licensed to conduct insurance business in Samoa. 1.2. In preparing this notice, the Commissioner has been guided by the Core Principles of Insurance Supervision issued by the International Association of Insurance Supervisors (“IAIS”), powers under the Act and other relevant legislations. 1.3. It is anticipated that, for most insurers, these formalised requirements will reflect elements of existing mechanisms for governance purposes.
2. Background and Outline of the Approach 2.1. Corporate Governance refers to the processes and structures by which business corporations are directed, managed and controlled2 . It is how the Board of Directors discharges its responsibilities to its stakeholders. 2.2. Directors are required to act in the best interests of the institution they serve and its shareholders, and to ensure that the institution has sufficient resources to meet its obligations to policyholders and other stakeholders. Any corporate governance structure must be able to: i. specify the distribution of rights and responsibilities among different participants in the corporation, such as the board and management; ii. spell out the rules and procedures for making decisions on corporate affairs; and iii. provide the structure through which the company objectives are set, and the means of attaining those objectives and monitoring performance. 2.3. Recent failures of large institutions and corporate organisations internationally have occurred due to inadequacies in corporate governance structures of these organisations. Some specific causes involved having too much concentration of power in one person and the failure of the Audit Committee to properly and independently scrutinise the workings of the organisation. 2.4. Each company is unique in terms of its structure and objectives, and its circumstances change over time. It is therefore impractical to prescribe how each company should structure its corporate governance procedures. The Commissioner has therefore laid out minimum requirements for corporate governance frameworks of insurance companies. Each 1 The Governor of the Central Bank of Samoa is the Insurance Commissioner, appointed under section 4 of the Insurance Act 2007. 2 Adopted from the definition used by the Organisation for Economic Cooperation and Development (OECD). OECD is an intergovernmental economic organisation founded in 1960 to stimulate economic progress and world trade.

4 institution may stipulate more requirements relevant to the risk profile and management processes of the particular institution. 3. Requirements of the Insurance Act 2007 (the “Act”) 3.1. Section 11 (f) of the Act, requires that the directors and other persons concerned with the management of the insurer are fit and proper persons. 3.2. Section 32 requires an insurer licensed under the Act to appoint an auditor to carry out the auditing functions. The appointment of the auditor has to be approved by the Commissioner and is subject to standards of competence and qualification. 3.3. It is envisaged that the requirements of the Act relating to corporate governance issues will be further enhanced by these guidelines. 4. Minimum Corporate Governance Requirements

4.1. Board Matters 4.1.1. A licensed insurance company should be headed by an effective Board. The establishment of mission, vision, corporate values and objectives of the company should emphasize the professional conduct of the business and honesty and integrity in internal dealings and external transactions. The Board must clearly set out the responsibilities towards the acceptance of and commitment towards comprehensive and effective corporate governance procedures for their undertaking. 4.1.2. All insurance companies licensed to conduct insurance business in Samoa must have in place, a corporate governance structure that provides clear procedures on the following: 4.1.2.1. Appointment of the Board - There must be a formal and transparent process for the appointment of directors to the Board. 4.1.2.2. Knowledge and Experience - The Board of Directors should collectively have sufficient knowledge and relevant experience in insurance business to guide the insurer and oversee its activities effectively. As a group, the Board should ideally have core competencies in accounting and finance, business or management experience, industry knowledge, actuarial, legal, strategic planning and risk management experience. 4.1.2.3. Key Functions of the Board - The Board or approved sub-committees of the Board, should clearly set out the long-term strategic objectives for the insurer. It should also establish the means of attaining these objectives and procedures for monitoring and evaluating the achievement of these objectives. The objectives should ensure that the insurer’s financial obligations to its policyholders are fully met. The Board or the approved Board subcommittee should fulfil the following key functions: i. deciding on the strategic direction of the insurer; ii. reviewing and guiding corporate strategy, major business plans, risk policy, annual budgets and business plans, setting performance objectives,

5 monitoring plan implementation and corporate performance, and overseeing major capital expenditures, acquisitions and divestitures; iii. selecting, compensating, monitoring, replacing key executives, and overseeing succession planning; iv. reviewing key executive and board remuneration, and ensuring a formal and transparent board nomination process; v. monitoring and managing potential conflicts for interest of management, board members and shareholders, including misuse of corporate assets and abuse in related party transactions; vi. ensuring the integrity of the institution’s accounting and financial reporting systems, including the independent audit function, and that appropriate systems of control are in place, in particular, systems for monitoring risk, financial control, and compliance with laws; vii. monitoring the effectiveness of the governance practices under which it operates and making changes as needed; and viii. overseeing the process of disclosure and communications to the public. 4.1.2.4. Re-election - There should be a fixed appointment period for each director, after which they may be subject to re-election. 4.1.3. Independence i. There should be a strong independent3 element in the Board without any significant influence in decision-making. The Board of every insurer should be constituted with a majority of individuals who qualify as non-executive directors4 . This would ensure that the Board exercises objective judgment in the best interest of the institution, independent from management and substantial shareholders or outside concerns. ii. For a foreign-owned locally incorporated insurer, non-executive directors of the local Board may include board members or senior management of the parent (including insurance subsidiaries of the foreign parent). iii. There should be a balance of power and authority between the Chairman and Chief Executive so that neither one has unfettered powers of decision. Preferably, a person should not play the dual role of Chairman and Chief Executive. However, where the two positions are combined in one person, appropriate controls should be in place to ensure that the person is adequately accountable to the Board. 4.1.4. Clear Lines of Responsibilities - The Board should enforce and maintain clear lines of responsibility throughout the company. It should define and clearly set out its own role and that of management, and discuss and approve the institution’s organisation structure and appoint its management. 3 Independent – Autonomous, impartial, self-regulating 4 Non-executive directors are persons not part of the management of the insurer

6 4.1.5. Meetings i. The Board should meet regularly as deemed appropriate by the Board members and as circumstances arise. All members should be provided with all relevant information in advance, to enable them to fulfil their responsibilities effectively. ii. Management is obliged to supply the Board with adequate and complete information in a timely manner. Reliance purely on what is volunteered by management may not be enough in all circumstances and further enquiries should be made by a director to be able to fulfil his/her duties properly. 4.1.6. Accountability - Management is responsible for creating throughout the accountability hierarchy for staff, but should be aware of the fact that they are ultimately accountable to the Board for the performance of the insurer. The Board is in turn accountable to the policyholders and shareholders to act in their best interests. 4.2. Disclosure and Transparency 4.2.1. Disclosure in the Annual Report - The corporate governance framework should ensure that timely and accurate disclosure is made on all material matters regarding the insurer, including the financial situation, performance, ownership and governance of the company. Disclosure should include, but is not limited to, material information on: i. the financial and operating results of the company; ii. Company objectives. In addition to commercial objectives, insurers are encouraged to disclose policies relating to business ethics, the environment and other public policy statements; iii. Major share ownership and voting rights. Investors should be informed about the ownership structure of the business and their rights; iv. Members of the Board and key executives, and their remuneration ranges. Investors require information on individual board members and key executives to evaluate their experience and qualifications and any potential conflicts of interest. Insurers are generally expected to disclose sufficient information on the remuneration of board members and key executives. v. Material foreseeable risk factors. Users of financial information and market participants need information on reasonably foreseeable material risks that may include risks that are specific to the industry or geographical areas; financial market risk including interest rate or currency risk; risk related to derivatives5 and off-balance sheet6 transactions; and risks related to environmental liabilities. 5 Derivative - A derivative is a contract between two or more parties whose value is based on an agreed-upon underlying financial asset, index, or security. 6 Off balance sheet (OBS) - OBS items refer to assets or liabilities that do not appear on a company's balance sheet but that are nonetheless effectively assets or liabilities of the company.

