LogoRegulatory Alerts
2012-06-05

Inspection Manual for Insurance Companies

Issued by Japanese financial regulators in January 2012, this manual establishes the framework and standards for inspecting insurance companies to ensure business soundness and customer protection. It mandates a risk-focused, forward-looking inspection approach that emphasizes in-depth analysis of root causes and dynamic improvement efforts rather than mechanical compliance. The document provides detailed checklists for governance, legal compliance, sales management, and various risk areas to guide inspectors in evaluating internal control systems and corporate responsibility.

Financial Services Agency Japan logo

Japan

Financial Services Agency Japan

Click to view thumbnail

(Provisional translation) *This translation is provisionally prepared and subject to change without notice. Insurance Inspection Manual (Inspection Manual for Insurance Companies) January 2012

Insurance Inspection Manual Table of Contents Introduction ......................................................................................................................1 Points of Attention for Inspections with Use of This Manual ..........................................3 Checklist for Business Management (Governance) (for Basic Elements) .......................6 Checklist for Legal Compliance.....................................................................................26 Checklist for Insurance Sales Management ...................................................................46 Checklist for Customer Protection Management ...........................................................73 Checklist for Comprehensive Risk Management .........................................................119 Checklist for Insurance Underwriting Risk Management ............................................178 Checklist for Asset Investment Risk Management.......................................................194 Checklist for Operational Risk, etc. Management........................................................263 Appendix Checklist for Field Inspections.....................................................................................308

Introduction

  1. Interpretations and applications of this manual should be in accordance with “The Financial Inspection Basic Guidelines,” issued on July 1, 2005, which specify the basic concepts of inspections of insurance companies.
  2. In order to conduct appropriate inspections based on the basic concepts shown in the Basic Guidelines, when inspectors conduct inspections of insurance companies, they must pay particular attention to the following points. (1) Inspection focusing on major risks (“a risk-focused, forward-looking” approach) Based on information and examination details obtained before and through on-site inspections, the inspector must analyze the locations of risks in each insurance company, and endeavor to conduct a prioritized examination focused on major risks.1 (2) In-depth analysis and clarification of causes, which lead to the fundamental improvement of problems Regarding problems which have a major effect on the soundness etc. of the business, the inspector must have dialogues between the inspector and the insurance company and carry out especially in-depth analysis and clarification of the causes, which will lead to a shared understanding with the insurance company regarding the direction of actions needed for fundamental improvement of the problems (direction of improvement). (3) Identification of problems, evaluation of appropriate improvement efforts, and examination of static and dynamic aspects The inspector must accurately understand the actual circumstances, considering two points: (i) accurately identifying problems, and evaluating appropriate initiatives that lead to improvements and enhancements, (ii) in addition to the static aspect at the inspection, also fully examine the dynamic aspect, such as progress in system development.2 (4) Specific and logical pointing out, and clarification of items to be considered for improvement In advancing dialogues and discussions on findings, the inspector must show specific and logical grounds, and in order to build a more advanced internal control system, clarify the

1 Here, it covers all risks which could have a major effect on ensuring the soundness and appropriateness of the insurance company’s operations, not limited to the risks of each risk management system mentioned in this manual. In addition to cases where problems have occurred, major risks include risks which have not yet caused problems. In making such judgments, in addition to the extent to which problem occurrence will affect the business, the investigation must consider the possibility of the problem actually occurring. 2 One must fully investigate vectors toward improvements and enhancements. (Is it heading towards improvement and enhancement? Do the initiatives cover a broad scope? Are the initiatives carried out with a sense of urgency?) 1

2

points which should be considered for improvement, and show them specifically. (5) Accurate understanding (“feeling of agreement”) of examination findings The inspector must use accurate examinations, dialogue and discussions with the management, etc., to obtain accurate understanding (“feeling of agreement”) of the examination findings, in order to lead to the insurance company’s proactive and dynamic efforts for business improvement. 3. This manual is intended to be a guide for inspections of insurance companies. Insurance companies, for their part, should endeavor to ensure the soundness and appropriateness of their business and protect their customers, based on the principle of self-responsibility and under the leadership of management, by exploiting resourcefulness and creativity to develop policies and internal rules suited to their own scale and nature. This concept is shared by insurance companies and the authorities, in “Principles in the Financial Services Industry.”3 Meanwhile, insurance companies are not necessarily required to meet all of the criteria set forth in the check items of this manual. When using this manual, inspectors should take care not to apply the criteria mechanically and uniformly, in light of the company’s scale and nature. Therefore, even in a case where an insurance company does not literally meet the requirement of a check item, it should not be regarded as inappropriate if the arrangements and procedures put in place by the company are reasonable from the viewpoint of securing the soundness and appropriateness of its business and customer protection, and are thus deemed as effectively meeting the requirement or as sufficient in light of the company’s scale and nature. For example, if an insurance company does not have a division described in the checklist of each system, the inspector should review, with due consideration of the company’s scale and nature, whether its organization is structured in a way to enable the execution of necessary functions and a check-and-balance system. 3 Published in April 18, 2008, as major norms and principles of conduct for how an insurance company conducts its business, and for administration by authorities. These principles present concepts, such as that financial service providers are expected to “1. pursue greater customer benefits and fulfill their expected roles through voluntary efforts with creativity” and “12. conduct appropriate risk management in accordance with the size and features of the business operation and inherent risk profile.”

Points of Attention for Inspections with Use of This Manual (1) This inspection manual shall apply to all insurance companies, including the overseas offices of Japanese insurance companies (overseas branches, locally incorporated entities, representative offices, etc. provided however, that the determination of whether to include these offices in the inspection subject to this manual shall be judged in view of applicable laws and regulations, including the local regulatory framework), as well as Japanese branches of foreign insurance companies, etc. and specified corporations. (2) When the insurance company is a company with a committee system, inspections shall be conducted from the viewpoint of whether the Board of Directors, committees (such as the nomination, compensation, and audit committees), executive officers, and other corporate structures exercise their empowered authority, etc., paying attention to the following points:

  1. The authority to execute business is bestowed on executive officers, and in principle, directors do not have the authority to execute business.
  2. The Board of Directors may delegate, by resolution, the authority to make business decisions to executive officers.
  3. The purpose of the Board of Directors is to supervise the execution of the respective duties performed by directors and executive officers.
  4. Auditing authority is bestowed on the audit committee, and not on individual audit committee members. (Audit committee members appointed by the audit committee may exercise the authority of the audit committee.) (3) In the case where an executive director (non-director) assumes the roles and responsibilities that would normally be assumed by a director in charge of a specific business operation, it is necessary to conduct a comprehensive review as to whether the Board of Directors has assigned the officer authority similar in effect to that which would be granted to a director in charge, whether the focus of the responsibility is made clear, and whether the Board of Directors sufficiently monitors the execution of the relevant business operation. Based on the findings thereof, the inspector should determine whether the executive officer is performing the roles and responsibilities required for a director in charge, as specified in the checklists of this manual. (4) Furthermore, when due to certain special reasons, it is necessary to conduct an inspection of subsidiaries, etc., of insurance companies or parties conducting business on their behalf, examinations as may be required shall be conducted in accordance with the applicable sections 3

of this manual. (5) Unless specified otherwise, items expressed in the question form such as “does the company…” or “is the company…” refer to requirements that must be met by insurance companies. Meanwhile, items preceded by “It is desirable…” refer to best practices recommended for insurance companies, unless specified otherwise. With regard to items accompanied by “for example,” insurance companies are not required to fully comply letter-by-letter with the criteria and requirements specified therein. They are merely examples of items that may be useful for checking whether insurance companies are meeting certain criteria and requirements, in a manner befitting the scale and nature of their business. (6) The following are definitions and uses of some of the key terms in this manual

  1. Items that are defined as roles of “the Board of Directors” are items for which the Board of Directors itself needs to determine substantial matters related thereto. However, this shall not preclude another deliberative body, division or department from discussing draft proposals for decision.
  2. The “Board of Directors or organization equivalent to the Board of Directors” includes, in addition to the Board of Directors, other entities that decide matters concerning corporate management, with the participation of senior managers such as a council of managing directors and a corporate management council (hereinafter referred to as the “Council of Managing Directors, etc.”). It is desirable that decisions concerning items specified as the prerogatives of the Board of Directors or organization equivalent to the Board of Directors be made by the Board of Directors itself. In the case where the decision-making authority is delegated to the Council of Managing Directors, etc., it is necessary to make sure that the delegation has been made in a clear manner, that a follow-up review is provided for through the compilation of the minutes of meetings of the Council of Managing Directors, etc., and that a sufficient check-and-balance system is ensured, through arrangements such as requiring reports to be made to the Board of Directors, and allowing corporate auditors to attend meetings of the Council of Managing Directors, etc.
  3. The “business locations” refers to organizations, other than the head office, which includes branches, regional offices, business line headquarters, business offices, overseas branches, and overseas corporations. The term “business locations, etc.” refers to business locations, and also includes service centers (including loss investigation operations), overseas representative offices and other locations that are not engaged in sales activities, and business locations other than the head office.
  4. The “manager” refers to persons in senior managerial positions in management divisions 4

5 (including directors). Furthermore, the term also refers to the head of a business location, or senior managers thereof (including directors) with levels of responsibility equivalent to or higher than the head of a business location. 5) The “employees, etc.” refers to employees, sales representatives, and insurance agents of insurance companies. 6) The “insurance sales representatives” refers to sales representatives and insurance agents, but does not include insurance brokers. 7) The “policyholders” refers to persons who are parties to insurance contracts with insurance companies. 8) The “policyholders, etc.” refers to policyholders, insured persons, and beneficiaries. 9) “Internal rules” are rules that specify arrangements on an insurance company’s business in accordance with its corporate management policy, etc. that are applicable within the company. It should be noted that internal rules do not necessarily have to specify detailed procedures. 10) The “marketing and sales division” refers to a division, department, or business location engaged in sales business. For example, a division involved directly or indirectly in sales or engaged in sales promotion planning is a marketing and sales division. 11) The “legal checks, etc.,” which includes a compliance check, means, for example, a validation of the consistency and compatibility of internal rules and the legality of transactions and business operations by personnel in charge of legal affairs, a division in charge thereof, personnel in charge of compliance, the compliance control division, and in-house or outside lawyers and other experts. 12) “Monitoring” refers to not only surveillance but also implementation of specific pre-emptive measures such as issuing warnings. 13) The “risk profile” of a financial institution refers to the sum of features of various risks to which the institution is exposed. (Notes) Explanation of abbreviated terms

  1. “Act”: Insurance Business Act
  2. “Order”: Cabinet Order for Enforcement of the Insurance Business Act
  3. “Ordinance”: Ordinance for Enforcement of the Insurance Business Act
  4. “Supervisory Guidelines”: Comprehensive Guidelines for Supervision of Insurance Companies
  5. “Practical Guidelines”: Practical Guidelines for Actuaries of Life Insurance Companies or Practical Guidelines for Actuaries of Non-Life Insurance Companies (The Institute of Actuaries of Japan)

6 Checklist for Business Management (Governance) (for Basic Elements) Checkpoints

  • In order to protect customers by ensuring the sound and appropriate management of business and fairness of insurance solicitation of an insurance company, under appropriate governance, thorough implementation of legal compliance, proper insurance solicitation and customer protection, and accurate management of various risks across all businesses of the insurance company are needed.
  • In order to enable an insurance company to conduct business management (governance) effectively, officers and employees, as well as organizations within the company must perform their respective roles and responsibilities. To be more specific, directors and other executives are responsible for nurturing work ethics and cultivating a company-wide culture that attaches importance to internal control. The representative directors, non-representative directors and corporate auditors must understand their own roles in the various processes of internal control and fully involve themselves in the processes. Also, it is important that the Board of Directors and the Board of Auditors function effectively and that the functions of a check-and-balance system among divisions and departments, and the functions of internal audits by the Internal Audit Division are executed appropriately.
  • The inspector should determine whether the insurance company’s business management (governance) system is functioning effectively throughout the institution and whether the management is performing its roles and responsibilities appropriately by way of reviewing, with the use of the check items listed in this checklist, the effectiveness of the functions of five basic elements, namely a system of (1) business management (governance) by the representative directors, non-representative directors and the Board of Directors, (2) internal audits, (3) audits by corporate auditors, (4) external audits, and (5) checking by actuaries.
  • If the insurance company’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore, in particular, the possibility that the Internal Control System is not functioning effectively, and review the findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the major issues pointed out on the occasion of the last inspection and determine whether or not effective improvement measures have been developed and implemented. I. Development and Establishment of Business Management (Governance) System by Representative Directors, Non-Representative Directors and Board of Directors
  1. Development of Corporate Management Policies (1) Establishment and Development of Corporate Ethics Do directors and the Board of Directors regard the establishment of corporate ethics with emphasis

7 on the social responsibilities and the public duties of insurance companies as an important task and provide a system to develop the establishment? (2) Development and Dissemination of Corporate Management Policy and Corporate Management Plan Does the Board of Directors clearly establish a corporate management policy for achieving the objectives set by the insurance company? Does it clearly formulate a corporate management plan in accordance with the corporate management policy and disseminate it throughout the company? (3) Development and Dissemination of Internal Control Basic Policy Does the Board of Directors establish a basic policy concerning the development of a system to secure the sound and appropriate management of the insurance company’s business (hereinafter referred to as the “Internal Control Basic Policy,”) in accordance with the corporate management policy and without delegating the task to the representative directors, etc. and disseminate it throughout the company?1 Is the Internal Control Basic Policy an appropriate one befitting the scales and natures of the company’s business? (4) Development and Dissemination of Strategic Objectives Does the Board of Directors clearly develop strategic objectives for the insurance company as a whole that include company-wide profit objectives and strategies for risk-taking and allocation of human and physical resources intended to help achieve the profit objectives, in accordance with the corporate management policy and without delegating the task to the representative directors, etc.? Does the Board of Directors clearly develop strategic objectives for each operational area based on the strategic objectives for the company as a whole and disseminate both the business-by-business and company-wide strategic objectives throughout the company? (5) Verification of Compatibility and Consistency of Risk Management Policies, etc. With regard to company-wide risk management, does the Board of Directors establish a Comprehensive Risk Management Policy and a management policy for various risks based on the strategic objectives for the company as a whole after verifying their compatibility and consistency? 2. Roles and Responsibilities of Directors and Board of Directors (1) Roles and Responsibilities of Representative Directors and Non-Representative Directors (i) Do the directors regard legal compliance, proper insurance solicitation, customer protection and

1 The inspectors should review the document that includes the insurance company’s basic policy for developing a system for securing the soundness and appropriateness of its business regardless of the title of the document such as “Internal Control Basic Policy,” ”Internal Control Policy,” and “Internal Management Policy,” etc.

8 risk management as important corporate management tasks based on an understanding of the major points of Laws (including, but not limited to laws and regulations, etc. hereinafter referred to as the “Laws’’) applicable to the insurance company, the nature of the various risks to which the company is exposed, and the importance of customer protection, improvement in customer convenience and risk management? Do they understand the importance of audits by corporate auditors, internal audits2 , external audits and checking by actuaries in ensuring legal compliance, proper insurance solicitation, customer protection and risk management? (ii) Do the representative directors appropriately allocate human and physical resources in accordance with the corporate management policy, the corporate management plan, the Internal Control Basic Policy, the strategic objectives and the Comprehensive Risk Management Policy and appropriately exercise his/her authority so as to ensure flexible management thereof? (iii) Do the representative directors take specific measures to have officers and employees get acquainted with his/her approach to legal compliance, proper insurance solicitation, customer protection and risk management? For example, do the representative directors express his/her approach to legal compliance, proper insurance solicitation, customer protection and risk management to officers and employees when delivering a New Year’s speech and speaking at branch Managers’ meetings? (2) Check and Balance against Representative Directors Do non-representative directors engage in substantive debate at meetings of the Board of Directors and perform their duties of making decisions concerning business execution and supervising business execution in order to ensure appropriate business execution by exercising a check-and￾balance system against the representative directors and preventing autocratic management? Is it ensured, for example, that under the rules governing the Board of Directors, decisions on matters concerning legal compliance, proper insurance solicitation, customer protection and risk management that would seriously affect the insurance company’s corporate management are treated as the exclusive prerogatives of the Board of Directors and judgment as to whether or not specific cases meet the criteria of “seriously affect” is not left to the representative directors? (3) Roles and Responsibilities of Outside Directors (in the case where outside directors have been appointed)

2 “Internal audits” refer to the process of review of the appropriateness and effectiveness of the internal control system of divisions (including risk management divisions. The same shall apply hereinafter.) and sales branches, etc. (including sales branches and overseas offices. The same shall apply hereinafter. Hereinafter referred to as the audited divisions, etc.) by a division in charge of internal audits (inspection division, operational audit division, etc.) that is independent from the audited divisions, etc. This process includes not only detecting and pointing out problems with the audited divisions’ administrative processes, etc. but also evaluating the internal control system and proposing improvement measures. In principle, it does not include inspections conducted by the audited divisions, etc. themselves as part of the internal control. The same shall apply hereafter.

9 Are outside directors aware of the significance of their roles and actively involved in meetings of the Board of Directors in order to ensure the objectivity of corporate management decision-making? Does the Board of Directors ensure that information concerning the conditions of the insurance company is provided to outside directors on an ongoing basis so as to enable them to make appropriate judgment at meetings of the Board of Directors? (4) Directors’ Duty of Care and Duty of Loyalty Do directors fully perform their duty of care and duty of loyalty in their execution of office, for example by engaging in substantive debate at meetings of the Board of Directors in order to ensure the sound and appropriate management of the insurance company’s business? 3. Development of Organizational Frameworks (1) Development of Company-wide Organizational Framework Has the Board of Directors developed an organizational framework that enables the insurance company as a whole to conduct business and risk management appropriately and effectively, for example by establishing divisions between which conflicts of interest may arise and assigning them authority in a way to allow them to exercise a mutual check-and-balance system even as they maintain coordination? (2) Disclosure Does the Board of Directors provide a system to disclose information about financial conditions and other matters concerning the insurance company in an appropriate and timely manner? (3) Collection, Analysis and Examination of Information Concerning Insurance Company as a Whole (i) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to obtain, from within and outside the insurance company and in a timely manner, information concerning legal compliance, proper insurance solicitation, customer protection and risk management that is necessary for corporate governance? For example, does the Board of Directors or organization equivalent to the Board of Directors make sure to have access to necessary information, for example by having the Manager of each division report matters specified by it in a regular and timely manner or on an as needed basis or by installing a computer system function that enables directors and corporate auditors to survey information managed by each division? Moreover, does the Board of Directors or organization equivalent to the Board of Directors hear opinions from the manager of the Comprehensive Risk Management Division on matters regarding the comprehensive risk management situation, periodically or as needed? Does it investigate based on those opinions?

10 (ii) Does the Board of Directors or organization equivalent to the Board of Directors have in place procedures for the storage and management of information concerning the execution of business operations by directors, etc. in accordance with the Internal Control Basic Policy? For example, does it make sure to compile, store and manage the minutes of meetings of the Board of Directors or organizations equivalent to the Board of Directors? Does it also record instructions issued by the Board of Directors or organizations equivalent to the Board of Directors and documents related to its decisions and store and manage the records as necessary? (iii) Are the contents of the minutes of the meetings, when combined with the raw data used there, sufficient to confirm the agenda and substance of the meetings, such as matters reported to the Board of Directors or organizations equivalent to the Board of Directors (including the actual status of risk management, problems related to legal compliance, appropriateness of insurance solicitation, customer protection, inappropriate acts and other problems) and details of the approval given and decisions made by the Board of Directors or organization equivalent to the Board of Directors (including the process and substance of debate)? Is it ensured that the raw data used at these meetings is stored and managed for the same period of time as the minutes? (iv) Is it ensured that corporate auditors have easy access to the minutes of the meetings of the Board of Directors or organization equivalent to the Board of Directors or other information concerning directors’ execution of business operations? (4) Handling of New Products (i) Is the Board of Directors fully aware of the importance of management concerning handling of new products and start of new business and other matters (hereinafter referred to as “New Products Management” of “New Products, etc.”), from the viewpoint of protection of policyholders, etc., and that neglecting New Products Management has large effects on the maintenance of soundness and on ensuring appropriate business operations? Has the Board of Directors clearly established a policy on New Products Management (including matters concerning development and sale of new products, and improvement and elimination existing products. Hereinafter referred to as “New Products Management Policy.”) in accordance with the management policy and business plan? Also, based on the New Products Management Policy, has the Board of Directors developed a system which can provide integrated management for New Products Management? For example, are mutual restraining functions between new products related divisions fully demonstrated, such as by establishing a product development related management division and committee in charge (hereinafter referred to as “New Products Committee etc.”)?3 (ii) Has the Board of Directors developed a system to have the New Products Committee etc. collect information on the appropriateness and legality of New Products Management, and sufficiently

3 This shall not preclude the Comprehensive Risk Management Division or other entities from conducting the New Products Screening,

11 study this? For example, is a system in place to ensure that:

  • The Comprehensive Risk Management Division and divisions in charge of managing various risks identify the risks inherent in New Products, etc. and report them to the New Product Committee, etc. in a timely manner?
  • The Insurance Solicitation Management Division studies problems from the viewpoint of insurance solicitation management, and makes timely reports?
  • The divisions and Managers in charge of customer protection management examine issues related to customer protection management and report their findings to the Board of Directors or organization equivalent to the Board of Directors in a timely manner?
  • Legal issues related to New Products, etc. are subjected to legal checks, etc. beforehand? (iii) Has the Board of Directors developed a system for receiving reports on matters regarding New Products etc. which have major effects on business? (iv) Does the Board of Directors approve the development of new products and improvement/elimination of existing products which have major effects on business? Also, are development of new products and improvement/elimination of existing products checked to see that there are no problems from the viewpoint of risk management, considering New Products Management Policy, Comprehensive Risk Management Policy, Insurance Underwriting Risk Management Policy, etc., not only from the viewpoint of strategy for sales competition vs. other companies? Moreover, freely using specialized vocabulary makes it difficult to understand insurance policy conditions. Considering this, has a system been developed for checking whether these are easy to understand from the policyholder’s standpoint? (v) Does the Board of Directors hear opinions from actuaries as needed on matters concerning actuarial science for development/sale of new products and improvement/elimination of existing products? Also, are there rational reasons when they do not follow those opinions?

(5) Management System of Subsidiaries, etc. Does the Board of Directors or organization equivalent to the Board of Directors appropriately manage the business of subsidiaries, etc.4 in a manner befitting the scales and natures of their business and provide for measures to ensure that their business is appropriate from the viewpoint of legal compliance, proper insurance solicitation, customer protection and risk management? Does the Board of Directors or organization equivalent to the Board of Directors provide for measures to ensure that transactions between the insurance company and its subsidiaries, etc. are in compliance with the rules concerning the prevention of inappropriate practices and the “arms’ length rules”?

4 See Insurance Business Act, Article 97-2, Paragraph 3.

12 (6) Emphasis on Legal Compliance, Proper Insurance Solicitation, Customer Protection and Risk Management Does the Board of Directors or organization equivalent to the Board of Directors, instead of placing too much emphasis on the Marketing and Sales Division, etc., implement specific measures that attach importance to legal compliance, proper insurance solicitation, customer protection, comprehensive risk management, management of various risks and internal audits? For example, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure that staff members engaged in operations related to legal compliance, customer protection, comprehensive risk management, management of various risks and internal audits are fairly treated in performance assessment and personnel evaluation and receive appropriate evaluation in light of the strategic importance of those operations? (7) Crisis Management System Does the Board of Directors or organization equivalent to the Board of Directors appropriately understand what constitutes a crisis for the insurance company and provide a system even in normal times to have an appropriate crisis management system in place so as to enable the management to respond immediately in the event of a crisis and take risk mitigation measures? For example, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure that a crisis management manual and a business continuity plan (BCP) are formulated and that procedures for collecting information and responding to unfounded rumors in the event of a crisis are established? 4. Monitoring and Revision Does the Board of Directors receive a report with regard to the status of business operations and the risks faced by the insurance company in a regular and timely manner or on an as needed basis and order an investigation as necessary to review the effectiveness and validity of the corporate management policy, the corporate management plan, the Internal Control Basic Policy, the strategic objectives, the Comprehensive Risk Management Policy, the policies concerning management of various risks, the Legal Compliance Policy, Insurance Solicitation Management Policy, the Customer Protection Management Policy and other policies as well as the effectiveness of the insurance company’s governance system based on these policies and revise them as necessary?

13 II. Development and Establishment of Internal Audit System

  1. Development and Establishment of Internal Audit System by Board of Directors or organization equivalent to Board of Directors
  1. Policy Development (1) Roles and Responsibilities of Directors Do directors fully understand that the development of an effective internal audit system suited to the scales and natures of the insurance company’s business and its risk profile as well as the Laws applicable to the business are vital for appropriate legal compliance, proper insurance solicitation, customer protection and risk management? In particular, does the director in charge of internal audits examine a policy and specific measures necessary for the development and establishment of an appropriate internal audit system based on an accurate understanding of the status of the company’s internal audits? (2) Development and Dissemination of Internal Audit Policy Has the Board of Directors established a policy for securing the effectiveness of internal audits (hereinafter referred to as the “Internal Audit Policy”) in accordance with the corporate management policy and the Internal Control Basic Policy and disseminated it throughout the company?
  2. Development of Rules and Organizational Framework (1) Development of Internal Audit Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or the chief of the division establish rules concerning internal audits (hereinafter referred to as the “Internal Audit Rules”) and approve them after confirming their consistency with the Internal Audit Policy? Do the Internal Audit Rules specify the following items in particular?
  • Purpose of internal audits
  • Organizational independence of the Internal Audit Division
  • Scope of the Internal Audit Division’s operations, authority and responsibilities
  • Frameworks for the Internal Audit Division to obtain information
  • Frameworks for implementation of internal audits
  • Frameworks for reporting by the Internal Audit Division (2) Development of Internal Audit Implementation Guidelines Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or the chief of the division establish a guideline that specifies the items subject to internal audits and the procedures for the implementation thereof (hereinafter referred to as the

14 Internal Audit Implementation Guidelines) and approve it? Does the Internal Audit Implementation Guidelines reflect the actual status of operations at the divisions audited, etc. and enable the implementation of effective audits suited to the divisions’ operations? Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division establish operational procedures that specify details of the items subject to internal audits and the audit procedures where necessary? (3) Development of Internal Audit Plan (i) Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or the chief of the division grasp the status of legal compliance, insurance solicitation, customer protection and risk management at the divisions audited and formulate a plan for implementing internal audits in an efficient and effective manner with due consideration for the frequency and depth of necessary audits (hereinafter referred to as the “Internal Audit Plan”) and approve basic matters concerning the plan, including its key priority items? Does the Board of Directors or organization equivalent to the Board of Directors approve it after making sure that the Internal Audit Plan provides for additional audits as and when necessary? (ii) Does the Internal Audit Plan subject the operations of subsidiaries, etc. to internal audits within the limitations allowed under law? With regard to the operations of subsidiaries and operations commissioned to outsourcing contractors not subject to internal audits, does the plan subject the status of the management of those operations by divisions with the supervisory responsibilities thereof to internal audits? (4) Establishment of System of Internal Audit Division (i) Has the Board of Directors established an Internal Audit Division in charge of reviewing the appropriateness and effectiveness of the internal control system in accordance with the Internal Audit Policy and the Internal Audit Rules and does the Board provide a system to enable the division to perform its functions fully? (ii) Has the Board of Directors allocated in the Internal Audit Division a division chief with the necessary knowledge and experience to supervise the division and enabled the division chief to implement his/her operation by assigning him/her the necessary authority therefor? In the case where the chief of the Internal Audit Division concurrently takes charge of an operation subject to audits, is there an arrangement to secure the independence of the Internal Audit Division? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated in the Internal Audit Division an adequate number of staff members with the necessary knowledge and experience as well as the expertise to sufficiently review the operations and assigned such staff the authority necessary for implementing the operations? Does the Board of Directors or organization equivalent to the Board of Directors make sure to provide in-house and outside training to enhance

15 the expertise of staff members that conduct internal audits? It is desirable that there be a system to provide such training on an ongoing basis and that the relevant staff members regularly utilize it. (iv) Does the Board of Directors keep the Internal Audit Division independent from divisions subject to audits, etc. and secure the function of a check-and-balance framework? Does the Board of Directors provide a system to enable the Internal Audit Division to implement audits without being unduly restricted by divisions audited, etc.? Does the Board of Directors provide a system to prevent the Internal Audit Division from engaging in business activities or operations that should be conducted by divisions subject to audits, etc., such as compilation of information concerning financial conditions and other matters? (v) Does the Board of Directors provide a system to implement extraordinary audits aside from ordinary ones with regard to operations and computer systems susceptible to violation of Laws and practices? In the case where outside experts are employed to complement the audits of operations for which internal audits alone would not be sufficient, does the Board of Directors also assume responsibility for the audit process and results? (vi) Does the Board of Directors, in accordance with the Internal Audit Rules, assign staff members engaged in internal audits the authority to obtain any documents necessary for their execution of operations and interview or question any officer or employee when necessary for their execution of operations? (vii) Does the Board of Directors provide a system to disseminate the scope of the Internal Audit Division’s operations, authority and responsibilities to all of the officers and employees? (viii) Does the Board of Directors or organization equivalent to the Board of Directors allocate to overseas offices determined as being exposed to higher risk than a certain level internal auditors who are independent from the Managers of the offices and directly linked with the Internal Audit Division? (ix) Does the Board of Directors provide a system to have the results of internal audits reported in a timely and appropriate manner? 3) Systems for Follow-up Improvement Steps by Board of Directors With regard to problems included in internal audit reports that are determined as likely to seriously affect the corporate management or impossible for an audited division alone to handle, does the Board of Directors promptly take appropriate measures? Does it provide arrangements to have the Internal Audit Division conduct necessary follow-up audits on such cases, check the status of improvement and ensure that cases in which improvement is insufficient are reported to it? 2. Roles and Responsibilities of Internal Audit Division (1) Development of Internal Audit Implementation Guidelines

16 Does the Internal Audit Division appropriately identify the items subject to audits, formulate an Internal Audit Implementation Guidelines that specifies the items subject to audits and the procedures for audit implementation and seek approval thereof from the Board of Directors or organization equivalent to the Board of Directors? Does the Internal Audit Implementation Guidelines exhaustively cover the items included in this checklist so as to enable effective audits? Where necessary, does the Internal Audit Division establish operational procedures that specify details concerning the items subject to internal audits and the audit procedures? (2) Development of Internal Audit Plan Does the Internal Audit Division formulate a plan for implementing internal audits in an efficient and effective manner with due consideration for the frequency and depth of necessary audits based on its understanding of the status of legal compliance, insurance solicitation, customer protection and risk management at the divisions audited and obtain approval by the Board of Directors or organization equivalent to the Board of Directors of basic matters concerning the plan, including its key priority items? Does the division subject the operations of subsidiaries, etc. to internal audits within the legal limitations? With regard to the operations of subsidiaries not subject to internal audits and operations commissioned to outsourcing contractors, does the division subject the status of the management of those operations by divisions with the supervisory responsibilities thereof to internal audits? (3) Implementation of Internal Audits (i) Does the Internal Audit Division implement internal audits of divisions subject to audits in an efficient and effective manner (by implementing an unannounced audit, for example) in accordance with the Internal Audit Implementation Guidelines and the Internal Audit Plan? Also, if insurance sales representatives cannot be audited by the Internal Audit Division at a certain frequency for unavoidable rational reasons, then are they inspected by the division in charge or by the sales branch at an equal or greater frequency? If so, is effectiveness ensured, with efforts to ensure effectiveness and correction of problems positioned equally? (ii) Does the Internal Audit Division, in accordance with the Internal Audit Rules, etc. seek to ensure fair audits, for example by preventing the same auditing staff member from continuing to audit the same division or preventing an auditing staff member from auditing the division in which he worked immediately before moving to the Internal Audit Division? (iii) Do auditing staff members accurately record the procedures followed in internal audits and problems detected therein? Do they compile, in accordance with the Internal Audit Implementation Guidelines and the Internal Audit Plan and without delay, internal audit reports that accurately reflect problems detected in internal audits? (iv) Does the chief of the Internal Audit Division check the contents of internal audit reports, analyze

17 the frequency and the degree of importance, etc. of problems pointed out therein and report his/her findings to the Board of Directors without delay? In particular, does the chief of the Internal Audit Division report problems deemed likely to seriously affect the corporate management or significantly undermine customer interests to the Board of Directors without delay? Does the chief attend meetings concerning internal control (e.g. a meeting of a legal compliance committee) as necessary in order to report the status of internal audits and collect information? (v) In the case where the Internal Audit Division detects an obvious or suspected illegal act during the process of internal audits, does the division immediately report it to the Compliance Control Division?5 Does the Internal Audit Division accurately identify problems based on the analysis of internal audits and disseminate its findings to the Compliance Control Division, operational divisions and sales branches, etc. in a regular and timely manner or on an as needed basis? (4) Systems for Follow-Up Do divisions subject to internal audits take improvement measures without delay with regard to problems pointed out in internal audit reports with due consideration for the degree of their importance and formulate plans for improvement as necessary? Does the Internal Audit Division appropriately check the status of improvement at divisions subject to internal audits and reflect its findings in subsequent Internal Audit Plans? 3. Assessment and Improvement Activities

  1. Analysis and Assessment (1) Analysis and Assessment of Effectiveness of Internal Audits Does the Board of Directors appropriately determine whether there are any weaknesses or problems in the internal audit system and the particulars thereof, and appropriately examine their causes by precisely grasping the status of internal audits and analyzing and assessing the effectiveness of internal audits, based on all information available regarding the status of internal audits (including the status of compliance with the Internal Audit Implementation Guidelines and the Internal Audit Plan), such as the results of audits by corporate auditors, internal audits and external audits6 , findings of various investigations and reports from various divisions? In addition, if necessary, does it take all possible measures to find the causes by way of, for example, establishing fact findings committees, etc. consisting of non-interested persons? Does the chief of the Internal Audit Division analyze and assess the effectiveness of the Internal

5 See Checklist for Legal Compliance. 6 External audits as mentioned here shall not be limited to audits of financial statements by accounting auditors, but the inspector should bear it in mind that audits other than the audit of financial statements required under the rules and the verification of the internal control system conducted as part of the procedures of this audit are not obligatory. In the case where the insurance company inspected undergoes an external audit other than the audit of financial statements in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining the audit results in a comprehensive manner.

18 Audit Implementation Guidelines and the Internal Audit Plan in a regular and timely manner or on an as needed basis and report his/her findings to the Board of Directors? (2) Revision of Analysis and Assessment Processes Does the Board of Directors revise the analysis and assessment processes in a timely manner by reviewing their effectiveness based on reports and findings on the status of internal audits in a regular and timely manner or on an as needed basis? 2) Improvement Activities (1) Improvement Activities Concerning Internal Audit System Does the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the internal audit system identified through the analysis, assessment and examination referred to in 3. 1) above in a timely and appropriate manner based on the results obtained by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of Improvement Process Does the Board of Directors revise the improvement process in a timely manner by reviewing its effectiveness based on reports and findings on the status of internal audits in a regular and timely manner or on an as needed basis?

19 III. Development and Establishment of Auditing System by Corporate Auditors and Board of Auditors

  1. Development of Environment for Auditing by Corporate Auditors (1) Development of Auditing Environment Do auditors endeavor to develop a favorable environment for collecting information and conducting audits in order to execute their operations appropriately, for example by maintaining close coordination with directors, accounting auditors, the Internal Audit Division, the Manager of the Compliance Control Division and directors of subsidiaries, etc. and seeking reports from them regularly? (2) Functions of Board of Auditors In the case where there is a board of auditors, does it hold consultations and make decisions based on reports obtained from individual auditors and other relevant parties within limitations that would not prevent the individual auditors’ execution of authority? (3) Systems for Supporting Auditing Operation Do corporate auditors secure an adequate number of staff members suited to support auditors and the board of auditors? Is it ensured that staff members supporting auditors and the board of auditors are kept outside the line of command from directors and the Board of Directors in their execution of auditor support operations? (4) Securing of Independence Is it ensured that the independence of corporate auditors and the board of auditors is secured in terms of execution of operations and organizational framework? In particular, moves to obstruct the investigative and reporting authority of auditors and restrict audit-related expenses in an unreasonable manner must be excluded in order to secure the independence of auditors.
  2. Implementation of Audits (1) Development of Audit Policy and Audit Plan Do corporate auditors identify the items subject to audits and develop an audit policy and an audit plan from the viewpoint of reviewing whether directors have developed an appropriate internal control system and are operating it appropriately? (2) Effective Implementation of Audits Do corporate auditors and the board of auditors audit operations in addition to conducting accounting audits by appropriately executing the wide-ranging authority assigned to them? Even

20 when there is a board of auditors, does each individual auditor actively conduct audits on their own responsibility as an independent agent? (3) Investigations of Subsidiaries Do corporate auditors pay attention to whether there is an appropriate internal control system within the corporate group of the insurance company and check the status of corporate governance and internal control at subsidiaries as necessary from the viewpoint of examining the status of directors’ execution of business operations for the purpose of securing the soundness of the business operations of the corporate group? (4) Attendance at Board of Directors’ Meetings Do corporate auditors appropriately examine the status of directors’ execution of business operations, for example, by attending meetings of the Board of Directors and expressing opinions as necessary? Do they also attend the Council of Managing Directors and express their opinions, as necessary, thus appropriately executing their auditing authority? (5) Employment of Outside Experts, etc. Do corporate auditors and the board of auditors employ lawyers, certified public accountants, insurance actuaries and other experts as necessary in order to supplement their functions? (6) Review of Audit Results Do corporate auditors and the board of auditors check whether the process of accounting audits by accounting auditors and the results thereof are reasonable and, if necessary, take measures such as making an appropriate proposal with regard to the replacement of an accounting auditor, for example? (7) Prevention of Illegal Acts When detecting an obvious or possible inappropriate act by a director, or when detecting a fact that violates laws or the articles of incorporation or a markedly unreasonable fact, do corporate auditors report it to the Board of Directors without delay? When they determine that a director’s act that violates laws or the articles of incorporation may significantly damage the insurance company, do corporate auditors take appropriate measures to halt the act? (8) Outside Auditors Do outside auditors fully perform their auditing functions by taking advantage of their positions? When an outside auditor serves on a non-permanent basis in particular, does he/she make sufficient efforts to maintain communications and coordination with permanent auditors so as to perform

21 his/her functions?

22 IV. Development and Establishment of External Audit System (1) External Audit of Internal Control System by Accounting Auditors, Lawyers, etc. Does the insurance company undergo an external audit7 by an outside expert such as an accounting auditor and a lawyer at least once a year in order to review the effectiveness of the internal control system? In the case of an insurance company which has overseas offices, does the company check whether the company subjects each of its overseas offices to an external audit suited to the circumstances of the relevant country. Does the Board of Directors or the board of auditors receive audit results in a timely manner, corresponding to the audit’s content? (2) Cooperation to Effective Audits Does the Board of Directors provide for measures to have operational divisions and departments cooperate with external auditors to enable effective audits? (3) Analysis and Assessment of Effectiveness of External Audits Do the Board of Directors and the board of auditors regularly check whether external audits are functioning effectively? Do the Board of Directors and the board of auditors also make sure that external audits of subsidiaries are functioning effectively, for example by receiving reports concerning the results of external audits of subsidiaries, etc. so as to grasp any problem thereof? (4) Improvements and Follow-up Does the Board of Directors provide a system to implement improvements within a certain period of time with regard to problems pointed out by external auditors? Do divisions subject to audits implement improvements according to the level of the importance of the problems pointed out and formulate plans for improvements as necessary? Does the Internal Audit Division check the progress status of improvements appropriately?

7 External audits as mentioned here shall not be limited to audits of financial statements by accounting auditors, but the inspector should bear it in mind that audits other than the audit of financial statements required under the rules and the verification of the internal control system conducted as part of the procedures of this audit are not obligatory. In the case where the insurance company inspected undergoes an external audit other than the audit of financial statements in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining the audit results in a comprehensive manner.

23 V. Development and Establishment of System for Checking by Actuaries (1) Appointment of Actuaries (i) Does the Board of Directors follow the provisions of laws and regulations, and properly handle the appointments, resignations and dismissals of actuaries, from the viewpoint of maintaining the actuaries’ independence of duties ? (ii) Does the Board of Directors grant to actuaries the authority needed for execution of their duties? Also, is a system developed which enables demonstration of restraining functions, by ensuring actuaries’ independence from the Operating Division, the Marketing and Sales Division and the Product Development Division? (2) Roles of Actuaries (i) Are actuaries involved in the methods of calculating insurance premiums and other actuarial science related matters, from the viewpoints of equal treatment of customers and financial soundness, in accordance with laws and regulations? Also, regarding information needed for these purposes, are reports received from each related division? Moreover, do they fully perform their duties as actuaries, stating their opinions as needed, etc.? (ii) Do insurance actuaries appropriately check whether policy reserves are accumulated based on sound actuarial science, in accordance with laws and regulations? (iii) Do actuaries appropriately check whether policy dividends or dividends of surplus to policyholders have been distributed in a fair and equitable manner, in accordance with laws and regulations? (iv) Do actuaries analyze future revenues and expenditures, in accordance with laws and regulations? (v) Do actuaries appropriately check whether or not the situation of the enhancement of the ability to pay for insurance claims is appropriate, in accordance with laws and regulations? (vi) Do actuaries submit to the Board of Directors written opinions which write the matters established by laws and regulations? Do the actuaries appropriately explain their content, and submit copies to the authorities?

24 VI. Development and Establishment of Operation System for Meeting of Policyholder Representatives (if a Mutual Company) (1) Election of Policyholder Representatives (i) Is the method of electing policyholder representatives (including screening procedures and screening criteria) clearly and simply shown in explanatory documents? Are its concepts and reasons explained at the meeting of policyholder representatives? Do explanatory documents clearly state the address to which opinions are to be sent? Does the method of electing policyholder representatives match that written in the articles of incorporation? (ii) Are policyholder representatives comprised of people who appropriately reflect the intentions of the policyholders, from the viewpoints of insurance types, ages, genders, occupations, time when policyholders obtained qualifications, regions, etc.? Is there sufficient number of policyholder representatives, needed in order to properly reflect the intentions of policyholders? Do explanatory documents clearly and simply show the reasons that the number of policyholder representatives are appropriate, and show the composition of all policyholders compared with the composition of policyholder representatives, and show the composition of policyholder representatives? Are these explained at the policyholder meeting? (iii) Is the policyholder representative candidates screening process fair and highly transparent? Considering the intention that general representatives are selected as representatives of members, are general representative candidates selected from among people who are already policyholders at the screening stage? (iv) If policyholder representatives are reappointed, are provisions established which limit reappointments to a number of years? (v) In a confidence vote, is plenty of information provided for the decision on each policyholder representative candidate, such as the opinions of the policyholder representative candidates and explanation of the election’s significance by the screening committee? (2) Operation of Meeting of Policyholder Representatives (i) Does the meeting of policyholder representatives work for solid management in accordance with laws and regulations, so the management supervision function is demonstrated appropriately in accordance with the system’s intention? (ii) At the meeting of policyholder representatives, in addition to matters written in the business report, is there clear and simple reporting of the solvency margin ratio and other matters with major effects on business, and of matters with major effects on customer interests? Also, other than when the meeting of policyholder representatives is held, is information on business conditions appropriately provided to the policyholder representatives? Also, is a

25 policy established on the collection of opinions from policyholder representatives, and are actions taken to inform other policyholder representatives about these collected opinions? (iii) Are policyholders who want to observe the meeting of policyholder representatives provided with this opportunity? Also, are efforts made to inform policyholders about this observation system? Are opportunities created to provide opinions and questions to the insurance company? (iv) Are the minutes of the meetings of policyholder representatives disclosed to policyholders?

26 Checklist for Legal Compliance I. Development and Establishment of Legal Compliance System by Management Checkpoints

  • The development and establishment of a legal compliance system is one of the most important tasks for an insurance company in order to secure the sound and appropriate management of its business. Therefore, the company’s management is charged with and responsible for taking the initiative in developing and establishing the legal compliance system that covers the company’s entire business by deciding a basic policy on legal compliance and developing an organizational framework, etc..
  • The inspector should determine whether the legal compliance system is functioning effectively and whether the roles and responsibilities of the insurance company’s Board of Directors are being appropriately performed by way of reviewing, with the use of check items listed in Chapter I., whether the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) assessment and improvement activities.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. and later in this checklist, it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the Internal Control System is not functioning effectively and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Policy Development (1) Roles and Responsibilities of Directors Do directors attach importance to legal compliance based on a full recognition that full legal compliance throughout the insurance company is vital for maintaining public confidence in the company and securing the soundness and appropriateness of the company’s business? In particular, are directors aware of legal problems concerning the business operations they are in charge of that need special attention and do they make absolutely sure to conduct business operations legally? Does the director in charge of legal compliance understand not only all of the Laws (including

27 but not limited to laws and regulations, etc.; hereinafter referred to as the “Laws’’) applicable to the insurance company’s business but also how to monitor the status of legal compliance and fully enforce compliance throughout the company? Based on such understanding, does the director appropriately grasp the status of legal compliance at the company and consider a policy and specific measures necessary for developing and establishing an appropriate legal compliance system? (2) Development and Dissemination of Legal Compliance Policy Has the Board of Directors established a basic policy regarding legal compliance (hereinafter referred to as the “Legal Compliance Policy” in accordance with the company’s corporate management policy and disseminated it throughout the company? (3) Revision of the Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness based on reports and findings on the status of legal compliance in a regular and timely manner or on an as needed basis?

  1. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager (hereinafter simply referred to as the “Manager” in this checklist) of the division in charge of overseeing matters related to legal compliance in an integrated manner1 (hereinafter referred to as the “Compliance Control Division”) develop internal rules that clearly specify the arrangements on legal compliance (hereinafter referred to as the “Legal Compliance Rules”) and disseminate them throughout the company in accordance with the Legal Compliance Policy?1 Has the Board of Directors or organization equivalent to the Board of Directors approved the Legal Compliance Rules after determining if they comply with the Legal Compliance Policy and after legal checks, etc.? (2) Establishment of System of the Compliance Control Division (i) In order to fully enforce legal compliance throughout the company, it is essential to collect, manage, analyze and examine in an integrated manner 2 information concerning legal compliance (For example, information needed for timely and accurate awareness of problems of legal compliance for complaints from customers, work conditions of salespeople, reports of misconduct investigations, situation of insurance contract continuations, revenue and expense situation, etc. Hereinafter referred to as “Compliance-related Information.”) scattered across

1 However, the Insurance Sales Management Division is the division which primarily manages compliance with laws and regulations on insurance solicitation. 2 However the Insurance Sales Management Division is the division which primarily collects, manages, analyzes and studies sales compliance information (refer to the Checklist for Insurance Sales Management).

