SIB/64/2026 – External Auditor of an Insurance Company

1 LICENSING AND SUPERVISION OF INSURANCE BUSINESS DIRECTIVE NO. SIB/64/2026 EXTERNAL AUDITOR OF AN INSURANCE COMPANY Whereas, it is essential to ensure that an insurance company maintains accurate and reliable records and prepares financial statements in line with International Financial Reporting Standards (IFRS) and regulatory requirements; Whereas, it is essential to ensure that an insurance company has adequate governance and monitoring for the appointment of external audit professional service, and also ensures that external audit is performed by qualified and independent auditor; Whereas, increased reliance on the works of external auditors is believed to enhance quality and effectiveness of Risk Based Supervision (RBS); Whereas, disclosure is necessary to enhance market discipline and public confidence thereby inducing insurers to behave in a prudent and efficient manner; Now, therefore, in accordance with sub-article 28(1&3), 29(1),30 (2), 31(1), 33(1), and 64(2) of Insurance Business Proclamation No.746/2012 as amended by Insurance Business(Amendment) Proclamation No.1163/2019; the National Bank of Ethiopia has issued this Directive.

1. Short Title This Directive may be cited as “External Auditor of an insurance company Directive No. SIB /64 /2026”.
2. Definition For the purpose of this Directive, unless the context requires otherwise, the term:

2 2.1) “audit engagement letter/audit contract” means a document containing the auditor's acceptance of the appointment, the objective and scope of the audit, the extent of the auditor's responsibilities to the client and vice versa, as required under financial reporting framework of Accounting and Auditing Board of Ethiopia (AABE) and International Standards on Auditing (ISA); 2.2) “audit engagement team ” means all partners and staff performing the audit engagement , and any other individual who perform audit procedure on the engagement, excluding an auditor’s external expert or an internal auditors who provided direct assistance on an engagement. 2.3) “audit manager” means a person by whatever title he may be referred to, who is in charge of a specific audit engagement in an insurance company on behalf of the external auditor; 2.4) “insurance company” means a company licensed by the National Bank to undertake insurance business or an insurance company owned by the Government; 2.5) “business associates” means an external party with whom a person has, or plans to establish, some form of business relationship with. 2.6) “chief executive officer” means a person by whatever title that person may be referred to who is primarily responsible for the day-to-day management of the affairs of an insurance company; 2.7) “component” means a division, branch, subsidiary, associated company or other entity whose financial information is included in the financial statements of an insurance company being audited by the principal auditor;

3 2.8) “director” means any member of the board of directors of an insurance company by whatever title he may be referred to; 2.9) “employee” means a chief executive officer, a senior executive officer or any other employee who is appointed or hired by an insurance company to carry out its day-to-day activities; 2.10) “external audit” means a process by which an independent external auditor obtains sufficient and appropriate audit evidence so as to give reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error; 2.11) “external auditor” means an auditor or external auditor licensed by AABE to provide audit service; 2.12) “financial institution” means an insurance company, a bank an insurance company, a microfinance institution, a capital goods finance company, a re￾insurer, a micro insurance provider, postal savings, money transfer institution, digital financial service provider or such other institution as determined by the National Bank; 2.13) “group auditing” means the auditing of a group of financial statements that includes the financial information for more than one entity or component or business activity for which financial information is separately prepared, and which is included in the group financial statements; 2.14) “immediate family member” means spouse or persons having relationship with first degree consanguinity or affinity to the auditor and shall include children, parents and sibling of the auditor;

4 2.15) “immediate family member” means spouse or persons having relationship with first degree consanguinity or affinity to the auditor and shall include children, parents and sibling of the auditor; 2.16) “independence” in addition to professional code of ethics/conduct adopted and required by AABE and as stipulated under relevant law, means freedom from conditions that threaten the ability of the external auditor to carry out its responsibilities in an unbiased manner; 2.17) “National Bank” means the National Bank of Ethiopia; 2.18) “other auditor” means an auditor, other than the principal auditor, with responsibility for reporting on the financial information of a component which is included in the financial statements audited by the principal auditor. Other auditors include affiliated firms, whether using the same name or not, and correspondents, or unrelated auditors;” 2.19) “person” means natural or juridical person; 2.20) “principal auditor” means the auditor with responsibility for reporting on the financial statements of an insurance company when those financial statements include financial information of one or more components audited by another auditor; 2.21) “senior executive officer” means any officer of an insurance company who is deputy to the chief executive officer or is directly reporting to the board of directors; 2.22) “substantive procedures/tests” means those activities to be performed by the external auditor to detect material misstatement or fraud at the assertion level; 2.23) “term of office” means three consecutive years