7 vi. Material issues regarding employees and other stakeholders. Insurers are encouraged to provide information on key issues relevant to employees and other stakeholders that may materially affect the performance of the company; and vii. Governance structures and policies, in particular the division of authority and responsibility between shareholders, management and board members, which is important for an assessment of an insurer’s governance. 4.2.2. Audit 4.2.2.1. Internal - The Board should ensure that an internal audit function that is independent of the activities audited is established. The Internal auditor should report directly to the Audit Committee [see 4.2.2.2 (ii)]. The AC should also have input to and unrestricted liaison with the external auditor (and actuary where appropriate). 4.2.2.2. External i. In accordance with Section 32 of the Act, an insurer must appoint an auditor to carry out the auditing functions and the appointment is subject to approval by the Commissioner. ii. The Board should also establish an Audit Committee (‘AC’) to provide independent oversight of the insurer’s internal control and external auditors. Members of the AC should be appropriately qualified to discharge their responsibilities. The duties of the AC should include maintaining the scope and results of the audit, its cost effectiveness and the independence and objectivity of external auditors. 4.2.3. Fair Dealing i. An insurer’s corporate governance structure should ensure that management formulates policies to ensure dealings with the policyholders, claimants, other customers and the public are conducted fairly, responsibly and professionally. These procedures should be established to avoid unfair practices, misrepresentation through false and misleading statements, and misconduct of staff and agents. ii. Clear complaints procedures should be established to ensure that all complaints are dealt with fairly, professionally and in a timely manner. These procedures should be clearly communicated to the customers. 4.2.4. Related Party7 Transactions i. A related party transaction is a transfer of resources or obligations between related parties, regardless of whether a price is charged. Parties are considered to be related if one party has the ability to control the other party or exercise significant influence over that party in making financial or operating decisions. 7 Related Party (IAS 24) – “A person or a close member of that person’s family is related to a reporting entity if that person has control, joint control, or significant influence over the entity or is a member of its key management personnel. An entity is related to a reporting entity if, among other circumstances, it is a parent, subsidiary, fellow subsidiary, associate, or joint venture of the reporting entity, or it is controlled, jointly controlled, or significantly influenced or managed by a person who is a related party.”

8 ii. The insurance company should establish policies and procedures on related party transactions. These should include limits applied, terms of transactions and the authorities and procedures for approving and monitoring these transactions. 4.2.5. Monitoring of Compliance - The Board is responsible for monitoring compliance with regulatory requirements under various legislations (e.g. Insurance Act 2007, the Companies Act 2001, the Money Laundering Prevention Act 2007, etc.), standards (Accounting and Auditing Standards), core principles (IAIS), conditions of licence and other supervisory requirements. 5. Implementation and Enforcement This Notice applies to insurance companies licensed under the Insurance Act 2007.

9 Insurance Supervision Prudential Standard (ISPS) No. 2 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS

1. Introduction 1.1. This Standard is issued under Section 5 (b) of the Insurance Act 2007 (the “Act”) as part of the Office of the Insurance Commissioner, established under section 3 of the Act, standards governing the conduct of insurance business in the Samoa. 1.2. In preparing the requirements of this standard, the Insurance Commissioner (the “Commissioner”), appointed under section 4 of the Act, made reference to the recommendations of the International Association of Insurance Supervisors (“IAIS”) and other international sound practices. 1.3. Risk Management is the process of identifying, assessing, controlling and monitoring inherent risk in the conduct of insurance business. A risk management framework (‘RMF’) is the totality of systems, structures, processes and people within which the insurer identifies, assesses, mitigates and monitors all internal and external sources of risk that could have a material impact on an insurer’s operations.
2. Objective of the Standard 2.1. he objective of the standard is to ensure that each insurer has in place a comprehensive risk management framework that is aligned to the insurer’s strategy and business plans, and commensurate with the size, complexity and nature of its operations.

2.2. This standard has been developed to outline the Commissioner’s minimum requirements for the Risk Management Frameworks (‘RMF’) of insurance companies licensed to conduct insurance business in Samoa. 3. Requirements of the Standard 3.1. Risk Management Framework (‘RMF’) 3.1.1. Each insurer is required to establish an effective RMF. The RMF is the totality of systems, structures, processes and people that address the risk management process. The RMF sets the scope for the entire risk management process and determines how the process can be established and maintained within the institution. 3.2. Risk Management Policy (‘RMP’) 3.2.1. Each insurer is required to develop as part of the RMF, a RMP that outlines the institution’s approach to managing risk and the processes involved. 3.2.2. The RMP must be documented, easily understood, auditable, accessible to all staff and reflective of the size, complexity and nature of the insurer’s risk profile and exposure. Furthermore, the RMP must be approved by the Board. 3.2.3. The RMP must include: i. a documented Risk Management Strategy (‘RMS’) that is approved by the Board; ii. clearly defined management responsibilities and controls; and

10 iii. sound risk management policies and procedures that clearly identify, assess, mitigate and monitor identified risks. 3.3. Risk Management Strategy (‘RMS’) 3.3.1. At a minimum, the RMS must: i. clearly identify the individuals responsible for approval and implementation of the risk management policies; ii. detail the policies and procedures for the identification, measurement and assessment of risks; iii. detail the policies and procedures to mitigate and control risks; iv. detail the policies and procedures for monitoring and reporting risks; v. detail the systems that ensure the timeliness, accuracy and relevance of a management information system; and vi. detail the processes to regularly review the RMF. 3.4. Roles and Responsibilities of Board 3.4.1. The Board of an insurer is required to: i. ensure the safety and soundness of the institution; ii. ensure that an appropriate, adequate and effective system of risk management and internal control is established, implemented and maintained by Senior Management; iii. identify and understand the principal risks faced by the institution; iv. ensure that the identified risks are appropriately managed by Senior Management; v. approve the policies and procedures for the evaluation and management of risks; vi. determine the risk profile and appetite of the institution and approve limits commensurate with its risk appetite; vii. review and approve the RMS annually or whenever there are changes in circumstances that could impact on risks; viii. monitor and review the functions of the Audit Committee; ix. ensure that Senior Management instill and document procedures for a strong risk culture within the institution, where there is sufficient communication between levels of management; and x. ensure that the institution has the necessary resources and management capabilities to work within its risk appetite. 3.5. Roles and Responsibilities of Senior Management 3.5.1. The responsibilities of the Senior Management8 include: i. developing policies and processes that identify, measure, manage and monitor risks faced by the insurer; ii. implementing risk management strategies and policies approved by the Board; iii. reporting to the Board Risk Committee and the Board on the above; iv. monitoring appropriateness, adequacy and effectiveness of the risk management system; and v. high level decision making, keeping in mind the risk appetite put in place by the Board. 8 Senior Management’ include those persons whose conduct has a significant impact on the sound and prudent management of the insurer’s operations, which include senior managers, senior executives, General Managers /Chief Executive Officer.