28 the company’s divisions and departments and, based on the results of the analysis and examination, take appropriate steps and measures. From such a point of view, does the Board of Directors or organization equivalent to the Board of Directors have the Compliance Control Division, established in accordance with the Legal Compliance Policy and the Legal Compliance Rules, clarify its areas of responsibilities and assign it the necessary authority so as to enable the division to perform its roles and functions appropriately?3 (ii) Has the Board of Directors allocated to the Compliance Control Division a Manager with the necessary knowledge and experience to supervise the division and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Compliance Control Division an adequate number of staff members with the necessary knowledge and experience to execute the relevant operations and assigned such staff the authority necessary for implementing the operations?4 (iv) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to secure a check-and-balance system of the Compliance Control Division through measures including keeping the Compliance Control Division independent from the Marketing and Sales Division? In the case where the Compliance Control Division also takes charge of another business, the inspector should give consideration in particular to whether there is a system to prevent interference from the Marketing and Sales Division, etc. (v) Does the Board of Directors or organization equivalent to the Board of Directors provide a system which sufficiently works as needed on mutual coordination and cooperation between the Compliance Control Division and the Insurance Sales Management Division, regarding matters concerning insurance sales which are part of legal compliance? (3) Development of Legal Compliance System in Operation Divisions and Business Locations, etc. (i) Does the Board of Directors or organization equivalent to the Board of Directors work through the Manager or the Compliance Control Division, to provide a system to ensure the effectiveness of legal compliance? For example, informing operating divisions and business

3 When the Compliance Control Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division or when a division in charge of other business also takes charge of compliance control or when a Manager or Managers take charge of compliance control instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the scales and natures of the insurance company and its risk profile. 4 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of the Compliance Control Division is reasonable in terms of a check-and-balance system and other aspects.

29 locations about the laws and regulations, relevant internal rules and operational procedures5 which must be followed, and ensuring compliance? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager or the Compliance Control Division to identify the Laws, internal rules and operational procedures to be observed by the operation divisions and to regularly carry out specific measures for ensuring observance such as providing effective training suited to the nature and responsibilities of the operations? (ii) Does the Board of Directors or organization equivalent to the Board of Directors allocate a person in charge of compliance to each operation division and business location for coordination with the Compliance Control Division, etc.? With regard to operation divisions and business locations for which it is especially necessary to secure the effectiveness of the legal compliance system, for example because it is difficult to monitor their operations (e.g. overseas branches), does the Board of Directors allocate a compliance officer responsible for securing legal compliance at such divisions and branches and ensure that coordination with the Compliance Control Division, etc. is maintained through the coordination between the compliance officer and the Manager while keeping independence from the Marketing and Sales Division? (iii) Does the Board of Directors provide a system to establish firewalls and take other measures to block the flow of information when necessary from the viewpoint of legal compliance according to the scales and natures of the company’s business? Cases that require such measures include when the prevention of insider trading or management of conflicts of interest, etc. is necessary, for example. (4) Development and Dissemination of Compliance Manual Does the Board of Directors have the Manager establish, in accordance with the Legal Compliance Policy and the Legal Compliance Rules, a manual that explains the Laws that officers and employees must comply with (hereinafter referred to as the Compliance Manual) and provides specific instructions as to what measures should be taken when illegal acts are detected and disseminate the manual throughout the company upon approval by the Board of Directors or organization equivalent to the Board of Directors? Is an important revision of the Compliance Manual subject to approval by the Board of Directors? (5) Development and Dissemination of Compliance Program Does the Board of Directors have the Manager formulate, in accordance with the Legal Compliance Policy and the Legal Compliance Rules, a program for implementing specific measures to ensure compliance (including the development of internal rules and planning of

5 Operational procedures are rules established, revised and abolished by a person or a division empowered by the Board of Directors or organization equivalent to the Board of Directors to do so and are subsidiary to internal rules.

30 employee training. Hereinafter referred to as the “Compliance Program”) at least once a year and disseminate it throughout the company upon approval by the Board of Directors? Do the representative directors and the Board of Directors regularly and accurately grasp the progress and achievement status of the Compliance Program? Do they provide a system to reflect the implementation status of the Compliance Program in the performance assessment and personnel evaluation? (6) Arrangement for the System of Reporting to Board of Directors or organization equivalent to Board of Directors and Approval Has the Board of Directors or organization equivalent to the Board of Directors appropriately specified matters that require reporting and those that require approval and does it have the Manager report the current status of legal compliance to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis or have the Manager seek the approval of the Board of Directors or organization equivalent to the Board of Directors on the relevant matters? In particular, does it ensure that the Manager reports to the Board of Directors or organization equivalent to the Board of Directors without delay any matters that would seriously affect corporate management or significantly undermine customer interests? (7) Arrangement for System of Reporting to Corporate Auditor In the case where the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately and does it provide a system to have the Manager directly report such matters to the auditor?6

(8) Development of Internal Audit Guidelines and Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or the manager of the Internal Audit Division appropriately identify the matters to be audited with regard to legal compliance, develop guidelines that specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?7

(9) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner by reviewing its effectiveness based on reports and findings on the status of legal compliance in a regular and timely manner or on an as needed basis?

  1. Assessment and Improvement Activities

6 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report and shall not restrict the authority and activities of the auditor in any way. 7 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan.

31

  1. Analysis and Assessment (1) Analysis and Assessment of Legal Compliance System Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the legal compliance system and the particulars thereof, and appropriately examine their causes by precisely analyzing the status of legal compliance and assessing the effectiveness of the legal compliance system, based on all information available regarding the status of legal compliance, such as the results of audits by corporate auditors, internal audits and external audits,8 findings of various investigations and reports from various divisions? In addition, if necessary, does it take all possible measures to find the causes by way of, for example, establishing fact findings committees, etc. consisting of non￾interested persons? (2) Revision of Analysis and Assessment Processes Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner by reviewing their effectiveness based on reports and findings on the status of legal compliance in a regular and timely manner or on an as needed basis?
  2. Improvement Activities (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the legal compliance system that are identified through the analysis, assessment and review referred to in 3.
  3. above in a timely and appropriate manner based on the results obtained by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of the Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner by reviewing its effectiveness based on reports and

8 External audits as mentioned here shall not be limited to audits of financial statements by accounting auditors, but the inspector should bear in mind that currently, audits other than the audit of financial statements required under the rules and the verification of the internal control system conducted as part of the procedures of this audit are not obligatory. However, in the case where the inspected insurance company undergoes an external audit other than the financial statements audit in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining in a comprehensive manner along with the financial statements audit results.

32 findings on the status of legal compliance in a regular and timely manner or on an as needed basis?

33 II. Development and Establishment of Legal Compliance System by Manager Checkpoints

  • This chapter lists the check items to be used when the inspector reviews the roles and responsibilities to be performed by the Manager and the Compliance Control Division.
  • If any problem is recognized as a result of a review conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Roles and Responsibilities of Manager
  1. Development of Internal Rules (1) Development and Dissemination of Legal Compliance Rules Has the Manager, in accordance with the Legal Compliance Policy, developed the Legal Compliance Rules based on a full understanding of the Laws that officers and employees must comply with according to the nature of their operations? Have the Legal Compliance Rules been disseminated throughout the company upon approval by the Board of Directors or organization equivalent to the Board of Directors? (2) Legal Compliance Rules Do the Legal Compliance Rules exhaustively cover the arrangements with regard to compliance with the Laws that officers and employees must observe according to the nature of their operations and specify the arrangements appropriately? For example, do the rules specify arrangements on the following items?
  • Roles, responsibilities and organizational framework of the Compliance Control Division
  • Collection, management, analysis and examination of Compliance-related Information
  • Monitoring of legal compliance
  • Legal checks, etc. (For example, which of the internal rules, contract documents and advertising documents compiled by each division and transactions and operations in which it is involved are subject to legal checks, etc.?)
  • Implementation of training and guidance
  • Storage and management of records on investigations conducted by the Compliance

34 Control Division

  • Approval and screening of New Products, etc.
  • Reporting to the Board of Directors and corporate auditor, etc.
  • Procedures for handling misconduct incidents, etc. (including criteria for judging misconduct incidents, etc.)
  • Cooperation and communication with the Insurance Sales Management Division (3) Development and Dissemination of Compliance Manual Has the Manager, in accordance with the Legal Compliance Policy and the Legal Compliance Rules, developed the Compliance Manual based on a full understanding of the importance of legal compliance in the business of insurance companies? After developing the Compliance Manual or conducting an important revision of the manual, does the Manager disseminate it throughout the company upon approval by the Board of Directors? (4) Compliance Manual Does the Compliance Manual, in light of the social responsibilities and public duties of insurance companies, explain the Laws that officers and employees must comply with according to the nature of the relevant company’s business and exhaustively cover and specify in an easy-to-understand way measures to be taken when illegal acts are detected? Does the manual clearly specify the following items, for example?
  • Explanation of Laws that officers and employees must comply with
  • Specific and detailed notes with regard to Laws that must be complied with in relation to each operation
  • Divisions and departments to be contacted when officers and employees detect suspected violation of Laws (Compliance Division, “help line,” “compliance hot line,” etc.) (5) Development of Compliance Program Does the Manager formulate a reasonable Compliance Program at least once a year in accordance with the Legal Compliance Policy and the Legal Compliance Rules and based on a full understanding of the importance of legal compliance in the business of insurance companies? After developing a new Compliance Program or conducting an important revision of the existing one, does the Manager disseminate the new program or revised one throughout the company upon approval by the Board of Directors?
  1. Development of System (1) Development of System of the Compliance Control Division by Manager (i) Does the Manager, in accordance with the Legal Compliance Policy and the Legal Compliance Rules, provide a system to have the Legal Compliance Division prepared to exercise a check￾and balance in order to make absolutely sure to pre-empt violation of Laws and prevent the recurrence of past violation of Laws ?

35 (ii) Does the Manager ensure the system of training and education to enhance the ability and knowledge of employees with regard to legal compliance, thus developing human resources with relevant expertise? (2) Collection, Management, Analysis and Examination of Compliance-Related Information Does the Manager provide for measures to collect in an efficient and timely manner Compliance-related Information scattered across the company’s divisions and departments according to the nature of the company’s business? Does the Manager provide a system to appropriately manage the Compliance-related Information collected and analyze it so as to use it to pre-empt violation of Laws and prevent the recurrence of the past violation of Laws? For example, does the Manager provide for a means of reporting by establishing a “help line,” a “compliance hot line,” etc.? (3) Communication and Coordination System (i) Does the Manager, in person or through the Compliance Control Division, maintain close communication and coordination with divisions which hold Compliance-related Information? (ii) Does the Manager maintain coordination with a person in charge of compliance allocated to each operation division and business location, etc.? (4) Monitoring System Does the Manager, in order to ensure appropriate legal compliance at each division, make sure to monitor the status of compliance on an ongoing basis by requiring each division in a regular and timely manner or on an as needed basis to report the status of its compliance, to collect information from persons in charge of enforcing compliance on an ongoing basis or to conduct a field survey, for example? (5) System for Handling Violation of Laws Does the Manager provide a system to ensure that an investigation is promptly conducted in response to a report about a suspected violation of Laws if the suspicion is determined as justified as a result of analysis of Compliance-related Information and review whether or not the company is required under law to report the case to the authorities and report it when necessary? (The Manager may have a suitable division or department other than the Compliance Control Division investigate, review and report such a case.) Does the Manager provide a system to make an appropriate disclosure under the Financial Instruments and Exchange Act?9 (6) Coordination with Customer Support Manager (i) Does the Manager, in coordination with the Customer Support Management10, provide a system to collect information in a prompt and wide-ranging manner with regard to

9 This shall apply only to insurance companies subject to timely disclosure rules under the Financial Instruments and Exchange Act. 10 See Checklist for Customer Protection Management.

36 Consultation Requests, Complaints, etc. 11 from customers that should be recognized as legitimate complaints and that may develop into legitimate complaints? (ii) With regard to complaints that involve information related to violation of Laws, including suspected ones, does the Manager provide a system to require and obtain reports from divisions, departments and individuals that hold the relevant information and analyze and examine it so as to provide feedback to the division in charge of processing complaints? (iii) Does the Manager provide a system to have a non-interested party conduct appropriate and sufficient investigations to identify the cause with regard to complaints determined as requiring such action? (7) Cooperation with Insurance Sales Management Division Does the Manager provide a system for appropriate cooperation with the Insurance Sales Management Division, in order to solve compliance issues which require company-wide initiatives? (8) System for Training and Guidance Has the Manager fully disseminated the details of the Compliance Manual to all of the officers and employees? Does the Manager make sure to provide sufficient training and guidance with regard to the Laws that must be complied with in each operation? Do all of the employees get fully acquainted with the need to prevent violation of Laws through training sessions and workplace morning assemblies, etc.? (9) System for Reporting to Board of Directors or organization equivalent to Board of Directors and Approval Does the Manager provide a system to report matters determined as necessary by the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis? In particular, does the Manager report to the Board of Directors or organization equivalent to the Board of Directors without delay any matter that would seriously affect corporate management or significantly undermine customer interests? (10) System for Reporting to Corporate Auditor Does the Manager report matters specified by the Board of Directors directly to a corporate auditor?

  1. Assessment and Improvement Activities Does the Manager review the effectiveness of the Compliance Control Division’s enforcement of legal compliance in a regular and timely manner or on an as needed basis based on the reports and the results of investigations concerning the status of legal compliance, including the status of compliance with the Compliance Manual and various rules, as well as based on the results of monitoring? Does the Manager present the Board of Directors or organization equivalent to the

11 See Checklist for Customer Protection Management.

37 Board of Directors with proposals for improvement as necessary by revising in a timely manner the various rules (including the Compliance Manual), the organizational framework, the implementation of training and guidance and the method of monitoring?

  1. Roles and Responsibilities of the Compliance Control Division (1) Implementation of Compliance Program Does the Compliance Control Division implement specific measures of the Compliance Program in a timely and appropriate manner, conduct follow-up verification of the status of progress and achievement and report it to the Board of Directors or organization equivalent to the Board of Directors? (2) Communication and Collection of Information From the viewpoint of ensuring the full enforcement of legal compliance throughout the company, does the Compliance Control Division collect, manage, analyze and examine in an integrated manner Compliance-related Information scattered across the company’s divisions and departments and, based on the results of the analysis and examination, take appropriate steps and measures? In particular, does the division collect information in close coordination with persons in charge of compliance allocated to operation divisions and business locations, etc.? (3) Monitoring of Legal Compliance Does the Compliance Control Division monitor the status of legal compliance at operation divisions and business locations, etc. on an ongoing basis in order to ensure full legal compliance throughout the company? For example, does the division conduct monitoring by requiring reports in a regular and timely manner or on an as needed basis from persons in charge of compliance with regard to the status of legal compliance at operation divisions and business locations, etc., or by collecting information on an ongoing basis and conducting a field survey in a timely manner? (4) Handling of Violation of Laws (i) When the Compliance Control Division detects a suspected case of violation of Laws as a result of the examination of Compliance-related Information or receives a report about such a case, does the division immediately conduct a fact-finding investigation or have a non-interested division or department conduct such an investigation and determine whether or not the case constitutes a violation of Laws and review whether or not there is any weakness in the legal compliance system? (ii) Does the Compliance Control Division immediately report to the Manager an incident determined as a result of the fact-investigation mentioned in (i) above as constituting a violation of Laws or as having a high probability of constituting an illegal act and take appropriate measures in coordination with the relevant divisions and departments? Does the division at this stage consider whether or not it is necessary to report the incident as an illegal act to the

38 authorities as required under law, whether or not to report it as a suspicious transaction and whether or not to disclose it publicly? (iii) Does the Compliance Control Division investigate the background and cause of a violation of Laws act and the extent of its impact or have a non-interested division or department conduct such an investigation and then analyze the case and report the results of the analysis to the Manager? (iv) Does the Compliance Control Division feed back the results of the analysis mentioned above to the Managers of the relevant divisions and business locations in order to prevent the recurrence of the case and promptly take prevention measures or have another division do so? (5) Coordination with Customer Support Manager (i) Does the Compliance Control Division appropriately maintain coordination with the Customer Support Manager as required under the Customer Protection Management System and provide advice to help facilitate customer support? (ii) Does the Compliance Control Division collect information in a prompt and wide-ranging manner with regard to requests for consultations and complaints from customers12 that should be recognized as legitimate complaints or that are likely to develop into legitimate complaints? (iii) With regard to requests for consultations and complaints that involve information concerning violation of Laws, does the Compliance Control Division require and obtain reports from divisions, departments and individuals that hold the relevant information in an appropriate manner, analyze and examine the information and provide feedback to the division in charge of processing complaints? (iv) Does the Compliance Control Division have non-interested parties conduct appropriate and sufficient investigations to identify the cause with regard to requests for consultations and complaints determined as requiring such action? (6) Cooperation with Insurance Sales Management Division Does the Compliance Control Division appropriately cooperate with the Insurance Sales Management Division, in order to solve compliance issues which require company-wide initiatives? (7) Roles of Persons in Charge of Compliance Do persons in charge of compliance keep under unified control Compliance-related Information at the divisions and departments to which they are allocated, communicate the information to the Compliance Control Division in a regular and timely manner or on an as needed basis and appropriately engage in efforts to ensure compliance at the divisions and departments? Do they perform their functions fully based on the legal knowledge accumulated with regard to their operations?

12 See Checklist for Customer Protection Management.

39 III. Specific Issues

Checkpoints

  • This chapter lists the check items to be used when the inspector reviews specific issues particular to the actual status of legal compliance. It should be noted that although this chapter lists points of attention concerning representative Laws, it is also necessary to review whether the insurance company inspected has in place an appropriate system to prevent violation of other Laws applicable to it and whether there is not actually any violation of Laws.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapters I. and II. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Handling of Violation of Laws (1) Clarification of Responsibility Concerning Violation of Laws (i) Does the company provide a system to have an entity independent from the department where a violation of Laws occurred investigate the case, seek to hold the person or persons involved to account and clarify the supervisory responsibility? (ii) Does the company appropriately clarify the responsibility of the person or persons who conducted a violation of Laws and the Manager in charge of supervision thereof and hold them to account? (2) Reward and Punishment and Personnel Evaluation In rewarding and punishing employees and evaluating their work performance, does the company fully take their status of legal compliance into consideration? For example, does the company exclude business locations and employees whose legal compliance is questionable from its in￾company awards system as a way to attach importance to legal compliance?
  2. Legal Checks System (1) Development of Legal Checks System Concerning Transactions and Businesses Does the company provide a system to ensure appropriate legal checks, etc. from the viewpoint of legal compliance in accordance with the Legal Compliance Rules? With regard to the legality

40 of matters determined as subject to legal checks, etc. does the company conduct careful prior examination from the legal and compliance perspective? For example, does the company provide a system to conduct especially careful examination with regard to the legality of the following matters? Are the range of documents, transactions and businesses subject to legal checks, etc. and the focus of responsibility for the checks specified and disseminated throughout the company?

  • Legality of a new business
  • Legality of newly developed products
  • Compliance on the occasion of a capital increase, etc.
  • Cases that require examination of possible conflicts of interest
  • Legality of intra-group transactions subject to the “arms’ length rules”
  • Disclosure as required by laws and ordinances
  • Legality of transactions with a complex scheme (e.g. liquidation of assets including off￾balance sheet assets, non-performing loan disposals, transactions conducted for the purpose of realizing unrecognized profits, transactions that involve issuance of a special type of classified shares and corporate bonds)
  • Transactions in which abuse of a dominant position may arise
  • Other documents, transactions, businesses, etc. that are reasonably and objectively determined as involving high legal risk (2) Points of Attention Concerning Legal Checks, etc. (i) When conducting legal checks, etc., does the company ensure that background information and the underlying facts necessary for judgment on legality are provided with regard to documents such as the internal rules, contracts, and advertisements written by the relevant division as well as transactions and businesses in which the division is involved? (ii) In the case where the legal checks, etc. is conducted by an outside lawyer, does the company fully examine the details of the legal opinions provided before implementing transactions, etc.? (iii) For legal checks on New Products, etc., is there appropriate investigation from the viewpoint of legal compliance? Also, do such investigations avoid improper influence by the Marketing and Sales Division?
  1. Scope of Business Operations (1) Restrictions on Engaging in Other Business Operations (i) Are the business operations of the insurance company subject to the scope of business operations set forth in Articles 97, 98, and 99 of the Law, and other applicable laws and regulations? (ii) Is the underwriting of insurance contracts by insurance companies conducted in accordance with the type of insurance licenses granted under Article 3, Paragraph 2 of the Law?

41 (iii) Is the management of funds and other assets received as insurance premiums conducted in a manner stipulated by laws and regulations, such as for investments in securities? (iv) Does the insurance company invest assets stipulated by laws and regulations in excess of the amount calculated in accordance with the provisions of laws and regulations? Is the amount of assets invested by the insurance company in a single entity (including parties with special connections therewith) in excess of the amount calculated in accordance with the provisions of laws and regulations?13 (v) Is the insurance company engaged in the purchase and sale of assets or any other transactions with persons in specified relationships, etc., under terms and conditions substantially different from those of normal transactions of the insurance company? (vi) Have the insurance company and its subsidiaries in aggregate acquired or are they now holding voting rights of domestic companies (other than their own subsidiaries) that are in excess of the limit allowed by laws and regulations? (2) Ancillary Business Operations When determining whether business operations of the insurance company are subject to the scope of the “the following and other business operations ancillary thereto” set forth in Article 98, Paragraph 1 of the Law, is it fully taken into account that engagement in business operations other than those provided for in the Law is banned under Article 100 of the Law, and is due attention paid to the following points? (i) whether the operations in question are similar in nature to the business operations listed in Article 97 and Article 98, Paragraph 1 of the Law; (ii) whether the magnitude of the operations in question is not overly excessive in comparison to the proper business operations to which such business operations are ancillary; (iii) whether such business operations have functional similarities or homogeneity of risks with the insurance business; and (iv) whether such business operations contribute to the utilization of surplus capacity of the insurance company justly resulting from the pursuit of the proper business operations of the insurance company. (3) Scope of the Business Operations of Subsidiaries, etc., of Insurance Companies Are subsidiaries of the insurance company14 subject to any item listed in Article 106 of the Law15? Are subordinate business operations (Article 106, Paragraph 2, Item 1 of the Law) and

13 In cases when the insurance company has subsidiaries, etc., it shall be noted that the combined amount of assets invested in a single entity by the insurance company and its subsidiaries, etc., cannot exceed the amount calculated in accordance with the provisions of laws and regulations. 14 Regardless of whether such insurance companies prepare business reports, etc., in accordance with the Financial Instruments and Exchange Act, the determination of qualifying subsidiary corporations and affiliated corporations, etc., shall duly consider whether the following are observed: “Regulations Concerning Terminology, Forms and Methods of Preparation of Financial Statements,” “Implementation Guidance on Determining a Subsidiary and an Affiliate” (issued by the Accounting Standards Board of

42 financing-related business operations (Item 2 of said Article and Paragraph) conducted by subsidiaries in compliance with statutory requirements and the standards concerning subsidiaries set forth in public notices and the Supervisory Guidelines? 4. Handling of Anti-Social Forces (1) Development and Dissemination of Policy on Handling of Anti-Social Forces, Compliance Manual, etc. (i) Do directors fully understand that prohibiting association with anti-social forces and excluding such forces firmly is vital for maintaining public confidence in the insurance company and securing the appropriateness and soundness of the company’s business? (ii) Has the Board of Directors made clear the policy of prohibiting association with anti-social forces and excluding such forces firmly and disseminated the policy to all of the company’s officers and employees? (iii) Does the Compliance Manual explain how to handle anti-social forces in an easy-to-understand way and clearly indicate the contact information concerning the section and person in charge of such handling? Is a similar arrangement in place at subsidiaries etc. as necessary? (2) Development of System for Handling of Anti-Social Forces Does the Board of Directors have such an organizational framework as mentioned below in place to handle anti-social forces systematically?16 (i) Does the company have a department in charge of collecting and analyzing internal and external information concerning anti-social forces and managing such information in an integrated manner? (ii) Is there a system for conducting prior screening to prevent transactions with anti-social forces? (iii) Is there a framework for collaboration and communications across the relevant divisions? (3) Roles of Department in Charge of Handling of Anti-Social Forces (i) When contacted by an officer or employee with regard to how to handle anti-social forces, does the department in charge provide guidance to ensure appropriate handling while maintaining coordination with the police, administration, lawyers and bar association as necessary?

Japan on May 13, 2008), and other generally accepted accounting principles. 15 “Corporations” as defined in Articles 106 and 107 of the Law do not include special purpose corporations, associations, investment corporations, partnerships, limited liability companies, or any other business entities equivalent to corporations (hereafter, “business entities equivalent to corporations”). Attention shall be paid to whether the purposes of the regulations of the scope of business operations of subsidiaries, etc., and prohibitions of engaging in other business operations are evaded through business entities equivalent to corporations. 16 Refer as necessary to “Manual for Implementing Charter of Corporate Code” by Nippon Keidanren, etc.

43 (ii) Has the department in charge disseminated the rules for handling anti-social forces and the relevant portions of the Compliance Manual to all of the officers and employees through training, guidance, etc.? 5. Customer Identity Verification (1) Development of Internal Rules Concerning Customer Identity Verification Does the Board of Directors or organization equivalent to the Board of Directors have internal rules concerning customer identity verification (hereinafter referred to as the “Customer Identity Verification Rules”) established? Are the Customer Identity Verification Rules subject to legal checks, etc. and approval by the Board of Directors or organization equivalent to the Board of Directors? Do the Customer Identity Verification Rules clarify the situations in which identity verification must be done, for example when signing an insurance contract with a customer?17 (2) Development of Customer Identity Verification System (i) Does the Board of Directors or organization equivalent to the Board of Directors have a person in charge of customer identity verification appointed or a department in charge thereof established? (ii) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure that matters concerning customer identity verification that would seriously affect corporate management are reported to the Compliance Control Division, the Internal Audit Division and the Board of Directors or organization equivalent to the Board of Directors without delay? (iii) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure that records on customer identity verification and transactions are compiled and stored appropriately? (3) Guidance and Training Concerning Customer Identity Verification Does the person or department in charge of customer identity verification disseminate the Customer Identity Verification Rules to all of the relevant employees by providing guidance and training regularly or through other means in order to ensure that customer identity verification is conducted in a timely and appropriate manner? (4) Points of Attention Concerning Customer Identity Verification (i) When verifying the identity of a corporate customer, does the company verify the identity of the corporation’s person in charge of transactions?

17 The Customer Identity Verification Rules may not be available as a single set of rules in some cases, and they may be integrated with the Compliance Manual, etc. in other cases. The inspector should empirically review, regardless of the form of rules, whether or not the rules exhaustively stipulate necessary matters and are fully disseminated to the personnel who should be acquainted with them, upon approval by the Board of Directors or organization equivalent to the Board of Directors, thus ensuring an effective customer identity verification system.

44 (ii) With regard to a transaction conducted through an agent, does the company verify the identity of both the customer and the agent? (iii) With regard to a transaction for which a customer identity verification has been already done, does the company re-check the customer identity where required by laws and ordinances? (iv) With regard to a case in which a customer identity verification of a customer has been done at an overseas head office, branch office, subsidiary or affiliate, does the company re-check the identity of the customer when he or she signs an insurance contract in Japan as required by laws and ordinances? 6. Suspicious Transactions (1) Development of Internal Rules Concerning Suspicious Transactions Does the company have in place internal rules concerning money laundering and other suspicious transactions (hereinafter referred to as the Suspicious Transaction Rules) concerning such transactions? Are the Suspicious Transaction Rules subject to legal checks, etc. and approval by the Board of Directors or organization equivalent to the Board of Directors? For example, do the rules specify the following arrangements?

  • Judgment with regard to suspicious transactions (e.g. judgment criteria, specific examples and the focus of the judgment authority)
  • Actions to be taken with regard to suspicious transactions (for example, arrangements for suspicious transaction notices, and as needed, decision to work towards terminating the business relationship)
  • Communication of information when suspicious transactions are detected
  • Storage and management of records on suspicious transactions (2) System for Handling Suspicious Transactions (i) Does the Board of Directors have a person in charge of handling suspicious transactions appointed or a department in charge thereof established? Does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure that officers and employees disseminate in a timely manner to the person or the department in charge information concerning cases that may constitute suspicious transactions? (ii) Does the person or department in charge of handling suspicious transactions report such transactions without delay to the authorities in accordance with the Suspicious Transaction Rules? Does the person or department in charge, when a transaction is determined as a suspicious transaction, take appropriate measures as necessary in a timely manner with regard to the transaction in accordance with the Suspicious Transaction Rules or related operational procedures? (iii) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to report a suspicious transaction to the authorities in an appropriate manner based on

45 information concerning the attributes of the party concerned, the situation at the time of the transaction and other details related to the transaction that the insurance company holds? (iv) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to have the person or department in charge of handling suspicious transactions regularly report to the Board of Directors or organization equivalent to the Board of Directors the key points of reports from business locations, etc. with regard to suspicious transactions? (v) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure that matters concerning suspicious transactions that would seriously affect corporate management are reported to the Compliance Control Division and the Internal Audit Division as well as the Board of Directors or organization equivalent to the Board of Directors without delay? (vi) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure that all suspicious transactions are reported to the authorities? (3) Guidance and Training Concerning Suspicious Transactions Does the person or department in charge of handling suspicious transactions seek to ensure that suspicious transactions are reported and other appropriate measures are taken with regard to such transactions in a timely manner by regularly providing guidance and training to the relevant employees? (4) Points of Attention in Examining Suspicious Transactions (i) Does the company build a database of cases of suspicious transactions and disseminate the obtained results throughout the relevant divisions by compiling reference casebook depicting examples of suspicious transactions, for example? (ii) Does the company fully collect and accumulate information concerning the attributes of the parties the transactions with whom should be treated as suspicious transactions and the nature of suspicious transactions? (iii) It should be noted that in the case where the number of suspicious transactions reported by the company is markedly small relative to the scales and natures of its business, it is necessary to carefully verify whether the company’s judgment criteria for suspicious transactions are effective.

46 Checklist for Insurance Sales Management I. Status of Development and Establishment of Insurance Sales Management System by Management Checkpoints

  • In this checklist, “insurance sales management” means the management required to ensure compliance with laws and regulations on insurance sales, and to achieve proper insurance sales.
  • Development and establishment of an insurance sales management system in an insurance company are not only important from the viewpoint of customer protection; they are very important from the viewpoints of the insurance company’s sound and appropriate management of operations, and fairness of insurance sales. Management itself is responsible, and has the role of taking the lead in the development and establishment of these systems.
  • Insurance sales representatives have a variety of affiliations: insurance company sales staff, tied agencies, independent agencies, composite agencies, etc. Therefore, it is necessary to be aware that a uniform management system is insufficient, and to develop and establish these systems.
  • The inspector should determine whether the insurance sales management system is functioning effectively, and whether the roles and responsibilities of the company’s management are being appropriately performed, by way of reviewing, with the use of check items listed in Chapter I., whether management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) development of a system for assessment and improvement activities.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. onwards, it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the system is not functioning effectively, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement measures have been developed and implemented.
  1. Policy Development (1) Roles and Responsibilities of Directors Are the directors fully aware that thorough compliance with laws and regulations on insurance sales is necessary and essential for protection of customers, maintaining trust in the insurance company, and for ensuring sound and appropriate operations? Does it emphasize compliance

47 with laws and regulations on insurance sales? Also, does the director in charge of insurance sales management understand the content of laws and regulations on insurance sales, and also fully understand methods of monitoring the status of compliance with such laws and regulations, and methods for thorough compliance with such laws and regulations? Based on this understanding, is the director accurately aware of that insurance company’s status of compliance with such laws and regulations? While considering the characteristics of the insurance company’s sales channels, does he investigate policies and specific actions to develop and establish a proper insurance sales management system? (2) Development and Dissemination of Insurance Sales Management Policy Has the Board of Directors established a policy regarding insurance sales management (hereinafter referred to as the “Insurance Sales Management Policy”) in accordance with business policy, and informed the organization and insurance sales representatives about this policy? Does it devise methods of informing insurance sales representatives about this, considering their attributes? (3) Revision of Policy Development Process Does the Board of Directors revise the policy development process in a timely manner, by reviewing its effectiveness based on reports and findings of various investigations on the status of comprehensive risk management, in a regular and timely manner or on an as needed basis? 2. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the manager (hereinafter simply referred to as the “Manager” in this checklist) of the division in charge of insurance sales management (hereinafter referred to as the “Insurance Sales Management Division”) develop internal rules that clearly specify the arrangements concerning insurance sales (hereinafter referred to as the “Insurance Sales Management Rules”) and inform the entire organization and insurance sales representatives about these rules, in accordance with the Insurance Sales Management Policy? Does the Board of Directors or organization equivalent to the Board of Directors approve the Insurance Sales Management Rules, after determining whether they comply with the Insurance Sales Management Policy and after legal checks, etc.? (2) Establishment of Insurance Sales Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors have an Insurance Sales Management Division established, clarify the matters it is in charge of,

48 grant its authority, and have the division prepared to undertake appropriate roles and functions, in accordance with the Insurance Sales Management Policy and the Insurance Sales Management Rules?1 (ii) Has the Board of Directors allocated to the Insurance Sales Management Division a Manager with the necessary knowledge and experience to supervise the division, and enabled the Manager to execute management operations by assigning to him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Insurance Sales Management Division an adequate number of staff members who have the necessary knowledge and experience to execute the relevant operations, and assigned such staff the authority necessary for conducting the aforementioned operations?2 (iv) Does the Board of Directors or organization equivalent to the Board of Directors keep the Insurance Sales Management Division independent from the Marketing and Sales Division, etc. and secure a check-and-balance system of the Insurance Sales Management Division? Especially if the Insurance Sales Management Division is also in charge of other operations, does the Does the Board of Directors or organization equivalent to the Board of Directors pay attention to having a system to prevent interference from the Marketing and Sales Division, etc.? (v) Does the Board of Directors or organization equivalent to the Board of Directors develop a system which works for sufficient coordination and cooperation as needed between the Insurance Sales Management Division and the Compliance Control Division? (3) Development of Insurance Sales Management System regarding Marketing and Sales Division and Insurance Sales Representatives Does the Board of Directors or organization equivalent to the Board of Directors develop a system to ensure effectiveness of insurance sales management? For example, does it develop a system for the Manager or the Insurance Sales Management Division to inform the Marketing and Sales Division, etc. and insurance sales representatives of insurance sales management related laws and regulations, internal rules and operational procedures which must be observed?

1 When the Insurance Sales Management Division is not established as an independent division (e.g., when the division is consolidated with the Compliance Control Division or other division to form a single division, or when a division in charge of other business also takes charge of insurance sales management, or when a Manager or Managers take charge of insurance sales management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division, commensurate with the scale and nature of the insurance company. 2 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of the Comprehensive Risk Management Division is reasonable in terms of a check-and-balance system and other aspects.

49 For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager or Insurance Sales Management Division to identify the laws and regulations, internal rules and operational procedures that must be observed by the Marketing and Sales Division, etc. and insurance sales representatives, to carry out specific actions such as providing effective training on a regular basis? (4) Development and Dissemination of Insurance Sales Compliance Manual Does the Board of Directors or organization equivalent to the Board of Directors have the Manager create a handbook which explains the laws and regulations which officers and employees must follow regarding insurance sales, and shows specific procedures such as customer explanations which must be provided for proper insurance sales (hereinafter referred to as the “Insurance Sales Compliance Manual”), and make it known in the organization and to insurance sales representatives, after the Board’s approval, in accordance with the Insurance Sales Management Rules and Insurance Sales Management Policy? Does the Board of Directors approve major revisions of the Insurance Sales Compliance Manual? (5) Development and Dissemination of Insurance Sales Compliance Program Does the Board of Directors have the Manager develop internal rules, a specific practical plan, employee training plan, etc., to achieve compliance regarding insurance sales (hereinafter referred to as the “Insurance Sales Compliance Program”), created at least once each fiscal year, in accordance with the Insurance Sales Management Rules and Insurance Sales Management Policy? Does the Board of Directors approve this and have the Manager inform the entire organization?3 Are its progress status and achievement status periodically and accurately understood and assessed by the Representative Director and Board of Directors? Is a system developed to have the execution status of the Insurance Sales Compliance Program equally considered in performance assessments and personnel reviews, etc.? (6) Development of System for Reporting to and Approval by the Board of Directors or Organization Equivalent to Board of Directors Has the Board of Directors or organization equivalent to the Board of Directors appropriately specified matters that require reporting and those that require approval, and does it have the Manager report the insurance sales management status to the Board of Directors or equivalent organization equivalent to the Board of Directors periodically or on an as needed basis, or have the Manager seek the approval of the Board of Directors or organization equivalent organization to the Board of Directors on the relevant matters? In particular, does it develop a

3 The Insurance Sales Compliance Program could be integrated with the compliance program (refer to the Checklist for Legal Compliance), etc. in some cases. The inspector should empirically review, regardless of the form of program, whether or not a specific practical plan is created for achieving compliance regarding insurance sales, and after approval by the Board of Directors, the entire organization is thoroughly informed, thus ensuring appropriate execution of insurance sales.

50 system for the Manager to quickly report to the Board of Directors or equivalent organization to the Board of Directors any matters that would seriously affect corporate management or remarkably impair customer interests? (7) System for Reporting to Corporate Auditor In the case that the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately, and do they provide a system to have the Manager directly report such matters to the auditor?4 (8) Development of Internal Audit Guidelines and Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or Internal Audit Division Manager appropriately identify the matters to be audited with regard to insurance sales management, develop guidelines that specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?5 (9) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the process of developing internal rules and organizational frameworks in a timely manner by reviewing their effectiveness based on reports and findings on the status of insurance sales management in a regular and timely manner or on an as needed basis? 3. Assessment and Improvement Activities

  1. Analysis and Assessment (1) Analysis and Assessment of Insurance Sales Management Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the insurance sales management system and the particulars thereof, and appropriately examine their causes by precisely analyzing the status of insurance sales management and assessing the effectiveness of insurance sales management, based on all information available regarding the status of insurance sales management, such as the results of audits by corporate auditors, internal audits and external audits,6 findings of various investigations and reports from various divisions? In

4 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report, and shall not restrict the authority and activities of the auditor in any way. 5 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan. 6 External audits as mentioned here shall not be limited to audits of financial statements by accounting auditors, but the inspector should bear in mind that currently, audits other than the audit of financial statements required under the rules and the verification of the internal control system conducted as part of the procedures of this audit are not obligatory. However, in the case where the inspected insurance company undergoes an external audit other than the financial statements audit in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining in a comprehensive manner along with the financial statements audit results.

51 addition, if necessary, does it take all possible measures to find the causes by, for example, establishing fact finding committees, etc. consisting of non-interested persons? (2) Revision of Analysis and Assessment Processes Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner, by reviewing their effectiveness based on reports and findings on the status of insurance sales management in a regular and timely manner or on an as needed basis? 2) Improvement Activities (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the insurance sales management system identified through the analysis, assessment and examination referred to in 3. 1) above in a timely and appropriate manner, based on the results obtained by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner, by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner, by reviewing its effectiveness based on reports and findings on the status of insurance sales management in a regular and timely manner or on an as needed basis?

52 II. Development and Establishment of Insurance Sales Management System by Managers Checkpoints

  • This chapter lists the check items to be used when the inspector reviews the roles and responsibilities to be performed by the Manager and the Insurance Sales Management Division.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements are absent or insufficient, thus causing the problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement measures have been developed and implemented.
  1. Roles and Responsibilities of Manager
  1. Development of Internal Rules (1) Development and Dissemination of Insurance Sales Management Rules Does the Manager fully understand the laws and regulations which must be obeyed concerning insurance sales? Does he develop Insurance Sales Management Rules in accordance with Insurance Sales Management Policy? Upon approval by the Board of Directors or organization equivalent to the Board of Directors, are the organization and insurance sales representatives informed about the Insurance Sales Management Rules? Does he devise methods of informing insurance sales representatives about this, considering their attributes? (2) Insurance Sales Management Rules Do the Insurance Sales Management Rules exhaustively cover the arrangements for insurance sales related laws and regulations which officers and employees must obey, and specify the arrangements appropriately in a manner befitting the characteristics of the operations? For example, do appropriate rules clearly state arrangements for the following items? • Roles, responsibilities, and organizational framework of the Insurance Sales Management Division • As part of information on legal compliance (for example, information needed for timely and accurate awareness of problems of legal compliance for complaints from customers, work conditions of salespeople, reports of misconduct investigations, situation of insurance contract continuations, revenue and expense situation, etc.), the collection, management, analysis and study of information on insurance sales (hereinafter referred to

53 as “Sales Compliance related Information”). • Monitoring of legal compliance in insurance sales (including regarding situations in agencies) • Legal checks on insurance sales materials and advertisements (hereinafter referred to as “Insurance Sales Materials, etc.”) • Storage and management of records of investigations done by the Insurance Sales Management Division • Approval and screening of New Products, etc. • Recruiting, agency and registration of insurance sales representatives (including screening criteria for screening the qualifications of people subject to recruiting and agency) • Matters which people doing insurance sales must comply with (for example, qualities such as knowledge level which must be maintained by people who do insurance sales, awareness of customer needs and attributes, content of insurance contract and risks which are explained before the contract is signed) • Clear statement of risks, and important matters which must be explained to customers in insurance sales • Training and guidance provided for legal compliance in insurance sales • Handling of customer information if the contract with an agency is cancelled • Reports to the Board of Directors or organization equivalent to the Board of Directors and to the corporate auditor • Cooperation and information communication with the Compliance Control Division (3) Development and Dissemination of Insurance Sales Compliance Manual Does the Manager fully understand the importance of insurance sales management? Does the Manger develop the Insurance Sales Compliance Manual, in accordance with Insurance Sales Management Policy and Insurance Sales Management Rules? Does the Board of Directors approve the development and important revisions of the Insurance Sales Compliance Manual, and does the Manager then inform the officers and employees about the Manual? (4) Insurance Sales Compliance Manual (i) Does the Insurance Sales Compliance Manual explain the insurance sales related laws and regulations officers and employees must obey, and exhaustively cover and simply and appropriately specify the procedures on customer explanations which must be provided for proper insurance sales, corresponding to the content and methods of the insurance company’s operations? Is the content appropriate? For example, are the following points clearly specified? • Explanations of laws and regulations which officers and employees must obey in insurance sales • Specific and detailed points to keep in mind regarding the laws and regulations which

54 must be obeyed, corresponding to the insurance sales operations (including specific examples of inappropriate acts which may pertain to Act Article 307, Paragraph 1, Item 3) • Procedures on customer explanations which must be provided for proper insurance sales (important matters which must be explained to customers and risks inherent in insurance products, procedures for confirming customer needs and attributes, content and timing and delivery procedures of documents which must be given to customers, procedures to confirm understanding of customers, other points to keep in mind for customer explanations, etc.) • Procedures on communicating information to the Compliance Control Division and manager responsible for customer support, etc. (ii) Does the method of writing the Insurance Sales Compliance Manual suit the attributes of target officers and employees? For example, is the Insurance Sales compliance Manual developed according to the contents of insurance sales representatives’ jobs? (5) Development of Insurance Sales Compliance Program Does the Manager fully understand the importance of insurance sales management? Does he develop an Insurance Sales Compliance Program with rational content, at least once each fiscal year, in accordance with Insurance Sales Management Policy and Insurance Sales Management Rules? Does the Board of Directors approve the development and important revisions of the Insurance Sales Compliance Program, and are they made known to the entire organization? 2) Development of System (1) Development of System of Insurance Sales Management Division by Manager Based on the Insurance Sales Management Policy and Insurance Sales Management Rules, does the Manager develop a system of the Insurance Sales Management Division, and implement policies to secure a check-and-balance system, to ensure appropriate legal compliance for insurance sales, and to prevent occurrence and thoroughly prevent reoccurrence of legal violations and inappropriate acts (hereinafter referred to as “Legal Violations, etc.”)? (2) Development of Systems concerning Insurance Sales Management for Related Operating Divisions, Business Locations and Insurance sales representatives Does the Manager have operating divisions and business locations involved in insurance sales and insurance sales representatives work according to the Insurance Sales Management Rules, Insurance Sales Compliance Manual and other arrangements for insurance sales management? Does the Manager develop a system for conducting proper insurance sales, and execute specific policies to ensure its effectiveness? Agencies exist independently, and do not belong to the insurance company’s internal

55 organization. Some large independent agencies have strong power in negotiations with insurance companies. It should be kept in mind that development of the systems and execution of specific policies as described above must also be executed solidly for these agencies (3) Collection, Management, Analysis and Study of Sales Compliance related Information Does the Manager develop the means for timely and efficient collection of Sales Compliance related Information scattered throughout various departments of the insurance company, corresponding to the characteristics of the insurance company’s operations? Does the Manager also develop a system to appropriately manage the collected Sales Compliance related Information, analyze its content, and make it useful for improvement of the insurance sales management system, including preventing the occurrence and reoccurrence of insurance sales related Legal Violations, etc.? (4) Communication and Cooperation System (i) Does the Manager communicate information and closely cooperate with divisions which have various Sales Compliance related Information, via the Manager himself or the Insurance Sales Management Division? (ii) Does the Manager cooperate as needed with the compliance officers7 assigned in each insurance sales related operating division and business location? (5) Monitoring System To ensure insurance sales related legal compliance by related operating divisions and business locations and insurance sales representatives, does the Manager develop a system to continually monitor the situation of such legal compliance in each division periodically and as needed, by the methods such as: (i) requiring each division to report on its situation of such legal compliance, (ii) continually collecting information from compliance officers, (iii) performing site inspections? (6) System for Handling Insurance Sales related Legal Violations, etc. Does the Manager develop a system so that if by analysis of Sales Compliance related Information and notices and whistleblowing from and other departments, it is judged that there are suspected insurance sales related Legal Violations, etc., then someone quickly investigates the facts, and a misconduct related notice is handled in cooperation with the Compliance Control Division (including performing investigations and verifications in appropriate departments)? Does the Manager also develop a system for response, such as incorporating the results of investigations and analysis to prevent reoccurrence? In particular, is there a system for quickly checking whether there were problems in insurance sales for contracts and matters where misconduct is typically very likely, for example by checking contracts which were quickly invalidated or quickly cancelled? (7) Management System for Displays of Insurance Sales Materials, etc.