5 2.24) “expressions” in masculine gender also include feminine gender. 3. Scope of the Directive This Directive shall be applicable to all insurers and an Ethiopian reinsurer operating in Ethiopia. Consequently, in implementing the provisions of this directive to a reinsurer, so far as may be the word insurer’ shall be held to include a “reinsurer”. 4. General Provisions on Appointment of an External Auditor 4.1) An insurance company through its shareholders meeting shall select and appoint an external auditor through a competitive bid and in compliance with its own procurement policies and procedures for a one term of office. 4.2) Notwithstanding the provision stated under sub article 4.1 of this Article, the audit of an insurance company owned by the Federal Government shall be performed by the Office of Auditor General or its appointee as stipulated under relevant laws without necessarily going through a competitive procedure. 4.3) An insurance company may re-appoint an external auditor appointed as per sub-article 4.1 hereinabove for the following years within the first appointment, without competitive bid. However, an external auditor appointed through competitive bid shall not hold office for more than one term of office in an insurance company. 4.4) An external auditor may be appointed through competitive bid for a maximum of 2 (two) consecutive terms of office; i.e., 6 (six) years. An insurance company may consider and appoint an external auditor who served for 2 (two) consecutive terms of office i.e., 6 (six) years, only after the lapse of 3 (three) consecutive years from the last date of engagement of the external auditor.

6 4.5) An external auditor elected by a subscribers meeting will hold office until the first annual general meeting of shareholders and may be reappointed by the first annual general meeting. 4.6) Without prejudice to sub article 4.5 of this Article, an external auditor who was appointed by the subscribers meeting and is reappointed by the first annual general meeting for one term of office shall only serve for two consecutive years. 4.7) Upon re-appointment of an external auditor, the terms of audit engagement letter/audit contract shall be revised if the level of change in the insurer’s business, or composition of external audit team warrants doing so and/or if there exists misunderstandings of the objective and scope of the audit. 4.8) An external auditor who ceased an audit engagement of an insurance company before the end of the agreed period due to unacceptable reason shall only be considered for further appointment, through competitive bid, only after a lapse of 3 (three) consecutive years from the date of discontinuing of the audit engagement. 4.9) If an insurance company’s external auditor is accused of a conflict of interest, no longer meets eligibility requirements and/or fails to adequately perform the required functions or duties; the National Bank may order an insurance company to replace the external auditor. 5. Selection of an External Auditor In conducting the selection and appointment of an external auditor, an insurance company shall:

7 5.1) ensure that an external auditor or any partner thereof is licensed by the Accounting and Auditing Board of Ethiopia and has subsequently renewed its license as appropriate; 5.2) ensure that the audit engagement team as a group has adequate and comprehensive IFRS knowledge as evidenced with IFRS training certificate. 5.3) the audit manager and audit engagement team members shall have necessary qualification and adequate experience in an insurance company audit that are sufficient to the risk, complexity and peculiar nature of their work and ensuring of the required audit quality standards; 5.4) assess that the proposed audit engagement team has members or has access to expertise having adequate knowledge, understanding and training of fair value estimation and is able to check the robustness of the processes for determining fair value of assets and liabilities; and also to evaluate key assumptions and inputs that an insurance company has used in its valuations; 5.5) ensure that audit engagement team members were not employees of the insurance company to be audited, in the last 3 (three) years; 5.6) ensure that a person appointed as an external auditor of an insurance company may not be granted any insurance service, loan or advance from such an insurance company except in the normal course of business conducted at arm’s length ; 5.7) clearly state in the audit contract that the contract with the external auditor may be cancelled if an external auditor fails to fulfill the criteria set out in this Directive and other relevant laws due to change in its ownership, directors and managers and any disciplinary or legal actions taken against the firm or any of its audit engagement team;