11 3.6. Roles and Responsibilities of the Risk Management Function 3.6.1. The insurer must consider developing a risk management function (‘function’) that is commensurate to the size, nature and diversity of its operations. The function must be independent and have direct access to the Board. 3.6.2. Generally, the role of the function is to assist the Board and Senior Management in the development, implementation and maintenance of the risk management framework. 3.6.3. The risk management function must include at a minimum: i. co-ordination of the risk management process amongst other business units of the insurer’s operations; ii. providing recommendations on potential risks and their exposures to Board and Senior Management; iii. identifying and analyzing potential risks and the impact of losses to the insurer’s operations; iv. developing risk responses to identified losses that include contingency and business continuity programmes; v. assist in instilling a risk culture within the insurer’s operations; vi. providing advice on changes in regulatory, legal or market conditions that may impact the insurer’s operations; and vii. providing risk management recommendations that assists strategic planning, decision making and budgeting process of the insurer. 3.6.4. The function may also include ensuring compliance with the insurer’s internal risk management policies and procedures, this standard and Samoa’s insurance regulatory and legal requirements. 3.6.5. For smaller scale operations, the function’s responsibilities may be incorporated into a single senior position9 . 3.7. Risk Identification, Assessment and Measurement 3.7.1. An insurer must have in place processes to identify, measure and assess the range of risks that could adversely affect the operations of the insurer. Whilst the risk management systems of an insurer should address all risks, the Commissioner considers that at a minimum, an insurer must identify and have risk management systems to address the following types of risks: i. Insurance Risk; ii. Operational Risk; iii. Credit Risk; iv. Investment Risk; v. Strategic Risk; and vi. any other significant risk to the institution that may arise from time to time. 3.7.2. Each insurer must record in writing the reasons for their selection of measurement techniques10 that enable the assessment and quantification of risks, and the impact on the insurer’s operations. Furthermore, the insurer must detail the procedures that are associated with the measurement technique. 9 The position may be referred to as a Risk Manager, Risk and Compliance Manager, Risk and Compliance Officer. 10 Examples of Risk Measurement Techniques: Self or Risk Assessment, Risk Mapping or Risk Matrix

12 3.8. Risk Mitigation and Controls 3.8.1. An insurer must have appropriate control mechanisms in place to mitigate and control identified risks. The control mechanisms must be quantifiable, independent and can be audited. As a minimum, these must include: i. clearly defined management responsibilities; ii. adequate segregation of duties; iii. establishment and maintenance of the control processes; iv. a system of approvals, limits, authorisations and reporting lines; v. policies to document the insurer’s procedural controls; vi. activity controls for each division or department; vii. verification of activities such as underwriting, pricing and claims management, and reconciliations; viii. reviews by the Board, Senior Management and Internal Audit; and ix. physical controls that are in place. 3.9. Monitoring and Reporting Risk 3.9.1. An insurer is required to closely assess the quality of the risk management and control systems in place. This could be achieved through ongoing monitoring activities, separate evaluation11, or a combination of both quality assessments. 3.9.2. The insurer must ensure that the selected quality assessment clearly defines the impact of the control mechanisms on the identified risks and the residual risk. Furthermore, the assessment must clearly define the internal and external audits. The insurer is required to record in writing the reason for their choice of quality assessment. 3.9.3. The insurer must report any deficiencies identified as part of the monitoring process, or internal audit to the Board. 3.9.4. Insurers who are branches of foreign insurers are required to identify in their RMS where responsibility resides for monitoring the risk profile of their operations. Moreover, it must include reporting arrangements between the foreign insurer and their home office operations. 3.10. Management Information System (‘MIS’) 3.10.1. Each insurer is required to have an accurate, informative, and timely Management Information System (‘MIS’) that complements an effective risk management process. The MIS refers to the design, operation of systems and procedures to facilitate the recording, analysis and reporting of information within the institution and to the Commissioner. 3.10.2. Reports generated from the insurer’s MIS must be sufficient and provided on a timely basis to the Board for assessment. At a minimum the report must include the financial condition, operating performance and risks of the insurer. 3.10.3. Regular and detailed reports should also be provided to managers who are engaged in the insurer’s daily operations. This would enable risk related decisions to be appropriately recorded and reported to Senior Management and the Board. 11 Separate evaluation is conducted periodically and is a comprehensive assessment that allows the insurer to assess the system as a whole.

13 3.11. Review of Risk Management Systems 3.11.1. Each insurer must document the policies and procedures for the review of the risk management systems. The Commissioner must be consulted in cases where there are institutional or other developments relating to the insurer’s operations in Samoa that affect the risk profile of the insurer. 3.11.2. The review must cover the effectiveness of the current risk management policy and include the identification of new and emerging risks. It must be conducted on an annual basis by the Board Risk Committee and or in the case of a foreign insurer, conducted by the internal audit function of the foreign insurer. Subsequently, the findings of the review must be reported to the Board. 3.12. Other Requirements of the Standard 3.12.1. Board Declaration i. The Board is required to submit to the Commissioner a declaration stating that: a. the insurer has sound systems in place that ensures compliance with the Act and Standards; b. the Board is satisfied with the effectiveness of the processes and systems that are in place; c. the RMF has been developed in accordance with the requirements of this policy and other directives of the Commissioner; and d. current copies of the insurer’s Risk Management Policy and the Reinsurance Management Strategy has been lodged. ii. The declaration must be duly endorsed by the Chairman and at least one other director of the Board and submitted with the Risk Management Policy. 3.12.2. Strategic Plan i. The Commissioner requires each insurer to develop a three year strategic plan that is approved and driven by the Board. At a minimum the strategic plan must detail the strategic direction of the insurer, the opportunities available in the market, forecasts and the insurer’s proposed results and appropriate benchmarks. The insurer must ensure that the plan is reflective of the size, complexity and nature of the insurer’s operations. ii. The strategic plan must be submitted to the Commissioner upon the request of the Commissioner and/or during on-site examinations. Where amendments are made to the strategic plan, a revised copy must be submitted to the Commissioner immediately. 3.12.3. Business Plan i. Each insurer is required to develop a 12 month business plan that stems from the institution’s Board approved strategic plan. ii. The business plan must be submitted upon the request of the Commissioner, or during its on-site examinations. iii. The insurer must ensure that the business plan is reviewed on an annual basis and or, in instances where the insurer alters the core business strategies identified by the current business plan.

14 3.12.4. Capital Management Plan i. Furthermore, the insurer is required to maintain a three year capital management plan (‘CMP’) that is aligned with the insurer’s Board approved strategic plan. The CMP must be developed by the Senior Management and approved by the Board. The CMP must be submitted upon the request of the Commissioner, or during its on-site examinations. ii. The CMP must identify the strategies that the insurer intends to employ over the three year period, to ensure that capital reserves are above the required minimum capital. Furthermore, the insurer must ensure that the appropriate measures are taken to monitor capital resources. 4. Oversight by the Commissioner 4.1. For the purpose of this standard, all insurers are required to provide to the Commissioner its initial Risk Management Policy (‘RMP’) upon the request of the Commissioner, or during its on-site examinations. Each insurer must also provide a copy to the Commissioner whenever material changes are made to the Risk Management Policy. 4.2. An insurer must adhere to its Risk Management Policy at all times and must advise the Commissioner in instances where it intends to carry out activities in a manner that would represent a deviation from its Risk Management Strategy. Notice of any deviation must be accompanied by Board approval and declaration of the same. This would ensure that the insurer has complied with all the requirements of this policy which is satisfactory to the Board. 4.3. The Commissioner will assess the compliance of each insurer with the requirements of this standard in the course of its supervision. 5. Implementation Arrangements This standard applies to all insurance companies licensed under the Insurance Act 2007.