7 Refer to the Checklist for Legal Compliance.

56 Does the Manager develop a system to check whether Insurance Sales Materials, etc. undergo prior legal checks by the Insurance Sales Management Division and product development division, whether they violate the Insurance Business Act (including mutatis mutandis parts of the Financial Instruments and Exchange Act), laws and their orders for enforcement for prohibition of private monopolies and ensuring fair trading, laws prohibiting improper gifts and improper displays, and other related laws and regulations, whether displays of content of insurance products are correct, and whether explanations to customers are full and appropriate? Also, is a system developed for central management by headquarters, for Insurance Sales Materials, etc. only used by a business location or insurance sales representative, with complete screening of their display contents? (8) Cooperation with Manager Responsible for Customer Support, etc. (i) Does the Manager cooperate appropriately with the manager responsible for customer support,8 and develop a system to quickly and broadly get information on consultations and complaints9 from customers regarding insurance sales, and on matters which should be recognized as complaints and those which could become complaints? (ii) For consultations and complaints which contain information on actual or suspected Legal Violations, etc. related to insurance sales, does the Manager develop a system to appropriately demand information reports from divisions, departments, individuals, etc. which have information, obtain, analyze and study these reports, and provide the results to the manager responsible for customer support? (iii) For cases deemed necessary among consultations and complaints about insurance sales, does the Manager develop a system to work to find the causes by having a person without conflicts of interest appropriately and fully investigate them? (9) Cooperation with Compliance Control Division Does the Manager develop a system for appropriate cooperation with the Compliance Control Division, to solve issues in compliance for insurance sales? (10) Training and Guidance System Does the Manager thoroughly inform officers and employees about the content of the Insurance Sales Compliance Manual? Also, does the Manager develop a system to provide sufficient training and guidance on matters required for proper insurance sales: laws and regulations which should be obeyed in insurance sales, knowledge about insurance contracts and insurance products, methods of using Insurance Sales Materials, etc.? (11) System Developed for New Products Does the Manager develop a system so that if a request is received from the New Products

8 Refer to the Checklist for Customer Protection Management. 9 Refer to the Checklist for Customer Protection Management.

57 Committee, etc. regarding New Products, etc., then the regulations and internal rules on such New Products, etc. are investigated in advance, bringing to light problems which could arise from the viewpoint of insurance sales management, which are then reported to the New Products Committee, etc., based on the New Products Management Policy and Insurance Sales Management Rules, etc.? (12) System for Reporting to the Board of Directors or Organization Equivalent to the Board of Directors Does the Manager develop a system for the Board of Directors or organization equivalent to the Board of Directors to receive reports on the report items established by the Board of Directors or organization equivalent to the Board of Directors, periodically or as needed? In particular, does the Board of Directors or organization equivalent to the Board of Directors quickly receive reports on matters which have major effects on the business, or remarkably impair customer interests? (13) System for Reporting to Corporate Auditors Does the Manager report directly to the corporate auditors, in accordance with the items determined by the Board of Directors?

  1. Assessment and Improvement Activities Does the Manager verify the effectiveness of insurance sales management systems, considering reports, investigation results and monitoring results on the status of legal compliance in insurance sales, such as the status of compliance with the Insurance Sales Compliance Manual and various related rules, periodically or as needed? Does he make timely revisions to various related rules (including the Insurance Sales Compliance Manual), the organizational framework , provision of training and guidance, monitoring methods, etc., and provide improvement recommendations as needed to the Board of Directors or organization equivalent to the Board of Directors?
  1. Roles and Responsibilities of Insurance Sales Management Division (1) Execution of Specific Policies on Insurance Sales Management Does the Insurance Sales Management Division appropriately manage related operating divisions and business locations and insurance sales representatives, giving instructions on specific policies for ensuring legal compliance in insurance sales, and providing guidance and supervision so there are proper insurance sales by business locations and insurance sales representatives? (2) Communication and Information Collection From the viewpoint of thorough legal compliance in insurance sales, does the Insurance Sales Management Division collect Sales Compliance related Information scattered among various

58 departments in the insurance company? Does it manage, analyze and study this information, and based on the results, take timely and appropriate actions? In particular, does it cooperate closely with the compliance officers in related operating divisions and business locations, and collect information? (3) Monitoring of Legal Compliance in Insurance Sales From the viewpoint of thorough legal compliance in insurance sales, does the Insurance Sales Management Division continually monitor the status of legal compliance in insurance sales by related operating divisions and business locations and insurance sales representatives? For example, does it monitor periodically and as needed, by methods such as requiring compliance officers to provide reports on the status of legal compliance in insurance sales, or by continually collecting information, and performing timely on-site investigations? (4) Handling of Legal Violations, etc. in Insurance Sales (i) For matters which are suspected Legal Violations, etc. in insurance sales, does the Insurance Sales Management Division use analysis of Sales Compliance related Information and communications and whistleblowing from other departments, to immediately check the facts as to whether such acts occurred and the existence of problems, or have the facts checked by a department without conflict of interests? Does it thus verify the existence of actual Legal Violations, etc. and the existence of compliance weak points? (ii) As a result of the fact checking done in (i) above, for matters which are Legal Violations, etc. or which are judged to have a strong possibility of being Legal Violations, etc., does the Insurance Sales Management Division immediately report to the manager, and cooperate with related divisions or departments to take appropriate action, including cooperation with the Compliance Control Division on a notice as misconduct? (iii) For Legal Violations, etc. in insurance sales, does the Insurance Sales Management Division conduct a timely and appropriate investigation of its background, causes and scope of effects, or have it investigated by a department without conflicts of interest in the case. Does it then analyze this and report its results to the Manager? (iv) From the viewpoint of preventing reoccurrence, does the Insurance Sales Management Division provide the analysis results of (iii) above as feedback to managers of related operating divisions and business locations? Does it quickly take actions for future prevention, or have another division take actions? (5) Appropriate Management of Displays of Insurance Sales Materials, etc. Does the Insurance Sales Management Division appropriately conduct legal checks on Insurance Sales Materials, etc., and appropriately manage so that the display contents of all Insurance Sales Materials, etc. are exhaustively screened, including things only used by a business locations or insurance sales representatives? (6) Cooperation with Manager Responsible for Customer Support

59 (i) Does the Insurance Sales Management Division appropriately cooperate with the manager responsible for customer support in the customer protection management system, and make recommendations for smooth customer support? (ii) Does the Insurance Sales Management Division quickly and broadly obtain information on consultations and complaints from customers regarding insurance sales, and on matters which should be considered complaints, and matters which could become complaints? (iii) For consultations and complaints about insurance sales which contain information on actual or suspected Legal Violations, etc., does the Insurance Sales Management Division appropriately obtain, analyze and study reports on information from divisions, departments and individuals which have information, and provide feedback to the manager responsible for customer support? (iv) Among consultations and complaints about insurance sales, for cases where it is deemed necessary, does the Insurance Sales Management Division work to find the causes by an appropriate and sufficient investigation done by a person without conflicts of interest? (7) Cooperation with Compliance Control Division To solve compliance issues in insurance sales, does the Insurance Sales Management Division cooperate appropriately with the Compliance Control Division? (8) Roles of Compliance Officers for Insurance Sales Management Do compliance officers summarize Sales Compliance related Information for the department where they are assigned, corresponding to the qualities of the operations of the departments, and communicate this to the Insurance Sales Management Division, periodically or as needed? Do they appropriately work on legal compliance in insurance sales at that department? (9) Handling of New Products When the Insurance Sales Management Division handles New Products, etc., does it investigate in advance the regulations and internal rules concerning those New Products, etc., and bring to light possible problems from the viewpoint of insurance sales management? In doing these investigations, is there no improper interference from the Marketing and Sales Division? Does the division also develop a system for working on appropriate handling of customers during insurance sales. For example, does it appropriately create and check sales materials for products being sold?

60 III. Specific Issues Checkpoints

  • This chapter lists the check items for the inspector to examine individual specific problems in accordance with the actual situation of insurance sales management.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapters I. and II. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement measures have been developed and implemented.
  1. Problems Shared by Different Types of Insurance Sales (1) Recruiting, Agency and Registration (Notification) of Insurance Sales Representatives (i) Are recruiting and agency of insurance sales representatives done appropriately, in accordance with the screening criteria for screening their qualifications (laws and regulations on insurance sales, knowledge about insurance contracts, ability of perform insurance sales operations, type of original business, business goals, etc.)? Also, for recruiting and agency of insurance sales representatives who serve another insurance company, if the other insurance company has products similar to this company’s own products, is it confirmed that actions are taken to prevent improper transfer sales? (ii) Is there a system to check the appropriateness of agency contracts? (iii) Is there a system to prevent unregistered sales, and sales before registration? (iv) Is there a system for appropriate preparation of the registration ledger, and writing and correction of required items? (v) Is there a system to avoid delays in handling required notification items? In particular, is there immediate handling after submission of registration deletion notice documents from insurance sales representatives? (2) Proper Insurance Sales (i) Are actions taken to prevent insurance sales acts which are prohibited acts stipulated in each item of Article 300, Paragraph 1 of the Act, and an “extremely inappropriate act in soliciting insurance” in Article 307, Paragraph 1, Item (iii) of the Act, and other inappropriate acts? Is it especially kept in mind that the following acts are likely to be inappropriate acts?

61 • Misappropriation or misuse of insurance premiums • Improper use of seals • Sales which are not in person (excluding sales for contracts which do not require an interview) • Created contracts (false contracts), name lending contracts, unauthorized contracts • Adding results (manipulate posting of results), falsifying improper work status (ii) Are actions taken to ensure an appropriate sales management system regarding notices? For example, for notice items, are actions taken for customers to make appropriate notices, such as using notices which are easily understood, with required items clearly shown? (iii) Are actions taken to prevent sales activities which deviate from the original aims of insurance, and improper acts for getting sales contracts? For example, is there work to eliminate sales activities which recommend a contract with the initial assumption of early cancellation in a short time, or getting customers by an excessive cooperative deposit in a bank, or sales which improperly use an insurance premium loan, etc.? (iv) Are guidance and management provided for business locations and insurance sales representatives, so they comply with underwriting criteria for each insurance product? (v) Regarding joining the Protection Corporation, is the explanation provided as stipulated in the Ordinance, Article 53, Paragraph 1, Item 8, and when providing this, is it shown that this Corporation’s funds assistance is provided under certain conditions and limits, and that the insurance contract is not completely guaranteed? (vi) Are customers thoroughly informed about the cooling off system, and is it properly implemented? (3) Policies to Prevent the Occurrence of Improper Insurance Contracts (i) Is there a system which enables use of information which contributes to avoiding the occurrence of improper insurance contracts? (ii) Are appropriate actions taken to prevent improper acts by insurance sales representatives: false contract signing after a reason occurs for insurance payout (so-called “after loss”), contracts which aim at fraudulent insurance payout, etc.? (iii) Is a system developed to appropriately register its results, by using The Life Insurance Association of Japan’s “contract content registration system and contract content reference system,” The General Insurance Association of Japan’s “contract content registration system,” or an alternative checking method? (4) Explanations to Customers (i) Is a system developed to appropriately collect or check information on customers required for proper insurance sales (e.g. confirmation of needs by using an intention confirmation document, etc.)? (ii) Is a system developed to appropriately, timely and certainly provide to customers the

62 various documents which must be provided for customer protection, corresponding to the insurance product, including the following items? • Contract summary and warnings information • Document which contributes to understanding the contract’s content, such as a contract outline, clauses, etc. • Specified insurance contract related document provided before contract signing, and document provided when contract signed • Intention confirmation document (iii) Is a system developed to appropriately and sufficiently explain to the customer the contract’s content and risks, etc., considering the customer’s needs, knowledge, experience and assets? (iv) If the customer receives a written explanation of the contract outline and warning information, are actions taken to confirm that the content was understood, for example by placing the customer’s confirmation seal? (v) Especially for variable insurance and foreign currency denominated insurance, is a system developed so that when selling insurance products which have customers bear risks, appropriate and sufficient explanations are given to customers, and customers provide confirmation that they received an explanation, in accordance with laws and regulations such as the Financial Instruments and Exchange Act which the Insurance Business Act applies mutatis mutandis to specified insurance contracts? (5) Appropriateness of Display of Insurance Sales Materials, etc. (i) For Insurance Sales Materials, etc., are actions taken to ensure proper displays, corresponding to the display media and product characteristics? (ii) If there are displays concerning insurance company’s credit or payment ability, are appropriate actions taken to prevent customer misunderstanding about these items? (iii) Is there appropriate preparation of internal rules or operational procedures to ensure proper displays? Is care taken to prepare these internal rules, etc. so the insurance period, guarantee content, underwriting terms, insurance premium rate, insurance premium, etc. are displayed appropriately, considering the following items? a. When showing the advantages of the guarantee details of an insurance product, is the customer misled to think there are remarkable advantages, by not showing similar products together in an easily understood way, etc.? For example, although the guarantee details of an insurance product has certain restrictive conditions like the examples shown below, if the display method is arranged so the customer overlooks the conditions display, by not showing those conditions, showing them in remarkably small letters, showing in a remarkably short time, without clearly showing a comparison product, or shown in a place separate from the display

63 which emphasizes guarantee details. In such a case, one must consider that this could create the misunderstanding that this insurance product’s content is remarkably more advantageous than the actual product. • If there is a certain period after signing the contract, when all or part of the payment is not guaranteed. • If the insurance payout amount is reduced or eliminated, due to conditions such as the insured person’s age, number of years after signing the contract, number of days hospitalized, the specific disease, etc. Also, if information is shown which is not directly related with advantages regarding the guarantee details of an insurance product, and if this is displayed as if it is advantageous, then one must consider that this could create the misunderstanding that it is remarkably better than the actual product. b. Does the display lead the customer to misunderstand that it is remarkably advantageous? For example, when showing the advantages of the transaction conditions of an insurance product, are these shown together with restrictive conditions in an easily understood way? For example, in the display of insurance premiums, if examples of insurance premiums show a young age group which cannot be considered the main contracting customer segment, while conditions of the applicable age group are shown in a remarkably small display, thus displayed so the customer overlooks it, then one must consider that this could lead customers in other age groups to misunderstand that those insurance premiums apply to them, and that it is remarkably cheaper than it actually is. Also, if information is shown which is not directly related with advantages regarding the transaction conditions of an insurance product, and if this is displayed as if it is advantageous, then one must consider that this could create the misunderstanding that it is remarkably better than the actual product. c. Are displays concerning insurance product and services, etc. based on objective facts? For example, if words are used which directly mean the highest class in the industry or other rank, or words which directly mean it is unique, then is such a statement objectively demonstrated? (iv) For the contract outline and warning information, are actions taken to ensure that for the customer they are written without lacking anything, and is easily understood writing and displays? (v) If there are comparative displays, are actions taken to ensure appropriate and correct displays? (vi) If there are displays about forecast dividends, are appropriate actions taken to prevent customers misunderstanding that the displayed dividend amounts are certain? Also, if there

64 are displays for sales of variable insurance and market value adjustment (MVA) insurance, are actions taken to have the customer sufficiently understand special aspects of the insurance mechanism: that the insurance amount or cancellation repayment varies depending on the asset investment results or market interest rates. Moreover, if there are displays regarding sales of foreign currency denominated insurance, are actions taken to help customers to sufficiently understand the existence of currency risks? (6) Proper Sales Clerical Management (i) Are appropriate guidance and management provided for insurance sales representatives regarding sales clerical work? Is guidance and management provided for the following issues? Especially for non-life insurance agencies, are documents prepared and stored which show insurance premiums received clearly separated from the agency’s own assets, and clearly stating revenues and expenses? After insurance are premiums received, are they remitted to the insurance company without delay? Or are they placed in a separate dedicated deposit account, and settled at the latest the month after the month the insurance contract was posted in the insurance company? (ii) Are internal audits regarding sales clerical work done appropriately with sufficient frequency? (iii) Is a system developed for proper delivery, collection and storage of the first insurance premium allocation receipt? (iv) For the contract for collection of the second and later insurance premiums, is a system developed for proper management of collection card receipts, collection slips, receipts, etc., and management of unpaid contracts? (v) Are actions taken to prevent mismatched cash balances? (vi) Is a system developed to ensure proper contents of advanced payments, temporary payments and loans for insurance sales representatives? (vii) Is a system developed to ensure appropriate payment of sales expenses, etc.? (vii) Are identification documents properly provided and retrieved? (ix) Is other clerical management done properly? For example, are there efforts to avoid and correct the following points? a. Insurance premium receipts, certificate of automobile liability insurance, payment received seal of automobile liability insurance, insurance sticker of automobile liability insurance • Remaining number mismatch • Deficient records of delivery and storage • Delayed retrievals or non-retrievals of deposit certificates and required retrieval certificates • Deficient storage method

65 b. Policyholders loan related • Delayed or lack of requests for policyholder loan applications and borrowing documents • Deficiently written policyholder loan applications, borrowing documents and invoices (7) Management of Sales which are Not in Person (i) If there are sales which are not in person such as by postal mail, then is there a system for proper insurance sales, considering the characteristics of that sales format? Also, is there a system to prevent unregistered sales by a call center? (ii) Especially for insurance sales using the Internet, considering the characteristics of the sales format, are the following systems arranged? • System which can provide to customers information on all important matters • System for customers to obtain sufficient understanding of important matters • System to confirm identity • System to take appropriate actions for information diversion prevention and access control (8) Agency and Management of Insurance Sales (i) To prevent the occurrence of problems regarding insurance sales compliance, is there a multilevel system to encourage thoroughly informing people in agencies about insurance sales compliance? For example, training for agencies and monitoring by managers, inspections in daily operations by business locations, and development and dissemination of a compliance related whistleblowing system? (ii) If an insurance company outsources insurance sales to an independent agency which is also affiliated with another insurance company, is it confirmed that actions are taken to prevent improper transfer sales and customer information controls between affiliated insurance companies? If there are comparative displays of insurance contracts, are actions taken to provide sufficient understanding to customers? (iii) Agencies exist independently, and do not belong to the insurance company’s internal organization. Some large independent agencies have strong power in negotiations with insurance companies. Considering this, is a system developed for proper insurance sales in the agencies, and are specific policies executed to ensure their effectiveness? For example, are the following techniques used as needed? a. Is a system developed so when studying the signing or changing of an outsourcing contract with an agency, or when supervising, auditing operations, providing training or monitoring an agency, in order to ensure appropriate operations management, the Insurance Sales Management Division participates in a form independent from the Marketing and Sales Division, etc. which emphasizes sales volume expansion and pursuit of earnings? Also, is

66 there a system for the Marketing and Sales Division, etc. to understand and inspect the agencies’ daily operations? For example, is a system developed for the Marketing and Sales Division, etc. to gain timely understanding of the status of supervision, operations audit, training and monitoring of insurance sales representatives by agencies? b. With awareness of the necessity and importance that agencies build sales systems with their own responsibility, is a system developed for appropriate legal and regulatory compliance and customer protection in insurance sales by agencies? For example, is the method used corresponding to the agency’s size and characteristics, wherein the agency itself assigns a person in charge of insurance sales management in the agency, and cooperates with the person in charge of insurance sales management in various business locations? c. In response to customer inquiries, complaints and consultations about contract contents and various procedures, the insurance company must handle these quickly as needed, in close cooperation with the agency. Is a system to do this developed in the insurance company, and are agencies also instructed to developed this? d. When an insurance company outsources its insurance sales support and guidance for agencies to another insurance company, does it ensure that such other insurance company thoroughly implements the insurance sales management? (iv) Are actions taken to prevent acts which invite harm by excessive competition, such as excessive advantages given to a specific agency? (9) Agency and Management of Insurance Sales in the Case of Banks When insurance sales are outsourced to banks, etc., does the insurance company establish appropriate policy, and are outsourcing details determined based on that policy, from the viewpoints of ensuring sound and appropriate management of that operation and fairness of insurance sales? Also, is a system developed to appropriately supervise, audit operations, provide training, and do monitoring at banks, etc., based on the laws and regulations on insurance sales by banks, etc., and considering the characteristics of insurance sales operations of banks, etc.? 2. Life Insurance related Problems (1) Application of Exception from Serving Only One Company For a life insurance sales representative affiliated to two or more entrusting insurance companies (Article 282, Paragraph 3 of the Act), is it checked whether actions are taken to prevent improper sales of transfers between the insurance companies served, management of customer information, etc.? (2) Group Contracts, Collective Contracts, Group Insurance (i) Does it have an appropriate aspect as a group? Does it fall into a defined group

67 demarcation? (ii) Are the insured amount, number of insured persons, and contract (agreement) details appropriate? (iii) Are the insurance premiums and collection fees appropriate? (iv) Are actions taken to prevent so-called non-member contracts? (v) In response to changes in the group’s characteristics, is there a system to revise insurance premiums appropriately? (3) Insurance Contracts on Lives of Others (i) For insurance contracts on the life of another person and life insurance contracts with a minor as the insured person, from the viewpoint of working to protect the insured person by preventing misuse of the insurance contract, are there initiatives to work for an insurance contract in accordance with the aims and intentions? For example, are the following initiatives taken? • Regarding “death benefit insurance” stipulated in the Ordinance, Article 53-7, Paragraph 2, rules which limit the amount of insurance payout, rules on underwriting, and development of a system to comply with these • If there is another person’s life insurance contract with an employee as insured person, arrangements to ensure a contract in accordance with the aims and intentions, such as obtaining a source of funds for the condolence benefit or substitute employee recruitment for the employee or his surviving family • If the insured person is a minor, actions to prevent misuse of the insurance contract, based on the “Guidelines on Appropriate Applications and Underwriting of Life Insurance Contracts with Minors as Insured Persons” (The Life Insurance Association of Japan) (ii) Regarding confirmation of agreement of the insured person in another person’s life insurance contract, is it appropriately done by a method determined in the business methods document, for example the insured person signs or places his seal in the insured person agreement box of the insurance contract application? Especially for an insurance contract with an employee as the insured person, are actions taken to enable the insured person to certainly become aware of the contract’s details, such as the insurance benefit recipient and insurance benefit amount, for example by the following methods? • Provide to the insured person a document which writes details of the contract • Regarding actions to make the insured person aware of the contract details, record of matters confirmed from the insurance contracting person (excluding individual insurance contracts) (4) Variable Insurance and Variable Pension (i) Is a system developed to appropriately conduct sales for variable insurance and variable

68 pensions? For example, are the following acts not occurring? • Providing conclusive judgments on future investment results • Regarding special account investment results, life insurance sales representatives arbitrarily choosing a specific period in the past, and using this to predict the future • Guaranteeing an insurance amount or a cancellation repayment amount which are not determined in the contract (ii) In variable insurance and variable pension sales, is there a system for certainly providing to the customer a document which writes the asset investment policy? (5) Foreign Currency Denominated Insurance For an insurance contract which shows the insurance amount denominated in foreign currency, is a system developed for appropriate sales conduct? Is there a system to certainly provide to the customer a document which writes that currency losses can occur? (6) Replacement Contracts and Conversion Contracts (i) Regarding replacement contracts and conversion contracts, is there a system to provide appropriate guidance, for example explaining to customers that this could be disadvantageous? (ii) In the case of a conversion contract, is there a system developed to certainly provide to the insurance policyholder a document which shows a comparison of the existing contract vs. the new contract, and a document describing that the guarantee details can be revised while the existing contract continues in place? (iii)Regarding appropriateness of solicitation for replacement contracts and conversion contracts, is there a system to check by sampling, etc., and for unceasing work to improve? (7) Coinsurance Contracts In the case of coinsurance contracts and joint sales of insurance products, are actions taken to avoid creating misunderstandings among policyholders about the insurance type and underwriting company? (8) Constituent Member Contract Rules Considering the officers and employees and capital relationships of a life insurance sales representative which is a corporation, for officers and employees of a corporation which has a close relationship with that life insurance sales representative, is it prohibited for them to apply for insurance contracts underwritten by the life insurance company (except for those noted in 1998 Ministry of Finance Public Notice No.238, Article 2)? Also, is a system developed to prevent such applications (including a framework for checking afterwards the contracts which were sold by such life insurance sales representatives)? (9) Self-Contracts, etc. (i) For life insurance sales representatives, are actions taken such as guidance and management

69 to not make insurance sales such as own contracts which aim at insurance premium discounts or rebates, etc.? (ii) For a life insurance sales representative which is a corporation, if the insurance policyholder is that life insurance salesperson or a corporation which has a close relationship with that life insurance sales representative, are actions taken such as guidance and management to not make insurance sales which aim at discounts or rebates by fee payments etc.? 3. Non-life Insurance related Problems (1) Group Contracts, Collective Contracts, Group Insurance (i) Does it have an appropriate aspect as a group? Does it fall into a defined group demarcation? (ii) Are the insured amount, number of contracts, and contract (agreement) details appropriate? (iii) Are the insurance premiums and collection fees appropriate? (iv) Are actions taken to prevent so-called non-member contracts? (v) In response to changes in the group’s characteristics, is there a system to revise insurance premiums appropriately? (2) Self-Contracts, etc. (i) Are appropriate actions taken to prevent violations of the Prohibition of Self-Contract (Insurance Business Act, Article 295)? (ii) Is a system developed for understanding the situations of self-contracts of affiliated agencies, providing strict management and guidance, so there is proper calculation of insurance premiums for self-contracts? (iii) Are contracts made with another agency instead, to evade the prohibition of self-contract? Are actions taken to prevent such evasion? (3) Coinsurance Contracts In the case of coinsurance contracts and joint sales of insurance products, are actions taken to avoid creating misunderstandings among policyholders about the insurance type and underwriting company? (4) Excessive Insurance (Setting an Insurance Amount which is Excessive for the Insurance Price) To prevent excessive insurance contracts, are items which should be confirmed specified, and other procedures and a framework developed? (5) After Loss Contracts (Insurance Contracts Signed After the Insured Accident Occurred) To prevent after loss contracts, are items which should be confirmed specified, and other procedures and a framework developed? (6) Third-Sector Insurance If third-sector insurance is handled, for sales of insurance of persons, from the viewpoint of

70 ensuring the appropriateness of insurance sales, is sufficient guidance provided to insurance sales representatives? (7) Replacement Contracts and Conversion Contracts Are long term insurance contracts such as medical insurance handled according to 2.(6) above? (8) Insurance Contracts on Lives of Others (i) For insurance contracts on the life of another person and death benefit insurance contracts with a minor as the insured person, from the viewpoint of protecting the insured person by preventing misuse of the insurance contract, are there initiatives to work for an insurance contract in accordance with the aims and intentions? For example, are the following initiatives taken? • Regarding “death benefit insurance” stipulated in the Ordinance, Article 53-7, Paragraph 2, rules which limit the amount of insurance payout, rules on underwriting, and development of a system to comply with these • If there is another person’s life insurance contract with an employee as insured person, arrangements to ensure a contract in accordance with the aims and intentions, such as obtaining a source of funds for the condolence benefit or substitute employee recruitment for the employee or his surviving family • If the insured person is a minor, actions to prevent misuse of the insurance contract, based on the “Guidelines on Preventing Moral Risks of Accident Insurance, etc.” (The General Insurance Association of Japan). (ii) Regarding confirmation of agreement of the insured person in another person’s life insurance contract, is it appropriately done by a method determined in the business methods document, for example the insured person signs or places his seal in the insured person agreement box of the insurance contract application? Especially for an insurance contract with an employee as the insured person, are actions taken to enable the insured person to certainly become aware of the contract’s details, such as the insurance benefit recipient and insurance benefit amount, for example by the following methods? • Provide to the insured person a document which writes details of the contract • Regarding actions to make the insured person aware of the contract details, record of matters confirmed from the insurance contracting person

71 (Reference: Checklist of Insurance Brokers)

  1. The following are shown as examples of unique items for insurance brokers, for use when an inspector inspects an insurance broker (inspection based on Article 305 of the Act). In inspections of insurance brokers, one must keep in mind that the insurance broker is not under the guidance and supervision of an insurance company.
  2. When using this checklist in an examination of a specific case, one must keep in mind that it must be based on provisions of the Insurance Business Act, other related laws and regulations, and supervisory guidelines. Examples of Check Items for Business Operations of Insurance Brokers
  3. Appropriateness of Operations (1) Is the insurance broker conducting business other than intermediation of signing insurance contracts as established in laws and regulations? (2) For agency or intermediary in signing insurance contracts, does the insurance broker outsource this to an insurance company, its officers, life insurance sales representatives, non-life insurance sales representatives or another insurance broker (“life insurance sales representatives, non-life insurance sales representatives and another insurance brokers” are referred to collectively as “Other Insurance sales representatives, etc.” Same hereinafter.)? (3) For agency or intermediation in signing insurance contracts, does the insurance broker receive work outsourced from Other Insurance sales representatives, etc.? (4) For agency or intermediary in signing insurance contracts, does the insurance broker receive work outsourced from an insurance company or its officers? (5) Does the insurance broker have signing of self-contracts as a main business? (6) Does the insurance broker, provide to Other Insurance sales representatives, etc. the customer’s undisclosed information without consent? Especially if sharing computers with insurance sales representative with which there is a certain capital relationship, are there appropriate information firewalls? (7) Does the insurance broker have its office for agency or intermediary in signing insurance contracts in the same building as the office of an Other Insurance Sales Representatives, etc.? If it is in the same building, are sufficient actions taken to avoid creating misunderstanding among customers? For example, is its sole use area independently separate, with shared area from the entrance until the various offices, which is then divided up? (8) Does the insurance broker or its officers or employees perform acts which pertain to prohibited acts specified in the Act, Article 300, Paragraph 1, each item? (9) Does the insurance broker perform acts which pertain to an “extremely inappropriate act in soliciting insurance” as provided in Article 307, Paragraph 1, Item 3 of the Act, or other

72 violations of laws or regulations? 2) Delivery of Signed Contract Does the insurance broker appropriately prepare and deliver signed contracts? 3) Ensuring agency or intermediary for signing insurance contracts from a standpoint which is independent from insurance companies (1) Does the insurance broker have its office for agency or intermediary in signing insurance contracts in the same building as the office of an insurance company? If it is in the same building, are sufficient actions taken to avoid creating misunderstanding among customers? For example, is its sole use area independently separate, with shared area from the entrance until the various offices, which is then divided up? (2) Does the insurance broker receive capital invested from an insurance company? If it receives capital invested, are there grounds for performing on its good faith obligations, and for proper capital investment? (3) Does the insurance broker receive transfers of officers from an insurance company, or transfer its officers to an insurance company? 4) Performing on Good Faith Obligations to Customers (1) Does it check the customer’s guarantee needs, cost burden capacity for insurance premiums, etc., and recommend something which is optimal for the customer? (2) Does it appropriately communicate information on insurance? Does it appropriately communicate requests from customers and other information to insurance companies? (3) Does it comply with its confidentiality obligation? (4) Are insurance premiums deposited by customers appropriately managed and remitted to insurance companies? 5) Disclosure of Disclosure Items Is prior disclosure to customers done appropriately? In particular, is there clear indication for items the broker is obligated to indicate clearly (Article 296 of the Act), and disclosure when disclosure is required (Article 297 of the Act)? 6) Customer Support Management Considering the insurance broker’s size and characteristics, is a customer support management system developed? For examinations, refer to the Checklist for Customer Protection Management.

73 Checklist for Customer Protection Management I. Development and Establishment of Customer Protection Management System by the Management Checkpoints

  • “Customer Protection” as referred to in this checklist covers (1) to (7) below, and “Customer Protection Management” refers to management necessary for achieving (1) to (7) from the viewpoint of protecting customers of insurance companies and enhancing customer convenience. (1) Securing fast and appropriate establishing of insurance contracts, collection of insurance premiums, changing/cancellation/invalidation of contracts, and other management of insurance contracts (2) Securing fast and appropriate payment (hereinafter referred to as “Payment of Insurance Claims, etc.”) of insurance benefits, payouts, and refunds etc. (hereinafter referred to as “Insurance Claims, etc.”) (3) Securing appropriate processing of inquiries, consultation, requests in general, complaints from customers and disputes (hereinafter referred to as the “Consultation Requests, Complaints, etc.”) (4) Securing appropriate management of customer information in order to prevent information leakage (5) In the case where insurance company’s business outsourced,1 securing the accuracy of the implementation of the outsourced operations and securing appropriate management of customer information and appropriate handling of customers (6) Securing appropriate management of conflicts of interest so that customer interests are not unfairly harmed due to Transactions by the insurance company or a group company2 (7) Securing appropriate management of other operations determined by an insurance company as necessary for protecting customers and enhancing customer convenience
  • The development and establishment of a Customer Protection Management System at an insurance company is not only important from the viewpoint of protecting users of the company including policyholders (hereinafter referred to as the “Customer”) and enhancing

1 In cases where insurance sales business is outsourced to an agency, in principle, it is not subject to this checklist, unless written in the Checklist for Insurance Sales Management, and agencies are especially noted as being subject to the checklist. 2 As stipulated in Article 100-2-2 of the Act, that insurance company, a parent financial institution or subsidiary institution, etc. of that company, as well as a company for which that insurance company deems it necessary to manage conflicts of interest in order to protect customers.

74 their convenience but it is also extremely important from the viewpoint of ensuring the soundness and appropriateness of the company’s business. Therefore, the company’s management is charged with and responsible for taking the initiative in developing and establishing such a system.

  • With regard to the Customer Protection Management, it is important for an insurance company’s management as well as the other officers and employees to review their own business operations from the Customer’s standpoint and to constantly review and improve the business operations. It is also important that they fully understand that public confidence in insurance companies is based on such constant review efforts.
  • Insurance companies handle increasingly diverse and complex products, there is an increase in insurance sales representatives such as independent agencies and banks which are very independent from insurance companies, and the spread of impersonal sales forms such as the Internet. Taking into account these insurance market changes in recent years, the inspector examines whether Customer Protection Management systems are developed and established, corresponding to the size and characteristics of the insurance company.
  • The descriptions in this checklist are based on the assumption that as part of the Customer Protection Management described above, for matters concerning (1) and (2), a division is established which is in charge of development of related systems and ensures their effective functioning. On the other hand, these assume that for matters concerning (3) or (7), these roles and responsibilities rest with the each Manager responsible for customer protection. There are other various organizational frameworks for Customer Protection Management. For example, an insurance company may establish each division or department in charge of all customer protection, or assign persons in charge of such management to divisions and departments which require Customer Protection, including the Marketing and Sales Division. In such cases, it is necessary to review whether the system of Customer Protection is effectively functioning based on the empirical review and analysis as to whether an adequate number of persons with the knowledge and experience necessary for implementing the relevant operation are allocated and whether they are assigned the authority necessary for implementing the operation.
  • The inspector should determine whether the Customer Protection Management System is functioning effectively and whether the roles and responsibilities of the company’s management are being appropriately performed by way of reviewing, with the use of check items listed in Chapter I., whether or not the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) development of a system for assessment and improvement activities.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. and later, it is necessary to exhaustively examine which of the elements

75 listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.

  • If the company’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the Internal Control System is not functioning effectively and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Policy Development (1) Roles and Responsibilities of Directors Do directors attach importance to Customer Protection, based on full recognition of the importance of Customer Protection and enhancement of customer convenience? In particular, does the director in charge of Customer Protection Management accurately grasp the current status of the insurance company’s Customer Protection based on full understanding of the importance of Customer Protection Management and is the director considering a policy and specific measures for developing and establishing an appropriate system for Customer Protection Management? Also, does he investigate policies and specific actions which fully take into account that insurance company’s size and characteristics, such as products handled, target markets and main sales channels? (2) Development and Dissemination of Customer Protection Management Policy Has the Board of Directors developed a management policy regarding Customer Protection and enhancement of customer convenience (hereinafter referred to as the “Customer Protection Management Policy.” When there are two or more policies, they are also collectively referred to as the “Customer Protection Policy.”) in accordance with the company’s corporate management policy and disseminated it throughout the company? Is the Customer Protection Management Policy sufficient and appropriate for Customer Protection, with the inclusion of clear statements with regard to the following matters in particular? Does the Board of Directors also ensure consistency with Finance Facilitation Management Policy? (i) Management Policy to Secure the Following Matters Necessary for Customer Protection
  • Fast and appropriate creation of insurance contracts, collection of insurance premiums, changing/cancellation/invalidation of contracts, and other management of insurance contracts (hereinafter referred to as “Insurance Contract Management”)
  • Fast and appropriate Payment of Insurance Claims, etc.
  • Appropriate and sufficient handling of Consultation Requests, Complaints, etc. (hereinafter

76 referred to as the “Customer Support”)

  • Appropriate management of information concerning the Customer (hereinafter referred to as the “Customer Information Management”)
  • Appropriate management of customer information and appropriate handling of the Customer in the case where the company’s business are outsourced (hereinafter referred to as the “Outsourcing Management”)
  • Appropriate management of conflicts of interest so that customer interests are not unfairly harmed due to Transactions by the insurance company or a group company (hereinafter referred to as the “Conflict of Interest Management”)
  • Appropriateness of other business operations determined by the Board of Directors as necessary for Customer Protection and enhancement of customer convenience. (ii) Scope of the Customers (e.g. the Customers “include people who are users of the insurance company’s business and people who are ready to become users.”) (iii) The Scope of Business Operations Requiring Customer Protection (3) Revision of the Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness based on reports and findings on the status of Customer Protection Management in a regular and timely manner or on an as needed basis?
  1. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules For internal rules that clearly specify (i) Insurance Contract Management (ii) Insurance Claims Payment Management, (iii) Customer Support Management, (iv) Customer Information Management, (v) Outsourcing Management, (vi) Conflict of Interest Management (hereinafter referred to collectively as “Customer Protection Management Rules”), has the Board of Directors or organization equivalent to the Board of Directors had the divisions in charge of Customer Protection Management create rules for (i) and (ii) (hereinafter referred to as the “Contract Management Division” and “Payment Management Division”), and had the Manager responsible for Customer Protection Management create rules for (iii) or (vi), in accordance with the Customer Protection Management Policy? 3 Has the Board of Directors or organization equivalent to the Board of Directors approved the Customer Protection Management Rules and disseminated them throughout the institution after determining if they comply with the Customer

3 The Customer Protection Management Rules may not be available as a single set of rules in some cases, and they may be integrated with the compliance manual, etc. in other cases. The inspector should empirically review, regardless of the form of rules, whether or not the rules exhaustively stipulate necessary matters and are fully disseminated to personnel who should be acquainted with them, upon approval by the Board of Directors, thus ensuring an effective system of Customer Protection.

77 Protection Management Policy after legal checks, etc.? (2) Develop Systems of Contract Management Division and Payment Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors establish a Contract Management Division as the division which manages clerical work concerning insurance contract management, and establish a Payment Management Division as the division which controls overall clerical work concerning Payment of Insurance Claims, etc., in accordance with the Customer Protection Management Policy and Customer Protection Management Rules?4 (ii) Does the Board of Directors assign Managers who have the knowledge and experience required to control the Contract Management Division and the Payment Management Division? Does the Board grant to each of these Managers the authority required to execute management operations? (iii) Does the Board of Directors or organization equivalent to the Board of Directors assign to the Contract Management Division and Payment Management Division an appropriate number of staff who have the knowledge and experience required to execute the operations each are in charge of, and grant each staff the authority required to execute their work?5 Are staff and authority assigned while fully taking into account that insurance company’s size and characteristics, such as products handled, target markets and main sales channels? Especially for the Payment Management Division, considering the specialization of its operations, it is desirable to have assignments with consideration of fostering managers from the viewpoint of long term human resource development. (iv) Does the Board of Directors or organization equivalent to the Board of Directors develop a system for wielding a check and balance function, by ensuring that the Contract Management Division and Payment Management Division are independent from the Marketing and Sales Division? Especially if the Contract Management Division and Payment Management Division are also in charge of other businesses, is consideration given to a system for preventing interference by the Marketing and Sales Division? (3) Assignment of Responsible Managers, Granting Them Authority, and Ensuring a Check

4 When the contract management division or payment management division are not established as an independent division (e.g., when the division is consolidated with another division to form a single division, or when a division in charge of other business manages control of management of clerical work concerning insurance contract management and overall clerical work concerning Payment of Insurance Claims, or when a Manager or Managers take charge of such management and control instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the scales and natures of the insurance company. 5 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not this is reasonable in terms of a check-and￾balance system and other aspects.

78 and Balance Function, for Customer Support Management, Customer Information Management, Outsourcing Management and Conflict of Interest Management (i) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to have the Managers specified below appointed, stipulated the responsibilities and authority of the Managers and allocated appropriate roles to them in accordance with the Customer Protection Management Policy and the Customer Protection Management Rules? Do the Managers have sufficient knowledge and experience for the business they are in charge?6

  • The Manager in charge of overseeing the status of progress in the processing of Consultation Requests, Complaints, etc. and the issuance of relevant instructions in an integrated manner by putting together information concerning Customer Support under unified control (hereinafter referred to as the “Customer Support Manager”)
  • The Manager in charge of overall supervision of Customer Information for the development and establishment of an appropriate system for Customer Information Management (hereinafter referred to as the “Customer Information Supervisory Manager”).
  • The Manager in charge of supervising the management of customer information and the handling of the Customer in the case where the company’s operations are outsourced. (hereinafter referred to as the “Outsourcing Manager”)
  • The Manager in charge of overall supervision of Conflict of Interest Management, for the development and establishment of an appropriate system for Conflict of Interest Management (hereinafter referred to as the “Conflict of Interest Manager”) (ii) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure an effective check and balance against the Managers specified above? In particular, in the case where a Manager responsible for one operation also takes charge of another operation, it is necessary to conduct a review by paying attention to whether or not there is a system to prevent interference from the Marketing and Sales Division, etc. (4) Development of Customer Protection Management System at Marketing and Sales Division, Etc.

6 When the Manager in charge of one of the operations concerning Customer Protection concurrently serves as the Manager in charge of another such business or in a post (including the Manager post) at a division not related to Customer Protection, the inspector should pay attention to whether such a system is reasonable in light of the scales and natures of the business operations concerned and whether an equivalent level of Customer Protection functions is secured compared with the case where a dedicated Manager is appointed. With regard to Customer Support, for example, two or more Customer Support Managers may be appointed. In such a case, the inspector should review whether the areas of responsibility are clearly defined with methods such as having the Managers jointly bear the responsibility for the overall customer management business operation or having one of the Managers bear this responsibility.

79 (i) Does the Board of Directors or organization equivalent to the Board of Directors provide a system, via the Managers or divisions in charge or responsible Managers, to ensure effectiveness of Customer Protection Management, for example by disseminating internal rules and operational procedures to the divisions, departments and employees whose operations require Customer Protection Management, including the Marketing and Sales Division, etc., and having them observe the rules and procedures? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Managers or divisions in charge or responsible managers to take concrete measures such as specifying the internal rules and operational procedures that must be observed by the Marketing and Sales Division, etc. and conducting effective training on a regular basis? Especially for agencies or other external insurance sales representatives and the organizations to which they belong, is a system developed to have them comply with internal rules and operational procedures, with a system for understanding the compliance situation? (ii) Does the Board of Directors or organization equivalent to the Board of Directors assign a person in charge of managing customer information at each division and department and specify the responsibilities and authority thereof? Does the person have sufficient knowledge and experience for the relevant business? (iii) Does the Board of Directors or organization equivalent to the Board of Directors appropriately set up contact points which are easy for customers to access? (5) Ensuring Customer Information Protection at Outsourcing Contractors and Agencies (i) Has the Board of Directors or organization equivalent to the Board of Directors clearly specified the rules concerning the handling of customer information by outsourcing contractors operating under outsourcing contracts (hereinafter referred to as the “Outsourcing Contractors”) and agencies in a manner suited to the nature and quantity of the customer information handled? (ii) Has the Board of Directors or organization equivalent to the Board of Directors specified the department that is responsible for supervising the Outsourcing Contractor and the agency, and assigned a person in charge of managing customer information to the department? (iii) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure verification of Customer Information Management at the Outsourcing Contractor and the agency on a regular basis? (iv) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure that measures for protecting customer information are appropriately disseminated to the Outsourcing Contractor and the agency, and that accidents, etc. at the Outsourcing Contractor and the agency are reported to the department in charge promptly and accurately?

80 (6) Arrangement for System of Reporting to Board of Directors and Approval Has the Board of Directors or organization equivalent to the Board of Directors appropriately specified matters to be reported and approved and does it have the Manager of the division charge or the responsible Manager report the current status to the Board of Directors or organization equivalent to the Board of Directors or have the Manager seek the approval of the Board of Directors or organization equivalent to the Board of Directors on the relevant matters in a regular and timely manner or on an as needed basis? In particular, does it ensure that the Manager reports to the Board of Directors or organization equivalent to the Board of Directors any matters that would seriously affect corporate management or significantly undermine customer interests without delay? (7) Arrangement for System of Reporting to Corporate Auditor In the case where the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately and do they provide a system to ensure that the Manager of the division in charge or the responsible manager report directly to the auditor? 7 (8) Development of Internal Audit Guidelines and an Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or the manager of the Internal Audit Division appropriately identify the matters to be audited with regard to Customer Protection, develop guidelines that specify the matters subject to internal audit procedures (hereinafter referred to as the “Internal Audit Guidelines”) and internal audit plan, and approve them?8 (9) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner by reviewing their effectiveness based on reports and findings on the status of Customer Protection Management in a regular and timely manner or on an as needed basis? 3. Assessment and Improvement Activities

  1. Analysis and Assessment (1) Analysis and Assessment of Customer Protection Management Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the Customer Protection Management system and the particulars thereof, and appropriately examine their causes by

7 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report and shall not restrict the authority and activities of the auditor in any way. 8 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan.

81 precisely analyzing the status of Customer Protection Management and assessing the effectiveness of Customer Protection Management, based on all of the information available regarding the status of Customer Protection Management, such as the results of audits by corporate auditors, internal audits and external audits,9 findings of various investigations and reports from various divisions? In addition, if necessary, does it take all possible measures to find the causes by, for example, establishing fact findings committees, etc. consisting of non￾interested persons? (2) Revision of the Analysis and Assessment Processes Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner by reviewing their effectiveness based on reports and findings on the status of Customer Protection Management in a regular and timely manner or on an as needed basis?

  1. Improvement Activities (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the Customer Protection Management system identified through the analysis, assessment and examination referred to in 3. 1) above in a timely and appropriate manner based on the results obtained by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of the Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner by reviewing its effectiveness based on reports and findings on the status of Customer Protection Management in a regular and timely manner or on an as needed basis?

9 External audits as mentioned here shall not be limited to audits of financial statements by accounting auditors, but the inspector should bear in mind that currently, audits other than the audit of financial statements required under the rules and the verification of the effectiveness of the internal control system conducted as part of the procedures of this audit are not obligatory. However, in the case where the inspected insurance company undergoes an external audit other than the financial statements audit in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining in a comprehensive manner along with the financial statements audit results.