8 5.8) require an external auditor to complete a written “Independence Confirmation” and “Fit and Proper Declaration” forms for each and every proposed audit engagement team members, for every appointment or re-appointment, as per Annex I and II of this Directive, respectively; which shall be submitted to the National Bank by the insurer when seeking approval for the appointed auditor; and 5.9) shall ensure that the appointed auditor is independent and has no conflict of interest with respect to the insurer; and notify the National Bank in writing if, at any time it forms of the opinion that its auditor is not independent. 6. Approval by the National Bank 6.1) An insurance company shall submit written approval request for the appointment or re-appointment of an external auditor to the National Bank within 20(twenty) working days from date of appointment or re-appointment of an external auditor, along with annual general meeting minutes and other supporting documents as per Annex III of this Directive. 6.2) If the terms of audit engagement letter/audit contract is revised as per sub￾article 4.7 of this Directive, an insurance company shall submit written approval request to the National Bank within 10 (ten) working days of such revision. 6.3) No insurer shall remove or change its external auditor/s already appointed and approved by the National Bank, without notifying the NBE. 7. Responsibilities of the Board of Directors of an Insurance Company The board of directors of an insurance company, without prejudice to other responsibilities entrusted to it per relevant law, shall directly or through its audit committee:

9 7.1 ensure that the external auditor who examines and reports on its financial statements has complete and unhindered access to and is provided with all necessary information; 7.2 ensure attendance and participation of the full board for a separate pre-audit meeting and exit meeting to be done with external auditors; 7.3 monitor the independent conduct of the audit function and shall maintain effective communication with the external auditor to enhance the quality of the overall audit findings; 7.4 ensure that all significant line of businesses, activities and processes, board concerns, and any subsidiaries thereof, have been audited and/or validated by its external auditor; and opinion has been reflected thereof; 7.5 review the terms of audit engagement letter prior to offering the audit work and ensure that it is prepared in line with the provisions of this Directive and other relevant laws; and the agreed terms shall be documented in a clearly written audit engagement letter; 7.6 ensure that the external auditor/s fulfills requirements set out in this Directive and recommend for the appointment and approval to the shareholders’ meeting; 7.7 ensure fair and transparent reporting and prompt publication of the financial statements and the disclosures thereof; 7.8 conduct detailed deliberations on all matters and findings with the external auditor, in the presence of its internal auditors; and strengthen corporate governance of the insurance company accordingly; and

10 7.9 evaluate the effectiveness of governance, monitoring and conduct of the external audit process at the end of every audit cycle or every year and periodically assess if required disclosures are made. 8. Reporting Requirements 8.1 Audit report of an insurance company shall directly be presented by the external auditor to the shareholders of an insurance company. 8.2 An insurance company shall submit the audit report together with the management letter to the National Bank within 3(three) months from the end of the financial year. 8.3 Management Letter in sub-article 8.2 hereinabove shall include all early warning and/or any signaling issues; and accordingly shall include at least the following matters: a) weaknesses in internal controls; b) mis-valuation of assets or any misstatements and frauds committed; c) breach of laws or regulations or the National Bank Directives or the insurer’s memorandum of association or failure to meet the National Bank’s requirements as identified during the course of audit; d) irregularities which may jeopardize the security of policyholders or creditors; e) issues that affect the insurer’s ability to continue as a going concern; f) any adjustments made to the financial statements; g) material adverse changes in any risks of the insurer’s business; h) any other governance related weaknesses. 8.4 Where it is deemed important, the National Bank may:

11 8.4.1 access external auditor’s working papers, demand walk through presentation, require the auditor to extend the scope of the audit; call the external auditor for a tripartite meeting that includes management of the insurer; and 8.4.2 file complaint or provide information to AABE in the event of unsatisfactory audit work and outcome for initiation of conduct of necessary investigations on external auditors. . 9. Disclosure Requirements 9.1 An insurance company shall post in its official website audited financial statements/reports and related disclosures including its core activities, solvency, risk profile, capital, risk assessment processes, fair value estimates and methodologies and uncertainty surrounding estimates both in qualitative and quantitative terms; within 2 (two) weeks from the date of approval of the external audit report. 9.2 An insurance company shall have disclosure policies and procedures which shall address matters related to disclosures of financial records and related information including internal controls and periodical assessment needed over the disclosure process. 10.Effective Date This Directive shall enter into force as of 26th day of March 2026.