15 Insurance Supervision Prudential Standard (ISPS) No. 3 FIT AND PROPER REQUIREMENTS

1. Introduction 1.1. This Standard is issued under section 5 (b) of the Insurance Act 2007 (the “Act”). Section 11 (f) [i & ii] and Section 12 (d) [i & ii] of the Act requires the Directors and other officers of Insurance Companies (‘Insurers’) and Insurance Brokers (‘Brokers’) in Samoa to be fit and proper in terms of their knowledge and expertise, financial standing and character to hold such a position. 1.2. This Standard establishes minimum requirements that persons holding key positions in Insurers and Brokers in Samoa, must be assessed against for the purposes of being deemed fit and proper. 1.3. The responsibility of ensuring that the Board of Directors are fit and proper lies with the shareholders. Senior Management of locally incorporated Insurers and Brokers are assessed by the company’s Board. Senior Management is responsible for the fitness and propriety of all employees within an institution and their representatives. 1.4. The minimum standards reflected in this Standard have been aligned to international standards and sound practices including those introduced by the International Association of Insurance Supervisors (“IAIS”). It also aims to further strengthen legislated requirements under the Insurance Act 2007.
2. Objectives of this Standard: 2.1. The objectives of this standard are to: i. safeguard the interests of policyholders, beneficiaries, insurance claimants and stakeholders by ensuring that insurance companies and brokers are soundly and prudently managed and directed; ii. set out a minimum framework which can be used by Insurers and Brokers when determining whether a person holding a key position within an institution (responsible person) is fit and proper; iii. address the risk of mismanagement within and the inadequate or inappropriate control over or influence of Insurers and Brokers; and iv. facilitate consultation and the exchange of information of all responsible persons of the Insurers and Brokers, between the Insurance Commissioner (the “Commissioner”) and the institution, to achieve the above. 2.2. Establishing a minimum standard of fitness and propriety will strengthen the institution by reducing the possibilities of problems that could impact on an Insurer’s or Broker’s operation, risk profile or financial soundness.

16 2.3. Definition 2.3.1. Fit and proper status for responsible persons, as a minimum, is assessed against the following criteria: A. Good character; B. Competence and Capability; and C. Financial soundness. 2.3.1.1. A. Good Character For the purposes of this standard, good character qualities include honesty, integrity, fairness and reputation that are demonstrated over time. The Board should consider all appropriate factors, including, but not limited to: i. Whether the person has been convicted or found guilty in a criminal or disciplinary offence; ii. The responsible person does not fulfill the characters of a disqualified person defined by Section 14 (2) of the Act as having: a) been convicted of an offence under the Act; b) been convicted of an offence against any law of Samoa or elsewhere:

1. in respect of conduct relating to insurance;
2. (ii) dishonest conduct; or
3. a breach of any law relating to money laundering or the suppression of terrorism. iii. Where the person is a controlling shareholder or has significant influence in an Insurer or Broker that has been investigated, disciplined or suspended by a regulatory or professional body, a court or tribunal, publicly or privately; iv. Whether the person has been the owner or held a responsible person position of a company or organisation that has been refused registration or had its licence revoked, withdrawn or terminated; v. Whether the person has been dismissed, asked to resign from employment because of questions about integrity and honesty; vi. Whether the person has ever been disqualified from acting as a Director or serving in a managerial position because of wrongdoing; vii. Whether the person has not been fair, truthful and forthcoming in dealings with customers, superiors, auditors and regulatory authorities; and viii. Whether the person demonstrates a readiness and willingness to comply with the requirements and standards of both the Reserve Bank and the Institution. 2.3.1.2. B. Competence and Capability A responsible person of an Insurer or Broker must exhibit the competency and ability to understand the technical requirements of the business, the inherent risks and the management processes required to conduct its operations effectively, with due regard to the interests of all stakeholders. In evaluating the competency and capability of a person, the Board of Directors should consider all relevant factors, including, but not limited to:

17 i. Whether the person has demonstrated, through qualifications and experience, the capacity to successfully undertake the responsibilities of the position; ii. Whether the person has any medical condition that may affect competency; iii. Whether the person has ever been disciplined by a professional, trade or regulatory body, dismissed or requested to resign from any position or office for negligence, incompetence, fraud or mismanagement; and iv. Whether the person has acquired a sound knowledge of the business and the responsibilities of the position. 2.3.1.3. C. Financial Soundness Proper and prudent management of his/her own financial affairs is a demonstration of the person’s capacity to contribute to the safety and soundness of a financial institution. When assessing the financial soundness of responsible persons, all relevant factors must be considered, including but not limited to: i. Whether the person has been the subject of any judgment or award that remains outstanding or was not satisfied within a reasonable period; and ii. Whether the person has made any arrangements with its creditors, filed for bankruptcy, been adjudged bankrupt, had assets confiscated, or has been involved in proceedings relating to any of the above mentioned. The responsible person should not fulfill the characters of a disqualified person defined by Section 14 (2) [c] of the Insurance Act 2007 as having:

1. become bankrupt;
2. applied to take the benefit of a law for the relief of bankrupt or insolvent debtors; or
3. compounded with his or her creditors.

3. Minimum Requirements of this Standard 3.1. Fit and Proper Policy 3.1.1. Each Insurer or Broker must establish and implement an in-house “Fit and Proper Policy”, approved by the Board. 3.2. Role of the Board of Directors 3.2.1. The Board is responsible for the safety and soundness of the financial institution by identifying and understanding the major risks of the institution. 3.2.2. The Board must ensure that all employees are aware of the requirements of the Fit and Proper statement. 3.2.3. Directors should avoid situations that bring about conflicts of interest. In the event where a Director has a conflict of interest within an institution, this must be declared and documented in the minutes of meeting. The institution’s in-house Fit and Proper Policy must indicate how the institution will address conflicts of interest.

18 3.3. Role of the Senior Management 3.3.1. Senior Management responsibilities include any relevant activities that may materially affect the whole or a substantial part of the Insurer or Broker’s business or financial standing. 3.3.2. Senior Management responsibilities include but are not limited to having primary responsibility for one or more of the following: i. High level decision making; ii. Identify, assess, manage and monitor risks incurred by the institution; iii. Implementing strategies and policies approved by the Board; and iv. Monitoring the appropriateness, adequacy and effectiveness of the risk management system. 3.4. Role of the External Auditor 3.4.1. The Insurer or Broker must appoint an auditor who, in accordance with Section 32(2) of the Act, the person: i. has a place of business in Samoa; ii. is not an owner, director, principal officer, manager, employee, or agent of the insurer or broker; iii. is qualified and registered to act as an accountant in Samoa; iv. has had experience in relation to the audit of accounts of insurance business; and v. is competent to audit such accounts. 3.4.2. Further to Sections 33 and 34 of the Act, must provide to the Commissioner their audit report which should include information of any instances of non-compliance by the institution with regard to the institution’s Fit and Proper Policy. 3.4.3. The Prudential Standard No 4: Role of External Auditors in the Supervision of Licensed Insurance Companies defines the role of external auditors. 3.5. Role of the Actuary 3.5.1. Section 38 of the Act requires an Insurer that carries on any class of life insurance business to appoint an actuary to carry out any actuarial functions imposed by the Act or any other law. 3.5.2. The actuary must be a person who is a fellow of a professional actuarial body that is satisfactory to the Commissioner. 3.5.3. An Insurer must, within 14 days of making an appointment notify the Commissioner of: i. the name of the actuary; and ii. the actuary’s experience and qualifications; and iii. the date of appointment; and iv. any other particulars required by the Commissioner. 3.5.4. If the Commissioner considers that an appointed actuary has insufficient experience or qualifications, or has failed to perform adequately and properly the functions and duties of an actuary conferred by or under the Act, the Commissioner may by notice in writing direct the Insurer to appoint another person as actuary for the purposes of the Act.