82 II. Development and Establishment of Customer Protection Management System by Managers Checkpoints

  • This chapter lists the check items to be used when the inspector examines the roles and responsibilities that must be performed by the Managers and divisions in charge and responsible Managers.
  • The descriptions in this checklist are based on the assumption that the roles of and responsibilities for developing a system for each business operation concerning Customer Support Management, Customer Information Management, Outsourcing Management and Conflict of Interest Management, and ensuring the effectiveness thereof rests with the Manager in charge of the relevant business. Given that the role that must be performed by each Manager is extensive, a dedicated division or department in charge of Customer Protection Management may be established or persons in charge of Customer Protection Management may be assigned to divisions and departments that require Customer Protection Management, including the Marketing and Sales Division, and coordinate with Manager, in the case where the Board of Directors determines that the Manager alone would not be sufficient to secure effective Customer Protection. In such a case, it is necessary to confirm whether the Customer Protection system is functioning effectively based on the empirical review and analysis as to whether an adequate number of persons with the knowledge and experience necessary for implementing the business are allocated and whether they are assigned the authority necessary for implementing the business.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Insurance Contract Management System
  1. Roles and Responsibilities of the Manager (1) Development of Internal Rules (i) Development and Dissemination of Insurance Contract Management Rules and

83 Insurance Contract Management Manual10 a. Does the Manager fully recognize the necessity and importance of ensuring fast and appropriate Insurance Contract Management? b. Does the Manager create internal rules (hereinafter referred to as the “Insurance Contract Management Rules”) which clearly establish arrangements to ensure fast and appropriate Insurance Contract Management, in accordance with the Customer Protection Management Policy? c. Does the Manager create operational procedures which clearly establish procedures which must be followed in Insurance Contract Management (hereinafter referred to as the “Insurance Contract Management Manual), in accordance with Customer Protection Management Policy and Insurance Contract Management Rules? d. Is the organization informed about the Insurance Contract Management Rules, after they pass through a legal check, and receive approval by the Board of Directors or an organization equivalent to the Board of Directors? (ii) Insurance Contract Management Rules Do the Insurance Contract Management Rules appropriately and comprehensively stipulate arrangements necessary to ensure fast and appropriate Insurance Contract Management, corresponding to the size and characteristics of the operation? Are they appropriate? For example, are there clearly written arrangements concerning the following items? • Roles, responsibilities and organization of the Contract Management Division • Monitoring the situation of Insurance Contract Management • Storage of records on processing of Insurance Contract Management • Approval and screening of New Products, etc. • Reporting to the Board of Directors or organization equivalent to the Board of Directors • Cooperation and communication with the Compliance Control Division, Insurance Sales Management Division and Customer Support Manager (iii) Insurance Contract Management Manual Does the Insurance Contract Management Manual stipulate comprehensively, in detail, and simply the specific procedures for Insurance Contract Management, corresponding to the content and methods of operations run by the insurance company? Is its content appropriate, for example clearly writing the following points? • Procedures on handling clerical work for Insurance Contract Management, such as for establishing insurance contracts, processing insurance premium revenues, processing

10 Note that the Insurance Contract Management Rules and Insurance Contract Management Manual are not necessarily separate. Depending on the insurance company, they can be combined with the compliance manual, etc. Regardless of the form, verify that items which should be written are all clearly documented, that people who need to be are thoroughly informed, and that this is appropriately managed.

84 contract changes, cancellations, invalidation management, recovery, contract renewal, etc. • Identification of matters subject to notices, communications, guidance and explanations which must be provided to customers in Insurance Contract Management. Also their methods and content. • Methods and content of handling and replies in response to inquiries, consultations and requests which could be received from customers regarding Insurance Contract Management • Prohibited acts in relation to laws, regulations and customer protection (for example, excessive negotiations to prevent contract cancellations) • Procedures for communicating information to the Compliance Control Division, Insurance Sales Management Division and Customer Support Manager (2) Development of System (i) Development of System of Contract Management Division by Manager Based on the Customer Protection Management Policy and Insurance Contract Management Rules, does the Manager develop the system of the Contract Management Division to enable fast and appropriate Insurance Contract Management, and take actions to wield a checks and balances function? (ii) Development of System for Insurance Contract Management in Related Operating Divisions and Business Locations Does the Manager have people who perform Insurance Contract Management in related operating divisions and business locations comply with the Insurance Contract Management Rules, Insurance Contract Management Manual and other arrangements on Insurance Contract Management? Does he develop a system for appropriate Insurance Contract Management, and take specific actions to ensure its effectiveness? (iii) Guidance and Supervision System Does the Manager develop a system to provide appropriate and sufficient guidance and supervision for related operating divisions and business locations, to enable timely and appropriate execution for Insurance Contract Management? (iv) Communication and Coordination System Does the Manager provide a system to quickly report to the Compliance Control Division on problems regarding compliance found in execution of clerical work concerning Insurance Contract Management? (v) Monitoring System concerning Insurance Contract Management In order to ensure fast and appropriate Insurance Contract Management in related operating divisions and business locations, does the Manager provide a system to continually monitor

85 the status of compliance with the Insurance Contract Management Manual? (vi) System Developed for New Products, etc. Does the Manager develop a system so that if a request is received from the New Products Committee, etc. regarding New Products, etc., then the regulations and internal rules on such New Products, etc. are investigated in advance, bringing to light problems which could arise from the viewpoint of Customer Protection, which are then reported to the New Products Committee, etc., based on the New Products Management Policy and Insurance Contract Management Rules, etc.? (vii) System for Reporting to Board of Directors or Organization Equivalent to the Board of Directors Does the Manager provide a system to report matters determined as necessary by the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis? In particular, does the Manager report to the Board of Directors or organization equivalent to the Board of Directors without delay, on any matter that would seriously affect corporate management or significantly undermine customer interests? (viii) System for Reporting to Corporate Auditor Does the Manager report matters specified by the Board of Directors directly to a corporate auditor? (3) Assessment and Improvement Activities Does the Manager review the effectiveness of Insurance Contract Management System in a regular and timely manner or on an as needed basis, based on the reports and the results of investigations concerning the status of Insurance Contract Management, such as the status of compliance with the Insurance Contract Management Rules and Insurance Contract Management Manual, as well as based on the results of monitoring? Does the Manager revise in a timely manner the content of the Insurance Contract Management Rules and Insurance Contract Management Manual, the organizational framework, the implementation of training and guidance and the method of monitoring, and present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement as necessary by examining effectiveness of the Insurance Contract Management system?

86 2) Roles and Responsibilities of Contract Management Division (1) Execution of Specific Policies concerning Insurance Contract Management Does the Contract Management Division manage appropriately? For example, does it instruct the related operating divisions and business locations to take specific actions to ensure fast and appropriate Insurance Contract Management? Does it provide guidance and supervision so there is appropriate Insurance Contract Management in each department? (2) Communication and Cooperation (i) Does the Contract Management Division quickly report to the Compliance Control Division, regarding problems in compliance found in execution of clerical work concerning Insurance Contract Management? (ii) Does the Contract Management Division make revisions and improvements as necessary, for problems such as misconduct incidents, complaints and inquiries, which are found as a result of internal audits in cooperation with the Internal Audit Division, Compliance Control Division and Customer Support Manager? (3) Monitoring of Insurance Contract Management From the viewpoint of ensuring fast and appropriate Insurance Contract Management, does the Contract Management Division continually monitor the status of compliance with the Insurance Contract Management Manual at related operating divisions and business locations? (4) Handling of New Products, etc. If New Products, etc. are handled, does the Contract Management Division do prior investigations of regulations, internal rules, etc. concerning those New Products, etc., and bring to light problems which could arise from the viewpoint of Insurance Contract Management? Are such investigations done without improper influence by the Marketing and Sales Division? Also, is a system developed which works for appropriate handling of the customer when an insurance contract is signed? For example, is a system developed to perform contract data management?

87 2. Insurance Claims Payment Management System

  1. Roles and Responsibilities of Manager (1) Development of Internal Rules (i) Development and Dissemination of Insurance Claims Payment Management Rules and Insurance Claims Payment Management Manual11 a. Does the Manager fully understand the necessity and importance of ensuring fast and appropriate Insurance Claims Payment Management? b. Does the Manager develop internal rules (hereinafter referred to as Insurance Claims Payment Management Rules), which clearly establish arrangements for ensuring fast and appropriate Insurance Claims Payment Management, in accordance with Customer Protection Management Policy? c. Does the Manager develop operational procedures (hereinafter referred to as the “Insurance Claims Payment Management Manual”) which clearly establish judgment criteria in procedures and payment assessments which must be followed in Insurance Claim Payment Management (hereinafter referred to as the “Payment Assessment Criteria”), in accordance with Customer Protection Management Policy and Insurance Claims Payment Management Rules? d. In development of operating processes by development of the Insurance Claims Payment Management Rules and Insurance Claims Payment Management Manual, are self-regulatory guidelines taken into account? For example, the “Guidelines on Handling for Appropriate Payment of Insurance Claims, etc.” “Guidelines on Handling to Receive Correct Notices,” and “Points to Keep in Mind when Applying Cancellation for Fraud to a Notice Duty Violation,” (The Life Insurance Association of Japan). e. Do Insurance Claims Payment Management Rules pass through a legal check, then after approval by the Board of Directors or Organization Equivalent to the Board of Directors, is the organization informed about them? f. Do Payment Assessment Criteria receive legal checks, etc.? Also, among the Payment Assessment Criteria, regarding the criteria for application of non-payment or cancellation reasons such as void if fraud, cancellation for fraud, void for mistake, serious reason cancellation, notice duty violation cancellation, and exemption from responsibility under clause, do the Board of Directors or Organization Equivalent to the Board of Directors at least approve all matters which seriously affect corporate management or significantly

11 Note that the Insurance Claims Payment Management Rules and Insurance Claims Payment Management Manual are not necessarily separate. Depending on the insurance company, they can be combined with the compliance manual, etc. Regardless of the form, verify that items which should be written are all clearly documented, that people who need to be are thoroughly informed, and that this is appropriately managed.

88 undermine insurance policyholder interests? It is desirable to provide sufficient disclosure of the approach and representative cases for application of reasons for non-payment or cancellation, for the interests of insurance policyholders. (ii) Insurance Claims Payment Management Rules Do the Insurance Claims Payment Management Rules specify complete and appropriate arrangements to ensure fast and appropriate insurance claims payment management, corresponding to the size and characteristics of operations? Are they appropriate? For example, are the following arrangements clearly written? • Roles, responsibilities and organization of the Payment Management Division • Coordination and mutual checks between payment divisions, to prevent overlooked payments • Re-examination or post-review of the validity of assessment results • Monitoring of the status of insurance claims payment management • Storage of records of processing of insurance claims payment management • Approval and screening of New Products, etc. • Reports to the Board of Directors or organization equivalent to the Board of Directors • Cooperation and communication with the Compliance Control Division, Insurance Sales Management Division, Customer Support Manager, etc. (iii) Insurance Claims Payment Management Manual Does the Insurance Claims Payment Management Manual stipulate comprehensively, in detail, and simply the specific procedures for Insurance Contract Payment Management, corresponding to the content and methods of operations run by the insurance company? Is its content appropriate, for example clearly writing the following points? • Procedures for insurance claim payment management clerical work, such as reception of insurance claims, investigation of items which require confirmation, decisions on whether to pay the insurance claims, and payments • Items which should be confirmed in investigations, and confirmation methods • Payment assessment criteria • Criteria for adding overdue interest fees • Identification of matters subject to notices, communications, guidance, explanations, etc. which should be provided to customers, in procedures for insurance claims payment management. Also their methods and content. • Methods and content of handling and replies in response to inquiries, consultations and requests (including requests for rechecking and reassessment of facts) which could be received from customers regarding insurance claims payment management

89 • Prohibited acts related to laws, regulations and customer protection, etc. (for example, illegal privacy violations in investigations, and improper payment delays) • Procedures for coordination and mutual checking among payment divisions • Procedures for communication with the Compliance Control Division, Insurance Sales Management Division, Customer Support Manager, etc. (2) Development of System (i) Development of System of Payment Management Division by Manager a. Based on Customer Protection Management Policy and Insurance Claims Payment Management Rules, does the Manager develop the system of the Payment Management Division to enable fast and appropriate insurance claims payment management, and take actions to wield a checks and balances function? b. In order to enhance the payment assessment related abilities and knowledge of payment assessment staff, does the Manager develop a training and education system, for example on medical knowledge, clauses, and legal knowledge such about legal cases? Does the Manager foster human resources with expertise, based on a long term perspective? (ii) Development of System for Insurance Claims Payment Management in Related Operating Divisions and Business Locations Does the Manager have people who perform insurance claims payment management in related operating divisions and business locations comply with the Insurance Claims Payment Management Rules, Insurance Claims Payment Management Manual and other arrangements on insurance claims payment management? Does he develop a system for fast and appropriate insurance claims payment management, and take specific actions to ensure its effectiveness? (iii) Guidance and Supervision System Does the Manager develop a system to provide appropriate and sufficient guidance and supervision for related operating divisions and business locations, to enable timely and appropriate execution of payment management clerical work? (iv) Communication and Coordination System a. Does the Manager provide a system to quickly report to the Compliance Control Division on problems regarding compliance found in execution of payment management clerical work? b. Does the Manager provide a system in which, if part or all of the Payment of an Insurance Claim, etc. is rejected, then the manner of solicitation during the insurance sale is examined in cooperation with the Insurance Sales Management Division, except for cases where this is clearly not needed?

90 (v) Monitoring System concerning Insurance Claims Payment Management In order to ensure fast and appropriate insurance claims payment management in related operating divisions and business locations, does the Manager provide a system to continually monitor the status of compliance with the Insurance Claims Payment Management Manual? (vi) System Developed for New Products, etc. Does the Manager provide a system so that if a request is received from the New Products Committee, etc. regarding New Products, etc., then the regulations and internal rules on such New Products, etc. are investigated in advance, bringing to light problems which could arise from the viewpoint of customer protection, etc., which are then reported to the New Products Committee, etc., based on the New Products Management Policy? (vii) System of Reporting to Board of Directors or Organization Equivalent to the Board of Directors Does the Manager provide a system to report matters determined as necessary by the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis? In particular, does the Manager report to the Board of Directors or organization equivalent to the Board of Directors without delay any matter that would seriously affect corporate management or significantly undermine customer interests? (viii) System for Reporting to Corporate Auditor Does the Manager report matters specified by the Board of Directors directly to a corporate auditor? (3) Assessment and Improvement Activities Does the Manager review the effectiveness of the insurance claims payment management system in a regular and timely manner or on an as needed basis based on reports and findings on the status of insurance claims management, including the status of compliance with the Insurance Claims Payment Management Rules and Insurance Claims Payment Management Manual, as well as based on the results of monitoring? Does the Manager present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement as necessary, by revising in a timely manner the contents of the Insurance Claims Payment Management Rules and Insurance Claims Payment Management Manual, the organizational framework, the implementation of training and guidance and the method of monitoring?

  1. Roles and Responsibilities of Payment Management Division (1) Execution of Specific Policies concerning Insurance Claims Payment Management Does the Payment Management Division manage appropriately? For example, does it instruct the related operating divisions and business locations to take specific actions to

91 ensure fast and appropriate insurance claims payment management? Does it provide guidance and supervision so there is appropriate insurance claims payment management in each department? (2) Communication and Cooperation (i) Does the Payment Management Division quickly report to the Compliance Control Division, regarding problems in compliance found in execution of insurance claims payment management clerical work? (ii) If part or all of the Payment of an Insurance Claim, etc. is rejected, then in cooperation with the Insurance Sales Management Division, does the Payment Management Division examine the manner of solicitation during the insurance sale, except for cases where this is clearly not needed? (iii) Does the Payment Management Division make revisions and improvements as necessary, for problems such as misconduct incidents, Consultation Requests, Complaints, etc. which are found as a result of internal audits in cooperation with the Internal Audit Division, Compliance Control Division and Customer Support Manager? (3) Monitoring of Insurance Claims Payment Management From the viewpoint of ensuring fast and appropriate insurance claims payment management, does the Payment Management Division continually monitor the status of compliance with the Insurance Claims Payment Management Manual at related operating divisions and business locations? (4) Handling of New Products, etc. If New Products, etc. are handled, does the Payment Management Division do prior investigations of regulations, internal rules, etc. concerning those New Products, etc., and bring to light problems which could arise from the viewpoint of insurance payment claims management? Are such investigations done without improper influence by the Marketing and Sales Division? Also, is a system provided to work for appropriate handling of customers when Insurance Claims, etc. are paid?

92 3. Customer Support Management System

  1. Development of Internal Rules (1) Development and Dissemination of Customer Support Management Rules and Customer Support Manual12 (i) Does the Customer Support Manager fully understand the need and importance of securing appropriate and sufficient Customer Support? (ii) Has the Customer Support Manager decided on the arrangements for securing appropriate and sufficient Customer Support and developed internal rules that clearly define the arrangements for managing the related business (hereinafter referred to as the “Customer Support Management Rules”) in accordance with the Customer Protection Management Policy? (iii) Has the Customer Support Manager developed operational procedures that specify the method of Customer Support and the procedures to be observed (hereinafter referred to as the “Customer Support Manual”) in accordance with the Customer Protection Management Policy and the Customer Support Management Rules? (iv) Have the Customer Support Management Rules been disseminated throughout the organization upon approval by the Board of Directors or organization equivalent to the Board of Directors after legal checks, etc.? (2) Customer Support Management Rules Do the Customer Support Management Rules exhaustively cover the necessary arrangements for securing appropriate and sufficient Customer Support in a manner suited to the scales and natures of the business? Do the Customer Support Management Rules appropriately stipulate such arrangements, for example, by clearly defining the organizational framework for conducting customer support management as well as the allocation of authority and roles? More specifically, do they clearly prescribe the following arrangements?
  • Organizational framework for Customer Support (including whether or not to establish a division or a person in charge of Customer Support as well as the authority and roles of such a division or a person, and allocation of roles with external insurance sales representatives)
  • Procedures to be observed by persons engaged in Customer Support
  • Definitions of Consultation Requests, Complaints, etc. subject to procedures on customer support

12 It should be noted that the Customer Support Management Rules and the Customer Support Manual should not necessarily be compiled separately. At some insurance companies, such rules and manuals are integrated into the compliance manual. The inspector shall verify, regardless of the form of rules, whether or not the rules exhaustively stipulate necessary matters and are disseminated throughout all persons who should be acquainted with them, thus ensuring effective management.

93

  • Handling complaints and resolving disputes by the alternative dispute resolution system (hereinafter referred to as the “Financial ADR System”) for the financial sector
  • Monitoring of the status of Customer Support
  • Dealing with pressures from anti-social forces under the guise of Consultations, Complaints, etc.
  • Information sharing necessary for Customer Support
  • Reporting to the Board of Directors or organization equivalent to the Board of Directors
  • Coordination and communication with the Compliance Control Division, Insurance Sales Management Division, Contract Management Division and Payment Management Division (3) Customer Support Manual Does the Customer Support Manual exhaustively cover the detailed procedures of Customer Support? Are they stipulated in detail in an easy-to-understand manner? For example, does the Customer Support Manual enable the persons engaged in Customer Support to carry out Customer Support appropriately and sufficiently and enable them to aptly disseminate information concerning Consultations, Complaints, etc. to the Board of Directors or organization equivalent to the Board of Directors by stipulating the following matters? Does the Customer Support Manual clarify the allocation of roles when consultations and complaints are received by external insurance sales representatives? Does it specify appropriate handling of customers’ consultations and complaints? If the sales format is not face-to-face, are procedures which suit that sales format established as needed?
  • Procedures for compiling and keeping records of Consultation Requests, Complaints, etc.
  • Procedures for receipt of Consultation Requests, Complaints, etc. and procedures for confirming the details of Consultation Requests, Complaints, etc.
  • Procedures for dealing with Consultation Requests, Complaints, etc. (responses for satisfying customers with regard to Consultation Requests, Complaints, etc., progress management for resolving Consultation Requests, Complaints, etc., procedures for prevention of long-pending cases and procedures for cases where Consultation Requests, Complaints, etc. develop into disputes)
  • Procedures for handling complaints and resolving disputes by the Financial ADR System
  • Procedures for conveying information concerning Consultation Requests, Complaints, etc. to relevant divisions
  • Contact information and procedures for dealing with pressures from anti-social forces under the guise of Consultation Requests, Complaints, etc.
  • Typical examples of cases suspected to be violation of Laws and the contact information of the division in charge (the Compliance Control Division, etc.) for dealing with a case

94 suspected to be a violation of Laws. 2) Implementation of Customer Support (1) Development of Management System for Customer Support (i) Does the Customer Support Management Manager have the people who provide Customer Support comply with the Customer Support Management Rules, Customer Support Manual and other Customer Support related arrangements? Does the Manager develop a system in order to provide appropriate and sufficient Customer Support, and implement specific measures in order to ensure its effectiveness? (ii) In response to Consultation Requests, Complaints, etc. and customer desires, has the Customer Support Manager developed a system for introducing customers to appropriate external institutions (including external institutions the insurance company uses for the Financial ADR System. Same hereinafter.), and providing information with outlines of procedures for those external institutions? Has the Manager developed a system for appropriate cooperation with external institutions, to enable prompt complaint handling and dispute resolution? (iii) For when Consultation Requests, Complaints, etc. are received from customers, has the Customer Support Manager developed a system to provide a sufficient response, and to appropriately examine the necessity of a petition for dispute resolution procedures, instead of easily submitting a petition to an external institution, etc.? (iv) Has the Customer Support Manager developed a system for the Financial ADR System, especially regarding the following points?13 a. If there is a designated dispute resolution institution (hereinafter referred to as the “Designated ADR Institution”) (a) Is a basic contract for the execution of procedures promptly signed with the Designated ADR Institution? Also, if there was a change in the Designated ADR Institution, is the optimum policy chosen from the viewpoint of customer protection and enhancing convenience, and are necessary measures promptly taken? Moreover, is a system developed to appropriately perform the procedures execution basic contract which was signed with the Designated ADR Institution? (b) Is there appropriate publication of the trade name or name and the contact information of the Designated ADR Institution with which the procedures execution basic contract was signed? Also, is the trade name or name and the contact information of the Designated ADR Institution written on documents in which it is legally obligated to write about handling under the Financial ADR

13 When examining specific cases regarding these items, keep in mind that the examination must be based on supervisory guidelines.

95 System, such as warnings information and documents provided before contract signing? b. If there is no Designated ADR Institution (a) Considering the size and characteristics of the business, is one or several of the following items appropriately selected as a complaint handling measure and dispute resolution measure? Is a system developed for the selected measures to function appropriately? a. Complaint Handling Measures • Use of advice and guidance from consumer consultants, etc. to people engaged in complaint handling • That insurance company’s business operation framework and internal rules, etc. are developed and published, etc. • Use of a financial instruments firms association or certified investor protection organization • Use of a National Consumer Affairs Center or consumer affairs centers • Use of another business form of Designated ADR Institution • Use of a corporation which can fairly and accurately perform complaint handling operations b. Dispute Resolution Measures • Use of certified dispute resolution procedures stipulated in the Act on Promotion of Use of Alternative Dispute Resolution Procedures • Use of a financial instruments firms association or certified investor protection organization • Use of a bar association • Use of a National Consumer Affairs Center or consumer affairs centers • Use of another business form of Designated ADR Institution • Use of a corporation which can fairly and accurately perform complaint handling operations (b) Regarding documents in which it is legally obligated to write about handling under the Financial ADR System, such as documents provided before contract signing, for example if the insurance company uses an external institution, are appropriate items according to the situation written on those documents, such as the trade name or name and the contact information of that institution? If an external institution is used, from the viewpoint of customer protection, it is preferable that information on the external institution is made known to customers and published, for example the trade name or name and the contact information of that external institution.

96

(2) Enhancement of Consultation Counter Functions (i) Does the Customer Support Manager provide for measures to enhance and strengthen the handling of Consultation Requests, Complaints, etc. at counters responsible for the consultation requests, complaints? Does the Manager endeavor to receive Consultation Requests, Complaints, etc. from a wide base, for example by setting up receiving channels such as an Internet-based counter and opinion boxes through which opinions can be expressed anonymously? Does the Manager also widely disclose these initiatives, and publicize them in an easily understood manner? For example, for customers via the Internet or other sales formats which are not face-to-face, are there widely disclosed contact points and application methods which are easy for customers to access for Consultation Requests, Complaints, etc.? Are customers informed of these in an easily understood way? (ii) If a call center is established to act as a consultation counter, is sufficient care taken to ensure the allocation of persons with appropriate knowledge and experience and to fully disseminate the Customer Support Manual to the persons via training? (iii) Does the Customer Support Manager take actions to enhance and strengthen handling of Consultation Requests, Complaints, etc. at contact points which can receive Consultation Requests, Complaints, etc., corresponding to the situation of Consultation Requests, Complaints, etc. to external insurance sales representatives? Also, are dedicated contact points for receiving Consultation Requests, Complaints, etc. provided as needed, considering the size and characteristics of the insurance sales representative? (3) Appropriateness of Customer Support (i) Do officers and employees who receive Consultation Requests, Complaints, etc. appropriately respond in a timely manner in accordance with the Customer Support Manual and in coordination with relevant divisions? Do the officers and employees ensure that the occurrence of long-pending cases is prevented and any pending case is resolved promptly by managing progress toward solutions concerning Consultation Requests, Complaints, etc. in an appropriate and timely manner? (ii) Are pressures from anti-social forces under the guise of Consultation Requests, Complaints, etc. distinguished from ordinary Consultation Requests, Complaints, etc. and promptly reported to the Compliance Control Division, etc., so as to take resolute action? If necessary, is an appropriate response made in coordination with the police and other relevant organizations? (4) Recording, Storage and Reporting (i) Does the Customer Support Manager record the details of Consultation Requests, Complaints, etc. (including those received by external insurance sales representatives), including the

97 results of responses to them, for storage in register books, etc. and keep the records under integrated control? (ii) Does the Customer Support Manager report the details of Consultation Requests, Complaints and the results of the processing thereof in a timely manner to the Compliance Control and Insurance Sales Management and Internal Audit Divisions, etc.? In particular, does the Manager report to the Compliance Control and Insurance Sales Management and Internal Audit Divisions, etc., as well as the Board of Directors, without delay any matter that would seriously affect corporate management or significantly undermine customer interests? (5) Analysis of Causes of Consultation Requests, Complaints, etc. and Implementation of Improvement Does the Customer Support Manager analyze the details of Consultation Requests, Complaints, etc., conduct necessary investigations to grasp their causes, and, based on the results of the analysis, present the Board of Directors with proposals for improvements and ask the relevant departments to submit reports and make improvements as necessary, thus ensuring that constant efforts are made for improvements? With regard to the Consultation Requests, Complaints, etc. that are conveyed repeatedly in particular, does the Manager review them thoroughly with the possibility in mind that some kind of problem exists and take specific measures to handle such requests and complaints appropriately? (6) Monitoring of Customer Support Does the Customer Support Manager check, on an ongoing basis, whether appropriate and sufficient Customer Support is secured by monitoring the status of compliance with the Customer Support Manual and take deterrent action as necessary? When a call center is established to act as a consultation counter, does the Manager monitor the degree of congestion of calls and review whether appropriate Customer Support is provided promptly? (7) System for Reporting to Board of Directors Does the Customer Support Manager report necessary matters to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis? In particular, does the Manager report to the Board of Directors or organization equivalent to the Board of Directors without delay any matter that would seriously affect corporate management or significantly undermine customer interests? (8) System for Reporting to Corporate Auditor Does the Customer Support Manager report matters specified by the Board of Directors directly to a corporate auditor?

98 3) Assessment and Improvement Activities Does the Customer Support Manager review the effectiveness of the Customer Support Management system in a regular and timely manner or on an as needed basis based on reports and findings on the status of management of Customer Support, including the status of compliance with the Customer Support Management Rules and the Customer Support Manual as well as based on the results of monitoring? Does the Manager present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement as necessary by revising in a timely manner the contents of the Customer Support Management Rules and the Customer Support Manual, the organizational framework, the implementation of training and guidance and the method of monitoring?

99 4. Customer Information Management System

  1. Development of Internal Rules (1) Development and Dissemination of Customer Information Management Rules and Customer Information Management Manual (i) Does the Customer Information Supervisory Manager fully understand the need and importance of securing appropriate and sufficient Customer Information Management? (ii) Has the Customer Information Supervisory Manager decided the method of monitoring and the organizational framework for securing appropriate Customer Information Management and developed internal rules that clearly define the arrangements for managing the relevant business (hereinafter referred to as the “Customer Information Management Rules”) in accordance with the Customer Protection Management Policy? Have the Customer Information Management Rules been disseminated throughout the organization upon approval by the Board of Directors or organization equivalent to the Board of Directors after undergoing legal checks, etc.? (iii) Has the Customer Information Supervisory Manager developed operational procedures that specify the method of Customer Information Management and the procedures to be followed (hereinafter referred to as the “Customer Information Management Manual”) in accordance with the Customer Protection Management Policy and the Customer Information Management Rules and disseminated them throughout the organization? (2) Customer Information Management Rules Do the Customer Information Management Rules exhaustively cover the necessary arrangements for securing appropriate Customer Information Management in a manner suited to the scales and natures of the business? Do the Customer Information Management Rules appropriately stipulate such arrangements, for example, by clearly defining the organizational framework for the management as well as the allocation of the relevant authority and roles and the management method? (3) Customer Information Management Manual Does the Customer Information Management Manual exhaustively cover the detailed procedures concerning Customer Information Management and is it stipulated in detail and in an easy-to-understand manner? Does the manual specify the following points in particular?
  • Written records and electronic media to be managed
  • The method of appropriately managing written records and electronic media to be managed, for example, where to store them and how to dispose of them.
  • The scope of officers who have access to customer information and the method of controlling access rights
  • The method of handling customer information in ways to prevent information leakage

100 when the information is taken outside.

  • The method of responding to information leakage (e.g. reporting to the Customer Information Supervisory Manager, the person in charge of managing customer information and the public authorities and implementing measures to prevent secondary damage from information leakage, including limiting information access and providing explanations to the Customer as necessary)
  1. Implementation of Customer Information Management (1) Arrangement for Customer Information Management System Does the Customer Information Supervisory Manager ensure appropriate handling of customer information at divisions engaged in the relevant business as well as at business locations and proper functioning of a check-and-balance system against them by securing, through the person in charge of managing customer information, compliance with the Customer Information Management Rules and the Customer Information Management Manual, etc.? Does the Manager implement specific measures for securing the effectiveness of the arrangement? (2) Guidance and Supervision Does the Customer Information Supervisory Manager provide appropriate guidance and supervision to the divisions engaged in the relevant business as well as business locations so as to enable them to implement administrative work related to Customer Information Management in an appropriate and timely manner? (3) Handling of Computer System Does the Customer Information Supervisory Manager take the following steps through the division or the person in charge of the computer system? (i) When customer information is printed out or downloaded, does the Manager impose limitations in an appropriate manner on the nature and quantity of the data that may be printed out or downloaded according to the purpose of the use? (ii) Does the Manager limit the scope of customer information which may be accessed to a necessary minimum according to the accessing person’s corporate post and qualifications? (iii) Are customer information data stored in personal computer terminals or the host computer, etc. protected through measures such as the use of a password system for access to the customer information database, the establishment of an identification system and encoding of the data? (iv) Are necessary protection measures taken in terms of system operations with regard to exchanges of customer information data between the insurance company and the Outsourcing Contractor? (4) Status of Management of Response to Customer Information Leakage

101 (i) Does the Customer Information Supervisory Manager provide a system to ensure that the person in charge of Customer Information Management immediately reports to the Customer Information Supervisory Manager in the event of an information leak? (ii) Does the Customer Information Supervisory Manager provide a system to ensure that the person in charge of Customer Information Management reports to the Compliance Control Division or the Board of Directors or organization equivalent to the Board of Directors without delay in the event of an information leak in accordance with the Customer Information Management Rules? (iii) Does the Customer Information Supervisory Manager ensure the implementation of measures to prevent secondary damage from an information leak, such as reporting to the public authorities, limiting information access and providing explanations to the Customer as necessary? Does the Manager analyze the cause of a customer information leak so as to prevent its recurrence? (5) Monitoring of Status of Customer Information Management at Each Division Does the Customer Information Supervisory Manager, through the person in charge of Customer Information Management, monitor on an ongoing basis the status of compliance with the internal rules and the Customer Information Management Manual as well as the status of Customer Information Management at each division? (6) Monitoring of Status of Customer Information Management at Agencies and Outsourcing Contractor Does the Customer Information Supervisory Manager or the person in charge of Customer Information Management keep track on whether agencies and Outsourcing Contractors appropriately manage customer information and whether they take prescribed measures in the event of accidents? (7) System for Reporting to Board of Directors and Approval Does the Customer Information Supervisory Manager report necessary matters to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis? In particular, does the Manager report to the Board of Directors or organization equivalent to the Board of Directors without delay any matter that would seriously affect corporate management or significantly undermine customer interests? (8) System for Reporting to Corporate Auditor Does the Customer Information Supervisory Manager report matters specified by the Board of Directors directly to a corporate auditor?

  1. Assessment and Improvement Activities Does the Customer Information Supervisory Manager review the effectiveness of the Customer

102 Information Management system in a regular and timely manner or on an as needed basis based on reports and findings on the status of Customer Information Management, including the status of compliance with the Customer Information Management Rules and Customer Information Management Manual as well as based on the results of monitoring? Does the Manager present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement as necessary by revising in a timely manner the contents of the Customer Information Management Rules and the Customer Information Management Manual, the organizational framework, the implementation of training and guidance and the method of monitoring?

103 5. Outsourcing Management System

  1. Development of Internal Rules (1) Development and Dissemination of Outsourcing Rules (i) With regard to Outsourcing Management, has the Outsourcing Manager developed internal rules that specify the management method, the rules and arrangements on matters and procedures that must be checked and the judgment criteria (hereinafter referred to as the “Outsourcing Rules”), in accordance with Customer Protection Management Policy? (ii) Have the Outsourcing Rules been disseminated throughout the organization upon approval from the Board of Directors after legal checks, etc.? (2) Outsourcing Rules Do the Outsourcing Rules exhaustively cover the necessary arrangements for securing appropriate Outsourcing Management in a manner suited to the scales and natures of the business? Do the Outsourcing Rules appropriately stipulate such arrangements, for example, by clearly defining the organizational framework for conducting Outsourcing Management as well as the allocation of the relevant authority and roles and the management method? Do they stipulate the following matters in particular?
  • Arrangements on the selection of Outsourcing Contractors
  • Arrangements on the monitoring of Outsourcing Contractors
  • Arrangements on the handling of customer information in the event of the termination of contracts with Outsourcing Contractors
  1. Implementation of Outsourcing Management (1) Measures for Securing Apt Implementation of Outsourcing Operations In the case where the insurance company’s operations are outsourced to third parties (including the company’s parent, subsidiaries and affiliates), does the Outsourcing Manager provide for measures to secure apt implementation of those operations in a manner suited to the scales and natures of the operations (including requiring the outsourcing contractor to establish a necessary system under the outsourced contract)? (2) Selection of Outsourcing Contractors Does the Outsourcing Manager provide for measures to ensure that the outsourced operation is consigned to a party capable of implementing the operation aptly, fairly and efficiently after specifying the operational risks inherent in the operation in coordination with the Clerical Risk Management Division and IT Risk Management Division, and recognizing possible risk management problems related to the quality of service and the reliability of service continuity? (3) Contract Conclusion Does the Outsourcing Manager provide a system to subject the outsourcing contract to legal checks, etc. in advance and confirm whether the provisions of the contract allow appropriate

104 measures to be taken in a manner suited to the scales and natures of the outsourced operation? (4) Monitoring of Outsourcing Contractors Does the Outsourcing Manager ensure the exercise of necessary and appropriate supervision over the Outsourcing Contractor by reviewing whether the contractor is implementing the business operation aptly in accordance with the outsourcing contract based on checks conducted on the status of the implementation of the consigned operation in a regular and timely manner or on an as needed basis and having the contractor make improvements as necessary? Does the Manager ensure that appropriate measures can be taken in a timely manner under the outsourced contract, for example by appropriately stipulating the contract provisions that concern the supervision, monitoring and reporting? (5) System for Processing of Consultation Requests, Complaints, etc. Concerning Outsourced Operations Does the Outsourcing Manager provide for measures necessary for appropriately and promptly processing the Customer’s Consultation Requests, Complaints, etc. concerning consigned operations undertaken by Outsourcing Contractors? Is there an appropriate system for the processing of Consultation Requests, Complaints, etc., such as the establishment of a direct communication channel between the Customer and the insurance company with regard to the Consultation Requests, Complaints, etc.? (6) Backup System for Outsourced Operations When the Outsourcing Contractor fails to appropriately implement the consigned operation, does the Outsourcing Manager take measures to prevent the disruption of the operation from the viewpoint of Customer Protection, such as selecting another appropriate Outsourcing Contractor and promptly transfer the operation to the alternative contractor? (7) Contract Modification and Termination Does the Outsourcing Manager provide for measures to enable prompt modification or termination of the outsourcing contract if necessary in order to secure sound and appropriate business of the insurance company and protect the Customer related to the outsourced operation? (8) Measures for Customer Information Protection Does the Outsourcing Manager provide for measures to ensure Customer Information Management at the Outsourcing Contractor and the agency? Do the outsourcing contracts and agency contracts have provisions that prohibit the use of customer information for purposes other than the prescribed ones and obligate confidentiality, for example? Does the Manager provide for measures to ensure the exercise of appropriate supervision over the Outsourcing Contractor so as to ensure appropriate handling of customer information when the handling of information concerning customers who are individuals is

105 outsourced? (9) System for Reporting to Board of Directors and Approval Does the Outsourcing Manager report necessary matters to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis? In particular, does the Manager report to the Board of Directors or organization equivalent to the Board of Directors without delay any matter that would seriously affect corporate management or significantly undermine customer interests? (10) System for Reporting to Corporate Auditor Does the Outsourcing Manager report matters specified by the Board of Directors directly to a corporate auditor? 3) Assessment and Improvement Activities Does the Outsourcing Manager review the effectiveness of the Outsourcing Management system in a regular and timely manner or on an as needed basis based on reports and findings on the status of Outsourcing Management, including the status of compliance with the Outsourcing Rules as well as based on the results of monitoring? Does the Manager present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement as necessary by revising in a timely manner the contents of the Outsourcing Rules, the organizational framework, the implementation of training and guidance and the method of monitoring?

106 6. Conflict of Interest Management System

  1. Development of Internal Rules (1) Development of Conflict of Interest Management Rules (i) Does the Conflict of Interest Manager fully understand the need and importance of securing appropriate Conflict of Interest Management? (ii) Has the Conflict of Interest Manager developed internal rules that clearly define the arrangements for appropriate Conflict of Interest Management (hereinafter referred to as the “Conflict of Interest Management Rules”) in accordance with the Customer Protection Management Policy? (iii) Have the Conflict of Interest Management Rules been disseminated throughout the organization upon approval from the Board of Directors or organization equivalent to the Board of Directors after legal checks, etc.? (2) Conflict of Interest Management Rules Do the Conflict of Interest Management Rules exhaustively cover the necessary arrangements for securing appropriate Conflict of Interest Management in a manner suited to the scales and natures of the business of the insurance company or a group company, including items stipulated in implementation policies of Conflict of Interest Management based on Laws14? Do the Conflict of Interest Management Rules appropriately stipulate such arrangements, for example, by clearly defining the organizational framework and methods for conducting Conflict of Interest Management, as well as the allocation of authority and roles? More specifically, do they prescribe the following points?
  • Arrangements for the organizational framework for Conflict of Interest Management (including whether or not to establish a division or a person in charge of Conflict of Interest Management as well as the authority and roles of such a division or a person)
  • Arrangements on the procedures to be observed by persons engaged in Conflict of Interest Management
  • Arrangements on the monitoring of the status of Conflict of Interest Management
  • Arrangements on identification of transactions with possible conflicts of interest
  • Arrangements on methods of Conflict of Interest Management
  • Arrangements on saving records of Conflict of Interest Management
  • Arrangements on gathering information necessary for Conflict of Interest Management
  • Arrangements on reporting to the Board of Directors or organization equivalent to the Board of Directors
  • Arrangements on coordination and communication with the Compliance Control Division, Customer Information Supervisory Manager, etc.

14 Article 53-14, Paragraph 1, Item 3 of the Enforcement Regulations.

107 2) Implementation of Conflict of Interest Management (1) Development of Conflict of Interest Management (i) Does the Conflict of Interest Manager develop a system for appropriate and sufficient Conflict of Interest Management, such as compliance with Conflict of Interest Management Rules? Does the Manager implement specific measures to ensure its effectiveness? In particular, regarding conflicts of interest management, does the Manager develop a system to demonstrate a check-and-balance function, through measures including ensuring independence of the Marketing and Sales Division? (ii) For the conduct of Conflict of Interest Management, does the Conflict of Interest Manager develop a system for appropriate coordination with the Compliance Control Division, Customer Information Supervisory Manager, etc.? (2) Guidance and Supervision Does the Conflict of Interest Manager provide appropriate guidance and supervision to the divisions engaged in the relevant business as well as business locations so as to enable them to implement Conflict of Interest Management in an appropriate and timely manner? (3) Identification of Transactions with Possible Conflicts of Interest Does the Conflict of Interest Manager develop a system to appropriately identify transactions with possible conflicts of interest? (4) Methods of Conflict of Interest Management Does the Conflict of Interest Manager develop a system for ensuring appropriate and sufficient Conflict of Interest Management, for example by the following kinds of methods, or by combining the following kinds of methods?

  • Separate the divisions where conflicts of interest could occur
  • Change for one or both parties the conditions or methods of transactions which could involve conflicts of interest
  • Suspend the transactions of one party which could involve conflicts of interest
  • Disclose possible conflicts of interest to customers (5) Recording and Storage Does the Conflict of Interest Manager appropriately create and save records, such as those on methods of Conflict of Interest Management implemented to identify transactions with possible conflicts of interest, and to protect customer interests? (6) Implementation of Monitoring of Conflict of Interest Management Does the Conflict of Interest Manager monitor the situation of compliance with Conflict of Interest Management Rules, in order to continually check whether appropriate and sufficient Conflict of Interest Management is ensured? Does the Manager take deterrent actions as

108 necessary? (7) System for Reporting to Board of Directors Does the Conflict of Interest Manager report necessary matters to the Board of Directors or organization equivalent to the Board of Directors, in a regular and timely manner or on an as needed basis? In particular, does the Manager report to the Board of Directors or organization equivalent to the Board of Directors without delay any matter that would seriously affect corporate management or significantly undermine customer interests? (8) System for Reporting to Corporate Auditor Does the Conflict of Interest Manager report matters specified by the Board of Directors directly to a corporate auditor? 3) Assessment and Improvement Activities Does the Conflict of Interest Manager review the effectiveness of the Conflict of Interest Management system in a regular and timely manner or on an as needed basis, based on reports and findings on the status of Conflict of Interest Management, including the status of compliance with the Conflict of Interest Management Rules as well as based on the results of monitoring? Does the Manager present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement as necessary, by revising in a timely manner the contents of the Conflict of Interest Management Rules, the organizational framework, the implementation of training and guidance, and the method of monitoring, etc.?

109 III. Specific Issues

Checkpoints

  • This chapter lists the check items to be used when the inspector reviews specific issues particular to the actual status of Customer Protection Management.
  • The descriptions in this checklist are based on the assumption that the roles of and responsibilities for developing a system for Customer Support Management, Customer Information Management, Outsourcing Management and Conflict of Interest Management and ensuring the effectiveness thereof rests with the Manager in charge of the relevant business. There are other various organizational frameworks for Customer Protection Management. For example, the insurance company may establish a dedicated division or department in charge of Customer Protection Management, or assign persons in charge of such management to divisions and departments that require Customer Protection, including the Marketing and Sales Division. In such cases, it is necessary to review whether the Customer Protection system is effectively functioning based on the review and analysis as to whether an adequate number of persons with the knowledge and experience necessary for implementing the relevant business are allocated and whether they are assigned the authority necessary for implementing the business.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapters I. and II. are absent or insufficient, thus causing the said problem with the use of the checklists in those chapters, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Customer Protection in General (1) Handling of New Products Does the Manager in charge of Customer Protection, etc. conduct prior investigations with regard to the public and internal rules that concern new products when requested by the New Products Committee, etc. and report to the division in a timely manner after identifying issues that may arise from the viewpoint of Customer Protection, based on New Products Management Policy? Are such investigations done without improper influence by the Marketing and Sales Division?

110 Also, is a system provided for appropriately handling customers from the time from when the insurance is sold until payment? Moreover, does the division in charge or the responsible manager provide an appropriate IT system as needed? 2. Insurance Contract Management System (1) Management of processing contract changes Is a management system in place under which changes in terms and conditions of a policy are processed in an appropriate manner? (2) Early cancellations, etc. Is a system in place under which the manner in which insurance sales were conducted, the process of insurance sales, and explanations given to policyholders, etc., are reported in a timely manner to the Insurance Sales Management Division with respect to early cancellation and other policies that are questionable in terms of fair insurance sales? In these cases, for example, are the actions of insurance sales representatives confirmed concerning the following points?

  • Factious performance (including name “borrowing”)
  • Misleading explanations provided to policyholders (including inadequate explanations and false explanations) (3) Prevention of a delayed response concerning cancellations, etc. Is a system in place under which prompt and appropriate responses are made to policyholder requests? In particular, is a system in place under which prompt and appropriate procedures can be undertaken for cancellations? For example, is a system in place under which the following activities can be prevented?
  • Prolonged neglect of cancellation procedures or delayed cancellations that are against the expressed will of policyholders
  • Imposing on sales representatives, etc., excessive requirements or duties to conduct negotiations for the sake of preventing cancellations
  • Establishing onerous procedures for cancellations
  • Postponement of cancellations by utilizing loans for extending insurance policies (appropriating the surrender value for premium payments of extended insurance policies) against the expressed will of policyholders (4) Management of lapses and reinstatement of policies (i) Is a system in place under which unpaid insurance premiums and lapses of policies, etc., can be discerned in an appropriate manner?

111 (ii) Is a system in place under which a notice to policyholders is provided prior to the lapse of policies? (iii) Is a system in place under which the procedures for reinstatement of lapsed policies can be followed in an appropriate manner? (iv) Are measures taken to fully explain to policyholders the information concerning reinstatement and surrender value of lapsed policies (reinstatement procedures, whether surrender value will be payable or not, surrender value amount, when negative prescription takes effect, etc.)? (v) Is a system in place under which a notice is provided to policyholders in an appropriate manner of when negative prescription will take effect? (vi) Is a system in place under which consistent processing of negative prescription is performed after negative prescription has taken effect? Is a system in place under which a good faith response is provided to inquiries that are received after negative prescription has taken effect? (vii) Is a system in place under which sales representatives, etc., explain to a client that policies can be reinstated when recommending new policies? (5) Reporting of investment performance, etc. Is a system provided to have investment performance and other necessary matters reported periodically to policyholders of variable insurance and other products? (6) Renewal of policies (i) Is the renewal of policies at maturity managed in an appropriate manner? For example, is a system in place for preventing failures to renew policies at maturity by providing adequate advance notice to policyholders concerning renewal? (ii) Are measures taken to prevent overinsurance (setting a coverage amount in excess of an insured value), for example, by encouraging a revision of the coverage amount at the time of policy renewal? (7) Insurance certificates (i) Are the procedures and the custody methods concerning long-term custody of insurance certificates developed in an appropriate manner? (ii) Are the procedures developed for prompt and appropriate re-issuance of insurance certificates? (8) Change of address and contact information Are company addresses in contracts updated and communicated to policyholders so that policyholders can promptly inform or notify the insurance company of the customer’s address or contact information upon change of address, etc.? Is a system in place so that when the

112 contact information of policyholders becomes unknown, an investigation is conducted to the extent possible? 3. Management System for Payment of Insurance Claims, etc.