1 Annex I: External Audit engagement team Member’s Independence Confirmations Form1 This confirmation of independence and compliance with ethical requirements is provided in respect of the audit of the financial statements of the (Name of the insurance company ) and its related entities including _________________,__________________, _________, and for the FY ended ___________. I confirm that I am in compliance with the applicable independence rules as specified below, with respect to (Name of the Insurer); hereafter referred to us “a client” in addition to the requirement of the International Ethical Requirements for external auditors.

1. I or my immediate family members do not have a financial interest in a joint venture or business relationship (or commitment to do so) with the client or any related entity or any chief executive officer, senior executive officer, director or other individual who performs senior managerial functions for this client thereof.
2. I or my immediate family members are not the beneficiaries of any estate or trust which has a direct financial interest in this audit client or any related business entity.
3. No immediate family member is a director, chief executive officer, senior executive officer or is in a position to exert direct and significant influence over the financial statements of this client or any related entity, or was employed in such a role.
4. I or my immediate family members including spouse and dependents do not have a direct or indirect financial interest in this audit client or any related entity.
5. I or my immediate family members have not served as a trustee or as an executor over any interest that has or is committed to acquire a direct or material indirect financial interest in this client or any related entity. 1 This form should be completed at the engagement planning stage by each of the audit team members

2 6) I do not have a close personal relationship with a director, executive officer or any employee of the client or related entity that is in a position to exert direct and significant influence over the financial statements. 7) I am not an employee of this client or any related party and I will not entertain an offer of employment with this client or a related entity during my office term. 8) I further confirm that if the above circumstances change during the engagement period, I will notify the audit manager or the client any such changes in a timely manner. 9) I signed under the table below that I am in compliance with independence rules listed from No.1 to 8 hereinabove and I will comply with independence rule No. 9, hereinabove. Otherwise, I will be legally responsible. No. Name of Engagement Team Member Designation/Engagement Role Signature 1 2 3 4 5 6 7

3 Annex II: External Audit engagement team Members’ Fit and Proper Declaration Form Name: _______________________________________ Engagement Role: _____________________________________ Specific Tests to Assess Fit and Proper Criteria Please answer the entire “YES”/”NO” questions and sign accordingly.

1. Have you been insolvent or declared bankrupt by a court? Yes No
2. Have you been convicted by the court for any criminal offence, fraud/forgery, financial crime or other illegal activities? Yes No
3. Have you been a defaulter of any bank or other financial institution? Yes No
4. Have you been a defaulter of any tax? Yes No
5. Have you ever been subject to any proceeding of a disciplinary or criminal nature, or notified of any impending proceedings or of any investigation, which might lead to such proceedings? Yes No
6. Have you, or any business in which you have had controlling interest or have exercised significant influence, been investigated, suspended or criticized by a regulatory or professional body, a court, whether publicly or privately? Yes No
7. Have you ever been associated, in ownership or management capacity, with a company, partnership or other business association whose license revoked, withdrawn or terminated? Yes No
8. Have you ever contravened any of the requirements and standards of a regulatory body, professional body, government or its agencies? Yes No
9. Have you ever been a director, partner, or otherwise involved in the management, of a business that has gone into receivership, insolvency or liquidation while you have been connected with that business or within one year after that connection? Yes No

4 10. Have you ever been dismissed, asked to resign or resigned, from employment or from a position of trust, fiduciary appointment or similar for negligence, incompetence or mismanagement? Yes No 11. Have you ever been disqualified from acting as director or serving in a managerial capacity? Yes No 12. Do you have reasons to believe that any of your immediate family members or business associates, if subject to the above tests, would have responded as “Yes” to any of the above questions? Yes No I hereby declare that to the best of my knowledge and belief the statements made and the information supplied in this questionnaire hereinabove and the attachments are correct and that there are no other facts that are relevant for assessing my fitness and propriety; I understand that the client may seek additional information from any third parties it deems necessary in view of my fit and proper test; and I undertake to bring to the attention of the Engagement Partner/Manger and/or a Client any matter which may potentially affect my status as being a fit and proper person as and when they arise. Name_______________________________ Signature___________________________ Date: /__/____