19 3.6. Role of the Principal Officer 3.6.1. The Insurer, Broker or Agent must not carry on its business unless the Commissioner is notified in writing of the appointment of a principal officer in Samoa. In accordance with Section 13 of the Act, the principal officer: i. must be an individual and is resident in Samoa; ii. is not a disqualified person as defined in section 14(2) of the Act; and iii. is responsible for the general supervision and control of the business, and for its compliance with the Act and the conditions of the licence. 3.6.2. If the Commissioner is of the opinion that a person who has been appointed as a principal officer has insufficient experience or qualifications, or has failed to perform adequately the responsibilities of a principal officer as provided for in the Act, the Commissioner may direct the Insurer or Broker or Agent to revoke the appointment of that person as principal officer and to appoint another person. 4. Implementation and Arrangements 4.1. This Standard is a minimum requirement and applies to all Insurance Companies, Brokers and Agents licensed under the Insurance Act 2007.

20 Glossary Actuary - a professional trained in evaluating the financial implications of contingency events. Actuaries require an understanding of the stochastic nature of insurance and other financial services, the risks inherent in assets and the use of statistical models. In the context of insurance, these skills are, for example, often used in establishing premiums, technical provisions and capital levels. Beneficiary - any person who gains an advantage and/or profits from something. In the financial world, a beneficiary typically refers to someone who is eligible to receive distributions from a trust, will or life insurance policy. Broker - a professional adviser who is an expert in insurance and risk management. Brokers work on behalf of their clients, not for insurance companies, and can be relied on to provide professional advice in your best interest. Claimant - In the context of insurance, is a policyholder who files a claim or formal request for payment from their insurer to cover a specific loss. Policyholder - a person or entity who owns an insurance policy and has the privilege to exercise the rights stated in the contract. This party is often, but not always, the insured, and may or may not be one of the policy's beneficiaries. Simply stated, a policyholder is a person or entity whose name appears on the records of the insurance firm. Stakeholder - a party that has an interest in a company, and can either affect or be affected by the business. The primary stakeholders in a typical corporation are its investors, employees and customers.

21 Insurance Supervision Prudential Standard (ISPS) No. 4 ROLE OF EXTERNAL AUDITORS

1. Introduction 1.1. This standard is issued under Section 5(b) and Part IV (Division 1) of the Insurance Act 2007 (the “Act”) as part of the Office of the Insurance Commissioner, established under section 3 of the Act, standards governing the conduct of insurance business and broker in Samoa. The purpose of this standard is to outline minimum requirements and clarify the role to be played by external auditors in the supervision of insurance companies and brokers. 1.2. In developing this Standard, the Insurance Commissioner (the “Commissioner”), appointed under section 4 of the Act, referred to recommendations of the International Association of Insurance Supervisors (“IAIS”), standards issued by the Samoa Institute of Accountants (“SIA”) and powers under the Act and other relevant legislations.
2. Background and Outline of the Approach 2.1. The role of external auditors in the supervision of insurance companies and brokers has evolved to an extent where a lot more is demanded of them to verify the financial statements presented to prudential supervisors. In Samoa, licensed insurance companies and brokers are supervised by the Commissioner. It is important to note, however, that in carrying its responsibilities, the Commissioner, or other prudential supervisor for that matter, does not guarantee that an insurer or broker is and will continue to be sound. 2.2. It should be noted that the basic responsibility for providing complete and accurate information to the supervisor remains with the management of an insurer or broker. In that regard, the auditor’s role is to report on that information or the application of particular procedures to enable the supervisor to effectively make judgments about the company. At no time does the auditor assume any of the responsibilities of the supervisor but is simply assisting the supervisor in the supervisory process. 2.3. Under this standard, an insurer or broker’s auditor-client relationship with its auditor will be safeguarded under normal circumstances. Information privileged to clients that are not available to the public will be protected as permitted under existing laws and regulations. 2.4. The supervision function of the Commissioner relies on off-site supervision in carrying out its supervisory responsibilities. At present, the role carried out by external auditors presently concentrates on providing an audit report and attesting to returns that are required by the Commissioner. The auditor’s opinion provides the Commissioner with an independent verification of the reliability and accuracy of information examined and lends credibility to such statements. 2.5. Insurers and brokers will need to ensure that their external auditor is aware of and satisfactorily complies with the requirements set out in this Standard. The approval of auditors to be appointed to carry out the audit responsibilities of an insurance company or a broker must be approved by the Commissioner in writing with conditions on the auditor being able to comply with the requirements of the Act and in any other relevant enforceable documents issued by the Commissioner.

22 3. Requirements under the Insurance Act 2007 (the “Act”) 3.1. Accounting records to be kept 3.1.1 Each insurer and broker is required to keep books and records in Samoa that correctly record and reveal the transactions of the insurer or broker and its financial position. In addition, the books and records: i. are kept so that the insurer’s or broker’s accounts can be properly prepared and audited; ii. are kept in the English language, or so that they can be readily convertible into writing in the English language; and iii. are retained in Samoa for at least seven (7) years after the transaction to which they relate. 3.2. The Audit 3.2.1. The insurer or broker is required to audit each year the accounts and statements prepared under Division 2 (i.e. Requirements relating to insurers) and 3 (i.e. Requirements relating to brokers and agents) of the Act. 3.2.2. Section 32 also requires the insurer or broker to appoint an auditor. The auditor must be approved by the Commissioner in writing given the following conditions: i. The proposed auditor has a place of business in Samoa; ii. The auditor is not an owner, director, principal officer, manager, employee, or agent of the insurer or broker; iii. The auditor is qualified and registered to act as an accountant in Samoa; iv. The auditor has had experience in relation to the audit of accounts of insurance companies; and v. The auditor is competent to audit such accounts. 3.2.3. If the Commissioner is satisfied that an auditor has failed to fulfil his or her obligations under the Act, the Commissioner may, by written notice to the insurer, or broker, and the auditor, revoke the appointment of the auditor. 3.3. The Audit Report 3.3.1. Section 33 states that the auditor must give to the insurer or broker, a report relating to the accounts and statements, which the auditor has audited under the Act, and the insurer or broker, must lodge a copy of the report with the Commissioner together with the relevant accounts and statements. 3.3.2. The auditor must state in the audit report the following: i. whether the accounts and statements are, in the opinion of the auditor, in accordance with the provisions of the Act and with the best accounting practices, and give particulars of any matters that are considered not to be; ii. whether the accounts and statements have been properly kept and correctly record the transactions and financial position of the business, and give particulars of any deficiencies in this regard; iii. whether the auditor has obtained the information and explanations that the auditor requested from the insurer or broker for the purposes of the audit, and give particulars of any failings in this regard; and