  1. Receiving Claims Filed for Insurance Benefits (1) Explanations and Guidance on Insurance Claims (i) To avoid lack of insurance claim filings in cases in which a suitable payment cause occurred, is a system in place for full and easily understood explanations to policyholders, regarding the procedures for filing insurance claims? (ii) Considering that products are becoming more diverse, does the Payment Management Division make timely and appropriate revisions to forms such as for documents given to the policyholder as guidance on the insurance claims procedure, to prevent a lack of insurance claims and to make sure they are easily understood? (2) Provision of Procedure for Claims Filing by Representative For cases in which a beneficiary cannot file an insurance claim, does the Payment Management Division provide a procedure which enables a representative to file the claim? (3) Process After Receiving Claim After receiving an insurance claim filed by a policyholder, is the reason for insurance payment studied fairly and equitably? If this results in an investigation which requires a significant time period, is there a system provided to inform the policyholder?
  2. Investigation and Confirmation of Facts Concerning Insured Events and Damages (1) Investigation of facts concerning insured events (i) Is there a system in place for conducting investigations of facts (including examinations after the payment of benefits) in a fair and equitable manner, regardless of whether the facts may be favorable or unfavorable to policyholders, etc.? (ii) Does the payment management division manage the progress of investigations in an appropriate manner to ensure prompt payment with regard to the investigations of facts concerning individual cases? (iii) Is a system in place under which adequate and accurate investigations can be conducted to confirm facts concerning insured events after obtaining the consent of the parties concerned? For example, are the following items confirmed?
  • Confirmation of accurate facts through inquiries with insured persons, inpatient and outpatient hospitals, doctors in charge, etc.

113

  • In the case of insured events caused by disasters, etc., confirmation of the accuracy of facts, etc., through inspections of accident sites, inquiries to police stations and witnesses, etc. (iv) Is a system provided which prevents investigations from improperly harming the honor, credit, privacy, etc. of related parties and third parties? (2) Prevention of inappropriate dealings with customers Does the Payment Management Division take actions to prevent inappropriate dealings with policyholders, etc., aggrieved parties in accidents, and survivors, etc.? For example, are settlements inappropriately recommended to policyholders, etc., aggrieved parties in accidents, and survivors, etc., by causing them to misunderstand terms and conditions? (3) Appraisal and determination of damages (in cases of nonlife insurance) (i) Is a system in place for the appraisal and determination of damages in an appropriate manner? For example, does the Payment Management Division manage while taking the following management points into consideration?
  • Are appraisals and determinations of damages conducted by assessors, etc., in the case of fire insurance, and by experts such as adjusters in the case of automobile insurance?
  • Is the basis for calculating insurance claims clarified, and is the validity of such grounds verified?
  • Are unpaid insurance claims managed in an appropriate manner pending the determination of damages?
  • Are the payees (beneficiaries, hospitals, maintenance shops, etc.) confirmed? (ii) Are insurance claims paid without conducting an adequate investigation of damages, in violation of the fair treatment of policyholders? (4) Settlement negotiations (in cases of nonlife insurance) Is a system provided for conducting settlement negotiations, etc. while paying attention to the following points?
  • Is the application of comparative negligence adequately examined?
  • Are consequential damages (costs for temporary use of replacement vehicles, damages due to taking leave of absence from work, etc.) adequately examined?
  • Are litigation cases managed in an appropriate manner?

114 3) Ensuring Fast and Appropriate Payment of Insurance Claims, etc. (1) Management of Payment Reasons (i) For cases in which a payment reason occurs other than by a policyholder filing an insurance claim, is a system provided for management of the entire insurance contract, and to provide notice to the policyholder? Especially for reasons to pay invalidation repayments and maturity repayments, is there a system which consistently prevents missing payments due to overlooking? For example, is a system in place to prevent missing payments by IT system development? (ii) For payments related to special stipulations, is there a system which consistently prevents missing payments due to overlooking? For example, is a system in place to prevent missing payments by IT system development? (2) Mutual Checks and Balances System (i) Regarding insurance claim payment clerical work overall, is there a system provided which ensures a mutual checks and balances function, so payment/non-payment assessment is executed appropriately? For example, is there a system for verification by multiple people? (ii) For Payments of Insurance Claims, etc. which involve multiple payment divisions, from the viewpoint of preventing missing payments, is there a system for checking by coordination or mutual confirmation among payment divisions? (3) Payment Assessment (i) Is a system in place under which verifications of legality or medical judgment, etc., are sought as needed when making determinations not to pay insurance claims, etc., on the basis that payment requests do not satisfy the causes for payment or are subject to a cause for exemption? Are opinions of outside legal counsel obtained as needed and in a timely manner? (ii) Is a system in place under which facts, both favorable and unfavorable to policyholders, etc., are evaluated in a fair and appropriate manner? Specifically, is a system in place to prevent making a favorable judgment for the company while some facts remain uncertain? (4) Prevention of unfair payments Is a system in place for preventing arbitrary Payment of Insurance Claims, etc., despite the fact that there is a cause for nonpayment? For example, in response to improper demands by anti-social forces, are there resolute responses in cooperation with the Compliance Control Division and Customer Support Manager? (5) Prevention of unfair withholding of payments and delayed payments (i) Is a system in place for preventing unfair withholding of payments? For example, are unfair measures practiced such as imposing a limit on the aggregate amount of insurance claims,

115 etc., that are payable, or lowering the upper limits on benefit payments without reasonable grounds? (ii) Is a system in place for preventing unfair delays in payment? (iii) Is a system in place for preventing excessive persuasion that is intended to withhold the payment of insurance claims, etc.? (iv) Is a system in place under which appropriate interest charges are paid on overdue benefits after the investigation period established in stipulations has lapsed? (v) Is a system in place for preventing unfair treatment, such as refusing payment unless requests or complaints are filed repeatedly? (6) Management of Deadlines (i) Is a system provided to appropriately manage dates for calculating the start of overdue interest fees? Is there improper handling to reduce payment of overdue interest fees, for example by having the insurance claim filing reception date delayed to calculate with a date later than when actually filed? (ii) In cases where a policy is to be cancelled due to a notice duty violation or increased risk, is there a system for appropriately setting the date to start counting towards the cancellation deadline, and for providing a cancellation notice to the policyholder within the period until the cancellation deadline, based on laws and regulations, etc.? (iii) In cases of cancellation due to a serious reason, is a system in place for providing to the policyholder a cancellation notice within a reasonable time period after that serious reason was known or knowable? (7) Explanations to Policyholders (i) For cases where time is required until payment (or until notice if payment will not be made), is a system provided which takes actions such as providing easily understood explanations of the reasons for requiring that number of days, the payment target date, etc.? (ii) After an insurance claim payment is made, if an inquiry about that payment is received from the policyholder (e.g., about the grounds for calculating the payment amount), is there a system for providing a courteous and easily understood explanation, in accordance with the payment assessment criteria on which it was based? (iii) Is a system in place under which the reason for nonpayment is accurately explained, clearly showing the specific facts identified by the company and the grounds and reasons for nonpayment based on the terms and conditions of the policy? Also, is a system in place for sincere responses to questions by policyholders? For example, as needed, reconfirming facts, then providing a full and appropriate reply with the grounds and reasons for nonpayment, and moreover depending on the situation, reinvestigating the reasonableness of the assessment?

116 4) Storage of Records on the Process of Insurance Claims Payment Management To enable later verification of the appropriateness of processing of insurance claims payment management, is a system in place to appropriately store records on the following? • Investigation process and results • Process of negotiation with the policyholder • Payment assessment (including concerning reasons and grounds for deciding on nonpayment of part or all of the insurance benefit, or contract cancellation) • Processing of abandoned claims 4. Customer Support Management System Processing of Consultation Requests, Complaints, etc. as Dispute-Settlement Mechanism In handling Consultation Requests, Complaints, etc., does the insurance company regard them as a nascent form of dispute-settlement issue, rather than merely as a matter to be processed, and aim as much as possible to provide solutions by obtaining the understanding and satisfaction of the Customer in a manner suited to the details of the requests and complaints?

  1. Customer Information Management System (1) Development of Organization for Customer Information Management With regard to information concerning customers who are individuals, is there an arrangement for the Customer Information Supervisory Manager to take the following measures as necessary and appropriate in order to prevent leakage, loss or destruction of the information as the supervisor of the information safety management as well as of employees and the Outsourcing Contractor (in the case where handling of the information concerned is outsourced)? Related to the necessity of actions based on the following provisions, keep in mind that agencies must also be included in organizations understood to be outsourcing contractors.
  • Measures based on the provisions of Clauses 10, 11 and 12 of the Guidelines on Personal Information Protection in the Financial Industry
  • Measures based on the provisions of the operational instructions of security management measures I, II and III as well as Attachment 2 of the Guidelines on Personal Information Protection in the Financial Industry (2) Viewpoint Concerning Information Sharing When customer information is shared between the insurance company and third parties, is there a system to obtain in an appropriate manner the prior consent of the Customer, in the written form in principle, with regard to the sharing? Notwithstanding the above, this checkpoint shall not apply to cases to which Paragraph 6, Article 13 of the Guidelines on Personal Information Protection in the Financial Industry is applicable.

117 (3) Use of Sensitive Information Sensitive information is stipulated in the Guidelines on Personal Information Protection in the Financial Industry, Article 6. Except for situations listed in each item in Paragraph 1 of Article 6, is a system in place to ensure there is no acquisition, use nor provision to third parties? (4) Taking Customer Information Outside the Company If customer information is brought outside the company, is this limited to only required items, and are its handling methods clearly established to prevent leaks of customer information which is normally carried? 6. Outsourcing Management System Outsourcing of Investigations If investigation of the facts of an insurance related accident is outsourced, is a system provided for sufficient supervision of the contractor, to ensure proper investigations? For example: • Are rules and frameworks provided for managing proper operations of the contractor? • Is there effective management and guidance of the contractor’s investigation activities? • Are matters which the contractor must comply with established in the outsourcing contract? • Is it clear which department is responsible for management and guidance of the contractor? • Are the contractor and its operations periodically assessed? 7. Conflict of Interest Management System Development of System for Conflict of Interest Management for Customers of Bank Agents and Related Financial Institutions, etc. Even for customers of related financial institutions15 which pertain to that insurance company, is a system developed to conduct Conflict of Interest Management so that customers’ interests are not unfairly harmed?

15 Refer to Article 100-2-2, Paragraph 3 of the Act.

118 8. Other Matters With regard to operations16 determined by the insurance company as necessary for Customer Protection and enhancement of customer convenience, is there an appropriate management system that meets the level prescribed by the insurance company in the Customer Protection Management Policy and the Customer Protection Management Rules, etc.?

16 Refer to (7) “Securing appropriate management of other operations determined by the insurance company as necessary for protecting customers and enhancing customer convenience” listed as the first checkpoint in Chapter I of this checklist.

119 Checklist for Comprehensive Risk Management I. Development and Establishment of Comprehensive Risk Management System by Management Checkpoints

  • “Comprehensive Risk Management” is self-managed type risk management, in which it comprehensively understands risks directly faced by the insurance company, including potential major risks, compares these against the insurance company’s capital, etc.1 , and controls risks as an overall business, including flow aspects such as insurance underwriting and setting insurance premiums. The insurance company’s effectively functioning comprehensive risk management system is important for achieving the strategic goals of the insurance company which creates earnings targets and risk taking strategy for these targets. Keep in mind that in this checklist, “comprehensive risk management” includes management of capital, such as assessment of capital adequacy.
  • A precondition of comprehensive risk management is there must be appropriate management of financial soundness and insurance actuary: (1) Appropriate provision of policy reserves, reserve for outstanding claims and dividend reserves (hereinafter referred to as “Policy Reserves, etc.”), (2) Proper calculation of solvency margin ratio, (3) business analysis and segmented accounting required by laws and regulations, etc.
  • In building a comprehensive risk management system, one must sufficiently take into account the characteristics of risks unique to insurance companies. For example: (1) There are diverse types of risks, and there may also be risks which cannot be clearly categorized into each risk and category, (2) In addition to finance related risks (market risks, credit risks, etc.) associated with conducting operations, there are also other significantly large risks, (3) Techniques to assess insurance option aspects, tail risks, etc. are not necessarily established for many matters, and very long term liabilities, especially for life insurance, are a cause of technical difficulty, (4) When assessing risks, adequacy of capital, etc., there can be large differences between assessment based on current insurance accounting, etc., and assessment based on economic value.
  • Also, risks faced by an insurance company do not exist independently. They are mutually related in their effects on the insurance company, and are increasingly complex and diverse. It is important that an insurance company not only individually manage each risk (insurance underwriting risk, market risk, credit risk, operational risk, etc.); it should take into account its own operation’s size and characteristics and risk profile, comprehensively assess risks from the viewpoint of the whole company, and manage them appropriately.

1 Here, “capital, etc.” is not limited to the concept of net assets under accounting and capital based on current solvency regulations; this assumes a definition in which each insurance company compares against its risks from the viewpoint of risk management, including equity understood by economic value assessment (assessment consistent with market prices, or, assessment based on present value future cash flows indicated by a method which uses principles, techniques and parameters consistent with the market).

120

  • A comprehensive risk management framework for insurance companies is still not completely established, but in view of the importance of the items described above, insurance companies must unceasingly work towards more advanced risk management corresponding to the size and characteristics of their operations.
  • Top management of an insurance company has the roles and responsibility to sufficiently understand risks faced by the entire insurance company, and based on the aims and essence of comprehensive risk management, take the lead themselves to develop and establish a comprehensive risk management system to ensure effectiveness of the risk management cycle: definition, understanding, assessment and reporting of risks, and decisions on and execution of response policies.
  • In view of the above points, in examining the comprehensive risk management system, the inspector gives the greatest respect to that insurance company’s own initiatives towards development and establishment of a comprehensive risk management system, while he examines whether the company works to understand the aims and essence of comprehensive risk management to achieve its strategic goals based on the size and characteristics of the insurance company’s operations and its risk profile, and comprehensively assesses and manages risks from a company-wide viewpoint. In doing so, the inspector keeps in mind that complex or advanced risk assessment methods are not necessarily appropriate methods for all insurance companies. For example, he shall keep in mind that instead of deciding by a single index or model, one can also use multiple mutually complementary views to understand the actual status. He shall also keep in mind that he must examine from the viewpoint of whether this is only formal work which does not grasp the aims and essence of comprehensive risk management, for example whether assessment of assets and liabilities based on economic value and quantification of each risk are becoming goals themselves, and whether only specific divisions are substantially involved in risk management.
  • The inspector should determine whether the comprehensive risk management system is functioning effectively and whether the roles and responsibilities of the institution’s management are being appropriately performed by way of reviewing, with the use of check items listed in Chapter I., whether the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) development of a system for assessment and improvement activities.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. and later of each of the checklists for the various risk management systems including this checklist, it is necessary to exhaustively examine which of the elements listed in Chapter I. of each checklist, including the elements listed in this checklist as necessary, are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the financial institution.
  • If the institution’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the Internal Control System is not functioning effectively and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been

121 developed and implemented.

  1. Policy Development (1) Roles and Responsibilities of Directors Do directors attach importance to comprehensive risk management, fully recognizing that a lack of such an approach could seriously hinder attainment of strategic objectives? Also, do directors sufficiently realize the importance of a comprehensive risk management system effectively functioning, to achieve the entire insurance company’s strategic goals which establish earnings targets and risk taking strategy for these targets? Moreover, do the directors realize the importance of appropriately managing assets and liabilities overall, to ensure that the insurance company’s assets and investment conduct suit the situation of its business strength, such as its liability characteristics, risk characteristics and capital? In particular, does the director in charge sufficiently understand the locations, types and characteristics of risks, the techniques for identification, assessment, monitoring and control of risks, and the importance of comprehensive risk management? Based on this understanding, does he accurately understand the situation of that insurance company’s comprehensive risk management, and investigate policy and specific actions towards development and establishment of a proper comprehensive risk management system? For example, does the director in charge understand the limitations and weak points of methods to comprehensively assess various risks (hereinafter referred to as “Comprehensive Risk Assessment Methods”), and investigate actions to compensate? (2) Development and Dissemination of Strategic Objectives Has the Board of Directors developed strategic objectives covering profit objectives for the entire insurance company, risk-taking strategy (the asset and liability management strategy and the risk-return strategy, etc.) in accordance with the institution’s corporate management policy, and disseminated them throughout the institution? When developing such strategic objectives, does the Board of Directors give due consideration to the asset and liability structure (including off-balance sheet items) and various risks and take into account the status of the institution’s capital, etc.? For example, does it pay attention to the following matters?
  • Does it position liability characteristics as important elements in setting strategic goals of the entire insurance company and each division. For product development and insurance premium rate setting, does it consider the results of assessment and analysis of liability characteristics, and status of responses based on these results? Also, does it hold sufficient assets with suitable characteristics (maturities, liquidity, etc.) to enable performance on its future debts?

122

  • Does it make clear whether to aim at minimizing the risk or to aim at making a profit by aggressively taking and managing a certain amount of risk in deciding the levels of risk-taking and profit objectives?
  • Does it avoid setting insurance company-wide and division-specific strategic objectives that sacrifice risk management for short term profit? In particular, does it avoid setting objectives that pursue short-term profit by disregarding long-term risk or avoid setting a performance appraisal system that reflects such inappropriate objectives? (3) Development and Dissemination of Comprehensive Risk Management Policy Has the Board of Directors established a policy regarding comprehensive risk management (hereinafter referred to as the “Comprehensive Risk Management Policy”) and disseminated it throughout the institution? Is the appropriateness of the Comprehensive Risk Management Policy being secured by way of, for example, clear statements on the following matters?2 Regarding policy on implementation of stress tests, do its basic concepts not contradict comprehensive risk management? Does it consider the viewpoint of understanding risks which cannot be understood by techniques to quantify comprehensive risk management?
  • The roles and responsibilities of the director in charge and the Board of Directors or organization equivalent to the Board of Directors with regard to comprehensive risk management
  • The policy on organizational framework, such as establishment of a division concerning comprehensive risk management (hereinafter referred to as the “Comprehensive Risk Management Division”) and the authority assigned thereto
  • The policy regarding new products, etc.3 (including product development and insurance premium setting which sufficiently take into account risk control)
  • The policy for analysis and assessment of liability characteristics, such as risks created by insurance policy options such as cancellation or renewal
  • The policy for holding sufficient assets with suitable characteristics (maturities, liquidity, etc.) to enable performance on its future debts, considering its liability characteristics
  • The policy regarding the setting of risk limits
  • The policy regarding identification of risks to be managed
  • The policy regarding comprehensive assessment of risks and the monitoring and control of the assessed risks
  • The policy regarding execution of stress tests

2 It is not necessary to create a comprehensive risk management policy including all items which should be clearly written. It is sufficient if the items which should be clearly written are completely established in multiple policies established by multiple divisions which conduct comprehensive risk management, and in business plans. 3 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4)

123

  • The basic policy to maintain sufficient equity, etc.
  • The policy regarding risk tolerance compared to equity, etc.
  • Definition of equity, etc. and risks, for assessment of the sufficiency of equity, etc.
  • The policy regarding assessment of the sufficiency of equity, etc., monitoring and control
  • The policy regarding capital allocation operations (if conducting capital allocation operations) (4) Development and Dissemination of Business Plan Does the Board of Directors, in accordance with business policy, develop a business plan and make it known to the entire organization? In developing the business plan, does it analyze by linking strategic goals with amounts of current capital and capital to be required in the future, and considering strategic goals, what would be its desirable capital levels, amount of required capital to raise, appropriate capital raising methods, etc.? Also, are target levels of capital, etc. consistent with the risk profile and situation regarding operations? (5) Development of Capital Plan, etc. Does the Board of Directors develop a capital plan, etc. to achieve the appropriate target levels of capital, etc., in accordance with the business plan, the entire insurance company’s strategic goals, each division’s strategic goals, and comprehensive risk management policy? If it does capital allocation operations, are the grounds for calculating capital allocated to risks (hereinafter referred to as “Risk Capital”) and for each Risk Capital limit clearly described? (6) Revision of Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness based on reports and findings of various investigations on the status of comprehensive risk management in a regular and timely manner or on an as needed basis?
  1. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the Comprehensive Risk Management Division (hereinafter simply referred to as the “Manager” in this checklist) develop internal rules that clearly specify the arrangements concerning comprehensive risk management (hereinafter referred to as the “Comprehensive Risk Management Rules”) and disseminate them throughout the institution in accordance with the Comprehensive Risk Management Policy? Has the Board of Directors or organization equivalent to the Board of Directors approved the Comprehensive Risk Management Rules after determining if they comply with the Comprehensive Risk Management Policy and after legal checks, etc.? Is there a framework for risk management as an entire business, not simply

124 for adequacy of capital, etc.? (2) Definition of Capital, etc. for Assessment of Adequacy of Capital, etc. In assessment of adequacy of capital, etc., does the Board of Directors clearly establish the definitions of capital, etc. which are assessment criteria? Considering that capital, etc. preparation for potential losses, is the definition of capital, etc. used in assessment of adequacy of capital, etc. consistent with business policy, business plans, strategic goals, etc.? (3) Establishment of Comprehensive Risk Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors have a Comprehensive Risk Management Division established and have the division prepared to undertake appropriate roles in accordance with the Comprehensive Risk Management Policy and the Comprehensive Risk Management Rules?4 (ii) Has the Board of Directors allocated to the Comprehensive Risk Management Division a Manager with the necessary knowledge and experience to supervise the division and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Comprehensive Risk Management Division an adequate number of staff members who have the necessary knowledge and experience to execute the relevant operations and assigned such staff the authority necessary for conducting the aforementioned operations?5 (iv) Does the Board of Directors or organization equivalent to the Board of Directors keep the Comprehensive Risk Management Division independent from the asset investment division, insurance underwriting division, etc. and secure a check-and-balance system of the Comprehensive Risk Management Division? (4) Development of Comprehensive Risk Management Systems in the Product Development Division, Asset Investment Division and Insurance Underwriting Division (i) Through the Manager or Comprehensive Risk Management Division, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure effectiveness of comprehensive risk management, such as by providing a system to fully disseminate the relevant internal rules and operational procedures to the divisions involving

4 When the Comprehensive Risk Management Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division or when a division in charge of other business also takes charge of comprehensive risk management or when a Manager or Managers take charge of comprehensive risk management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the scales and natures of the insurance company and its risk profile. 5 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of the Comprehensive Risk Management Division is reasonable in terms of a check-and-balance system and other aspects.

125 risks to be managed (e.g. product development division, asset investment division, underwriting division, etc.) and ensure that such divisions observe them? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager to identify the internal rules and operational procedures that should be observed by the product development division, asset investment division, insurance underwriting division, etc. and to carry out specific actions for ensuring observance such as providing effective training on a regular basis? (ii) Does the Board of Directors or organization equivalent to the Board of Directors provide a system to work for appropriate coordination among the comprehensive risk management division, asset investment risk management division, insurance underwriting risk management division, liquidity risk management division, new products committee, etc.? (5) Development of System for Comprehensive Management of Assets and Liabilities Based on comprehensive risk management policy, does the Board of Directors develop a system which has the Comprehensive Risk Management Division comprehensively manage assets and liabilities, with the roles of assessing and analyzing the development and execution of investment strategy, etc.?6 (6) System for Reporting to and Approval of the Board of Directors or Organization Equivalent to Board of Directors Has the Board of Directors appropriately specified matters that require reporting and those that require approval and does it have the Manager report the current status to the Board of Directors in a regular and timely manner or on an as needed basis or have the Manager seek the approval of the Board of Directors on the relevant matters? In particular, does it ensure that the Manager reports to the Board of Directors without delay any matters that would seriously affect corporate management? (7) System for Reporting to Corporate Auditor In the case that the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately and do they provide a system to have the Manager directly report such matters to the auditor?7 (8) Development of Internal Audit Guidelines and an Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or Internal Audit Division Manager appropriately identify the matters

6 There are also cases in which comprehensive management of assets and liabilities is done by an organization such as an ALM Committee separate from the Comprehensive Risk Management Division. Regardless of differences of such a framework, it shall be examined whether comprehensive management of assets and liabilities is done appropriately. If an ALM committee, etc. is set up, it shall be examined whether the Comprehensive Risk Management Division and ALM committee, etc. are cooperating appropriately. 7 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report and shall not restrict the authority and activities of the auditor in any way.

126 to be audited with regard to comprehensive risk management, develop guidelines that specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?8 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan and provide a system to have these matters appropriately audited?

  • Status of development of the comprehensive risk management system (including status of development of a comprehensive risk management system to help achieve strategic goals for the entire insurance company, such as establishing earnings targets and risk taking for these targets)
  • Status of observance of the Comprehensive Risk Management Policy, Comprehensive Risk Management Rules, etc.
  • Appropriateness of the comprehensive risk management processes commensurate with the scales and natures of the business and risk profile
  • Appropriateness of the Comprehensive Risk Assessment Method
  • Accuracy and completeness of the data used in comprehensive assessment of risks
  • Appropriateness of the use of the Comprehensive Risk Assessment Method based on the limitations and the weaknesses thereof
  • Reasonableness of methods of analysis and assessment of liability characteristics
  • Appropriateness of process of comprehensive management of assets and liabilities: Analyze liability characteristics, and hold sufficient assets with appropriate characteristics (maturities, liquidity, etc.) corresponding to the situation of liabilities held
  • Appropriateness of process of assessment of adequacy of capital, etc. to suit the size and characteristics of operations and the risk profile
  • Reasonableness of method (techniques, assumptions, etc.) of assessment of adequacy of capital, etc.
  • Correctness and completeness of data used in assessment of adequacy of capital, etc.
  • Appropriateness of management, considering limitations and weak points of methods of assessment of adequacy of capital, etc.
  • Appropriateness of stress test scenarios, etc.
  • Status of improvement of matters pointed out in an internal audit or in the last inspection (9) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner by

8 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan.

127 reviewing their effectiveness based on reports and findings on the status of comprehensive risk management in a regular and timely manner or on an as needed basis? 3. Assessment and Improvement Activities

  1. Analysis and Assessment (1) Analysis and Assessment of Comprehensive Risk Management Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the comprehensive risk management system and the particulars thereof, and appropriately examine their causes by precisely analyzing the status of comprehensive risk management and assessing the effectiveness of comprehensive risk management, based on all information available regarding the status of comprehensive risk management, such as the results of audits by corporate auditors, internal audits and external audits9 , findings of various investigations and reports from various divisions? In addition, if necessary, does it take all possible measures to find the causes by, for example, establishing fact findings committees, etc. consisting of non-interested persons? (2) Revision of Analysis and Assessment Processes Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner by reviewing their effectiveness based on reports and findings on the status of comprehensive risk management in a regular and timely manner or on an as needed basis?

  2. Improvement Activities (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the comprehensive risk management system identified through the analysis, assessment and examination referred to in 3. 1) above in a timely and appropriate manner based on the results obtained by developing and implementing an improvement plan as required or by other appropriate methods?

9 External audits as mentioned here shall not be limited to audits of financial statements by accounting auditors, but the inspector should bear it in mind that currently, audits other than the audit of financial statements required under the rules and the verification of the internal control system conducted as part of the procedures of this audit are not obligatory. However, in the case where the inspected insurance company undergoes an external audit other than the financial statements audit in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining in a comprehensive manner along with the financial statements audit results.

128 (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner by reviewing its effectiveness based on reports and findings on the status of comprehensive risk management in a regular and timely manner or on an as needed basis?

129 II. Development and Establishment of Comprehensive Risk Management System By Manager Checkpoints

  • This chapter lists the check items to be used when the inspector reviews the roles and responsibilities to be performed by the Manager and the Comprehensive Risk Management Division.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the financial institution.
  • If the institution’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter 1. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Roles and Responsibilities of Manager (1) Development and Dissemination of Comprehensive Risk Management Rules Has the Manager, in accordance with the Comprehensive Risk Management Policy, identified the risks, decided the methods of assessment and monitoring thereof and developed the Comprehensive Risk Management Rules that clearly define the arrangements on risk control, based on a full understanding of the scope, types and nature of the risk and the relevant comprehensive risk management technique? Does the Board of Directors or organization equivalent to the Board of Directors approve the Comprehensive Risk Management Rules, and are they made known throughout the organization? (2) Comprehensive Risk Management Rules Do the Comprehensive Risk Management Rules exhaustively cover the arrangements necessary for comprehensive risk management and specify the arrangements appropriately in a manner befitting the scales and natures of the financial institution’s business and its risk profile? For example, do the rules specify arrangements for the following?:10
  • Roles, responsibilities, and organizational framework of the Comprehensive Risk Management Division
  • Risk limits

10 It is not necessary to create comprehensive risk management rules including all items which should be clearly written. It is sufficient if the items which should be clearly written are completely established in multiple internal rules established by multiple divisions which conduct comprehensive risk management.

130

  • Identification of risks to be subjected to comprehensive risk management
  • Comprehensive Risk Assessment Method and assessment methods used for the each risk areas
  • Comprehensive risk monitoring method
  • Periodic reviews of the comprehensive risk assessment method
  • Stress tests
  • Setting limits on Risk Capital (if conducting capital allocation operations)
  • Comprehensive management of assets and liabilities
  • Analysis and assessment of liability characteristics, such as risks created by insurance policy options such as cancellation or renewal
  • Holding sufficient assets with suitable characteristics (maturities, liquidity, etc.) to enable performance on its future debts, considering its liability characteristics
  • Coordination and information sharing between the Comprehensive Risk Management Division, new products committee, and the divisions involved in asset investment, insurance underwriting, cash flow, etc.
  • Risk tolerance compared to capital, etc.
  • Identification of risks subject to management in assessment of adequacy of capital, etc., and risk assessment methods
  • Methods to assess adequacy of capital, etc.
  • Methods to monitor adequacy of capital, etc.
  • Periodic verification of methods to assess adequacy of capital, etc.
  • New products11 (if conducting capital allocation operations, including arrangements on capital allocation of new products, etc.)
  • System for reporting to the Board of Directors or organization equivalent to the Board of Directors (3) Development of Organizational Frameworks by Manager (i) Does the Manager, in accordance with the business plan, capital plan, Comprehensive Risk Management Policy and Comprehensive Risk Management Rules, provide for measures to have the Comprehensive Risk Management Division exercise a check-and-balance system in order to conduct comprehensive risk management appropriately? (ii) Does the Manager provide a system to prevent any lapse in the risk management for the insurance company as a whole so as to ensure an appropriate comprehensive risk management? Does the Manager ensure that the Manager of each risk management division promptly reports to the Comprehensive Risk Management Division when detecting any

11 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4)

131 weakness or problem that may affect comprehensive risk management? Moreover, from the viewpoint of appropriate comprehensive risk management which suits its risk profile, does the Manager provide a framework to identify information which should be obtained, and receive reports periodically or as needed from divisions which have that information? For example, does he receive timely and appropriate reports on the following situations?

  • Risks
  • Compliance with and use of risk limits
  • Compliance with and use of Risk Capital limits (if conducting capital allocation operations)
  • Earnings
  • Reasonableness of risk assessment methods (assessment and measurement techniques, assumptions, etc.) (iii) Does the Manager identify information which should be obtained from the viewpoint of appropriate comprehensive management of assets and liabilities, and develop a framework to obtain reports periodically or as needed from the divisions which have that information? For example, does he develop a system to appropriately understand the following situations?
  • Liability characteristics (for example, assumed interest rates, duration, cash flow, risks caused by options containing liabilities, etc.)
  • Holding assets with suitable characteristics (maturities, liquidity, etc.) to enable performance on its future debts, considering its liability characteristics (iv) Does the Manager provide a system to ensure that on a risk category-by-category basis, each risk management division identifies and reports risks inherent in New Products as specified in the Comprehensive Risk Management Policy and the Comprehensive Risk Management Rules for New Products, etc.?12 For example, does he develop a system to report liability characteristics of New Products and asset investment strategy which considers these? (v) Does the Manager understand the limitations and weaknesses of the Comprehensive Risk Assessment Method and provide a system to make risk management more sophisticated in a manner commensurate with the scales and natures of the financial institution’s business and its risk profile?13 (vi) Does the Manager have in place a comprehensive risk management computer system (including a computer system to assess adequacy of capital, etc.)14 with the high reliability

12 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4) 13 It should be noted that sophistication of risk management includes not only expansion of scope of risk measurement and improvement in precision and other aspects of risk management but also enhancement of measures to complement the limits and weaknesses of the management and the technique of utilizing measurement results. 14 It should be noted that the computer system may be a centralized data processing environment system, distributed processing system, or end user computing (EUC) type. The same shall apply hereafter.

132 suited to the scales and natures of the financial institution’s business and its risk profile? (vii) Does the Manager ensure the provision of training and education systems to enhance the ability of employees to conduct comprehensive risk management in an effective manner, thus developing human resources with relevant expertise? (viii) Does the Manager provide a system to ensure that matters specified by the Board of Directors are reported in a regular and timely manner or on an as needed basis? In particular, does the Manager provide a system to ensure that matters that would seriously affect corporate management are reported to the Board of Directors or organization equivalent to the Board of Directors without delay? (4) Revision of Comprehensive Risk Management Rules and Organizational Frameworks Does the Manager conduct monitoring on an ongoing basis with regard to the status of the execution of operations at the Comprehensive Risk Management Division? Does the Manager review the effectiveness of the comprehensive risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the Comprehensive Risk Management Rules and the relevant organizational framework, or present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement? 2. Roles and Responsibilities of Comprehensive Risk Management Division

  1. Risk Identification and Assessment (1) Identification of Risks to Be Managed (i) Does the Comprehensive Risk Management Division have each Risk Management Division exhaustively identify all risks faced by the bank on a category-by-category basis and identify the risks to be subjected to comprehensive risk management commensurate with the size and nature of the identified risks? Do the risks subject to comprehensive risk management exhaustively include all major risks, including at least insurance underwriting risk, market risk, credit risk and operational risk? Does the Comprehensive Risk Management Division ensure that the identification process covers the full scope of business including those of sales offices, major group companies and consignees, in addition to exhaustively covering the risk categories? (ii) Is the Comprehensive Risk Management Division also considering whether to apply comprehensive risk management to the risks not included in the calculation of the solvency margin ratio? When there are risks not covered by comprehensive risk management, has the Comprehensive Risk Management Division determined whether their effects are negligible? (iii) With regard to New Products, based on New Products management policy, does the Comprehensive Risk Management Division identify their inherent risks in advance through

133 each risk management division and report to the new products committee, etc. in a timely manner?15 (2) Assessment of Various Risks (i) Does the Comprehensive Risk Management Division determine the validity of the risk assessment and measurement techniques used by the Risk Management Divisions and the assumptions thereof? Or does it make sure that each risk management division examines the validity of the techniques and assumptions? Does it determine the following items, for example?:

  • When the scenario approach is employed in measuring risk, are the scenarios used appropriate?
  • When VaR, a uniform yardstick for measuring risk, is employed, are the measuring techniques, the holding periods and the confidence levels applied in a manner befitting the financial institution’s strategic objectives and risk profile?
  • If risk amount is measured by economic value assessment, is the method of assessing economic value appropriate?
  • When the integrated risk measurement technique is employed, is consistency between the employed measurement techniques ensured? (ii) When some risks to be controlled through comprehensive risk management cannot be quantified, does the Comprehensive Risk Management Division appropriately assess them by conducting graded assessment of their effects and self-assessment of the levels of management and control to the scope achievable? Or does the Comprehensive Risk Management Division have each risk management division provide necessary information concerning the specific risk areas to be managed in an appropriate and timely manner in such a case? (3) Comprehensive Assessment of Risks (i) Does the Comprehensive Risk Management Division comprehensively assess and measure risks, including those existing at sales branches, major group companies, consignees, etc.? (ii) Does the Comprehensive Risk Management Division comprehensively assess and measure the various risks to be controlled through comprehensive risk management? When the various risks to be thus managed are integrated, is the integration method appropriate? When the integrated risk measurement technique is used, are the various risks integrated in light of the check items listed in Chapter III. 2. (3) (i) of this checklist? (iii) Does the Comprehensive Risk Management Division cooperate with each risk management division, hypothesize appropriate stress scenarios which consider the business size and

15 See “Checklist for Business Management (Governance) (for Basic Elements),” I. 3. (4).

134 characteristics, risk profile and large changes in the external environment, then implement stress tests? In doing so, does it comprehensively assess and measure risks based on stress scenarios that cover incidents capable of having serious effects on the insurance company? (4) Stress Tests (i) In executing stress tests, does the Comprehensive Risk Management Division develop a system to involve people who have specialized knowledge and techniques? (ii) Does the Comprehensive Risk Management Division verify the reliability of models used in stress tests, and appropriately revise them periodically and as needed? When each risk management division verifies and revises, does the Comprehensive Risk Management Division confirm their reasonableness? (iii) Does the Comprehensive Risk Management Division sufficiently verify and analyze the results of stress tests, periodically and as needed? When each risk management division verifies and analyzes, does the Comprehensive Risk Management Division confirm their reasonableness? Also, are systems developed which use these in specific decisions on risk management? 2) Comprehensive Management of Assets and Liabilities (1) Analysis and Assessment of Liability Characteristics Does the Comprehensive Risk Management Division appropriately analyze the situation of liability characteristics, such as risks caused by options containing liabilities, as well as assumed interest rates, duration and cash flow, taking into account the size and characteristics of the insurance company’s operations and its risk profile? (2) Comprehensive Management of Assets and Liabilities, Considering Liability Characteristics Does the Comprehensive Risk Management Division analyze and assess the situation of holding sufficient assets with suitable characteristics (maturities, liquidity, etc.) to enable performance on its future debts, considering its liability characteristics? Also, in its handling of new products, does it assess and analyze the liability characteristics of new products, and the asset investment strategies based on this? (3) Comprehensive Management of Assets and Liabilities if based on Economic Value Assessment (i) It is desirable that comprehensive management of assets and liabilities be done based on economic value, that is, value consistent with market prices, or present value of future cash flows derived by methods using principles, techniques and parameters consistent with the market. Currently, if techniques of assessment based on economic value are not completely established, for example, for assessment of risks created by insurance policy options such as

135 cancellation or renewal, then is it based on the best techniques that can be adopted in each company? (ii) In comprehensive management of assets and liabilities, are risks which could have important potential effects on economic value assessed in a framework of asset/liability management? Such risks include the following risks.

  • Market risks
  • Credit risks
  • Insurance underwriting risks
  • Liquidity risks
  1. Implementation of Policies on Adequacy of Capital, etc. (1) Implementation and Monitoring of Policies on Adequacy of Capital, etc. Does the Comprehensive Risk Management Division smoothly execute policies for adequacy of capital, etc., based on the business plan and capital plan, etc.? If a different division executes the policy, does the Comprehensive Risk Management Division confirm that it is executed smoothly? (2) Maintenance of Level of Capital, etc. (i) Does the Comprehensive Risk Management Division assess the adequacy of capital, etc., and sufficiently analyze and investigate to maintain a level, based on the results of monitoring the situations of its internal environment (risk profile, situation of use of risk limits, etc.) and external environment (economic cycle, markets, etc.) and reasonableness of assumptions, etc.? Also, does it confirm there is sufficient analysis and investigation to maintain a level? (ii) Does the Comprehensive Risk Management Division hypothesize a case where there is inadequate capital, etc., and analyze and investigate feasible responses such as capital reinforcement? Or does it confirm that analysis and investigation are being done? In particular, does it investigate while considering the possibility that raising capital will become more difficult than usual, due to the emergence of reputational risk, etc.?
  2. Assessment of Adequacy of Capital, etc. Assessment of Adequacy of Capital, etc. Does the Comprehensive Risk Management Division take into account the insurance company’s unique comprehensive risk management characteristics, and assess the appropriate adequacy of capital, etc. to suit the size and characteristics of operations and its risk profile? For example, does it take into account the following items?

136

  • Does assessment of adequacy of capital, etc. indicate that the quality of capital is suitable?
  • Are the methods to assess adequacy of capital, etc. and risk assessment methods reasonable?
  • Does it consider the limitations and weak points of risk assessment methods?
  • Does it create multiple appropriate stress scenarios, analyze the degree of effects on capital, etc. and risks, and assess the adequacy of capital, etc.? Do these stress scenarios consider major risks which greatly affect the adequacy of capital, etc.?
  • Is adequacy of capital, etc. assessed from a medium term viewpoint which considers medium term business strategy and the business environment, such as changes in amounts of insurance policies held and product mix changes?
  • If losses appear or earnings fall, are those losses or loss occurrence risk considered when assessing the adequacy of capital, etc.?
  1. Monitoring (1) Comprehensive Monitoring of Overall Risks Does the Comprehensive Risk Management Division, in accordance with the Comprehensive Risk Management Policy and the Comprehensive Risk Management Rules, conduct monitoring with regard to the status of overall risks comprehensively and with an appropriate frequency in light of the insurance company’s internal environment (risk profile, the status of the use of risk limits, etc.) and external environment (economic cycles, markets, etc.)? Does the division conduct monitoring with regard to the status of internal and external environments and the appropriateness of the assumptions? (2) Monitoring of Compliance with Risk Limits Does the Comprehensive Risk Management Division regularly monitor the status of compliance with the risk limits and the Risk Capital limits (in the case where capital allocation management is employed) and the status of the use thereof? (3) Monitoring the Status of Adequacy of Capital, etc. Does the Comprehensive Risk Management Division, in accordance with the Comprehensive Risk Management Policy and the Comprehensive Risk Management Rules, consider the status of the insurance company’s internal environment (risk profile, status of use of risk limits, etc.) and external environment, and monitor the status of adequacy of capital etc. in an appropriate frequency? Does it also monitor the status of its internal environment and external environment, the reasonableness of assumptions, etc.? (4) Reporting to Board of Directors or organization equivalent to Board of Directors Does the Comprehensive Risk Management Division, in accordance with the Comprehensive

137 Risk Management Policy and the Comprehensive Risk Management Rules, provide in a regular and timely manner or on an as needed basis information necessary for the Board of Directors or organization equivalent to the Board of Directors to make an appropriate assessment and judgment with regard to the status of the comprehensive risk management, the status of the risks assessed comprehensively and the status of adequacy of capital, etc.? Does the division report the following items, for example?

  • Risk profile and the trend thereof
  • Status of compliance with the risk limits and the Risk Capital limits (in the case where capital allocation management is employed) and the status of the usage thereof
  • Status of external environment such as economic cycles
  • Validity of the Comprehensive Risk Assessment Methods and the limitations and weaknesses thereof
  • Levels and trends of major risks and their effects on capital, etc.
  • Situation of liability characteristics (for example, risks caused by options contained in liabilities, assumed interest rates, duration, cash flow)
  • Situation of ensuring that it holds assets with suitable characteristics (maturities, liquidity, etc.) to enable performance on its future debts, considering its liability characteristics
  • Reasonableness of methods of assessing adequacy of capital, etc. (including definition of capital, etc., decisions on risks subject to management, and risk assessment methods)
  • Situation of adequacy of capital, etc., considering the size and characteristics of operations, and its risk profile
  • Consistency between target levels of capital, etc., risk profile, and situation faced by operations
  • Necessity of review of capital plan, etc.
  • Outline of stress tests and their results (5) Feedback to Risk Management Divisions Does the Comprehensive Risk Management Division feed back the results of its assessment, analysis and review with regard to the status of risks and the status of adequacy of capital etc. to each risk management division as necessary?
  1. Control (1) Response to Case Where Unmanageable Risks Exist In the case where risks not covered by comprehensive risk management nor assessment of adequacy of capital etc. have non-negligible effects or where risks to be controlled through comprehensive risk management cannot be managed appropriately, does the Comprehensive Risk Management Division provide information necessary for the Board of Directors or

138 organization equivalent to the Board of Directors to make decisions as to whether the financial institution should withdraw from or downsize the business affected by those risks? (2) Handling in the Case Where Risk Limits are Exceeded, etc. In the case where the financial institution has exceeded the risk limits etc., does the Comprehensive Risk Management Division provide information necessary for the Board of Directors or organization equivalent to the Board of Directors without delay to make decisions as to whether to take steps to mitigate risks or alter the limits? (3) Response if Comprehensive Management of Assets and Liabilities is Insufficient If comprehensive management of assets and liabilities is insufficient, does the Comprehensive Risk Management Division investigate feasible responses for holding sufficient assets with suitable characteristics (maturities, liquidity, etc.) to enable performance on its future debts? Or if a different division creates the response plan, does the Comprehensive Risk Management Division quickly investigate and report information to the Board of Directors or organization equivalent to the Board of Directors, enabling it to take decisions? (4) Response if Capital, etc. is Inadequate If capital, etc. is inadequate, does the Comprehensive Risk Management Division quickly investigate feasible responses such as capital reinforcement? Of if a different division creates the response plan, does the Comprehensive Risk Management Division quickly investigate, and report information to the Board of Directors or organization equivalent to the Board of Directors, enabling it to take decisions on specific responses?

  1. Review and Revision (1) Sophistication of Risk Management Does the Comprehensive Risk Management Division conduct a review to grasp the limitations and weaknesses of the Comprehensive Risk Assessment Method and devise countermeasures to complement the method? Does it conduct investigations, analysis and consideration commensurate with those limitations and weaknesses with a view to making risk management more sophisticated commensurate with the risk profile? (2) Review and Revision of Comprehensive Risk Management Method Does the Comprehensive Risk Management Division grasp the limitations and weaknesses of the Comprehensive Risk Assessment Method and the method of assessing adequacy of capital etc. as well as changes in the internal and external environments, and regularly review whether the methods suit the insurance company-wide strategic objectives, the scales and natures of the business in question and the risk profile of the insurance company in its entirety, and revise the method? Does the division review and revise the following items, for example:
  • Validity of the identification of risks to be subjected to comprehensive risk management

139

  • Validity of the Comprehensive Risk Assessment Method
  • Appropriateness of the operation of the comprehensive risk assessment method commensurate with its limitations and weaknesses
  • In assessment of adequacy of capital, consistency between the definition of capital, etc., etc., and the business policy, business plan, strategic goals, etc. Reasonableness of grounds for deciding on definition.
  • Reasonableness of identification of risks subject to management in assessment of adequacy of capital, etc.
  • Reasonableness of methods (assessment and measurement techniques, assumptions, etc.) of assessing risks in assessment of adequacy of capital, etc.
  • Reasonableness of methods of assessing adequacy of capital, etc.
  • Appropriateness of operations, considering the limitations and weak points of methods of assessing adequacy of capital, etc. (3) Verification and Revision of Methods of Comprehensive Management of Assets and Liabilities Does the Comprehensive Risk Management Division analyze liability characteristics? In order to hold sufficient assets with suitable characteristics (maturities, liquidity, etc.) corresponding the situation of the liabilities it holds, does the Comprehensive Risk Management Division periodically revise after verifying whether it has appropriate methods of comprehensive management of assets and liabilities which are suitable for the changes in its external environment, the situation of its business strength such as capital, the strategic goals of the entire insurance company, the size and characteristics of its operations, and the risk profile?