23 iv. whether the accounts and statements kept and provided in accordance with the requirements of Part 6 of the Act agree with the accounting records of the insurer or broker, and give particulars of any discrepancies identified by the auditor. 4. Disclosure of Information by Auditors 4.1. Section 34 of the Act requires the auditor to immediately report to the directors of the insurer and broker, and to the Commissioner, if in the course of performing his or her duties, is of the opinion that grounds exist for believing that: i. there has been a contravention of a provision of the Act; or ii. a criminal offence involving fraud or dishonesty has been committed; or iii. any transaction or dispute has taken place which will have a material effect on the solvency of the insurer or broker, or statutory fund; or iv. serious irregularities, or any irregularities that jeopardise the interests of insureds persons, have occurred; or v. the insurer or broker is unable, or is likely to become unable, to meet its liabilities. 5. Additional Reports from External Auditors 5.1. The Commissioner may under section 35 require the insurer or broker by notice in writing to provide, by the time specified in the notice, a report, prepared by the auditor, on such matters as the Commissioner may determine. 5.2. The Commissioner may also require the report provided under paragraph 5.1 above to include an opinion by an auditor on the insurer’s or broker’s liquidity, liabilities under life policies, solvency and compliance with statutory provisions, or in relation to its accounting systems and internal controls. 6. Implementation Arrangements This Standard applies to all insurance companies and brokers licensed under the Insurance Act 2007.

24 Insurance Supervision Prudential Standard (ISPS) No. 5 SOLVENCY REQUIREMENTS

1. Introduction 1.1. This Standard is issued under Sections 5 (b) and 25 of the Insurance Act 2007 (the “Act”) as part of the Office of the Insurance Commissioner, established under Section 3 of the Act, standards governing the conduct of insurance business in Samoa. The purpose of this standard is to outline and clarify the minimum solvency requirements relating to insurers licensed to conduct general insurance business in Samoa. 1.2. In preparing this Standard, the Insurance Commissioner (the “Commissioner”), appointed under Section 4 of the Act, made reference to recommendations of the International Association of Insurance Supervisors (“IAIS”), and powers under the Act and other relevant legislations. 1.3. It is important to note that the requirements of this statement are only for the purpose of submitting prescribed returns to the Commissioner. General insurers may however, disclose their normal financial results derived from traditional accounting standards and generally accepted accounting practices, to other interested parties.
2. Background and Outline of the Approach 2.1. An insurer’s core activity is the assumption of risks. The majority of insurer liabilities comprise obligations to policyholders. An adequate solvency margin should be maintained by an insurer to ensure that it is able to meet claims as they fall due. 2.2. The activities of insurance companies throughout the world are subject to supervision in the interests of consumer protection. Solvency requirements are designed to meet an insurer’s obligations as they fall due. In Samoa, the insurance industry is supervised by the Commissioner. Should an insurer fail to meet the requirements on capital strength, the Commissioner as the supervisory authority is determined to intervene as early as possible to avoid excessive indebtedness of the insurer at the expense of policyholders. Regulatory intervention cannot prevent insolvencies, however, it should greatly reduce the likelihood of losses to policyholders. 2.3. The solvency margin of an insurance company is the surplus of assets over liabilities, both evaluated in accordance with accounting and supervisory standards. In general, an insurer’s solvency relies on the prudent investment of assets corresponding to its policy liabilities. A company’s solvency is not fully determined by its solvency margin alone. Solvency requirements should reflect the size, complexity and business risks of insurance companies. 2.4. To reduce the risk of failure for insurers, the Commissioner ensures that they maintain sufficient assets to meet obligations under a wide range of circumstances. The minimum solvency requirement therefore has the following purposes: i. reduces the likelihood that an insurer will not be able to meet claims as and when they fall due; ii. provides a buffer so that losses of policyholders can be limited in the event of the failure of the insurer;

25 iii. provides an early warning mechanism for supervisory intervention and corrective action; and iv. promotes public confidence in the financial stability, capacity and claims paying ability of the insurance industry. 3. The General (Non-Life) Insurance Business 3.1. General insurance business is a business granted a license under section 15 of the Act to carry on general insurance business in Samoa. General insurance business includes both personal (domestic) and commercial policies, and health insurance. i. Personal lines include: a) automobile; b) house contents; c) home building; d) pleasure craft; e) travel; f) valuables; and g) consumer credit. ii. Commercial lines include: a) rural (house, contents, farm, loss of stock); b) fire (building, tools and equipment, inventory); c) business interruption; d) customers’ assets; e) commercial vehicles f) public liability; and g) marine. iii. Health insurance include: a) accident; b) sickness; and c) permanent health insurance. 4. Requirements under the Insurance Act 2007 (the “Act”) 4.1. Calculation of Solvency 4.1.1. General Insurers licensed to conduct business in Samoa are required under section 25 of the Act to maintain additional solvency requirements at all times as determined by the Commissioner. The requirements for life insurers are different from the requirements for general insurers. 4.1.2. All licensed general insurers incorporated in Samoa, must maintain at all times a surplus of total assets over total liabilities of: i. $1,000,000; or ii. 20% of net premium income; or iii. 15% of net claims outstanding provision, whichever is the greatest. 4.1.3. In addition to this, a general insurer incorporated in Samoa is required to maintain at all times paid up capital of not less than $1,000,000.

26 5. Recognition of Assets in the Calculation of Solvency 5.1. The following assets will not be included for solvency calculation: a. a loan to a person who is, or when the loan was made, was: i. a director, principal officer, manager, actuary or auditor of the insurer; ii. director or principal officer of a body corporate related to the insurer; iii. the spouse or other immediate family member of a person referred to in (i) or (ii) above; b. a loan to, amount due from, debenture of, prepayment with, or share in a body corporate which is related to the insurer, except to the extent of the Commissioner’s approval; c. an unsecured loan to a person who is, or when the loan was made was, an employee of the insurer; d. an asset that is mortgaged or charged for the benefit of a person other than the insurer to the extent of the value of the mortgage or charge; e. an unpaid premium, other than an unpaid premium secured against a life policy, that became due to the insurer more than 3 months previously; f. an amount due from a reinsurer that became due more than 3 months; g. a guarantee given to or in relation to the insurer; and h. any other intangible asset. 5.2 Section 57 of the Act defines a “controlling interest” in respect of an insurer, means an interest held by a person by whom more than 20% of the shares; nominal capital; paid up capital; or voting power, is held; or who has control of the insurer by other means, including directorship. 6. Implementation Arrangements This Standard applies to general insurance companies licensed under the Insurance Act 2007.