140 III. Specific Issues Checkpoints

  • This chapter lists the check items for the inspector to examine individual specific problems in accordance with the actual situation of comprehensive risk management.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapters I. and II. are absent or insufficient, thus causing the said problem, with the use of the checklists in those chapters, and review findings thereof through dialogue between the inspector and the financial institution.
  • If the institution’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter 1. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Comprehensive Management of Assets and Liabilities (1) Understanding of Liability Characteristics When working to understand liability characteristics, are the following points especially kept in mind?
  • Changes in cash flows of liabilities (uncertainty of timing and amounts of future insurance premium revenues, insurance payouts, etc.)
  • Risks caused by options contained in new policies and existing policies (the policyholder has the option to continue or discontinue paying insurance premiums, and the ratio of insurance policies continued varies with changes in financial conditions)
  • Grouping of liabilities corresponding to several elements which express liability characteristics (assumed interest rates, duration, cash flow, etc.)
  • Appropriateness of insurance premium rates (including setting of assumed interest rates)
  • Huge disaster risk and risks of overseas insurance markets
  • Characteristics of dividend paying policies (for example, pay dividends in periods of good investment results, but must ensure assumed interest rate in bad periods) (2) Comprehensive Management of Assets and Liabilities, Considering Liability Characteristics When comprehensively managing assets and liabilities with consideration of liability characteristics, are the following points kept in mind?
  • Ensure sufficient assets which have appropriate characteristics (maturities, liquidity,

141 etc.) in order to allocate to payments when there are reasons to pay insurance benefits, etc.

  • Divide into groups the liabilities which correspond to several elements which express liability characteristics, and build an asset portfolio which matches the liability characteristics of each group
  • Ensure coordination between the Comprehensive Risk Management Division and the divisions involved in asset investment, product development, insurance underwriting, and cash flow. (3) Appropriate Asset and Liability Management (i) Development of strategic goals
  • As the organization which comprehensively manage assets and liabilities, and which is involved in development and execution of investment strategy, is the ALM committee16 involved in developing strategic goals of related divisions? Also, in doing so, does it consider possibly major risks such as market risks and liquidity risks? (ii) Framework of ALM Committee, etc.
  • Does the ALM committee develop a framework for receiving important information from related divisions, timely and appropriately? Also, is important information defined in internal rules?
  • Do the directors in charge and managers of related divisions attend every ALM committee meeting and investigate? Also, when matters occur which greatly affect business, such as large changes in the market environment, are ALM committee meetings held timely and appropriately, attended by the representative director? (iii) Risk Control
  • Based on strategic goals, risk management policies and risk management rules, does the ALM committee effectively use analysis and investigation data of related divisions regarding management of assets and liabilities, such as interest rates, foreign currency forecasts, understood risks, hedge transactions and cash flows, including for strategic investments and off balance sheet items? Does it discuss these, including from the viewpoint of liquidity? Especially regarding interest rate risks, was there sufficient discussion of asset and liability management, based on results of assessment which did multifaceted and appropriate risk analysis and measurement? Are correlation effects between assets in different risk categories also investigated?
  • Does the ALM committee control risks in comparison with its business strength such as capital, based on strategic goals, risk management policies and risk management rules?

16 If an ALM committee is not set up, examine whether its functions are in an alternative risk management process.

142

  • If comprehensive management of assets and liabilities manages limits from the aspect of risks related to assets and liabilities held, then is capital considered in order to avoid setting excessive limits compared with business strength? Also, are they set including strategic investments and off balance sheet items? Moreover, is setting of limits reviewed periodically or as needed? (iv) ALM committee investigation results used in business strategy
  • When the Board of Directors develops strategic goals and risk management policies, does it consider the ALM committee’s analysis results? (4) ALM IT System Development Is an IT system arranged for ALM operations? For example, does it cover that insurance company’s interest rate risks such as yield curve risks and basis risks, and market risks such as currency risks and price variation risks? Does the IT system have multifaceted risk/return analysis techniques which match the size and characteristics of the operations and the risk profile?
  1. Check Items to Be Used When Integrated Risk Measurement Technique Is Employed (1) Establishment of Integrated Risk Measurement System (i) Is the integrated risk measurement system conceptually sound and has it been properly implemented? (ii) Is the role of the integrated risk measurement technique (model) clearly positioned under the Comprehensive Risk Management Policy and operated based on the understanding of the items listed below? Does it determine if there is no problem with the application of the technique to major group companies? (a) The insurance company’s strategic objectives, the scales and natures of its business and its risk profile (b) The fundamental design concept of the integrated risk measurement technique based on (a) (c) Identification and measurement of risks based on (b) (scope, technique, assumptions, etc.) (d) Nature (limitations and weaknesses) of the integrated risk measurement technique that derive from (c) and the validity of the technique (e) Details of the method of validating with respect to (d) (iii) In the case where capital allocation management is employed, has the policy of capital allocation management been developed based on the results calculated by way of the integrated risk measurement technique? When there are risks which are not measured with this technique are there any reasonable grounds for excluding them from the measurement? Is the Risk Capital allocated with due consideration for the risks excluded from the measurement?

143 (2) Appropriate Involvement of Directors and Corporate Auditors (i) Understanding of Integrated Risk Measurement Technique (a) Do directors understand that decisions concerning the integrated risk measurement technique as well as the risk limits and the Risk Capital limits (in the case where capital allocation management is employed) have serious implications for the financial institution’s corporate management and financial conditions? (b) Does the director in charge of integrated risk management understand the integrated risk management technique required for the business of the insurance company and have a grasp on the nature (limitations and weaknesses) thereof? (c) Do directors and corporate auditors seek to enhance their understanding of the integrated risk management technique by participating in training courses or through other means? (ii) Approach to Integrated Risk Management17 When needed, do directors involve themselves actively in integrated risk management based on the integrated risk measurement technique? (3) Integrated Risks Measurement (i) Appropriateness of Measurement Technique (a) With regard to the various risk measurement techniques used by the Comprehensive Risk Management Division, is the validity of each of them ensured, and is consistency among those techniques secured with a view to measuring risks appropriately in an integrated manner? (b) Are the assumptions that underlie the risk measurement conducted by the Comprehensive Risk Management Division reasonable in light of the strategic objectives and the risk profile? (c) Is the technique used by the Comprehensive Risk Management Division to aggregate various risks with different risk nature and loss distributions appropriate? When correlations among various risks (distribution effect) are taken into consideration, does the division regularly validate the correlations? (ii) Ongoing Validation and Stress Test (a) Does the Comprehensive Risk Management Division regularly analyze the appropriateness of the measuring techniques through ongoing validation (back testing, etc.)? Are revisions of the measuring techniques conducted in accordance with the internal rules? (b) Does the Comprehensive Risk Management Division consider the limitations and weak points of integrated risk measurement techniques, grasp the stress status of various risks

17 In this examination item, “Comprehensive Risk Management” refers to measuring various risks by using VaR or other comprehensive methods among comprehensive risk management methods, integrating the various risks (totaling), and comparing them against the insurance company’s capital.

144 individually and the risks as a whole through stress tests based on a comprehensive and appropriate stress scenarios, and make appropriate use of the test results? (iii) Systems for Validating and Managing the Integrated Risk Measurement Technique Were the integrated risk measurement technique and the assumptions thereof validated during the development of the technique and thereafter on a regular basis by a person or persons with no involvement in the development and with sufficient capabilities? If any deficiency is recognized in the integrated risk measurement technique or the assumptions thereof, is a corrective action taken appropriately? Are there frameworks and internal rules to prevent the integrated risk measurement technique and the assumptions thereof from being altered on unreasonable grounds, and is the integrated risk measurement technique managed appropriately in accordance with the internal rules? (4) Records on Integrated Risk Measurement Technique Are systems developed for the purpose of keeping records for future reference on the review process with regard to the selection of the integrated risk measurement technique and the assumptions thereof and the grounds for the selection process in order to enable follow-up verification and utilize the records to make the measurement more sophisticated and elaborated? (5) Audits (i) Development of Auditing Program Is an auditing program that exhaustively covers the auditing of the integrated risk measurement technique in place? (ii) Scope of Internal Audits Is auditing conducted to check the following items?

  • Consistency of the integrated risk measurement technique with the strategic objectives, the scales and natures of business and the risk profile
  • Appropriateness of the business in light of the nature (limitations and weaknesses) of the integrated risk measurement technique
  • Records on the integrated risk measurement technique are appropriately documented and updated in a timely manner
  • Appropriate incorporation of alterations to the process of integrated risk management into the risk measurement technique
  • Appropriateness of the scope of the risks measured by the integrated measurement technique
  • Absence of any deficiency in the information system for the management
  • Validity of the integrated risk measurement technique and the assumptions thereof

145

  • Validity of the method of aggregating various risks
  • Accuracy and completeness of the data used in integrated risk measurement
  • Adequacy of the process and results of ongoing verification (backtesting, etc.) (iii) Utilization of Auditing Results Does the Comprehensive Risk Management Division appropriately revise the integrated risk measurement technique based on the results of auditing? (6) Utilization of Management Indicators with Due Consideration for Risks Does the Comprehensive Risk Management Division utilize management indicators such as return on equity not only for the purpose of grasping performance but also for that of enhancing risk management?18 When management indicators are utilized, are they used to review the reasonableness of the risk-return strategy, etc.?
  1. Stress Tests (1) Setting of Stress Scenarios In addition to stress scenarios which occurred in the past (historical scenarios), does it use possible stress scenarios (hypothetical stress scenarios)? In setting hypothetical stress scenarios, are the following points considered?
  • For a scenario in which multiple elements change at the same time, does the study also include a scenario with a breakdown in the assumed price correlations between assets held? Also, does it consider a situation with less market liquidity of assets held?
  • For elements with strong option aspects like in variable annuity insurance, are their characteristics considered?
  • If hedging risks due to reinsurance and derivatives, are counterparty risks considered? (2) Information Disclosure In disclosure of the framework of risk management described in the Enforcement Regulations, Article 59-2, Paragraph 1, Item 4a, are the outline of stress tests and the methods of using their results disclosed appropriately? Also, when a non-life insurance company discloses “Change in amount of ordinary profit or ordinary loss corresponding to higher loss ratios” (loss ratio sensitivity) shown in the Attached Table of the Enforcement Regulations, are the following points considered?
  • Is the outline of sensitivity analysis (analysis techniques, scenario, etc.) also disclosed in an easily understood way?
  • Are standard scenarios used in sensitivity analysis, for example a uniform 1% rise in the loss ratio of each insurance category?

18 It should be noted that the level of utilization of return on equity and other management indicators varies according to the corporate management policy, strategic objectives, etc.

146

  • Are there notes for amounts of reversals of abnormal contingency reserve?
  1. Management System for Financial Soundness and Actuary Regarding the management system for financial soundness and actuary, see the Attachment.

147 (Attachment)

I. Situation of Top Management’s Development and Establishment of a Management System for Financial Soundness and Actuary Checkpoints

  • Policy Reserves, etc. are sources of funds for the insurance company to pay insurance benefits etc. to insurance policyholders. It is important that they are provided appropriately, for the insurance company to surely perform on its responsibilities in insurance policies. Also, appropriate provision of Policy Reserves, etc. is a precondition for preparing correct financial statements.
  • The solvency margin ratio is objective criteria for quickly and appropriately issuing the required remedial measure orders to urge quick remediation of the insurance company’s business, for ensuring soundness of the insurance company’s business. Therefore, the solvency margin ratio must be calculated correctly as specified in the “Notice Specifying the Method of Calculation of an Insurance Company’s Capital, Funds, Reserves, etc. and Amount Equivalent to Risk Exceeding Normal Estimates (1996 Ministry of Finance Notice No. 50)” (hereinafter referred to as “Notice No. 50”)
  • The insurance company must understand the effects of future adversities on financial soundness, and take additional actions for its business or finance as needed. Therefore, it must do appropriate business analysis and segmented accounting as required in laws and regulations, etc.
  • The inspector should determine whether the management system for financial soundness and actuary is functioning effectively, and whether the roles and responsibilities of the institution’s top management are being appropriately performed, by way of reviewing, with the use of check items listed in Chapter I., whether the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) assessment and improvement activities.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II onwards, it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If top management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the system is not functioning effectively, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement measures have been developed and implemented.
  • When the inspector uses this attachment to examine specific cases, he must keep in mind that it must be based on provisions and intentions of the Insurance Business Act, other related laws and regulations, and supervisory guidelines.

148

  1. Policy Development (1) Roles and Responsibilities of Directors Are the directors fully aware that neglecting management related to financial soundness and actuary greatly affects ensuring financial soundness of the insurance company? Do they emphasize management related to financial soundness and actuary? In particular, does the director in charge sufficiently understand the importance of actuary related management, and based on this understanding, does he investigate policy and specific actions towards developing and establishing proper management related to financial soundness and actuary? (2) Development and Dissemination of Policy on Management of Financial Soundness and Actuary In accordance with laws and regulations, does the Board of Directors establish the methods of providing Policy Reserves etc. and policy on their provision (hereinafter referred to as “Policy on Management of Financial Soundness and Actuary”), and make these known to the entire organization? Are they appropriate? For example, are the following items clearly stated?19
  • Roles and responsibilities of the Board of Directors, organization equivalent to the Board of Directors, and the director in charge of management of financial soundness and actuary
  • Policy on organizational framework: establishing a division related to management of financial soundness and actuary (hereinafter referred to as “Division Managing Financial Soundness and Actuary”), granting authority, etc.
  • Policy on calculation of provision amounts of Policy Reserves etc. (3) Revision of Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness, based on reports and findings of various investigations on the status of management of financial soundness and actuary, in a regular and timely manner or on an as needed basis?
  1. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the Division Managing Financial Soundness and Actuary (hereinafter simply

19 It is not necessary to create a comprehensive Policy on Management of Financial Soundness and Actuary including all items which should be clearly written. It is sufficient if the items which should be clearly written are completely established in multiple policies established by multiple divisions which conduct management of financial soundness and actuary.

149 referred to as the “Manager” in this Attachment) develop internal rules that clearly specify the arrangements concerning management of financial soundness and actuary (hereinafter referred to as the “Rules on Management of Financial Soundness and Actuary”) and make them known to related staff, in accordance with the Policy on Management of Financial Soundness and Actuary? Has the Board of Directors or organization equivalent to the Board of Directors approved the Rules on Management of Financial Soundness and Actuary, after determining whether they comply with the Policy on Management of Financial Soundness and Actuary and after legal checks, etc.? (2) Establishment of Division Managing Financial Soundness and Actuary (i) Does the Board of Directors or organization equivalent to the Board of Directors establish a Division Managing Financial Soundness and Actuary, and have the division prepared to undertake appropriate roles in accordance with the Policy on Management of Financial Soundness and Actuary, and Rules on Management of Financial Soundness and Actuary?20 (ii) Has the Board of Directors allocated to the Division Managing Financial Soundness and Actuary a Manager with the necessary knowledge and experience to supervise the division, and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Division Managing Financial Soundness and Actuary an adequate number of staff members who have the necessary knowledge and experience to execute the relevant operations, and assigned such staff the authority necessary for conducting the aforementioned operations?21 (3) Development of System for Reporting to and Approval of the Board of Directors or Organization Equivalent to Board of Directors Has the Board of Directors appropriately specified matters that require reporting and those that require approval and does it have the Manager report the current status to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner

20 If the Division Managing Financial Soundness is not established as an independent division (e.g., if functions concerning management of financial soundness and actuary are divided among multiple different management divisions, or if a division in charge of other business (Comprehensive Risk Management Division, etc.) also takes charge of management of financial soundness and actuary, or if a Manager takes charge of management of financial soundness and actuary instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division. 21 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of the Division Managing Financial Soundness and Actuary is reasonable in terms of a check-and-balance system and other aspects.

150 or on an as needed basis or have the Manager seek the approval of the Board of Directors or organization equivalent to the Board of Directors on the relevant matters? In particular, does it ensure that the Manager reports to the Board of Directors without delay any matters that would seriously affect corporate management? (4) Development of System for Reporting to Corporate Auditor In the case that the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately, and does it provide a system to have the Manager directly report such matters to the auditor?22 (5) Development of Internal Audit Guidelines and an Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or Internal Audit Division Manager appropriately identify the matters to be audited with regard to management of financial soundness and actuary, develop guidelines that specify the internal audit subjects and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?23 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan and provide a system to have these matters appropriately audited?

  • Situation of development of a system for management of financial soundness and actuary
  • Compliance with Policy on Management of Financial Soundness and Actuary, and Rules on Management of Financial Soundness and Actuary
  • Appropriateness of process of calculating amount of provision of Policy Reserves etc.
  • Appropriateness of process of calculating the solvency margin ratio
  • Status of improvement concerning matters pointed out internal audit and previous inspections (6) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner by reviewing their effectiveness based on reports and findings on the status of management of

22 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report and shall not restrict the authority and activities of the auditor in any way. 23 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan.

151 financial soundness and actuary in a regular and timely manner or on an as needed basis?

152 II. Manager’s Development and Establishment of System for Management of Financial Soundness and Actuary Checkpoints

  • This Chapter describes the check items for the inspector to examine the roles the Manager should fulfill, and the responsibilities he should bear.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II, it is necessary to exhaustively examine this Attachment of Chapter I. to see which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the institution’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter 1. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Roles and Responsibilities of Manager (1) Development and Dissemination of Rules on Management of Financial Soundness and Actuary Has the Manager, in accordance with the Policy on Management of Financial Soundness and Actuary, developed the Rules on Management of Financial Soundness and Actuary based on a full understanding of the techniques for management of financial soundness and actuary? Does the Board of Directors or organization equivalent to the Board of Directors approve the Rules on Management of Financial Soundness and Actuary, and are they made known to related staff? (2) Rules on Management of Financial Soundness and Actuary Do the Rules on Management of Financial Soundness and Actuary cover all arrangements needed for management of financial soundness and actuary? Are they appropriate? For example, are the following arrangements clearly stated?24
  • Roles, responsibilities and organization of the Division Managing Financial Soundness and Actuary

24 It is not necessary to create comprehensive Rules on Management of Financial Soundness and Actuary including all items which should be clearly written. It is sufficient if the items which should be clearly written are completely established in multiple internal rules established by multiple divisions which conduct management of financial soundness and actuary.

153

  • Process of calculating amount of provision of Policy Reserves etc.
  • Process for calculation of the solvency margin ratio
  • Business analysis
  • System for reporting to the Board of Directors or organization equivalent to the Board of Directors (3) Development of Organizational Frameworks by Manager (i) Does the Manager provide for actions to have the Division Managing Financial Soundness and Actuary exercise a check-and-balance system in order to conduct management of financial soundness and actuary appropriately, in accordance with the Policy on Management of Financial Soundness and Actuary, and the Rules on Management of Financial Soundness and Actuary? (ii) Does the Manager correctly calculate the amount of provision of Policy Reserves etc. and the solvency margin ratio, create a document which clarifies the process, and develop a system to obtain correct original data and calculate these items? (iii) Does the Manager have in place a computer system to calculate Policy Reserves, etc. and a solvency margin ratio calculation computer system25, with the high reliability suited to the scales and natures of the insurance company’s business and its risk profile? (iv) Does the Manager ensure the provision of training and education systems to enhance the ability of employees to conduct management of financial soundness and actuary in an effective manner, thus developing human resources with relevant expertise? (v) Does the Manager provide a system to ensure that matters specified by the Board of Directors are reported in a regular and timely manner or on an as needed basis? In particular, does the Manager provide a system to ensure that matters that would seriously affect corporate management are reported to the Board of Directors without delay? (4) Revision of Rules on Management of Financial Soundness and Actuary and Organizational Frameworks Does the Manager conduct monitoring on an ongoing basis with regard to the status of the execution of operations at the Division Managing Financial Soundness and Actuary? Does the Manager review the effectiveness of the comprehensive risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the Rules on Management of Financial Soundness and Actuary and the relevant organizational framework, or present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement?

25 It should be noted that the computer system may be a centralized data processing environment system, distributed processing system, or end user computing (EUC) type.

154 III. Specific Issues Checkpoints

  • This chapter lists the check items for the inspector to examine individual specific problems in accordance with the actual situation of management of financial soundness and actuary. Check items are listed for the inspector to examine whether the solvency ratio and the amount of provision of Policy Reserves, etc. are calculated correctly as specified by Notice No. 50, etc. In using these check items to examine specific cases, one must keep in mind that it must be based on related laws, regulations, supervisory guidelines, etc.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III, it is necessary to exhaustively examine this Attachment of Chapters I. or II. to see which of the elements listed in Chapters I. or II. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the institution’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter 1. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Appropriateness, etc., of the provisions for Policy Reserves, etc.
  1. Roles of Board of Directors (1) Confirmation of Provisions for Policy Reserves, etc. (i) Does the Board of Directors confirm policy reserves, etc., are actually provided for in conformity with laws and regulations, etc., and the management policy for provisions? (ii) Does the Board of Directors of life insurance companies examine the validity of the scenarios, etc., used in future cash flow analyses (verification work performed by the chief actuaries of life insurance companies pursuant to Article 121, Paragraph 1, Item 1 of the Law; the “Item 1 Cash Flow Analysis”) to confirm whether the valuation methods of policy reserves, etc., are appropriate in relation to actual business conditions? In doing so, does the Board of Directors confirm whether the past forecast scenarios were correct? (2) Examination of the Opinions of Chief Actuaries (i) Does the Board of Directors review the written reports, attachments to reports, and other reference materials submitted by chief actuaries pursuant to Article 82 of the Enforcement Regulations (the “written opinion, etc.”) as to whether opinions, etc., are based on reasonable grounds and so forth?

155 (ii) In cases when the written opinion, etc., contains a statement that policy reserves are not provided for in an appropriate manner, does the Board of Directors take corrective measures in accordance with such an opinion? If it does not follow the opinion, is there reasonable cause, for example, that such an opinion is not in conformity with the Practical Guidelines? (iii) When chief actuaries point out in a written report that part or all of the deficiency in policy reserves, etc. (as defined in the Practical Guidelines; hereinafter the same) need not be provided for due to a change in management policy, and the Board of Directors of the life insurance company decides not to make additional provisions on the basis of such an opinion, does the Board of Directors actually take measures to effect such a change of management policy? 2) Calculation of Amount of Policy Reserves etc. (i) Does the Division Managing Financial Soundness and Actuary calculate the amounts to be provided for Policy Reserves, etc. appropriately in conformity with provision policies, laws and regulations, etc.? In doing so, does it perform verification by referring to changes in outstanding balances and by means of sampling? (ii) Does the Division Managing Financial Soundness and Actuary manage the schedule appropriately, based on written procedures, etc.? (iii) Does the Division Managing Financial Soundness and Actuary provide to the chief actuaries the timely and appropriate information required for the chief actuaries to perform work, such as information needed to create scenarios used in Item 1 Cash Flow Analysis? 3) Policy Reserves, etc., of Life Insurance Companies (1) Policy reserves (i) Are policy reserves classified into premium reserves, unearned premiums, refundable provision, and contingency reserves, as set forth in Article 69 of the Enforcement Regulations, calculated and provided for in accordance with the actuarial statement of insurance premiums and policy reserves (hereinafter referred to as “Actuarial Statement”), after appropriately recognizing the insurance policies in force at the end of accounting periods? (ii) Regarding premium reserves and unearned premiums, are the following items considered? a. Is it appropriately determined based on when insurance policies were concluded and the type of insurance policies, in conformity with laws and regulations, etc., whether insurance policies are subject to standard policy reserves? b. When policy reserves are provided for under the Zillmer method, are the Zillmer percentage and the Zillmer period appropriate, and do their levels exceed surrender values?

156 c. When policy reserves are provided for under the Zillmer method, are additional provisions made systematically for the purpose of providing for policy reserves under the net level premium method? d. Are calculation items for policy reserves aggregated in an appropriate manner? Are the causes verified for items that were significantly changed from the year earlier? (iii) Regarding contingency reserves, are the following items considered? a. Are contingency reserves managed after classifying them into contingency reserve for underwriting risk (Contingency Reserve I), contingency reserve for insurance underwriting risk of third sector insurance (Contingency Reserve IV), contingency reserve for assumed interest rate risk (Contingency Reserve II), and contingency reserve for minimum guarantee risk (Contingency Reserve III) as set forth in Article 69, Paragraph 6 of the Enforcement Regulations? b. Are the provisions for Contingency Reserve I, Contingency Reserve IV, Contingency Reserve II, and Contingency Reserve III in excess of the standard amounts, respectively, calculated pursuant to “Notice Specifying the Criteria concerning Provision and Reversal to be Specified by the Commissioner of the FSA, Pursuant to Provisions of the Insurance Business Act Enforcement Regulations, Article 69, Paragraph 7 (Ministry of Finance Notice No. 231 of 1998)” (referred to hereinafter as “Notice No. 231”), Article 2, Article 3, and Article 3-2? Conversely, are such amounts in excess of the ceilings of provisions set forth in the Notice? c. When contingency reserves are reversed, is such reversal in conformity with the reversal standards set forth in Article 6 of Notice No. 231? d. Are contingency reserves provided for risks other than normal death risk, accidental death risk, pure endowment risk, hospitalization due to accident risk, or hospitalization due to illness risk (for example, three major diseases, etc.), which are set forth in Notice No. 231, based on the Notice and in accordance with the method set forth in the Actuarial Statement in an appropriate manner? (iv) Regarding policy reserves for insurance policies with which the amount of insurance claims, etc., fluctuates in accordance with the value of assets in separate accounts, are the following items considered? a. Is the balance of revenues and expenditures of separate accounts provided for as policy reserves for separate accounts? b. In the case of insurance policies for which a minimum amount of insurance claims is guaranteed, is the amount set forth in “Notice Specifying the Method of Provision of Policy Reserves and the Basic Calculation Ratio (Paragraph 5, Item 1 of Ministry of

157 Finance Notice No. 48 of 1996)” provided for as the policy reserves of general accounts? c. Is Contingency Reserve III provided for variable annuity insurance policies that were concluded on or before March 31, 2005 and with which a minimum amount of insurance claims, etc., is guaranteed as well? (2) Reserves for outstanding claims (i) Regarding standard reserves for outstanding claims, are the following items considered? a. Is the reserve for insurance claims, etc., for which the occurrence of a reason for payment has been reported and the duty of payment has arisen but the disbursement for payment of such claim has not been made as yet (the “standard reserve for outstanding claims”) provided for in an appropriate manner pursuant to Article 73, Paragraph 1, Item 1 of the Enforcement Regulations? In providing for such reserves, is the information received from policyholders, etc., concerning insured events appropriately managed and are the projected payment amounts reasonably estimated? b. Are the standards for calculations of the amount to be provided for as the standard reserve for outstanding claims set appropriately in view of the insurance claim payment standards? In addition, when such calculation standards are changed, are the reason and requirements for such changes valid? c. Does the calculation division have the status of the occurrence of the reasons for payment as understood by the company accurately reflected in the period-end estimation process, pending the determination of the amount of insurance claims to be paid? d. With respect to the reserves for outstanding claims concerning inward reinsurance underwritten for overseas insurers (the “estimated reserves for outstanding claims for inward reinsurance for overseas insurers”), in cases when reports concerning insured events cannot be obtained from ceding parties, etc., due to differences in the accounting system of the countries of the ceding parties, etc., or other factors, but if such reserve can be calculated by a reasonable method taking into account recent historical experience, is such calculated amount provided for as the standard reserve for outstanding claims? (ii) Regarding IBNR reserve, are the following items considered? a. Is the reserve for insurance claims, etc., for which the obligation for payment is deemed to have arisen although claim reports of the occurrence and the reason for payment have not been received (reserves for outstanding claims for insured events that have been “incurred but not reported”; the “IBNR reserve”) provided for in conformity with “Notice Specifying the Amount to be Provided as Reserves for Outstanding Claims, Pursuant to Provisions of Insurance Business Act Enforcement Regulations, Article 73,

158 Paragraph 1, Item 2 (Ministry of Finance Notice No. 234 of 1998)” (hereinafter referred to as “Notice No. 234”) Article 1, in accordance with the classification of insurance pursuant to Article 73, Paragraph 1, Item 2 of the Enforcement Regulations? b. In cases when Article 73, Paragraph 2 is applied instead of Notice No. 234, is the amount calculated in accordance with the method set forth in the Actuarial Statement provided for as the IBNR reserve? (3) Dividend reserves In the case of insurance companies, is the reserve for dividends to policyholders provided for in the liability section in accordance with Article 30-5, Paragraph 2 of the Enforcement Regulations? Furthermore, is the equalized reserve for dividends to policyholders provided for in the net asset section as a voluntary surplus reserve? In addition, in the case of joint-stock companies, is the reserve for dividends to policyholders provided for pursuant to Article 64 of the Enforcement Regulations? 4) Policy Reserves, etc., of Nonlife Insurance Companies (1) Policy reserves (i) Are policy reserves classified into the reserve for standard policies, abnormal contingency reserve, refund provisions, and reserve for dividends to policyholders, etc., as set forth in Article 70 of the Enforcement Regulations, after appropriately recognizing insurance policies in force at the end of accounting periods, and calculated and provided for in accordance with the Actuarial Statement and the “Notice Specifying the Amount Used in Calculation of Policy Reserves of Non-life Insurance Companies, Pursuant to Provisions of Insurance Business Act Enforcement Regulations, Article 70, Paragraph 4 (Ministry of Finance Notice No. 232 of 1998)” (hereinafter referred to as “Notice No. 232”)? (ii) Regarding standard policy reserves, is the larger of the sum of the premium reserves and unearned premiums calculated in accordance with Notice No. 232 and the net proceeds in the initial fiscal year (premiums received in such fiscal year, less the insurance claims, surrender values, and reserves for outstanding claims paid in the same fiscal year for the policies for which premiums were received and the operating expenses incurred during the same fiscal year) provided for as standard policy reserves? (iii) Regarding standard policy reserves, are premium reserve or refund reserve appropriately provided for in accordance with Article 70, Paragraph 2, Item 1 of the Enforcement Regulations for insurance policies commencing on or after April 1, 2001 that are the type of insurance policies as set forth in Article 3, Paragraph 5, Item 2 of the Law (third-sector insurance) excluding those with a coverage period of one year or less (in the case of

159 insurance policies with which saving accounts are established, insurance policies with the coverage period of ten years or shorter)? (iv) Regarding abnormal contingency reserves, are the following items considered? a. Is the larger of the minimum provision amount set forth in the Actuarial Statement and the maximum provision amount approved under tax laws provided as an abnormal contingency reserve pursuant to Article 2, Item 2 of Notice No. 232? In addition, are filings made as needed pursuant to this Notice? b. When a provision is made in excess of such an upper limit, is the reason for such provision valid? c. If the abnormal contingency reserve is reversed, is such reversal in conformity with Article 2, Item 1 of Notice No. 232? d. When the level and method of provisions are changed, is the reason for that change valid and acceptable? (v) Regarding refund provisions, are the following items considered? a. Is the refund provision appropriately provided for based on the Actuarial Statement in conformity with Article 70, Paragraph 2, Item 1 of the Enforcement Regulations? b. With respect to the refund reserve for insurance policies in separate accounts, is the balance of the net proceeds in those separate accounts provided for as refund reserve in conformity with Article 70, Paragraph 2, Item 3 of the Enforcement Regulations? (vi) Regarding reserve for dividends to policyholders, are the following items considered? a. Are the reserve for dividends to policyholders (restricted) and the reserve for dividends to policyholders (unrestricted) provided for in accordance with the Actuarial Statement? In addition, is the reserve for dividends to policyholders (unrestricted) provided for within the maximum amount and in excess of the required amount? b. When the standards for provision and reversal of the reserve for dividends to policyholders (unrestricted) are changed, are the reasons for such changes valid? (vii) Regarding policy reserves concerning automobile liability insurance and earthquake insurance, are the amounts calculated in accordance with the Actuarial Statement provided for in an appropriate manner for the reserves (obligatory reserve, adjustment reserve, investment profit reserve, and additional percent reserve) set forth in the “Order on Provision of Reserves under Article 28-3, Paragraph 1 of the Automobile Liability Security Act (Ordinance No. 1 of 1997 of the Ministry of Finance; the Ministry of Health and Welfare; the Ministry of Agriculture, Forestry and Fisheries; and the Ministry of Transport),” and are the policy reserves as set forth in Article 7 of the Enforcement Regulations of the Law Concerning Earthquake Insurance?

160 (2) Reserves for outstanding claims (i) Regarding standard reserves for outstanding claims, are the following items considered? a. Is the standard reserve for outstanding claims appropriately provided for in accordance with Article 73, Paragraph 1, Item 1 of the Enforcement Regulations? When making provisions, is information from policyholders, etc., concerning insured events managed in an appropriate manner, and are the expected payment amounts reasonably estimated in making provisions? b. Are the standards for calculation of the amounts to be provided as the standard reserve for outstanding claims set appropriately in view of the insurance claim payment standards? In addition, when such calculation standards are changed, are the reason and requirements for such changes valid? c. Does the calculation division comprehend the status of the occurrence rate of the reasons for payment by the company, and the rates accurately reflected in the period-end estimation process pending the determination of the amount of insurance claims to be paid? d. With respect to the estimated reserve for outstanding claims for inward reinsurance for overseas insurers, in cases when reports concerning insured events cannot be obtained from ceding parties, etc., due to differences in the accounting system of the countries of the ceding parties, etc., or other factors, but if such reserve can be calculated by a reasonable method taking into account recent historical experience, is such calculated amount provided for as the standard reserve for outstanding claims? (ii) Regarding IBNR reserves, are the following items considered? a. Is the IBNR reserve provided for in conformity with Article 2 of Ministry of Finance Notice No. 234 in accordance with the classification of insurance pursuant to Article 73, Paragraph 1, Item 2 of the Enforcement Regulations? b. In cases when Article 73, Paragraph 2 is applied instead of Notice No. 234, is the amount as calculated in accordance with the method set forth in the Actuarial Statement provided for the IBNR reserve? 5) Roles of Chief Actuaries (i) Do the chief actuaries appropriately check whether policy reserves, etc. are provided for based on sound actuarial science, in accordance with laws, regulations, etc.? (ii) Are the chief actuaries appropriately involved in calculation of reserves for outstanding claims, in accordance with laws, regulations, etc.? (iii) To check whether policy reserves are provided for based on sound actuarial science, do the chief actuaries of the life insurance company do Item 1 Cash Flow Analysis in accordance

161 with laws, regulations, etc.? In particular, are they based on past results and reasonable future forecasts for increase in numbers of new policies, asset investment conditions, etc.? Moreover, in principle, is cash flow analysis done for each product segment in segmented accounting, with an analysis period at least 10 years into the future? (iv) Are the chief actuaries involved in methods of calculating insurance premiums and policy reserves and in other insurance actuary related matters? And for their IT system changes, do the chief actuaries coordinate with related divisions, and accurately report problems to the Board of Directors or organization equivalent to the Board of Directors? (v) Do the chief actuaries submit written opinions to the Board of Directors? Do the written opinions contain the items established in laws, regulations, etc.? 6) Reinsurance (i) When Policy Reserves, etc. are not provided for because reinsurance has been purchased, does the coordinating division confirm whether the reinsurer satisfies the requirements set forth in the items of Article 71, paragraph 1 of the Enforcement Regulations, and cooperate with the reinsurance risk management division to confirm whether there is high probability of recovery of reinsurance claims? Does the division comprehend at least the financial condition, etc. of the reinsurer? (ii) Does the coordinating division confirm whether the fees received in advance that are related to financial reinsurance that has been purchased as set forth in Article 1 of “Notice Specifying Reinsurance Specified by the Commissioner of the FSA, pursuant to Provisions of the Insurance Business Act Enforcement Regulations, Article 71, Paragraph 2 (Ministry of Finance Notice No. 233 of 1998)” (fees calculated based on the revenue expected to arise from the portion of the reinsured insurance policy) are provided for as policy reserves in an appropriate manner? In addition, when reinsurance other than financial reinsurance is purchased and the fees calculated based on the revenue expected to arise from the portion of the reinsured insurance are received, does the coordinating division confirm whether such fees are recorded as deposits received in an appropriate manner? (iii) With respect to the reinsurance with which reinsurance premiums and the amount of reinsured claims are adjusted after the reinsurance contract, does the coordinating division confirm whether the amount equivalent to additional reinsurance premiums or the amount of reinsured claims to be returned is appropriately provided for as policy reserves or other liabilities in the accounting period during which such reinsurance is purchased (excluding those cases in which post-contract adjustment is an insignificant element)?

162 (iv) When providing for Policy Reserves, etc. for reinsured policies, is it confirmed whether the amount deductible from the reserve is not in excess of the risk portion substantially transferred by reinsurance? (v) When the company underwrites reinsurance for other insurance companies, does the coordinating division confirm whether policy reserves or the reserves for outstanding claims are appropriately provided for, by comprehending the risk related to such reinsurance, in view of the fact that it is not necessarily appropriate to treat reinsurance underwriting risk in a similar manner with ordinary underwriting risk, due to the complexity of contracts and actual conditions when reinsurance is underwritten for other insurance companies? 7) Measures for Treatment of a Deficiency of Policy Reserves In cases when a deficiency of policy reserves is expected to occur or it is deemed that there is likelihood that the future performance of obligations will be hindered (Article 69, Item 5; or, Article 70, Item 3 of the Enforcement Regulations) as a result of confirmation work conducted by chief actuaries using Item 1 Cash Flow Analysis, are appropriate measures taken as set forth below, etc.? (i) In cases when a deficiency of policy reserves is expected to occur within the next five years as a result of Item 1 Cash Flow Analysis, while it is permissible that part or all of such policy reserves need not to be provided for if business management policies are changed in accordance with the written opinion of chief actuaries, is the basis (plans, etc.) for holding that such changes can immediately be implemented specifically documented? (ii) In cases when a deficiency of policy reserves is expected to occur within the next five years as a result of Item 1 Cash Flow Analysis, and such deficiency of policy reserves cannot be overcome even with a change of business management policies, and it is necessary to provide for additional policy reserves pursuant to the provisions of Article 69, Item 5 of the Enforcement Regulations, do insurance companies immediately provide for additional policy reserves or otherwise take necessary measures by formulating reasonable plans for providing policy reserves and by changing the Actuarial Statement? Are the additional provisions in response to deficiencies of policy reserves in this case made in principle by the type of products being accounted for separately? (iii) In cases when it is deemed a likelihood exists that the future performance of obligations will be hindered at a nonlife insurance company, does the company immediately provide for additional policy reserves or otherwise take necessary measures by formulating reasonable plans for providing policy reserves and by amending the Actuarial Statement? 8) External Audit of Policy Reserves, etc.

163 Is provision of Policy Reserves, etc. appropriately audited by an accounting auditor? Also, for the life insurance company’s Item 1 Cash Flow Analysis, do the chief actuaries submit a copy of written opinions and a copy of supporting attachments to the accounting auditor? Moreover, do the chief actuaries cooperate with the corporate auditors and accounting auditor, and work to share information needed to perform each of their duties? 2. Appropriateness of Calculation of the Solvency Margin Ratio (1) Calculation of Solvency Margin Ratio To gain the trust of policy holders, etc., does Board of Directors calculate the proper solvency margin ratio in accordance with the calculation in “Notice Specifying Criteria for whether there is a Proper Status of Sufficient Ability to Pay Insurance Benefits, etc., based on Provisions of the Insurance Business Act, Article 130, Article 202 and Article 228 (1999 FSA and Ministry of Finance Notice No. 3)?” (2) Roles of Chief Actuaries Do the chief actuaries appropriately check whether there is a proper status of sufficient ability to pay insurance benefits, etc. based on actuarial science, in accordance with laws, regulations, etc.? (3) Amounts of Capital, Funds, Reserves, etc. (i) Are the amounts of capital, funds, reserves, etc. calculated in accordance with the specifications of Notice No. 50, Article 1 and Article 1-2? (ii) Is the amount corresponding to the tax effect (amount of deferred tax assets) included in the net assets section calculated appropriately in view of the intent of accounting standards and Practical Guidelines regarding tax effect accounting, such as “Audit Guideline for Considering Recoverability of Deferred Tax Assets” (November 9, 1999, Japanese Institute of Certified Public Accountants, Audit Committee Report)? Is the amount corresponding to the tax effect reported appropriately in view of the intent of Notice No. 50? (iii) Is the allowance for employees’ retirement benefits appropriately reported in liabilities (in assets if prepaid pension cost) accordance with the “Accounting Standard for Retirement Benefits” (June 16, 1998, Business Accounting Council) and “Practical Guideline for Accounting of Retirement Benefits” (September 14, 1999, Japanese Institute of Certified Public Accountants, Accounting System Committee Report No. 13)? (iv) If real estate has been sold, and then repurchased at a price at or near the prior selling price after its market value has fallen, and as a result, large unrealized losses are incurred, is the repurchase price used as the assessed value? (v) If the insurance company has borrowed through subordinated loans or issued subordinated

164 bonds, does such borrowing, etc., meet the qualifications for strengthening the company’s ability to make payments of insurance claims, etc., under Notice No. 50, Article 1, Paragraph 3, Item 6, and Paragraphs 4 through 7? (vi) Did an insurance company that has raised capital provide bypass loans, etc. to the lenders, etc. of subordinated loans, etc., for funding such loans, etc.? (vii) With regard to the holdings of shares or other capital-raising instruments of other insurance companies or subsidiaries, etc., which are required to be deducted as “deduction items” from the total solvency margin as stipulated in Article 1-2 of Notice No. 50, is it confirmed whether such holdings are deemed as “intentional holdings” in view of the intention of the Supervisory Guidelines? If such holdings are subject to the rules for “intentional holdings,” the amount of such holdings is required to be deducted from the total solvency margin of lender insurance companies. Is such deduction appropriately performed? (4) Appropriateness of the Amount Equivalent to Risk Exceeding Normal Estimates (i) Is the amount equivalent to risk exceeding normal estimates calculated in accordance with the provisions of Notice No. 50? (ii) When calculating the amount equivalent to minimum guarantee risk, are the following items considered? a. Is it calculated in accordance with the standard method or an alternative method? In addition, in the case of variable insurance policies, etc. concluded on or before March 31, 2005 for which a minimum amount of insurance claims, etc. is guaranteed, has the amount equivalent to minimum guarantee risk been calculated? b. When hedging is used to mitigate minimum guarantee risk, is such hedging treated in accordance with the provision of Exhibit 6-2, II.3 of Notice No. 50? c. When reinsurance is purchased, is such risk deducted within the amount of risk transferred by issuing outward reinsurance? (iii) In calculation of amount equivalent to credit risk, are the following items considered? a. Is the credit risk for calculation of solvency margin ratios reduced by intentionally excluding from risk management loans any loans that must be reported as risk management loans? b. If the insurance company holds loans with guarantees extending into the next fiscal year or existing at the end of the fiscal year, is the credit risk for calculation of solvency margin ratios reduced, notwithstanding the fact that such guarantees, etc., expire within one year? Provided, however, that when such guarantees, etc. are reasonable, and if it can be expected that they will continue to reduce credit risk, the foregoing shall not apply.

165 (iv) In calculating amount equivalent to derivative transactions risk, with respect to derivative transactions with a negative risk factor (e.g., long put options on foreign currencies or stocks), it must be confirmed whether the following transactions are subject to the rules for “cases when intentional transactions are conducted” as set forth in Article 2, Paragraph 8, Items 1 and 2 of Notice No. 50, and if so, whether such transactions are deducted appropriately:

  • when the outstanding balance of derivative transactions at the end of a fiscal year significantly exceeds the average of the outstanding balances at the end of each month during the same fiscal year; or
  • when the ratio of the outstanding balance of derivative transactions to the outstanding balance of underlying assets held at the end of a fiscal year is significantly higher than the average of the ratios calculated at the end of each month during the same fiscal year. (v) In calculation of amounts equivalent to other risks exceeding normal estimates, are the following items considered? a. If assets have been liquidated, and although such liquidation constitutes a transfer in legal terms, it shall be confirmed whether the risk of assets was completely transferred to the transferee, etc., or otherwise confirmed that the transfer was completed in substance. b. Otherwise, it shall be confirmed whether solvency-margin padding or any other reductions of risks were conducted that are contrary to the intent of the solvency margin standards.
  1. Business Analyses
  1. Future Cash Flow Analysis (Item 3 Cash Flow Analysis) (i) Does the Board of Directors or organization equivalent to the Board of Directors have a system in place for accurately providing cooperation and responses to confirmation work that chief actuaries perform pursuant to the criteria for continuation of the insurance business regarding whether the insurance business is difficult to sustain (confirmation of chief actuaries work pursuant to Article 121, Paragraph 1, Item 3 of the Law. Hereinafter referred to as Item 3 Cash Flow Analysis.)? Does the Board of Directors or organization equivalent to the Board of Directors take actions for treatment of the results of Item 3 Cash Flow Analysis in an appropriate manner? (ii) Do chief actuaries of the insurance company confirm the criteria for continuation of the insurance business through Item 3 Cash Flow Analysis pursuant to the Practical Guidelines over a future minimum period of ten years? Do they also confirm that the “amount of assets

166 at a future point in time as estimated based on reasonable projections” exceeds the “amount of liabilities at a future point in time as estimated based on reasonable projections” at the end of the first five fiscal years covered by such analysis? Also, do the chief actuaries of the non-life insurance company check that “total of amount of substantial net assets on reference date, plus amount of cash flow in the fiscal year after the reference fiscal year” is not below the “amount equivalent to risk,” in accordance with Practical Guidelines? (iii) When Item 3 Optional Scenarios defined in the Practical Guidelines are used, are such scenarios reasonable and objective? For example: a. Are the changes in the elements of an Item 3 Optional Scenarios over time in the future reasonable, in view of the current status of the business operations of the insurance company? b. Are the relationships coherent between the elements (e.g., the amount of new policies and operating expenses, fluctuations in bond prices and interest rates, maturity of insurance policies in force and the occurrence rate of insured events, etc.) of Item 3 Optional Scenarios? c. Is it demonstrated in supporting attachments that each Item 3 Optional Scenario is justifiable? d. Are Item 3 Optional Scenarios later compared with the actual results that ensued, and if any differences are found, are their causes investigated? (iv) In life insurance companies, are the scenarios used in Item 3 Cash Flow Analysis in conformity with the Practical Guidelines? Also, in non-life insurance companies, is cash flow in the fiscal year after the reference fiscal year calculated in accordance with the Practical Guidelines? (v) In cases when it was determined by Item 3 Cash Flow Analysis that a deficit as defined in the criteria for continuation of the life insurance business is expected to arise during the next five years, but it is stated in the written opinion of chief actuaries that such deficit can be eliminated if business management policies are changed, is the basis (plans, etc.) for implementing such change demonstrated, and is there a high feasibility of such change? Is it demonstrated in the written opinions for the following fiscal year and thereafter that such business management policies were implemented? If not, are the causes and remedial measures to be taken in the future demonstrated? (vi) In cases when it was determined by Item 3 Cash Flow Analysis that a deficit as defined in the criteria for continuation of the non-life insurance business is expected to arise, but it is stated in the written opinion of chief actuaries that such deficit can be eliminated if business management policies are changed, is the basis (plans, etc.) for implementing such change

167 demonstrated, and is there a high feasibility of such change? Is it demonstrated in the written opinions for the following fiscal year and thereafter that such business management policies were implemented? If not, are the causes and remedial measures to be taken in the future demonstrated? (vii) If the results of Item 3 Cash Flow Analysis differ significantly from the results of analyses conducted in the past, are the causes explained in attached reports? 2) Profit source analysis (i) Is the method adopted by insurance companies for profit source analysis appropriate in relation to the business characteristics of the company (business scale, growth rate, sales channels, etc.) and the product mix?26 (ii) Does the Board of Directors or organization equivalent to the Board of Directors receive reports concerning the results of profit source analysis and utilize such reports as an aid for decision making concerning overall business management, including annual policyholder dividends, product development, cost reductions, and sales planning, etc.?27 (iii) When understanding the actual business operations by profit source analysis, the following points need to be considered. a. Mortality (or contingency) gains and losses, which represent the basic component of the profit of insurance companies, normally exhibit stable trends. Accordingly, if any of the following situations are observed regarding mortality (or contingency) gains and losses, it shall be verified whether, for example, revenues and expenditures have been transferred from other profit sources to post false mortality (or contingency) gains and losses:28

26 Insurance premiums are calculated based upon a number of assumptions (actuarial assumption rates), and most of the insurance company’s profits are derived from the difference between these assumptions and actual operational results. Accordingly, in order to comprehend the true state of business and to project both current and future profits, it is important to separate profits for analysis purposes into components corresponding to actuarial assumption rates and into other components (such as the three major sources of profit, and policy reserve related profit and loss, etc.). Among the methods used for such profit source analysis is the standard analysis method (account balance method) with which insurance companies are required to report to regulatory authorities. However, given the current business environment and product lines which include products with low surrender benefits, variable annuities (with a minimum guarantee), and third-sector products, the appropriateness of this method shall be determined on a case-by-case basis, depending on respective circumstances. In the case of nonlife insurance companies also, the appropriateness of such a method shall be determined on a case-by-case basis from the same perspective. 27 Profit source analysis is a business analysis method widely used among life insurance companies. Even for nonlife insurance companies, with the introduction of third-sector products with longer policy terms, the usefulness of profit source analysis has increased. 28 As the standard profit source analysis method (account balance method) employs policy reserves as a calculation element, if the calculation of policy reserves exhibits abnormal values, such abnormal values also appear in the results of mortality (contingency) gains and losses. This mechanism is also utilized for the purpose of confirming the valuation calculations of policy reserves.

168

  • when mortality (or contingency) gains and losses have fluctuated widely (excluding cases when the causes are clear, such as the occurrence of large-scale disasters);
  • when the calculated value of assumed interest exhibits unnatural movements in comparison to the fluctuations of policy reserves for each category of assumed interest rates (the same shall apply with interest gains or losses);
  • when the calculated value of assumed operating expenses exhibits unnatural movements in comparison to the fluctuations of insurance premium revenues for each type of insurance product (the same shall apply to expense profits or losses.);
  • when the calculated value of policy reserves corresponding to cancelled or lapsed policies at the time of their termination exhibits unnatural movements in comparison to the amount of surrender values paid, etc. (the same shall apply with policy reserve-related profits or losses);
  • when the fluctuations of policy reserves exhibit unnatural movements in comparison to the content of policies in force. b. Interest gains or losses represent an aspect of asset management performance that is significantly influenced by capital markets and other external environments. Accordingly, if any one of the following situations is observed regarding interest gains or losses, it shall be verified whether, for example, revenues and expenditures have been transferred from other profit sources to post unreal interest gains or losses:29
  • when interest gains or losses have fluctuated widely;
  • when the calculated value of assumed interest exhibits unnatural movements in comparison to fluctuations in policy reserves for each category of assumed interest rates; or
  • when the distinction between capital gains and income gains is not appropriate. c. Expense profits or losses represent the efficiency of an insurance company in various ways. Accordingly, if any one of the following situations is observed regarding expense profits or losses, it shall be confirmed whether, for example, revenues and expenditures have been transferred from other profit sources to post false expense profits or losses:
  • when expense profits or losses have fluctuated widely;
  • when the calculated value of assumed operating expenses exhibit unnatural movements in comparison to the fluctuations of insurance premium revenues for each type of insurance product;

29 In view of the occurrence of negative spread issues, etc., it shall be noted that pursuit of investment performance solely based on yield does not necessarily lead to improvement in true investment management efficiency.

169

  • when the levels of expense profits are high, although the company is in a stage when the burden of selling expenses should be heavy as in the case of a newly established company or otherwise. d. With respect to policy reserves-related profits or losses, it is necessary to analyze the causes of such profits or losses (for example, profits resulting from the cancellation of product paying low surrender benefits, profits resulting from lapsed policies, and changes in provisions for reserves) to confirm whether there are no issues from the viewpoint of protecting policyholders, etc. Accordingly, if any one of the following situations is observed regarding policy reserves-related profits or losses, it shall be confirmed whether, for example, revenues and expenditures have been transferred from other profit sources to post false policy reserves-related profits or losses:
  • when policy reserves-related profits or losses have fluctuated widely;
  • when the calculated value of policy reserves corresponding to cancelled or lapsed policies at the time of policy termination exhibit unnatural movements in comparison to the amount of surrender values paid. e. With respect to other profits or losses, it shall be verified whether, for example, other ordinary revenues, corporate and inhabitant taxes, and other relevant items are appropriately posted. (iv) Can it be demonstrated that, as a result of analysis, requisite actuarial matters (for example, provisions and reversals of contingency reserves) are appropriately conducted?
  1. Separate Accounting at Life Insurance Companies (1) Formulation of Internal Rules and Operational Procedures Concerning Separate Accounting Does the Board of Directors or organization equivalent to the Board of Directors create internal rules on segmented accounting (hereinafter referred to as “Segmented Accounting Rules”) or operational procedures? Are Segmented Accounting Rules approved by the Board of Directors or organization equivalent to the Board of Directors, after passing through a legal check? Do the Segmented Accounting Rules clarify, for example, arrangements on setting product segments, company-wide segment, asset segments, etc., and standards for allocation of assets, liabilities, net assets, profits and losses (hereinafter referred to as “Allocation Standards”)? (2) Development of System for Segmented Accounting (i) Does the Board of Directors or organization equivalent to the Board of Directors establish a person or department in charge of segmented accounting? (ii) Does the Board of Directors or organization equivalent to the Board of Directors develop a

170 system for matters concerning segmented accounting with large effects on the business to be quickly reported to the Comprehensive Risk Management Division or Internal Audit Division, and reported to the Board of Directors or organization equivalent to the Board of Directors? (3) Points to Keep in Mind regarding Segmented Accounting (i) Determination of product classifications a. Are product classifications, which are used for the purpose of managing profit, loss, and liabilities, performed in an appropriate manner as units for measuring profit and loss in view of the nature of products and the status of policies in force? For example, are the following managed, in principle, using separate accounts: non-refundable, short-term insurance and savings-type, long-term insurance; non-participating insurance and participating insurance; fixed assumed interest rate insurance and variable assumed interest rate insurance; personal insurance and business insurance; and so on? In principle, are the riders, etc., that are attached to basic policies, classified into the same product category as the related basic policies? b. If increases in particular types of new policies in force due to the release of such new products, or an increase in particular types of insurance belonging to certain product classifications, etc., materially influences either the revenues and expenditures of the entire insurance company or certain product classifications, and if new product classifications or sub-classifications of the same type of insurance are to be established as a result, are such classifications or sub-classifications performed under a reasonable method, taking into account fairness among policyholders, etc.? c. Do pre-existing product classifications remain unchanged (including the integration into other product classifications) without a reasonable basis (in cases when policies in force have decreased or such product classifications have ceased to have meaning, etc.)? (ii) Establishment of a companywide classification a. Is a companywide classification for managing the profits, losses, and liabilities that cannot be allocated to a single product classification established to ensure the smooth management of product classifications? b. Are companywide classifications managed in a way that exceeds the limits of their functions? Specific functions of a companywide classification, in principle, include the following:

  • risk buffering functions to cope with death protection risk, price fluctuation risk, business management risk, etc.;
  • operational funding functions related to new products and product development;

171

  • management functions related to the assets collectively owned by the entire insurance company and shared expenses of the entire company; and
  • management functions related to cash and deposits, etc. (iii) Establishment of asset classifications a. When establishing asset classifications for the purpose of allocating returns on asset management in a fair and equitable manner, are the nature of insurance policies and the effects on revenues and expenditures of the entire insurance company taken into consideration, and the nature, etc., of respective product classifications taken into account? b. When existing asset classifications are to be further divided due to expansion of their size, etc., are such sub-classifications established under a reasonable method, taking into account fairness among policyholders, etc.? c. If the assets in a certain asset classification decrease and the asset classification ceases to have meaning as a result, is such asset classification eliminated and the assets integrated into some other asset classification? In this case, are the residual assets that do not belong to a specific type of policy integrated into the common asset classification? (iv) Method of allocating assets and liabilities into product classifications a. Allocation into product classifications Are policy reserves (excluding contingency reserve), reinsurance liabilities, and other liabilities that are directly linked to insurance products, directly included in their respective product classifications in full, and are income taxes payable, allowance for retirement benefits, and other liabilities that cannot be classified directly, allocated in accordance with the Allocation Standards? b. Allocations to the companywide classification Is the net assets section (excluding earned surplus brought forward, valuation and currency translation adjustments, etc.), and the reserve for price fluctuations, contingency reserve, and any other liabilities which do not belong to a single product classification allocated to the companywide classification? c. Management of sources of liabilities and net assets belonging to the companywide classification With respect to the net assets section items belonging to the companywide classification such as reserve for equalized dividends to policyholders, or any other liabilities for the purpose of performing risk buffer functions, are their sources managed so as to identify which product classifications comprise those classifications?

172 (v) Method of allocating assets into asset classifications and management standards a. Method of allocating investment assets When assets are acquired for investment purposes in accordance with the nature of certain products, are such assets allocated, in principle, to the asset classifications corresponding to the product classifications to which such products belong? b. Management of investment assets Are investment assets managed under the most suitable method selected from among the following methods for each asset classification, taking into account the characteristics of respective product classifications and asset sizes, etc.?

  • Segregated asset management method: Each asset is directly allocated to a relevant asset classification by type of asset and managed.
  • Equity interest unit management method based on each asset unit: Percentages of equity are allocated to each asset classification for each transaction unit of asset (for example, in the case of real estate, for each property, and in the case of loans, for each lending transaction), and assets are managed in accordance with such interests.
  • Equity interest management method: A major class is established for each group of investment assets, and each major class is managed based on the respective equity allocated by respective asset classifications.30 c. Method of allocating assets other than investment assets (a) Are assets that can be directly allocated to asset classifications, such as reinsurance receivables, directly allocated to the respective asset classifications to which they belong? (b) Are assets that cannot be directly allocated, such as deferred assets (systems-related) and miscellaneous assets, allocated in accordance with the Allocation Standards? d. Assets belonging to the companywide classification Are operating real estate, investments in subsidiaries and affiliates, cash and deposits (when cash and deposits, etc., are controlled by the company), and other assets that are appropriate for allocation into the companywide classification allocated in whole or in part in accordance with the Allocation Standards? When the purpose changes of operating real estate or real estate held for investment, are the assets appropriately reclassified in accordance with the intent of separate accounting?

30 When the equity interest management method is adopted, entire product lines and general account assets (excluding assets that correspond to non-participating insurance) may not be treated as a single major class.

173 (4) Allocation of profits and losses a. Insurance-related profits and losses Are insurance premium revenues, etc., insurance claim payments, etc., provisions for outstanding claims, and provisions for policy reserves, etc., allocated directly to respective product classifications? b. Investment asset-related profits and losses Are profits and losses allocated to the asset classifications to which the investment assets belong, and then further allocated directly, or in proportion to respective equity interests to product classifications or the companywide classification? When multiple product classifications are managed under one and the same asset classification, are the profits and losses allocated in accordance with the Allocation Standards? c. Method for allocating profit and loss, other than the foregoing, that cannot be directly charged to product classifications Are operating expenses that cannot be allocated directly to product classifications or the companywide classification, such as salaries of officers and employees, and taxes, allocated in accordance with the Allocation Standards? (5) Transactions between asset classifications Are transactions between asset classifications limited to transactions conducted for the purpose of clarifying the accounting of transactions between different asset classifications, such as for the purpose of managing funds transfers (inflows and outflows), ensuring liquidity, or portfolio improvements? Are such transactions conducted at market prices or other fairly determined prices? (6) Transactions between product classifications and the companywide classification Are loans, investments, or other transactions that are conducted for compelling reasons between product classifications and the companywide classification, for the purpose of ensuring liquidity of funds or smooth payment of insurance claims, etc., treated in accordance with the following approaches? a. Loans of cash and deposits, etc. (a) Is each loan separated from other product classifications, and managed? (b) Are ceilings set on loans, etc., for respective product classifications to prevent net borrowing positions from continuing? b. Loans of items other than cash and deposits, etc. (a) In the case of loans from the companywide classification to product classifications, are such loans limited to unavoidable cases when insurance claim payments are concentrated in particular product classifications, losses due to abnormal contingencies

174 have arisen, or a shortage of operating capital for promoting sales of new products has arisen, and so forth? (b) In the case of loans from product classifications to the companywide classification, are such loans limited to such cases when the size of the companywide classification is too small to perform its functions adequately? (c) In the case of loans set forth in (a) and (b) above, are the amounts, interest rates (which shall be determined based on market interest rates, etc., in accordance with the loan duration), repayment dates, and other repayment terms and conditions predetermined? (d) Are the easing of loan conditions and the discharge of debt obligations limited to unavoidable situations when an unrecoverable loss has occurred, and so forth? Provided however, when debt obligations have been discharged, it shall be verified whether requisite measures were taken, such as the cessation of new sales of the products or revisions of insurance claims related to applicable product classifications. In cases when profit has arisen after loan conditions were eased in such a way as not to affect the loan principle by exemption or reduction of interest or the grant of a grace period for principle repayment, is such profit appropriated to compensate for the easing of loan conditions? c. Investment (a) Is the investment from the companywide classification in product classifications limited to such unavoidable cases when insurance claim payments are concentrated in particular product classifications, losses due to abnormal contingencies have arisen, or a shortage of operating capital for promoting sales of new products has arisen, and so forth? (b) Are investments from product classifications in the companywide classification limited to such cases as when the size of the companywide classification is too small to perform its functions adequately? (c) In cases when a surplus has arisen in the companywide classification or in product classifications that have received an investment, is the surplus amount that equates to such investment distributed to the companywide classification or product classification that provided the investment? (d) Is an investment reclassified after its purpose has been completed? d. Other transactions Notwithstanding the foregoing provisions of a. through c., transactions between product classifications and the companywide classification concerning the provision and reversal of contingency reserve, etc., payment by product classifications of fees and commissions for jointly-owned assets (operating real estate, etc.) belonging to the companywide classification, or joint expenses paid by the companywide classification

175 (general administrative staff wages, etc.), and the transactions described below that are equivalent to the above, shall consequently be conducted on an extremely limited scale from the viewpoint of ensuring fair and transparent distributions of profit to policyholders, eliminating internal support among differing types of insurance, and the appropriate management of separate accounting. Accordingly, is a system in place under which such transactions are appropriately conducted in full recognition of such intents? (a) When capital or contingency reserve, etc., are to be increased, are transactions for respective product classifications to share the requisite amounts conducted in an appropriate manner? (b) When the capital or contingency reserve, etc., that belong to the companywide classification are to be reversed, are transactions conducted in an appropriate manner for the companywide classification to pay the applicable reversed amounts to the respective product classifications? In this case, if reserve for equalized dividends to shareholders and other voluntary reserves or liabilities that are managed under the equity interest method are reversed for an amount in excess of the equity interest held by such product classifications, are such excess portions appropriately processed and deemed as if loans were provided from the companywide classification to such product classifications? (c) When insurance plans are changed due to conversion, etc., and as a result the product classifications to which such policies belong are changed, are transactions conducted in an appropriate manner for recording the sum total of principal and interest of policy reserves and accumulated dividends related to such policies from the product classifications to which such policies belonged prior to the foregoing change to the product classifications to which such policies belong after the change? (d) When the companywide classification advances expenses related to new policies, are the transactions conducted in an appropriate manner for recording the payment of the amount equivalent to new policy expenses out of the premiums received from the respective product classifications to the companywide classification? (e) Are the transactions by which the companywide classification receives fees, commissions, or other amounts in consideration of managing jointly held assets or common expenses conducted in an appropriate manner and in accordance with the asset management and operations procedures? (f) When losses are actually incurred in respective product classifications upon the occurrence of certain specified risks, are the transactions for compensation of an amount within the limit of such incurred losses, from the companywide classification to the product classification where such risks and losses have arisen, limited to cases when

176 respective product classifications have transferred in advance the amount determined under certain actuarial standards as consideration? (g) In addition to the cases listed in items (a) through (f) above, when respective product classifications receive funds from another product classification within an extent that will not influence the insurance claims payment ability, etc., of such other product classifications as in the cases described below, are such funds appropriately managed in accordance with the intents of such measures? These cases are:

  • when a respective product classification has incurred material losses that are deemed unrecoverable in the future, and has received compensation for such losses from the companywide classification (including cases when the companywide classification receives compensation in return for such losses); provided however, that when compensation is received by such a transaction, it shall be confirmed whether requisite measures were taken, such as the cessation of new sales of the products or revisions of insurance premiums belonging to the product classification for which compensation was accepted; or
  • when the companywide classification has incurred material losses which are deemed unrecoverable in the future and received compensation for such losses from respective product classifications. (7) Allocation of Unrealized Profits and Losses, etc., upon Commencement of Separate Accounting Do directors established a method for appropriately allocating various assets and unrealized profit and loss concerning such assets based on asset shares, etc., upon commencement of separate accounting from the viewpoint of ensuring fairness among policyholders? (8) Recording and Compiling the Particulars of Various Transactions for Separate Accounting Purposes Are the particulars of various transactions, etc., required for separate accounting recorded and compiled? (9) Inclusion of Fund Transfers during the Course of an Accounting Period When it is difficult to record each time by separate accounting the fund transfers that occur during the course of an accounting period, or when the product classifications to which such fund transfers belong are not immediately discernible, such fund transfers will be temporarily processed as a suspense payment or receipt; however, it is desirable that account classifications exclusively dedicated to managing these fund transfers is used. Assuming management has taken this step, are such transfers promptly and properly processed at a later date? (10) Profit Source Analysis related to Separate Accounting

177 Are mortality (or contingency) gains or losses, interest gains or losses, expense profits or losses, policy reserve-related profits or losses, price fluctuation gains or losses, and other profits or losses, etc., analyzed and examined from the viewpoints of managing separate accounting in an appropriate manner and ensuring sound business operations? (11) Utilization of Results Obtained from Separate Accounting (i) Are chief actuaries provided with the information concerning separate accounting that is necessary for the execution of actuarial operations, and if any issues are identified, do chief actuaries report such issues to the Board of Directors or organization equivalent to the Board of Directors and endeavor at the same time to provide guidance in addressing such issues? (ii) Does the Board of Directors or organization equivalent to the Board of Directors receive reports concerning the results of separate accounting and utilize such reports in decision making for policyholder dividends and other managerial issues? 4) Policyholder Dividends (i) Does the Board of Directors or organization equivalent to the Board of Directors determine dividend payments in accordance with laws and regulations, contract clauses, internal rules, and written opinions of chief actuaries, and by taking into account fairness and equality among policyholders? (ii) Are the sources of funds for dividend payments accurately calculated, and are there any problems with such sources of funds in relation to restrictions by laws or regulations? Are the sources of funds necessary for dividend payments subject to accounting manipulation? (iii) Is the amount of dividends payable for each insurance policy calculated pursuant to the methods defined in the items of Article 30-2 and Article 62 of the Enforcement Regulations? (iv) Do chief actuaries conduct confirmations concerning policyholder dividends in an appropriate manner, in conformity with laws and regulations, etc.?

178 Checklist for Insurance Underwriting Risk Management I. Development and Establishment of Insurance Underwriting Risk Management System by the Management Checkpoints

  • Economic conditions and insurance accident occurrence ratios are forecast when setting insurance premiums, and insurance underwriting risk fluctuates in response to these. Insurance underwriting risk refers to the risk borne by the insurance company.
  • The development and establishment of an insurance underwriting risk management system at an insurance company is extremely important from the viewpoint of ensuring the soundness and appropriateness of the company’s business. Therefore, the company’s management is charged with and responsible for taking the initiative in developing and establishing such a system.
  • It is important that the inspector examine whether an appropriate insurance underwriting risk management system is developed which suits the insurance company’s strategic goals, the size and characteristics of operations, and its risk profile. The levels of insurance underwriting risks and types of assessment methods which the insurance company should adopt should be decided according to the insurance company’s strategic goals, diversity of operations, and complexity of risks faced. It should be kept in mind that complex or advanced insurance underwriting risk assessment methods are not necessarily appropriate for all insurance companies.
  • The inspector should determine whether the insurance underwriting risk management system is functioning effectively, and whether the roles and responsibilities of the company’s management are being appropriately performed by way of reviewing, with the use of check items listed in Chapter I., whether or not the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) development of a system for assessment and improvement activities.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. and later, it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the Internal Control System is not functioning effectively, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.
  • When using this checklist in an examination of a specific case, one must keep in mind that it must be based on

179 provisions and intentions of the Insurance Business Act, other related laws and regulations, and supervisory guidelines.

  1. Policy Development (1) Roles and Responsibilities of Directors Does the Board of Directors fully understand the major effects that the insurance underwriting (including reinsurance assumed) has on the company’s business over the long term? Does it emphasize insurance underwriting risk management? In particular, is the director in charge considering a policy and specific actions to enable appropriate cooperation between the Comprehensive Risk Management Division and insurance underwriting risk management division? Also, does he fully understand the importance of techniques such as identification, assessment, monitoring and control of the locations, types, characteristics and risks of insurance underwriting risks, and of their management? Based on this understanding, does he accurately understand the status of the insurance company’s insurance underwriting risk management, and investigate policies and specific actions towards development and establishment of a proper insurance underwriting risk management system? For example, does the director in charge understand the limits and weak points of insurance underwriting risk measurement and analysis methods (including techniques, assumptions, etc.), and investigate actions to supplement them? (2) Development and Dissemination of Strategic Goals of the Marketing and Sales Division Does the Board of Directors position liability characteristics as important factors for setting strategic goals? Also, does the Board of Directors create strategic goals for the Marketing and Sales Division which are consistent with the entire insurance company’s strategic goals and Comprehensive Risk Management Policy, while considering insurance underwriting risks? Does it then inform the organization about them? In creating strategic goals for the Marketing and Sales Division, does it consider the situation of its equity, etc.,1 and keep in mind points such as the following?
  • Does it prioritize gaining earnings, and excessively deemphasize insurance underwriting risk management? In particular, does it avoid setting objectives that pursue short-term profit by disregarding long-term risk, or avoid establishing a performance appraisal system that reflects such inappropriate objectives? (3) Development and Dissemination of Insurance Underwriting Risk Management Policy Has the Board of Directors established a policy on insurance underwriting risk management

1 Here, “capital, etc.” is not limited to the concept of net assets under accounting and capital based on current solvency regulations; this assumes a definition in which each insurance company compares against its risks from the viewpoint of risk management, including equity understood by economic value assessment (assessment consistent with market prices, or, assessment based on present value future cash flows indicated by a method which uses principles, techniques and parameters consistent with the market).

180 (hereinafter referred to as the “Insurance Underwriting Risk Management Policy”)? Has it informed the entire company? Are they appropriate? For example, are the following matters clearly written?

  • Roles and responsibilities of the director in charge, and Board of Directors or organization equivalent to the Board of Directors, regarding insurance underwriting risk management
  • Policy on the organizational framework: establishment of the division for insurance underwriting risk management (hereinafter referred to as the “Insurance Underwriting Risk Management Division”), granting of authority, etc.
  • Policy on identification, assessment, monitoring and control of insurance underwriting risks
  • Policy for analysis and assessment of liability characteristics. For example, risks caused by options such as cancellation or renewal rights of insurance contracts.
  • Basic policy on handling of freely set premium rates, standard premium rates, legal range premium rates, and limited range premium rates in a non-life insurance company
  • Policy on risk management concerning reasonable reinsurance to suit the insurance company’s business content (size, growth, degree of concentration of insurance underwriting risks held, etc.) and amount of equity, etc. (holding & reinsurance ceding policy, and reinsurance assuming policy)2
  • Policy on management of special account
  • Policy on New Products, etc. (including policy on analysis and assessment of liability characteristics of new products)
  • Policy for calculating rational and reasonable insurance premiums, corresponding to risks (4) Revision of Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness, based on reports and findings of various investigations on the status of insurance underwriting risk management, in a regular and timely manner or on an as needed basis?
  1. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the Insurance Underwriting Risk Management Division (hereinafter simply referred to as the “Manager” in this checklist) develop internal rules that clearly specify the arrangements concerning insurance underwriting risk management (hereinafter referred to as

2 Excluding cases with insignificant ratios of reinsurance assumed and ceded compared to held risks.

181 the “Insurance Underwriting Risk Management Rules”) and inform the organization in accordance with the Insurance Underwriting Risk Management Policy? Has the Board of Directors or organization equivalent to the Board of Directors approved the Insurance Underwriting Risk Management Rules, after determining if they comply with the Insurance Underwriting Risk Management Policy and after legal checks, etc.? (2) Establishment of Insurance Underwriting Risk Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors have an Insurance Underwriting Risk Management Division established, and have the division prepared to undertake appropriate roles, in accordance with the Insurance Underwriting Risk Management Policy and the Insurance Underwriting Risk Management Rules?3 (ii) Has the Board of Directors allocated to the Insurance Underwriting Risk Management Division a Manager with the necessary knowledge and experience to supervise the division, and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Does the Board of Directors provide a framework for having important information of divisions related to New Products etc. reported to the Insurance Underwriting Risk Management Division? Also, is the definition of important information clearly stipulated in rules? (iv) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Insurance Underwriting Risk Management Division an adequate number of staff members who have the necessary knowledge and experience to execute the relevant operations, and assigned such staff the authority necessary for conducting the aforementioned operations?4 (v) Does the Board of Directors or organization equivalent to the Board of Directors keep the Insurance Underwriting Risk Management Division independent from the asset investment division, Marketing and Sales Division, etc., and secure a check-and-balance system of the Insurance Underwriting Risk Management Division? (3) Development of Insurance Underwriting Risk Management System in Marketing and Sales Division

3 When the Insurance Underwriting Risk Management Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division, or when a division in charge of other business also takes charge of insurance underwriting risk management, or when a Manager or Managers take charge of insurance underwriting risk management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the size and nature of the insurance company and its risk profile. 4 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of that deportment or post is reasonable in terms of a check-and￾balance system and other aspects.

182 (i) Through the Manager or Insurance Underwriting Risk Management Division, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure effectiveness of insurance underwriting risk management, such as by providing a system to inform the divisions involving insurance underwriting risks to be managed (e.g. Marketing and Sales Division, etc.) about the internal rules and operational procedures which must be observed, and to ensure that such divisions observe them? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager to identify the internal rules and operational procedures that must be observed by the Marketing and Sales Division, etc., and to carry out specific actions for ensuring observance such as providing effective training on a regular basis? (ii) To enable the Insurance Underwriting Risk Management Division to understand required information about assets, does the Board of Directors or organization equivalent to the Board of Directors provide a system for appropriate cooperation with the asset investment risk management division? Does it also provide a system for appropriate cooperation with the Comprehensive Risk Management Division? (4) Development of System for Reporting to and Approval of the Board of Directors or Organization Equivalent to the Board of Directors Does the Board of Directors or organization equivalent to the Board of Directors appropriately specified matters that require reporting and those that require approval, and does it have the Manager report the status to the Board of Directors in a regular and timely manner or on an as needed basis, or have the Manager seek the approval of the Board of Directors? In particular, does it ensure that the Manager reports to the Board of Directors or organization equivalent to the Board of Directors without delay any matters that would seriously affect corporate management? (5) Development of System for Reporting to Corporate Auditor In the case that the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately, and do they provide a system to have the Manager directly report such matters to the auditor?5 (6) Development of Internal Audit Guidelines and an Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or Internal Audit Division Manager appropriately identify the matters to be audited with regard to insurance underwriting risk management, develop guidelines that specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and

5 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report, and shall not restrict the authority and activities of the auditor in any way.

183 plan?6 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan, and provide a system to have these matters appropriately audited?

  • Status of development of the insurance underwriting risk management system
  • Status of observance of the Insurance Underwriting Risk Management Policy, Insurance Underwriting Risk Management Rules, etc.
  • Reasonableness of methods for analysis and assessment of liability characteristics
  • Appropriateness of the insurance underwriting risk management processes, commensurate with the sizes and natures of the business and risk profile
  • Reasonableness of insurance underwriting risk assessment methods (techniques, assumptions, etc.)
  • Correctness and completeness of data used in insurance underwriting risk assessment
  • Appropriateness of management, considering limitations and weak points of insurance underwriting risk assessment
  • Appropriateness of stress test scenarios, etc.
  • Status of improvement of matters pointed out in an internal audit or in the last inspection (7) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner, by reviewing their effectiveness based on reports and findings on the status of insurance underwriting risk management in a regular and timely manner or on an as needed basis?
  1. Assessment and Improvement Activities
  1. Analysis and Assessment (1) Analysis and Assessment of Insurance Underwriting Risk Management Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the insurance underwriting risk management system and the particulars thereof, and appropriately examine their causes by precisely analyzing the status of insurance underwriting risk management and assessing the effectiveness of insurance underwriting risk management, based on all information available regarding the status of insurance underwriting risk management, such as the results of audits by corporate auditors, internal audits and external audits,7 findings of various investigations,

6 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan. 7 External audits as mentioned here shall not be limited to audits of financial statements by accounting auditors, but the inspector should bear it in mind that currently, audits other than the audit of financial statements required under the rules and the verification of the internal control system conducted as part of the procedures of this audit are not obligatory.

184 and reports from various divisions? In addition, if necessary, does it take all possible measures to find the causes by, for example, establishing fact findings committees, etc. consisting of non-interested persons? (2) Revision of Analysis and Assessment Processes Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner, by reviewing their effectiveness based on reports and findings on the status of insurance underwriting risk management in a regular and timely manner or on an as needed basis?

  1. Improvement Activities (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the insurance underwriting risk management system, identified through the analysis, assessment and examination referred to in 3. 1) above, in a timely and appropriate manner based on the results obtained, by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner, by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner, by reviewing its effectiveness based on reports and findings on the status of insurance underwriting risk management, in a regular and timely manner or on an as needed basis? However, in the case where the inspected insurance company undergoes an external audit other than the financial statements audit in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining in a comprehensive manner along with the financial statements audit results.

185 II. Development and Establishment of Insurance Underwriting Risk Management System By Manager Checkpoints

  • This chapter lists the check items to be used when the inspector reviews the roles and responsibilities to be performed by the Manager and the Insurance Underwriting Risk Management Division.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the insurance company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter 1. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement measures have been developed and implemented.
  1. Roles and Responsibilities of Manager (1) Development and Dissemination of Insurance Underwriting Risk Management Rules Has the Manager, in accordance with the Insurance Underwriting Risk Management Policy, identified the risks, decided the methods of assessment and monitoring thereof and developed Insurance Underwriting Risk Management Rules (consistent with the comprehensive risk management system) that clearly define the arrangements on risk control, based on a full understanding of the locations, types and nature of the insurance underwriting risks and management techniques? Does the Board of Directors or organization equivalent to the Board of Directors approve the Insurance Underwriting Risk Management Rules, and are they made known throughout the organization? (2) Insurance Underwriting Risk Management Rules Do the Insurance Underwriting Risk Management Rules exhaustively cover the arrangements necessary for insurance underwriting risk management, and specify the arrangements appropriately in a manner befitting the sizes and natures of the business and its risk profile? Are the rules appropriate? For example, do they clearly write arrangements for the following items?
  • Roles, responsibilities, and organizational framework of the Insurance Underwriting Risk Management Division
  • Identification, assessment, monitoring and control of insurance underwriting risks

186

  • Comprehensive management of assets and liabilities
  • Analysis and assessment of liability characteristics. For example, risks created by insurance policy options such as cancellation or renewal.
  • Insurance underwriting standards (sales conditions)
  • Approval and screening of New Products, etc. (including arrangements on analysis and assessment of liability characteristics of New Products, etc.)
  • Cooperation with the Comprehensive Risk Management Division
  • Reinsurance related risk management8 (including (1) holding limit amounts for each risk unit and each concentrated risk unit, corresponding to characteristics of underwriting risks held, (2) standards on soundness of reinsurers and management of concentration in one reinsurer, (3) standards on types and regions for assuming reinsurance)
  • Management of the special account (including arrangements on explanation to policyholders about investment policy and investment content, arrangements on reporting to policyholders about investment results, principles which must be followed in the market, and standards on selection of companies for placing orders, discretionary managers and advisors, comprehensively considering their transaction execution ability, legal compliance, credit risk, investment performance, etc.)
  • System for reporting to Board of Directors or organization equivalent to Board of Directors (3) Development of Insurance Underwriting Risk Management System by Manager (i) Based on the Insurance Underwriting Risk Management Policy and Insurance Underwriting Risk Management Rules, does the Manager provide for actions to have the Insurance Underwriting Risk Management Division exercise a check-and-balance system, in order to conduct insurance underwriting risk management appropriately? (ii) Does the Manager provide a system which quickly reports to the Comprehensive Risk Management Division, if system weak points or problems are found which affect comprehensive risk management? (iii) Does the Manager provide a system in which if a request is received from the Comprehensive Risk Management Division about New Products, etc., then the inherent insurance underwriting risks are identified in advance, and reported to the Comprehensive Risk Management Division, based on New Products Management Policy? 9 (iv) Does the Manager provide a highly reliable insurance underwriting risk management system10 which suits the size and characteristics of operations and risk profile of the

8 Excluding cases with insignificant ratios of reinsurance assumed and ceded compared to held risks. 9 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4). 10 It should be noted that the computer system may be a centralized data processing environment system, distributed

187 business? (v) Does the Manager ensure the provision of training and education systems to enhance the ability of employees to conduct insurance underwriting risk management in an effective manner, thus developing human resources with relevant expertise? (vi) Does the Manager provide a system to ensure that matters specified by the Board of Directors or organization equivalent to the Board of Directors are reported in a regular and timely manner or on an as needed basis? In particular, does the Manager provide a system to ensure that matters that would seriously affect corporate management are quickly reported to the Board of Directors or organization equivalent to the Board of Directors? Does the Manager also provide a system for actuarial science related matters being reported to chief actuaries? (4) Development of Insurance Underwriting Screening System by Manager (i) Does the Manager provide an appropriate screening system for underwriting, from the viewpoint of insurance underwriting risk management? (ii) Does the Manager provide a system for management of and self-inspecting the reasonableness of the insurance premium structure of risk segmentation products (products with segmented insurance premiums affected by risks of the policyholders or insured parties)? (iii) Does the Manager provide a system for eliminating moral risks? For example, by stricter underwriting decisions if there are excessive insured amounts relative to underwriting standards (including insured amounts concerning other insurance contracts the company learned of)? (iv) Does the Manager provide a system for appropriately selecting physical risks concerning the insured person’s health situation and occupation related environmental risks, and taking appropriate actions to eliminate moral risks? (5) Revision of Insurance Underwriting Risk Management Rules and Organizational Frameworks Does the Manager conduct monitoring on an ongoing basis, with regard to the status of the execution of operations at the Insurance Underwriting Risk Management Division? Does the Manager review the effectiveness of the insurance underwriting risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the Insurance Underwriting Risk Management Rules and the relevant organizational framework, or present proposals for improvement to the Board of Directors or organization equivalent to the Board of Directors? processing system, or end user computing (EUC) type.

188 2. Roles and Responsibilities of Insurance Underwriting Risk Management Division

  1. Risk Identification and Assessment (1) Involvement in Insurance Underwriting Standards Does the Insurance Underwriting Risk Management Division take actions to check that insurance underwriting standards are the same as solicitations conditions assumed during product development, or that risks are small? (2) Identification and Assessment of Insurance Underwriting Risks (i) Does the Insurance Underwriting Risk Management Division identify and assess risks periodically (at least once each 6 months) or as needed, by methods such as understanding and analyzing the current revenue/expenditure situation and making revenue/expenditure forecasts, for each appropriate unit such as each insurance type? Also, are revenue/expenditure forecasts done by scenarios which are reasonable, considering interest rate trends, economic conditions, occurrence of insured accidents, etc.? (ii) Does the Insurance Underwriting Risk Management Division understand the situation of risk dispersal, by managing the portfolio of insurance contracts by each type of guarantee (e.g. setting an insurance contract limit amount for each insurance contract type) (iii) Does the Insurance Underwriting Risk Management Division understand risks concerning minimum guarantees in products with the amounts of variable insurance or variable pensions as minimum guarantees? (iv) Does the Insurance Underwriting Risk Management Division use appropriate techniques to quantify risks, and understand forecast maximum loss amounts, for concentrated risks due to large accidents and natural disasters such as earthquakes and typhoons (in the case of a non-life insurance company)? (v) Does the Insurance Underwriting Risk Management Division accurately understand risks involving risk segmentation products? (vi) Does the Insurance Underwriting Risk Management Division accurately understand risks involving third sector insurance products? (vii) To comprehensively manage assets and liabilities, does the Insurance Underwriting Risk Management Division closely cooperate with the Comprehensive Risk Management Division and asset investment risk management division, obtaining the required information about assets? (viii) If New Products, etc. are handled, does the Insurance Underwriting Risk Management Division bring to light inherent insurance underwriting risks in advance, and identify risks which should be subject to insurance underwriting risk management? In identifying risks, are the following items investigated regarding product development, etc.? Are such

189 investigations done without improper influence by the Marketing and Sales Division?11

  • Reasonableness if viewed from customer needs and earnings improvement
  • Reasonableness of revenue/expenditure forecasts,
  • Existence of moral risks
  • Correctness of data used (ix) In cases where insurance underwriting risks are measured, does the Insurance underwriting Risk Management Division ensure consistency between measurement methods (techniques, assumptions, etc.), methods of monitoring various insurance underwriting risks, and methods of assessing capital adequacy? (3) Reinsurance Related Risk Management12 (i) Does the Insurance Underwriting Risk Management Division understand the characteristics of the reinsurance market, such as the limited number of reinsurance market participants? With this understanding, does reinsurance function for the company as a whole, with good coordination between operations of ceding and assuming reinsurance? (ii) Does the Insurance Underwriting Risk Management Division provide a framework for autonomously checking the situation of compliance with holding & reinsurance ceding policy and reinsurance assuming policy, regarding each division’s reinsurance (ceding and assuming)? Is a framework provided independently of divisions, for checking the situation of compliance of the entire company, for holding & reinsurance ceding policy and reinsurance assuming policy? (iii) Does the Insurance Underwriting Risk Management Division check the situation of compliance with rules for reporting methods and approval methods etc., regarding each division’s reinsurance (ceding and assuming)? (4) Cooperation with Related Divisions Does the Insurance Underwriting Risk Management Division cooperate with related divisions, and effectively utilize as investigation data the written opinions, etc.13 of chief actuaries, and the transaction details and analysis results for related divisions which perform product development, insured accident occurrence forecasts, interest rate and currency forecasts, risk understanding, reinsurance ceding contracts, provision of Policy Reserves, insurance product sales, insurance contract underwriting screening, etc.?
  1. Monitoring (i) Does the Insurance Underwriting Risk Management Division monitor the risk situation of

11 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4). 12 Excluding cases with insignificant ratios of reinsurance assumed and ceded compared to held risks. 13 “Written opinions, etc.” means written opinions, attachments to reports, and other reference materials pursuant to Article 82 of the Enforcement Regulations.

190 risks identified and assessed with appropriate frequency, considering the situation of the insurance company’s internal environment (risk profile and situation of use of risk limits set, etc.) and external environment (economic cycle, market, etc.), based on Insurance Underwriting Risk Management Policy and the Insurance Underwriting Risk Management Rules? Does it also monitor the status of the internal environment and external environment, as well as reasonableness of assumptions, etc.? (ii) Does the Insurance Underwriting Risk Management Division report information on the situation of insurance underwriting risk management periodically or as needed, which enables appropriate assessment and decisions by the Board of Directors or organization equivalent to the Board of Directors, based on Insurance Underwriting Risk Management Policy and the Insurance Underwriting Risk Management Rules? 3) Control (i) Does the Insurance Underwriting Risk Management Division analyze known risks, and when risks are seen emerging or when changes are seen in future risks, is there appropriate risk control in cooperation with related divisions, such as changes in underwriting standards and added provision of Policy Reserves, in accordance with Insurance Underwriting Risk Management Policy? (ii) Does the Insurance Underwriting Risk Management Division guide and manage business locations and insurance solicitors, so they follow underwriting standards in insurance sales? Does it also take actions to check these are actually followed? For managing sales conditions, it is desirable to build an IT system which prevents signing insurance contracts which violate underwriting standards. 4) Examination and Revision (i) Does the Insurance Underwriting Risk Management Division examine to understand the limits and weak points of insurance underwriting risk assessment methods, and take actions to supplement these methods? Also, considering these limits and weak points, does the division investigate, analyze and study for advanced risk management commensurate with the risk profile? (i) Does the Insurance Underwriting Risk Management Division understand changes in the internal and external environments, and the limitations and weak points of insurance underwriting risk assessment methods? Does the division periodically examine and revise whether it uses appropriate insurance underwriting risk management methods which suit the entire insurance company’s strategic goals, Comprehensive Risk Management Policy, business size and characteristics, and risk profile?

191 III. Specific Issues

Checkpoints

  • This chapter lists the check items for the inspector to examine individual specific problems, in accordance with the actual situation of insurance underwriting risk management.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapters I. and II. are absent or insufficient, thus causing the said problem, with the use of the checklists in those chapters, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the insurance company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter 1. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement measures have been developed and implemented.
  1. Product Development (1) Development and Elimination of Products (i) When selling a new product or eliminating an existing product, is it investigated whether the insurance premiums of that product are appropriate, considering the asset investment environment (interest rates, etc.), insured accident occurrence ratio concerning that insurance, actual state of business expenditures, situation of insurance contract continuation ratio, method of risk selection for those insurance contracts, situation of Policy Reserves, situation of solvency margin ratio, etc.? (ii) For additional premiums, is it ensured that the calculation method is rational and reasonable, and that its calculated additional insurance premium is not improperly discriminatory? Especially if discount and increase rates are set for additional insurance premiums, are these based on the contract method and insurance premium payment method? (iii) Regarding the system of discounts for insurance premiums, is that discount system actuarially rational, and are there no problems concerning consistency with other discount/increase systems, revenue/expenditure balance after the discount was introduced, etc.? (2) Follow-up After Product Sales Start Is there appropriate follow-up after product sales start? For example, is there checking and analysis of to what degree product sales results and accident occurrence ratio differ from the levels assumed during development? Are those analysis results utilized? In doing such follow-up,

192 for example are the following points kept in mind? (i) For appropriate risk management, is follow-up incorporated in the product development process? (ii) Regarding follow-up after sales, are its viewpoints, departments in charge, time period, techniques, and methods of utilizing results determined and implemented? (iii) Is there verification of reasonableness of the basic calculation ratio for revenue/expenditure analysis, insurance premiums and Policy Reserves, for each appropriate unit such as by insurance type? (iv) Is there periodic monitoring against unexpected revenue/expenditure changes and increases/decreases in risks? Are standards established for timely investigation in response to changes in sales policy and product details? (v) Do product details suit the guarantee needs of the society and economy? Is there periodic monitoring on whether they cause complaints and moral risks? (vi) Are results of follow-up after product sales start reported directly when needed to the Board of Directors or organization equivalent to the Board of Directors? Is the content of such reports correct? (vii) Is a framework provided which has future product development incorporate results of follow-up, such as collecting opinions from customers and agencies regarding products? (viii) Are insurance premiums and product details revised as needed, based on follow-up results? (3) Freely Set Premiums in Non-life Insurance Companies (i) For freely set premium rates, standard premium rates, legal range premium rates, and limited range premium rates, are actions taken to check that individual premium rates are set in accordance with Insurance Underwriting Risk Management Policy? (ii) If there are discounts on insurance premiums of standard premium rate products, is there appropriate involvement? 2. Reinsurance Related Risk Management14 (1) Risk Management of Ceding Reinsurance (i) In selecting a company for ceding reinsurance, is it confirmed that the reinsurer’s financial details are studied in accordance with holding & reinsurance ceding policy? Also, is the reinsured amount of each insurance product checked periodically, in accordance with holding & reinsurance ceding policy? (ii) Is it checked that underwriting risk which exceeds the holding limit amounts under holding & reinsurance ceding policy is appropriately covered by reinsurance arranged?