27 Insurance Supervision Prudential Standard (ISPS) No. 6 REINSURANCE MANAGEMENT STRATEGY

1. Introduction 1.1. Every insurer carries in its financial statements a significant liability to meet its obligations to policyholders and claimants. Reinsurance management plays a vital role in ensuring the insurer’s ability to meet these obligations and ensures its viability and capital protection. 1.2. Reinsurance management refers to the selection, monitoring, review and control of reinsurance arrangements within acceptable risk parameters, where a portion of the risks assumed by an insurer is ceded to another insurer. 1.3. This Standard is issued in accordance with Sections 5 (b) and 29 of the Insurance Act 2007 (the “Act”) as part of the Office of the Insurance Commissioner, established under section 3 of the Act, standards governing the conduct of insurance business in Samoa.
2. Objective 2.1. The Insurance Commissioner (the “Commissioner), appointed under section 4 of the Act, acknowledges the differing practices that insurance companies have, to determine the appropriate reinsurance cover and their choice of reinsurers. The purpose of this Standard is to outline the minimum requirements of the Commissioner in the development of Reinsurance Management Strategies (“ReMS”) of insurance companies licensed to conduct insurance business in Samoa.
3. Requirements under this Statement 3.1. Role of the Board of Directors 3.1.1. The Board is required to: i. identify, assess and document the risk appetite of the company; and ii. approve a reinsurance strategy that is appropriate to the company’s overall risk profile. 3.1.2. The reinsurance strategy must define and document the insurer’s strategy for reinsurance management, identifying the procedures for: i. selecting and monitoring reinsurance programs; and ii. determining all aspects of a reinsurance program, including the: a. identification and management of aggregation risks; b. identification and management of upper bounds of programs; and c. selection of participants including consideration of diversification and creditworthiness. 3.1.3. The Board must ensure that all legal and regulatory requirements for reinsurance are complied with. This is in line with Section 29 of the Act, which states that: i. An insurer must at all times have in place arrangements approved by the Commissioner for reinsurance of liabilities in respect of risks against which persons are, or are to be, insured in the course of its carrying on insurance business in Samoa.

28 ii. An insurer must submit details of its reinsurance arrangements to the Commissioner as soon as possible after the commencement of the period of cover provided by the arrangements. iii. In determining whether an insurer’s arrangements for reinsurance are satisfactory, the Commissioner must have regard to all matters that it considers relevant and, in particular to: a. the class or classes of insurance business carried on or proposed to be carried on by the insurer; b. the amount of premiums retained by the insurer during its last preceding financial year; c. the amount of premiums expected to be retained in respect of each class of business by the insurer during its next financial year; d. the insurer’s exposure to catastrophic loss; e. the amount of the insurer’s capital and free reserves; f. the nature and value of the assets of the insurer; and g. the person or persons by whom the reinsurance is or is proposed to be undertaken. 3.1.4. The Board must review the Reinsurance Management Strategy (‘ReMS’) on a regular basis and when necessary. In addition, ReMS must be reviewed when there have been changes in the company’s circumstances, its underwriting strategy, or the status of its reinsurers. 3.2. Role of Senior Management 3.2.1. Senior management must define and document clear operational policies and procedures for implementing ReMS approved by the Board of Directors. This includes: i. setting underwriting guidelines that specify the types of insurance to be underwritten, policy terms and conditions, and aggregate exposure by type of business; ii. establishing limits on the amount and type of insurance that will be automatically covered by reinsurance (e.g. treaty reinsurance); and iii. establishing criteria for acquiring facultative reinsurance cover. 3.2.2. In order to avoid uncovered risks, the terms and conditions stipulated in the reinsurance arrangements are to be compatible with those of the underlying business. 3.2.3. Adequate internal control systems must be in place to ensure that all business activities are carried out in accordance with ReMS and that the planned reinsurance cover is in place. 3.2.4. Senior management must ensure proper and effective reporting systems are in place, according to the requirements of the Board. 3.3. Internal Control 3.3.1. ReMS must be a well-defined control structure to monitor and report on the company’s reinsurance arrangements. The Senior Management is responsible for establishing a company’s internal controls.

29 3.3.2. The monitoring and review functions of a ReMS must, at a minimum, cover the following: i. the identification and recording of policies underwritten, to which reinsurance is attached; ii. the identification of dates when an obligation to pay reinsurance premium arises; iii. the identification of cases where a company has suffered a loss under a policy against which a reinsurance recovery can be made; iv. the management of the timing of payments to, and collection from, reinsurance counterparties; v. the credit standing and capacity of reinsurance counterparties to meet obligations; vi. the concentration of reinsurance programs with reinsurance counterparties, which would create large exposures; vii. the impact of adverse trends in estimated insurance liabilities on reinsurance and implications for the capacity of the insurer to meet its future policyholder obligations; and viii. any other internal control measure so recommended by the insurer’s internal auditors. 3.3.3. Internal control systems that are in place must be subject to annual audit examination. 4. Reporting to the Insurance Commissioner 4.1. For the purpose of this Standard, all licensed insurance companies in Samoa are required to provide a copy of the ReMS to the Commissioner upon request. 4.2. An insurer must adhere to its ReMS at all times and must advise the Commissioner of instances where it intends to undertake activities in a manner that would represent a deviation from its ReMS. Any such activities must first be approved by the Insurer’s Board. 4.3. An insurer must inform the Commissioner immediately in writing if there is a likelihood of a problem arising with its reinsurance arrangements that is likely to materially detract from its current or future capacity to meet its obligations, and discuss with Commissioner its plans to address this situation. 4.4. An insurer must submit to the Commissioner, the most recent ReMS for the purpose of onsite examination. 5. Implementation Arrangements The Commissioner will assess the compliance of the Insurers with the requirements of this Standard during on-site examinations. This standard applies to all insurance companies licensed under the Insurance Act 2007.

30 Insurance Supervision Prudential Standard (ISPS) No. 7 POLICY GUIDELINE ON COMPLAINTS MANAGEMENT

1. Introduction 1.1. This guideline is issued under Section 5 (b) of the Insurance Act 2007 (the “Act”) as part of the Office of the Insurance Commissioner, established under section 3 of the Act, standards governing the conduct of insurance business in Samoa. 1.2. The purpose of this notice is to outline the Insurance Commissioner’s (the “Commissioner) minimum requirements relating to complaints management by Insurers licensed to conduct insurance business in Samoa. 1.3. Safeguarding the interests of policyholders and beneficiaries of insurance policies is a fundamental requirement in the financial system. These interests if neglected could lead to differences between the insured or beneficiaries and the Insurers through customer complaints. Unresolved complaints may lead to losses for the customers, or the Insurers. The publication of complaints through the media may damage the reputation of Insurers in the public eye and could erode public confidence in the Insurance Industry if complaints are not handled with proper procedures. 1.4. One of the functions of the Commissioner is to “promote sound financial structure”. Therefore, the Commissioner deems it necessary to establish minimum guidelines for customer complaints management that must be implemented by the Insurers. This would assist the insured and policy beneficiaries to develop a positive attitude knowing that there are procedures that would adequately address their cause, should the need arise. 1.5. The minimum standards in this guideline have been aligned to international standards.
2. Objectives of this Guideline 2.1. The objective of this guideline is to provide the Insurers with a minimum framework for complaints management, to ensure that customer complaints are promptly investigated and resolved in a satisfactory manner. 2.2. This guideline applies to Insurers who may be recipient of complaints, whether verbal or written, lodged by the customer or authorised customer representative in relation to the products and/or services it provides, or fails to provide, including what could be unfair treatment of customers or unreasonable conduct by the Management and staff of the Insurer.
3. Minimum Requirements of this Guideline 3.1. The minimum requirements of this guideline are stipulated in two parts. 3.2. The first part outlines the responsibility of the Board of the Insurer (or its proxy) to approve the policy framework for complaints management. The second outlines the operational procedures for complaints management.

31 4. Complaints Management Policy Framework 4.1. The Insurer must establish and have an in-house complaints management policy framework governing complaints management procedures and practices which must include but not be limited to the following: i. A clear mandate for complaints management and resolution within the insurance companies; ii. Roles and responsibilities; iii. Delegation of complaints authority; iv. Resources and training; v. Confidentiality; vi. Conflict of interest; vii. Record keeping; and viii. Review of complaints management policy. 4.2. Roles and Responsibilities 4.2.1. The Board of Directors must approve the complaints management policy and the associated key procedures. A complete governance structure in relation to complaints management, compliance of policies and procedures must be put in place. Complaints management function must be subject to internal audit. 4.2.2. The role of Senior Management must include, but not be limited to the following: i. implement the policy and procedures approved by the Board; ii. ensure that the Insurer’s staff gives appropriate priority to helping complaints handling staff investigate and resolve complaints; iii. ensure that complaints that cannot be resolved by complaint handling staff are referred to appropriate authorities in line with an approved delegation of complaints authority; and iv. ensure that adequate training is given to complaints handling staff at all levels. 4.2.3. The Insurer is required to have a unit or function established specifically or combined with other duties with designated staff to handle and resolve complaints lodged by the customer or authorised customer representative. 4.2.4. The Insurer should ensure that complaints handling staff: i. are independent, unbiased and skilled; ii. keep complaint registers updated; iii. acknowledge in writing by no later than seven working days from the date complaint is received, clearly stating the name of the designated officials or unit manager that could be contacted for redress as per the approved delegation of complaints authority, their telephone and fax number, and email address for proper and timely contact by the customer or authorised customer representative; iv. are familiar with the complaints management policy; and v. have knowledge of the products and activities of the Insurer. 4.3. Delegation of Complaints Authority 4.3.1. Senior management must establish a clear delegation of complaints authority. The delegation of complaints should take into account relevance, complexity and sensitivity of the complaints.

32 4.3.2. Delegation should include the names of positions of staff and senior executives involved and the types of complaints they are to handle. This includes complaints that would be referred to legal practices, or other complaints investigatory entities. This would avoid complaints held at levels that do not have the authority to resolve such complaints. 4.4. Resources and Training 4.4.1. The complaints handling system must be properly staffed and resourced. The Insurer must meet quality and timeliness standards for complaints handling. 4.4.2. Complaints handling staff should be well versed with the Insurer’s complaints handling policies and procedures. 4.5. Confidentiality 4.5.1. The Insurer should implement and maintain proper procedures to maintain confidentiality of all complaints it receives from customers or authorised customer representatives. 4.5.2. Information privacy should be observed when collecting, storing, using and disclosing personal information obtained in the complaint handling. 4.5.3. The Insurer should ensure that the identity and information relating to any complaints, or complaints against staff should be treated with confidentiality including whistleblowers’ complaints. 4.6. Conflict of Interest 4.6.1. The Insurer should ensure that complaints are investigated by an employee who was neither directly nor indirectly involved in the matter which is the subject of the complaint. 4.6.2. The Insurer should implement other measures as it deems necessary to ensure that any potential conflict of interest for employees is effectively alleviated. 4.7. Record Keeping 4.7.1. The Insurer must maintain a Master Register and records of all complaints received for record keeping, reporting and transparency purposes. The register should include, but not be limited to the following: i. the name and address of the complainant; ii. the policy number to which it relates; iii. the date of the complaint; iv. the brief description and where possible amount of the complaint; v. progress on the complaints; and vi. settlement date. 4.7.2. In situations where complaints received require legal proceedings and other professional investigatory skills, the Insurer must have in place adequate procedures to cover these areas of complaint handling. Such complaints also need to be recorded and updated in the Master Register held at the head/main office. 4.7.3. The Insurer is required to record, retain the receipts, handling and resolution of complaints in line with the timeline required under the statute of limitation.

33 4.8. Review of Policy 4.8.1. The Insurer must ensure the availability of the complaints management policy to all of its staff for internal use and reference. 4.8.2. Senior management must be responsible for reviewing the complaints management policy at least annually. 5. Operational Procedures for Complaints Management 5.1. Receiving of Complaints 5.1.1. The Insurer shall accept complaints lodged by customers or authorised customer representatives. 5.1.2. Complaints may be lodged in writing or verbally, by any reasonable means (for example, letter, telephone, facsimile, email, or in person). Complaints can also be lodged by filling an Insurer prescribed complaint form. 5.1.3. Special attention should be given to customers with intellectual disability, language problem, poor mental health and difficulty in understanding written information. 5.1.4. Where possible, electronic complaints lodgment system could be programmed to send an automated response to reassure the customer that the complaint was received. 5.1.5. A description of the complaints handling system, or the Insurers prescribed complaint form should be accessible to customers, via the Insurer’s website, if possible, or in correspondence with customers, through pamphlets and posters. 5.1.6. Complaints registered online should be also registered on the main complaints register kept at the head or main office. 5.2. Complaints Handling and Dispute Resolution 5.2.1. The Insurer must endeavour to resolve complaints received no later than twenty working days unless legal proceedings are required. 5.2.2. When complaints are resolved, the Insurer must convey the decision in writing to the customer or authorised customer representative as soon as practicable. 5.2.3. Where legal proceedings are required, relevant parties concerned, including the complainant must be informed accordingly. Outcome from the legal proceedings must be communicated soon after the proceedings. 5.2.4. For complaints lodged, the Insurer may require complainants to enclose photocopies of originals and full disclosure of supporting documents. The twenty working days timeline begins from the date when the Insurer receives full documentation from the complainant. 5.2.5. The Insurer must provide the status of complaints at any time, either voluntarily, or when the customer or the authorised customer representative makes a request.

34 5.2.6. Where complaints cannot be resolved, the Insurer must state clearly the reasons and is to be signed by the appropriate senior executive. 5.2.7. The Insurer must provide complainants with internal and/or external review options if he or she is dissatisfied with the outcome, or with the manner in which the complaint was handled. If a complainant wishes to refer his/her complaint to a senior officer, then this must be facilitated provided the senior officer is within the delegation of authority. 5.3. Monitoring of Complaint Handling and Resolution 5.3.1. The Insurer must establish internal reporting mechanism on complaint resolution process, effective procedures to monitor complaints, and produce regular reports to senior management for review. All complaints reports must be read by senior management. 5.3.2. Monitoring of complaints handling and resolution may include gathering data on: i. complaints received; ii. complaints substantiated; iii. complaints acknowledged or resolved outside target time and those that remain outstanding; iv. complaints going to court; v. suggestions from customers arising from complaints; and vi. complainants who remain dissatisfied with the resolution of the complaints. 6. Oversight by the Office of the Insurance Commissioner 6.1. The Commissioner will conduct ongoing monitoring of the Insurer’s compliance with the requirements of this policy. 6.2. In addition to ongoing monitoring, the Commissioner will carry out on-site examination of the complaints management policy and implementation. 6.3. Where complaints have been referred to the Insurer by the Commissioner, such complaints must be fully investigated. The Insurer must respond appropriately by no later than seven working days of receipt of complaints from the Commissioner. 7. Implementation and Arrangements 7.1. This guideline applies to Insurance Companies licensed under the Insurance Act 2007. This guideline will be reviewed as deemed necessary from time to time and changes may be made to the policy or procedures as contained herein.