14 Excluding cases with insignificant ratios of reinsurance assumed and ceded compared to held risks.

193 (iii) Is there checking of the collection status of reinsurance benefits, its future collection possibilities, and ceded reinsurance results? (iv) For reinsurance premiums or reinsurance benefit amounts which are adjusted afterwards, is risk managed with accurate understanding of the actual status of resulting risk transfer? (v) Considering the actual status and market trends of ceded reinsurance contracts, is it checked that ceded reinsurance premiums are at reasonable levels? (2) Risk Management of Assumed Reinsurance (i) In signing assumed reinsurance contracts, is information obtained on the ceding insurer and on assumed insurance contracts, and is there full investigation of the profitability and risks of those reinsurance contracts? (ii) Is the forecast maximum insurance loss amount in major concentrated risks understood, and appropriately managed so the insurance limit amount is not exceeded? (In the case of a non￾life insurance company) (iii) Is there appropriate management even after signing an assumed reinsurance contract? For example, is information obtained on the situation of occurrence of payment responsibility of the ceding reinsurer, caused by insured accidents in other countries? (iv) For risks which should have been transferred to another party via ceded reinsurance, is there full consideration of cases in which these risks flow back via assumed reinsurance? Is this managed? (v) Considering the actual status and market trends of assumed reinsurance contracts, is it checked that assumed reinsurance premiums are at reasonable levels? 3. Management of Special Accounts (i) In investing the special account, is property pertaining to the special account invested faithfully and very carefully for the interests of policyholders, accurately understanding its aspect that all investment results including losses pertain to policyholders, and treating them fairly and equitably? (ii) Is property pertaining to the special account correctly separated in accounting? Also, are there no transfers into the general account or other special accounts, except if stipulated in laws and regulations? (iii) Are investment policy and investment details appropriately explained to policyholders? (iv) Are investment results periodically reported to policyholders? (v) Is a special account for investment results linked insurance contracts (special designated account) managed based on provisions of the Enforcement Regulations, Article 75-2 and Article 154-2?

194 Checklist for Asset Investment Risk Management I. Development and Establishment of Asset Investment Risk Management System by Management Checkpoints

  • Asset investment risk refers to the risk of losses borne by the insurance company when the values of held assets and liabilities change (including off balance sheet). Three types of asset investment risks are described below. (1) Market risk: Due to changes in various market risk factors such as interest rates, currencies and stocks, the risk of losses borne by the insurance company when the values of held assets and liabilities change (including off balance sheet), and risk of losses borne from changes in earnings generated from assets and liabilities. (2) Credit risk: Due to worse financial conditions of credit recipients, risk that values of assets (including off balance sheet assets) decrease or disappear, creating losses borne by the insurance company. Of these, especially for credit provided overseas, country risk refers to risk of losses borne by the insurance company due to foreign currency conditions and political and economic conditions of the country of the credit recipient. (3) Real estate investment risk: Risk that changes in rental rates cause real estate related earnings to decrease, or changes in market conditions cause real estate prices themselves to decrease, resulting in losses borne by the insurance company.
  • An insurance company’s assets and investment conduct must correspond to its liability characteristics, risk characteristics and business strength such as equity. Liability characteristics are especially important factors for setting the insurance company’s investment strategy. To enable performance on its own debt in the future, it is important to hold sufficient assets which have appropriate characteristics (maturity, liquidity, etc.).
  • The development and establishment of an asset investment risk management system at an insurance company is extremely important from the viewpoint of ensuring the soundness and appropriateness of the company’s business. Therefore, the company’s management is charged with and responsible for taking the initiative in developing and establishing such a system.
  • It is important that the inspector examine whether an appropriate asset investment risk management system is developed which suits the insurance company’s strategic goals, the size and characteristics of operations, and its risk profile. The types and levels of asset investment risks and assessment methods which the insurance company should adopt should be decided according to the insurance company’s strategic goals, diversity of operations, and complexity of risks faced. It should be kept in mind that complex or advanced risk assessment methods are not necessarily appropriate for all insurance companies.
  • The inspector should specifically determine whether the asset investment risk management system is

195 functioning effectively, and whether the roles and responsibilities of the company’s management are being appropriately performed by way of reviewing, with the use of check items listed in Chapter I., whether or not the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) development of a system for assessment and improvement activities.

  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. onwards, it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the system is not functioning effectively, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.
  1. Policy Development (1) Roles and Responsibilities of Directors Is the Board of Directors fully aware of the major effects that disregarding asset investment risk management has on achieving strategic goals? Does it emphasize asset investment risk management? In particular, is the director in charge considering a policy and specific actions to enable appropriate cooperation between the Comprehensive Risk Management Division and asset investment risk management division? Also, is he fully aware that liability characteristics are important factors for setting strategic goals? Does he investigate policies and specific actions to hold sufficient assets which have appropriate characteristics (maturity, liquidity, etc.), to enable performance on its own debt in the future? Moreover, does he fully understand the importance of techniques such as identification, assessment, monitoring and control of the locations, types, characteristics and risks of asset investment risks, and of their management? Based on this understanding, does he accurately understand the status of the insurance company’s asset investment risk management, and investigate policies and specific actions towards development and establishment of a proper asset investment risk management system? For example, does the director in charge understand the limitations and weak points of methods to comprehensively assess various asset investment risks (including assessment and measurement techniques, assumptions, etc. Hereinafter referred to as “Asset Investment Risk Assessment Methods.”), and investigate actions to supplement them? (2) Development and Dissemination of Strategic Goals of Investment Division Does the Board of Directors consider asset investment risks, and create strategic goals for the investment division which are consistent with the entire insurance company’s strategic goals

196 and Comprehensive Risk Management Policy? Does it inform the organization about these goals? In creating the investment division’s strategic goals, does it maintain consistency with the strategic goals of each operating area, and consider the situation of composition of assets and liabilities (including off balance sheet), market and liquidity aspects, equity, etc.?1 Also, does it consider, for example, the following items?

  • Are liability characteristics positioned as important factors for setting strategic goals of the investment division? To enable performance on its own debt in the future, does it maintain sufficient assets which have appropriate characteristics (maturity, liquidity, etc.)?
  • In establishing what degree of asset investment risks to take, and what level of earnings to target, is it clear whether the goal is to hold asset investment risks to a minimum, or to target higher earnings by actively underwriting and managing a certain level of asset investment risks?
  • Do the investment division’s strategic goals not excessively prioritize gaining earnings, and disregard asset investment risk management? In particular, does it not set targets which disregard long term asset investment risks and prioritize gaining short term earnings, nor set performance assessments based on such targets? (3) Development and Dissemination of Asset Investment Risk Management Policy Does the Board of Directors establish policy on asset investment risk management (hereinafter referred to as “Asset Investment Risk Management Policy”), and inform the entire organization about this? Is it appropriate? For example, are the following items clearly written? Also, does policy on asset investment risk limits consider liability characteristics, and risks which can be tolerated by the insurance company as a whole?
  • Asset investment risk management related roles and responsibilities of the director in charge and Board of Directors or organization equivalent to the Board of Directors
  • Policy on the organizational framework: establishment of the division for asset investment risk management (hereinafter referred to as the “Asset Investment Risk Management Division”), granting of authority, etc.
  • Policy on analysis and assessment of liability characteristics, such as understanding of required information on liabilities
  • Policy on setting limits for asset investment risk, considering liability characteristics (if divided into groups corresponding to liability characteristics, including policy on setting asset investment risk limits corresponding to the liability characteristics each group)

1 Here, “capital, etc.” is not limited to the concept of net assets under accounting and capital based on current solvency regulations; this assumes a definition in which each insurance company compares against its risks from the viewpoint of risk management, including equity understood by economic value assessment (assessment consistent with market prices, or, assessment based on present value future cash flows indicated by a method which uses principles, techniques and parameters consistent with the market).

197

  • Policy on asset investment risk management over the medium and long term, considering the predicted medium and long term liability characteristics, in accordance with the insurance company’s strategic goals and business policy
  • Risk management policy for asset investment requiring special attention, such as derivative transactions and outsourcing of asset investment
  • Policy on identification of risks to manage
  • Policy on identification and assessment of asset investment risks, and on monitoring and control of assessed risks
  • Policy on New Products etc.2 (including policy on asset investment risk management, considering liability characteristics of new products) (4) Revision of Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness, based on reports and findings of various investigations on the status of asset investment risk management, in a regular and timely manner or on an as needed basis?
  1. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the Asset Investment Risk Management Division (hereinafter simply referred to as the “Manager” in this checklist) develop internal rules that clearly specify the arrangements concerning asset investment risk management (hereinafter referred to as the “Asset Investment Risk Management Rules”) and inform the organization, in accordance with the Asset Investment Risk Management Policy? Has the Board of Directors or organization equivalent to the Board of Directors approved the Asset Investment Risk Management Rules, after determining whether they comply with the Asset Investment Risk Management Policy and after legal checks, etc.? (2) Introduction of New Asset Investment Means When introducing a new asset investment means which greatly affects the business, does the Board of Directors or organization equivalent to the Board of Directors consider the liability characteristics, risk tolerance and risk management techniques, and investigate the appropriateness of the introduction of asset investment means? (3) Establishment of Asset Investment Risk Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors have an Asset Investment Risk Management Division established, and have the division prepared to

2 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4).

198 undertake appropriate roles, in accordance with the Asset Investment Risk Management Policy and the Asset Investment Risk Management Rules?3 (ii) Has the Board of Directors allocated to the Asset Investment Risk Management Division a Manager with the necessary knowledge and experience to supervise the division, and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Asset Investment Risk Management Division an adequate number of staff members who have the necessary knowledge and experience to execute the relevant operations, and assigned such staff the authority necessary for conducting the aforementioned operations?4 (iv) Does the Board of Directors or organization equivalent to the Board of Directors keep the Asset Investment Risk Management Division independent from the asset investment division, etc., and secure a check-and-balance system of the Asset Investment Risk Management Division? (4) Development of Asset Investment Risk Management System in Asset Investment Division (i) Through the Manager or Asset Investment Risk Management Division, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure effectiveness of asset investment risk management, such as by providing a system to inform the divisions involving asset investment risks to be managed (e.g. asset investment division, etc.) about the internal rules and operational procedures which must be observed, and to ensure that such divisions observe them? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager to identify the internal rules and operational procedures that must be observed by the asset investment division, etc., and to carry out specific actions for ensuring observance such as by providing effective training on a regular basis? (ii) To enable the Asset Investment Risk Management Division to understand required information about assets, does the Board of Directors or organization equivalent to the Board of Directors provide a system for appropriate cooperation with the Insurance Underwriting Risk Management Division? Does it also provide a system for appropriate cooperation with the Comprehensive Risk Management Division?

3 When the Asset Investment Risk Management Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division, or when a division in charge of other business also takes charge of asset investment risk management, or when a Manager or Managers take charge of asset investment risk management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the size and nature of the insurance company and its risk profile. 4 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of that deportment or post is reasonable in terms of a check-and-balance system and other aspects.

199 (5) Development of System for Reporting to and Approval by the Board of Directors or organization equivalent to the Board of Directors Does the Board of Directors or organization equivalent to the Board of Directors appropriately specify matters that require reporting and those that require approval, and does it have the Manager report the status to the Board of Directors in a regular and timely manner or on an as needed basis, or have the Manager seek the approval of the Board of Directors? In particular, does it ensure that the Manager reports to the Board of Directors or organization equivalent to the Board of Directors without delay any matters that would seriously affect corporate management? (6) Development of System for Reporting to Corporate Auditor In the case that the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately, and does it provide a system to have the Manager directly report such matters?5 (7) Development of Internal Audit Guidelines and Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or Internal Audit Division Manager appropriately identify the matters to be audited with regard to asset management risk management, develop guidelines that specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?6 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan, and provide a system to have these matters appropriately audited?

  • Status of development of the asset investment risk management system
  • Status of observance of the Asset Investment Risk Management Policy, Asset Investment Risk Management Rules, etc.
  • Validity of methods for analysis and assessment of liability characteristics, such as understanding of required information on liabilities
  • Appropriateness of asset investment risk management process to hold assets which have characteristics (liquidity, etc.) appropriate for the situation of liabilities held
  • Situation of compliance with asset investment risk limits, considering liability characteristics
  • Appropriateness of the asset investment risk management processes, commensurate with the sizes and natures of the business and risk profile
  • Validity of Asset Investment Risk Assessment Methods

5 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report, and shall not restrict the authority and activities of the auditor in any way. 6 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan.

200

  • Correctness and completeness of data used in asset investment risk assessment
  • Appropriateness of management, considering limitations and weak points of Asset Investment Risk Assessment Methods
  • Appropriateness of stress test scenarios, etc.
  • Status of improvement of matters pointed out in an internal audit or in the last inspection (8) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner, by reviewing their effectiveness based on reports and findings on the status of asset management risk management in a regular and timely manner or on an as needed basis?
  1. Assessment and Improvement Activities

  1. Analysis and Assessment (1) Analysis and Assessment of Asset Investment Risk Management Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the asset investment risk management system and the particulars thereof, and appropriately examine their causes by precisely analyzing the status of asset investment risk management and assessing the effectiveness of asset investment risk management, based on all information available regarding the status of asset investment risk management, such as the results of audits by corporate auditors, internal audits and external audits,7 findings of various investigations, and reports from various divisions? In addition, if necessary, does it take all possible measures to find the causes by, for example, establishing fact findings committees, etc. consisting of non-interested persons? (2) Revision of Analysis and Assessment Processes Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner, by reviewing their effectiveness based on reports and findings on the status of asset investment risk management in a regular and timely manner or on an as needed basis?

  2. Improvement Activities

7 External audits as mentioned here shall not be limited to audits of financial statements by accounting auditors, but the inspector should bear it in mind that currently, audits other than the audit of financial statements required under the rules and the verification of the internal control system conducted as part of the procedures of this audit are not obligatory. However, in the case where the inspected insurance company undergoes an external audit other than the financial statements audit in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining in a comprehensive manner along with the financial statements audit results.

201 (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the system, identified through the analysis, assessment and examination referred to in 3. 1) above, in a timely and appropriate manner based on the results obtained, by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner, by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner, by reviewing its effectiveness based on reports and findings on the status of asset investment risk management, in a regular and timely manner or on an as needed basis?

202 II. Development and Establishment of Asset Investment Risk Management System by Manager Checkpoints

  • This chapter lists the check items to be used when the inspector reviews the roles and responsibilities to be performed by the Manager and the Asset Investment Risk Management Division.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the insurance company’s management fails to recognize problems found by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. above are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.
  1. Roles and Responsibilities of Manager (1) Development and Dissemination of Asset Investment Risk Management Rules Has the Manager, in accordance with the Asset Investment Risk Management Policy, decided the methods to assess, identify and monitor risks, and developed Asset Investment Risk Management Rules (consistent with the comprehensive risk management system) that clearly define the arrangements on risk control, based on a full understanding of the locations, types and nature of the asset investment risks and management techniques? Does the Board of Directors or organization equivalent to the Board of Directors approve the Asset Investment Risk Management Rules, and are they made known throughout the organization? (2) Content of Asset Investment Risk Management Rules Do the Asset Investment Risk Management Rules exhaustively cover the arrangements necessary for asset investment risk management, and specify the arrangements appropriately in a manner befitting the sizes and natures of the business and its risk profile? Are the rules appropriate? For example, do they clearly write arrangements for the following items?
  • Roles, responsibilities and organization of the Asset Investment Risk Management Division
  • Analysis and assessment of liability characteristics, such as understanding of required information on liabilities
  • Setting limits for asset investment risk, considering liability characteristics (if divided into groups corresponding to liability characteristics, this will include policy on setting

203 asset investment risk limits corresponding to the liability characteristics of each group)

  • Asset investment risk management techniques over the medium and long term, consistent with the insurance company’s strategic goals and Comprehensive Risk Management Policy, and considering the predicted medium and long term liability characteristics, in accordance with business policy
  • Derivative transaction related risk management techniques (including hedge transaction related arrangements)
  • Risk management techniques for low liquidity assets and assets for which objective value cannot be calculated
  • Risk management techniques, if asset investment is outsourced
  • Identification of risks which should be managed in asset investment risk management
  • Asset Investment Risk Assessment Methods
  • Methods of monitoring asset investment risks
  • Periodic verification of Asset Investment Risk Assessment Methods
  • New Products etc. (including asset investment risk management, considering liability characteristics of new products)
  • Comprehensive management of assets and liabilities
  • Cooperation with the Comprehensive Risk Management Division
  • System for reporting to the Board of Directors or organization equivalent to the Board of Directors (3) Development of Organizational Framework by Manager (i) Based on the Asset Investment Risk Management Policy and Asset Investment Risk Management Rules, does the Manager provide for actions to have the Asset Investment Risk Management Division exercise a check-and-balance system, in order to conduct asset investment risk management appropriately? (ii) Does the Manager provide a system to constantly analyze, for asset allocation and risk management techniques which appropriately incorporate changes such as in characteristics of liabilities insurance company and in the market environment? Also, is there a system in place for quick reporting to the Asset Investment Risk Management Division by Managers of the market risk management division, credit risk management division, real estate investment risk management division, etc., if systemic weak points or problems are found which affect asset investment risk management in that risk management division? (iii) Does the Manager provide a system in which if a request is received from the Comprehensive Risk Management Division about New Products etc., the inherent asset investment risks are identified in advance, and reported to the Comprehensive Risk

204 Management Division, based on New Products Management Policy?8 For example, are there reports about effects on asset investment by liability characteristics of New Products etc.? (iv) Does the Manager understand the limitations and weak points of Asset Investment Risk Assessment Methods, and provide a system for advanced risk management which suits the size, characteristics of operations and its risk profile?9 (v) Does the Manager provide a highly reliable asset investment risk management IT system10 which suits the size and characteristics of operations, and its risk profile? (vi) Does the Manager ensure the provision of training and education systems to enhance the ability of employees to conduct asset investment risk management in an effective manner, thus developing human resources with relevant expertise? (vii) Does the Manager provide a system to ensure that matters specified by the Board of Directors or organization equivalent to the Board of Directors are reported in a regular and timely manner or on an as needed basis? In particular, does the Manager provide a system to ensure that matters that would seriously affect corporate management are quickly reported to the Board of Directors or organization equivalent to the Board of Directors? (4) Revision of Asset Management Risk Management Rules and Organizational Framework Does the Manager conduct monitoring on an ongoing basis, with regard to the status of the execution of operations at the Asset Investment Risk Management Division? Also, does the Manager review the effectiveness of the asset investment risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the Asset Investment Risk Management Rules and the relevant organizational framework, or present proposals for improvement to the Board of Directors or organization equivalent to the Board of Directors? 2. Roles and Responsibilities of Asset Investment Risk Management Division

  1. Asset Investment Risk Identification and Assessment (i) Does the Asset Investment Risk Management Division identify and assess market risks, credit risks, real estate investment risks and liquidity risks for all assets, in a numerical or specifically verifiable manner, including for important group companies (within a scope which does not conflict with laws, regulations, etc.)? Are these also assessed for assets for which risk amount and current value cannot be objectively measured? If asset investment is outsourced, does the division identify and assess risks concerning asset investment by the outsourcing contractor? In identifying and assessing each risk, the following points must be

8 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4). 9 It should be noted that sophistication of risk management includes not only expansion of scope of risk measurement and improvement in precision and other aspects of risk management, but also enhancement of actions to complement the limitations and weaknesses of the management, and the techniques of utilizing measurement results. 10 It should be noted that the computer system may be a centralized data processing environment system, distributed processing system, or end user computing (EUC) type. Same hereinafter.

205 kept in mind. a. Market Risks

  • For assets with no market or very low liquidity, does the Asset Investment Risk Management Division obtain the data required for risk management, such as current value calculated by objective methods? Also, is the validity of methods for calculating current value verified by a third party other than the division using such calculation methods?
  • For assets for which current value cannot be calculated by objective methods, does the Asset Investment Risk Management Division fully investigate risks involved in holding those assets, considering strategic goals and related rules for asset investment? b. Credit Risks
  • In assessing credit risks of securities etc., does the Asset Investment Risk Management Division also investigate substantial risks, instead of only formal criteria such as ratings? c. Real estate Investment Risks
  • Does the Asset Investment Risk Management Division understand risks based on objective assessment criteria? Also, is the validity of such criteria verified by a third party other than the division using such criteria? d. Liquidity Risks
  • Does the Asset Investment Risk Management Division cooperate with the liquidity risk management division, and understand liquidity of all assets? (ii) Does the Asset Investment Risk Management Division work to cooperate closely with the Insurance Underwriting Risk Management Division, and understand required information on liabilities? Does it check that the insurance company maintains sufficient assets with appropriate characteristics (maturity, liquidity, etc.) to enable appropriate payment of liabilities held by the insurance company? (iii) If there are risks which are not subject to asset investment risk management, does the Asset Investment Risk Management Division check that their effects are minor? (iv) If New Products etc. are handled, new products purchased, or business started in an overseas location or subsidiary, does the Asset Investment Risk Management Division bring to light inherent asset investment risks in advance, and identify risks which should be subject to asset investment risk management?11 For example, regarding product development, does it investigate the effects which liability characteristics of New Products etc. have on asset management?

11 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4).

206 (v) Does the Asset Investment Risk Management Division investigate the validity of each risk assessment and measurement technique, assumptions, etc.? Also, does it check that each risk management division is investigating their validity? For example, are the following matters investigated?

  • If risk quantities are measured by a scenario method, are appropriate scenarios used?
  • If risk quantities are measured by an economic value method, are appropriate economic value assessment methods used?
  • If risk quantities are measured by VaR which is one integrated scale, then are measurement techniques, holding periods and reliability levels appropriate, considering the strategic goals and risk profile? (vi) If risk cannot be quantified, does the Asset Investment Risk Management Division appropriately assess various risks subject to asset investment risk management, such as assessment of the degree of effects in stages, and self-assessment of the management and control levels, including for important group companies (within a scope which does not conflict with laws, regulations, etc.)? Also, is each risk management division required to provide timely and appropriate reports, with required information on various risks subject to asset investment risk management?
  1. Monitoring (1) Monitoring of Asset Investment Risks Does the Asset Investment Risk Management Division monitor the status of that insurance company’s asset investment risks with appropriate frequency, considering the situation of the insurance company’s internal environment (characteristics of liabilities held, risk profile, situation of use of limits, etc.) and external environment (economy, market, etc.), including for important group companies (within a scope which does not conflict with laws, regulations, etc.), based on Asset Investment Risk Management Policy and the Asset Investment Risk Management Rules? Does it also monitor the status of the internal environment and external environment, as well as validity of assumptions, etc.? (2) Monitoring the Status of Compliance with Limits Does the Asset Investment Risk Management Division appropriately monitor the status of compliance and use of limits? (3) Reporting to Board of Directors or organization equivalent to the Board of Directors Based on Asset Investment Risk Management Policy and Asset Investment Risk Management Rules, does the Asset Investment Risk Management Division periodically or as needed report directly to the Board of Directors or organization equivalent to the Board of Directors, providing information enabling them to appropriately assess and judge the asset investment risk management situation and asset investment risk situation? For example, does

207 it report on the following matters?

  • Asset investment risk profile and its trends
  • Status of compliance with and use of limits on asset investment risks, considering liability characteristics
  • Limitations, weak points and validity of Asset Investment Risk Assessment Methods
  • Limitations, weak points and validity of measurement and analysis methods (techniques, assumptions) for each market risk, credit risk and real estate investment risk (4) Feedback to Each Risk Management Division Does the Asset Investment Risk Management Division assess the asset investment risk situation as needed, and give results of its investigation as feedback to the market risk management division, credit risk management division, real estate risk management division, etc.?
  1. Control (1) Handling if there are Unmanageable Asset Investment Risks If risks not subject to asset investment risk management do not have minor effects, or if risks subject to management cannot be appropriately managed, then does the Asset Investment Risk Management Division provide reports to the Board of Directors or organization equivalent to the Board of Directors, with information enabling it to decide on whether to eliminate or shrink operations related to such risks? (2) Response when Limits are Exceeded When limits are exceeded, does the Asset Investment Risk Management Division quickly provide reports to the Board of Directors or organization equivalent to the Board of Directors, with information enabling it to decide on whether to reduce positions, risks, etc.?
  2. Verification and Revision (1) Advanced Risk Management Does the Asset Investment Risk Management Division examine to understand the limitations and weak points of Asset Investment Risk Assessment Methods, and to take actions to supplement these methods? Also, considering these limitations and weak points, does the division investigate, analyze and study for advanced risk management commensurate with the risk profile? (2) Verification and Revision of Asset Investment Risk Management Methods Does the Asset Investment Risk Management Division understand changes in the internal and external environments, and the limitations and weak points of Asset Investment Risk Assessment Methods, in order to ensure that the insurance company’s assets and investment conduct suit its liability and risk characteristics and solvency status? Does the division

208 periodically verify and revise whether it uses appropriate asset investment risk management methods which suit the entire insurance company’s strategic goals, size and characteristics of operations, and risk profile? For example, does it verify and revise the following matters?

  • Validity of identification of risks subject to asset investment risk management
  • Validity of Asset Investment Risk Assessment Methods (including validity of methods of analysis and assessment of liability characteristics, methods of setting asset investment risk limits with consideration of liability characteristics, and methods of deciding asset allocation with consideration of liability characteristics)
  • Appropriateness of operations, considering the limitations and weak points of Asset Investment Risk Assessment Methods (3) Verification of Appropriateness of Strategic Goals Does the Asset Investment Risk Management Division verify the validity of its strategic goals etc., in order to ensure that the insurance company’s assets and investment conduct suit its liability characteristics, risk characteristics and solvency status? Also, does the division compare the asset investment risk status vs. the actual earnings trends, to verify the validity of its risk/return strategy? Does the Asset Investment Risk Management Division report information required for revising strategic goals, to the Board of Directors or organization equivalent to the Board of Directors?

209 III. Specific Issues Checkpoints

  • This chapter lists the check items for the inspector to examine individual specific problems, in accordance with the actual situation of asset investment risk management.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapters I. and II. are absent or insufficient, thus causing the said problem, with the use of the checklists in those chapters, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems found by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.

  1. Market Risk Management System See Attachment 1 regarding the market risk management system

  2. Credit Risk Management System See Attachment 2 regarding the credit risk management system

  3. Real Estate Investment Risk Management System (1) Establish Policy and Internal Rules, and Roles of the Board of Directors, for Real Estate Investment Risk Management (i) For real estate investment, is the Board of Directors fully aware that there are risks that changes in rental fees cause a decrease in real estate related earnings, and that changes in market conditions cause real estate prices themselves to decrease? In particular, is the director in charge aware of its characteristics that investment in real estate is generally a huge amount of investment, with very low liquidity, that earnings are uncertain and cannot be substituted, etc.? Based on this understanding, is he accurately aware of the insurance company’s real estate investment risk management situation, and does he investigate policies and specific actions for developing and establishing an appropriate real estate investment risk management system? (ii) Does the Board of Directors or organization equivalent to the Board of Directors establish real estate investment risk management policy (hereinafter referred to as “Real Estate Investment Risk Management Policy”), and inform the entire organization?

210 (iii) Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the real estate investment risk management division establish rules on real estate investment risk management (hereinafter referred to as “Real Estate Investment Risk Management Rules”)? Are the Real Estate Investment Risk Management Rules appropriate? For example, do they clearly write the following matters?

  • Arrangements on roles, responsibilities and organization of the real estate investment risk management division
  • Arrangements on identification, understanding, monitoring and control of real estate investment risks
  • Investment criteria and screening procedures which consider profitability (investment yield, etc.), investment qualifications (compliance, etc.), etc.
  • Arrangements on scope of investment real estate (iv) Does the Board of Directors or organization equivalent to the Board of Directors allocate appropriate assets to real estate investments? In asset allocation, does it consider liability characteristics, and investigate comparisons with investments such as securities and loans? Also, does it consider and investigate diversified investment which avoids extreme concentration, considering land price trends, disasters, etc.? (v) Does the Board of Directors or organization equivalent to the Board of Directors set alarm points for unrealized losses in real estate, considering its business strength such as equity? Also, does it revise its alarm points periodically or as needed? (vi) In real estate investing (especially new investments), does the Board of Directors or organization equivalent to the Board of Directors set a minimum investment yield, considering the assumed interest rates of insurance products? Also, is the minimum investment yield revised periodically or as needed? (2) Development & Establishment of Real Estate Investment Risk Management System (i) Does the Board of Directors or organization equivalent to the Board of Directors establish a real estate investment risk management division, which appropriately manages the screening, monitoring, analysis, etc. of investment projects? Does it also provide a system for wielding a check-and-balance function, for example by ensuring independence from the real estate investment division? Is there a framework in place to prevent influence by the real estate investment division?; for example, is the director in charge of the real estate investment risk management division prevented from also serving as the director of the real estate investment division? If the real estate investment risk management division is not independent from the real estate investment division, or if the director in charge of the real estate investment risk management division also serves as the director of the real estate investment division, is a check-and-balance function ensured for appropriate screening management?

211 (ii) Does the Board of Directors or organization equivalent to the Board of Directors establish appropriate reporting matters, and provide a system for the Manager of the real estate risk management division to report on the situation of real estate investment risk management, periodically or as needed, to the Asset Investment Risk Management Division and the Board of Directors or organization equivalent to the Board of Directors? Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the real estate risk management division report appropriately on the situation of real estate which fell below the minimum investment yield or with unrealized loss exceeding the alarm point (hereinafter referred to as “Substandard Real Estate”), and of real estate with unrealized loss exceeding the alarm point and which is unused for a certain period and without a usage plan (hereinafter referred to as “Under-utilized Real Estate”), and describe investment use real estate of a certain size or larger which is reclassified into business use real estate? (iii) Does the Manager of the real estate investment risk management division provide an IT system12 for real estate investment risk management? (iv) To enable appropriate real estate investment risk management, does the Manager of the real estate investment risk management division thoroughly inform related staff about Real Estate Investment Risk Management Rules and operating procedures, by methods such as periodically providing guidance and training? (3) Points to Keep in Mind about Real Estate Investment Risk Management (i) Is the real estate investment risk management division appropriately aware of and does it understand risk factors faced by the insurance company (causes of changes in earnings, and causes of changes in real estate prices)? Does it appropriately manage them? (ii) Does the real estate investment risk management division check periodically or as needed, that classification as investment use real estate is in accordance with the Real Estate Investment Risk Management Rules? (iii) Does the real estate investment risk management division accurately collect, analyze and investigate information on the rental rate market, tenant supply and demand, land price trends, changes in land use regulations and taxation, relevant location conditions, competitive situation, environment (soil contamination, liquefaction, sinking, etc.), etc.?13 (iv) In screening real estate investments, does the real estate investment risk management division consider compliance with investment criteria, validity of business plan, portfolio (consideration of investment diversification), etc.? (v) Does the real estate investment risk management division appropriately manage investment

12 It should be noted that the computer system may be a centralized data processing environment system, distributed processing system, or end user computing (EUC) type. 13 If the real estate investment division collects, analyzes and investigates such information, the inspection will examine whether the real estate investment risk management division periodically or as needed checks the appropriateness and validity of results of information collection, analysis and investigation done by the real estate investment division.

212 real estate? For example: tenant recruiting, utilization ratio such as vacancy ratio, outsourcers, maintenance, projects underway, currency risks of overseas real estate, etc. Moreover, when a property falls below the minimum investment yield, is it reported to the Asset Investment Risk Management Division?14 (vi) Does the real estate investment risk management division calculate unrealized gain and losses of real estate, periodically or as needed? Also, is real estate assessment done appropriately by rational methods?15 (vii) Does the real estate investment risk management division especially strictly manage Substandard Real Estate, for example by having the real estate investment division investigate actions to obtain earnings? If the business plan for Substandard Real Estate is revised and there will be reinvestment, is this done after passing through screening by the real estate investment risk management division? Is the status of management of Substandard Real Estate (including designation as substandard, removal of designation, sale and disposability) reported to the Asset Investment Risk Management Division, and its appropriateness checked? (viii) Does the Asset Investment Risk Management Division investigate the possibilities of sale or disposal of Under-utilized Real Estate?16 Is the status of management of Under-utilized Real Estate (including investigation of status such as sale and disposal) reported to the Asset Investment Risk Management Division, and its appropriateness checked? 4. Asset Assessment, Write-off, and Reserves Refer to Attachment (Checklist for Asset Assessment, Write-off, and Reserves)

14 If the real estate investment division is managing investment real estate, the inspection will examine whether the real estate investment risk management division periodically or as needed checks the appropriateness and validity of the status of management of investment real estate by the real estate investment division. 15 If the real estate investment division is calculating the unrealized gains and losses on real estate, the inspection will examine whether the real estate investment risk management division periodically or as needed checks the appropriateness and validity of the real estate unrealized gains and losses calculated by the real estate investment division. 16 If the real estate investment division investigates the possibilities of sale or disposal of Under-utilized Real Estate, the inspection will examine whether the real estate investment risk management division periodically or as needed checks the appropriateness and validity of the sale/disposal/holding policy created by the real estate investment division.

213 (Attachment 1) I. Development and Establishment of Market Risk Management System by Management Checklist

  • Market risk refers to the risk of losses borne when the values of assets and liabilities change (including off balance sheet), and the risk of losses borne when earnings generated by assets and liabilities change, due to changes in various market risk factors such as interest rates, currency and stocks. The main market risks are the three risks described below. (1) Interest risk: Risk of bearing loss due to interest rate changes. Risk of lower earnings or loss borne due to change in interest rates, when there is a mismatch between interest rates or maturities of assets and liabilities. (2) Currency risk: The loss generated because the currency prices differ from the initially planned prices, if form a position of excess assets or excess liabilities on a net basis for foreign currency denominated assets and liabilities. (3) Price change risk: Risk of asset price decreases due to change in prices of securities, etc.
  • The development and establishment of a market risk management system at an insurance company is extremely important from the viewpoint of ensuring the soundness and appropriateness of the company’s business. Therefore, the company’s management is charged with and responsible for taking the initiative in developing and establishing such a system.
  • It is important that the inspector examine whether an appropriate market risk management system is developed which suits the insurance company’s strategic goals, the size and characteristics of operations, and its risk profile. Insurance companies have various strategies. Some companies have strategies which limit their asset investment targets to safe assets such as Japanese government bonds. Others have business strategies which include active market transactions: short term trading of securities in major financial markets, complex derivative transactions, etc. In applying the check items for the market risk management system, that insurance company’s business strategy and actual transaction forms shall be fully considered, avoiding a mechanical and uniform application. The types and levels of market risks and measurement and analysis methods which the insurance company should adopt should be decided according to the insurance company’s strategic goals, diversity of operations, and complexity of risks faced. It should be kept in mind that complex or advanced market risk measurement and analysis methods are not necessarily appropriate for all insurance companies.
  • Various examination items are written in this Attachment. But in performing examinations, the inspector must decide on items which should be examined, corresponding to the insurance company’s investment strategy, investment style, transaction sizes, risk profile, risk management methods, risk measurement techniques, etc. Examination items written as “For example…” are only examples. The inspector should judge the necessity,

214 corresponding to the size and characteristics of the operation, risk profile, etc. “If…” indicates an item that the inspector should examine if the insurance company is using that management method or measurement technique, or if it is judged that it must be used.

  • The inspector should specifically determine whether the market risk management system is functioning effectively, and whether the roles and responsibilities of the company’s management are being appropriately performed by way of reviewing, with the use of check items listed in Chapter I., whether or not the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) development of a system for assessment and improvement activities.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. and later, it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the system is not functioning effectively, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.
  1. Policy Development (1) Roles and Responsibilities of Directors Is the Board of Directors fully aware of the major effects that disregarding market risk management has on achieving strategic goals? Does it emphasize market risk management? In particular, does the director in charge fully understand the importance of techniques such as identification, assessment, monitoring and control of the locations, types, characteristics and risks of market risks, and of their management? Based on this understanding, does he accurately understand the status of the insurance company’s market risk management, and investigate policies and specific actions towards development and establishment of a proper market risk management system? For example, does the director in charge understand the limitations and weak points of methods to measure and analyze market risks (techniques, assumptions, etc.), and investigate actions to supplement them? (2) Development and Dissemination of Strategic Goals of the Market Division1 Does the Board of Directors consider market risks, and create strategic goals for the market division which are consistent with the entire insurance company’s strategic goals and Comprehensive Risk Management Policy? Does it inform the organization about these goals?

1 “Market division” refers generally to divisions which handle market risks, among asset investment divisions. Note that this does not necessarily assume a specific division.

215 In creating the market division’s strategic goals, does it maintain consistency with the strategic goals of each operating area, consider the composition of assets and liabilities (including off balance sheet), as well as consider market and liquidity aspects, and the situation of equity, etc.? Also, does it consider, for example, the following items?

  • In establishing what degree of market risks to take, and what level of earnings to target, is it clear whether the goal is to hold market risks to a minimum, or to target higher earnings by actively underwriting and managing a certain level of market risks, etc.?
  • Do the market division’s strategic goals not excessively prioritize gaining earnings, and disregard market risk management? In particular, does it not set targets which disregard long term market risks and prioritize gaining short term earnings, nor set performance assessments based on such targets?
  • Does it consider its liability characteristics and legally determined restrictions on investment amounts of assets, and is it aware that appropriate portfolio construction itself is risk control? Does it have a clear basic approach to portfolios? (3) Development and Dissemination of Market Risk Management Policy Has the Board of Directors established a policy on market risk management (hereinafter referred to as the “Market Risk Management Policy?” Has it informed the entire company? Is it appropriate? For example, are the following matters clearly written?
  • Roles and responsibilities of the director in charge and the Board of Directors or organization equivalent to the Board of Directors, regarding market risk management
  • Policy on the organizational framework: establishment of the division for market risk management (hereinafter referred to as the “Market Risk Management Division”), and the division which conducts clerical management for the market division and market transactions etc. (hereinafter referred to as the “Clerical Management Division”), granting of authority, etc.
  • Policy on setting limits for market risks
  • Policy on identification, assessment, monitoring and control of market risks (4) Revision of Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness, based on reports and findings of various investigations on the status of market risk management, in a regular and timely manner or on an as needed basis?
  1. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the Market Risk Management Division (hereinafter simply referred to as the “Manager” in this Attachment) develop internal rules that clearly specify the arrangements

216 concerning market risk management (hereinafter referred to as the “Market Risk Management Rules”) and inform the organization, in accordance with the Market Risk Management Policy? Has the Board of Directors or organization equivalent to the Board of Directors approved the Market Risk Management Rules, after determining whether they comply with the Market Risk Management Policy and after legal checks, etc.? (2) Appropriate Setting of Limits Based on the Market Risk Management Policy and Market Risk Management Rules, does the Board of Directors or organization equivalent to the Board of Directors investigate the content of each division’s operations, then consider the positioning in each division in the business, equity, profitability, risk management ability, personnel abilities, insurance benefit payment ability, etc., and set appropriate limits (risk limit, position, limit, asset investment limit, etc.) to suit each type and risk category of operations and products handled?2 Also, does it compare business strength such as equity vs. market risk amount, to check that the market risk amount is not excessive from the aspect of business strength? For example, in setting limits, are the following matters considered?

  • If complex risks are held, are limits managed while considering complex risks?
  • Is market liquidity considered? (3) Establishment of Market Risk Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors have a Market Risk Management Division established, and have the division prepared to undertake appropriate roles, in accordance with the Market Risk Management Policy and the Market Risk Management Rules?3 (ii) Has the Board of Directors allocated to the Market Risk Management Division a Manager with the necessary knowledge and experience to supervise the division, and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Market Risk Management Division an adequate number of staff members who have the necessary knowledge and experience to execute the relevant operations, and assigned such

2 There are “hard limits” which forcibly reduce positions and risks if the limit is exceeded, and “soft limits” which do not necessarily require forcibly reducing positions and risks and for which actions thereafter are discussed and decided by the Board of Directors or organization equivalent to the Board of Directors. The examination looks at whether limits are set appropriately to suit the actual transactions. 3 When the Market Risk Management Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division, or when a division in charge of other business also takes charge of market risk management, or when a Manager or Managers take charge of market risk management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the size and nature of the insurance company and its risk profile.

217 staff the authority necessary for conducting the aforementioned operations?4 (iv) Does the Board of Directors or organization equivalent to the Board of Directors keep the Market Risk Management Division independent from the asset investment division, Insurance Underwriting Division, etc., and secure a check-and-balance system of the Market Risk Management Division? (4) Development of Market Risk Management System in Asset Investment Division and Insurance Underwriting Division Through the Manager or Market Risk Management Division, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure effectiveness of market risk management, such as by providing a system to inform the divisions involving market risks to be managed (e.g. Asset Investment Division, Insurance Underwriting Division, etc.) about the internal rules and operational procedures which must be observed, and to ensure that such divisions observe them? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager to identify the internal rules and operational procedures that must be observed by the Asset Investment Division, Insurance Underwriting Division, etc., and to carry out specific actions for ensuring observance such as by providing effective training on a regular basis? (5) Development of System for Reporting to and Approval by the Board of Directors or organization equivalent to the Board of Directors Does the Board of Directors or organization equivalent to the Board of Directors appropriately specify matters that require reporting and those that require approval, and does it have the Manager report the status to the Board of Directors in a regular and timely manner or on an as needed basis, or have the Manager seek the approval of the Board of Directors? In particular, does it ensure that the Manager reports to the Board of Directors or organization equivalent to the Board of Directors without delay about matters that would seriously affect corporate management? (6) Development of System for Reporting to Corporate Auditor In the case that the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately, and does it provide a system to have the Manager directly report such matters?5 (7) Development of Internal Audit Guidelines and Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or Internal Audit Division Manager appropriately identify the matters

4 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of that deportment or post is reasonable in terms of a check-and-balance system and other aspects. 5 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report, and shall not restrict the authority and activities of the auditor in any way.

218 to be audited with regard to market risk management, develop guidelines that specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?6 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan, and provide a system to have these matters appropriately audited?

  • Status of development of the market risk management system
  • Status of compliance with the Market Risk Management Policy, Market Risk Management Rules, etc.
  • Appropriateness of market risk management IT system7
  • Appropriateness of the market risk management processes, commensurate with the size and characteristics of operations, as well as the risk profile
  • Validity of market risk measurement and analysis methods (techniques, assumptions, etc.)
  • Correctness and completeness of data used in market risk measurement and analysis
  • Appropriateness of management, considering limitations and weak points of market risk assessment and analysis methods (techniques, assumptions, etc.)
  • Appropriateness of stress test scenarios, etc.
  • Status of improvement of matters pointed out in an internal audit or in the last inspection (8) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner, by reviewing their effectiveness based on reports and findings on the status of market risk management in a regular and timely manner or on an as needed basis?
  1. Assessment and Improvement Activities
  1. Analysis and Assessment (1) Analysis and Assessment of Market Risk Management Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the market risk management system and the particulars thereof, and appropriately examine their causes by precisely analyzing the status of market risk management and assessing the effectiveness of market risk management, based on all information available regarding the status of market risk management, such as the results of audits by corporate auditors, internal audits and external audits, findings of various investigations, and reports from various divisions? In addition, if necessary, does it take all possible actions to find the causes by, for example, establishing fact

6 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan. 7 It should be noted that the computer system may be a centralized data processing environment system, distributed processing system, or end user computing (EUC) type. Same hereinafter.

219 findings committees, etc. consisting of non-interested persons? (2) Revision of Analysis and Assessment Processes Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner, by reviewing their effectiveness based on reports and findings on the status of market risk management in a regular and timely manner or on an as needed basis? 2) Improvement Activities (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the system, identified through the analysis, assessment and examination referred to in 3. 1) above, in a timely and appropriate manner based on the results obtained, by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner, by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner, by reviewing its effectiveness based on reports and findings on the status of market risk management, in a regular and timely manner or on an as needed basis?

220 II. Development and Establishment of Market Risk Management System by Manager Checkpoints

  • This chapter lists the check items to be used when the inspector reviews the roles and responsibilities to be performed by the Manager and the Market Risk Management Division.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements listed in this Attachment of Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the insurance company’s management fails to recognize problems found by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.
  1. Roles and Responsibilities of Manager (1) Development and Dissemination of Market Risk Management Rules Has the Manager, in accordance with the Market Risk Management Policy, decided the methods to identify, assess and monitor risks, and developed Market Risk Management Rules (consistent with the comprehensive risk management system) that clearly define the arrangements on risk control, based on a full understanding of the locations, types and nature of the market risks and management techniques? Does the Board of Directors or organization equivalent to the Board of Directors approve the Market Risk Management Rules, and are they made known throughout the organization? (2) Content of Market Risk Management Rules Do the Market Risk Management Rules exhaustively cover the arrangements necessary for insurance market management, and specify the arrangements appropriately in a manner befitting the sizes and natures of the business and its risk profile? Are the rules appropriate? For example, do they clearly write arrangements for the following items? Also, are the Market Risk Management Rules appropriate? Do they suit each type and risk category of operations and products handled?
  • Roles, responsibilities, and organizational framework of the Market Risk Management Division, market division and Clerical Management Division
  • Identification of risks which should be subject to market risk management
  • Market risk measurement and analysis methods (techniques, assumptions, etc.)
  • Monitoring methods for market risks

221

  • Setting limits for market risks
  • Periodic verification of market risk measurement and analysis methods (techniques, assumptions, etc.)
  • Current value calculations
  • Specified trading (if the insurance company establishes a specified trading account)
  • System for reporting to the Board of Directors or organization equivalent to the Board of Directors (3) Development of Organizational Framework by Manager (i) Based on the Market Risk Management Policy and Market Risk Management Rules, does the Manager provide for actions to have the Market Risk Management Division exercise a check-and-balance system, in order to conduct market risk management appropriately? (ii) Does the Manager provide a system which quickly reports to the Comprehensive Risk Management Division or Asset Investment Risk Management Division, if system weak points or problems are found which affect comprehensive risk management? (iii) Does the Manager understand the limitations and weak points of market risk measurement and analysis methods (techniques, assumptions, etc.), and provide a system for more advanced market risk management, such as greater scope and precision of market risk measurement which suits the size and characteristics of operations and the risk profile? (iv) Does the Manager provide a system in which the Market Risk Management Division can directly and appropriately obtain internal data and market data, such as required transaction information from the market division? Does he also provide a system which enables the Market Risk Management Division to directly command and supervise middle office operations, etc.? (v) Does the Manager provide a highly reliable IT system which can grasp all important market risks of that insurance company, and suits the size and characteristics of operations and its risk profile? (vi) Does the Manager ensure the provision of training and education systems to enhance the ability of employees to conduct market risk management in an effective manner, thus developing human resources with relevant expertise? (vii) Does the Manager provide a system to ensure that matters specified by the Board of Directors or organization equivalent to the Board of Directors are reported in a regular and timely manner or on an as needed basis? In particular, does the Manager provide a system to ensure that matters that would seriously affect corporate management are quickly reported to the Board of Directors or organization equivalent to the Board of Directors? (4) Revision of Market Risk Management Rules and Organizational Frameworks Does the Manager conduct monitoring on an ongoing basis, with regard to the status of the execution of operations at the Market Risk Management Division? Does the Manager review

222 the effectiveness of the market risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the Market Risk Management Rules and the relevant organizational framework, or present proposals for improvement to the Board of Directors or organization equivalent to the Board of Directors? 2. Roles and Responsibilities of Market Risk Management Division

  1. Identification and Assessment of Market Risks (1) Identification of Market Risks (i) Does the Market Risk Management Division bring to light the market risks faced by that insurance company? Considering the sizes and characteristics of the market risks brought to light, does it identify the market risks which should be subject to market risk management? When bringing these to light, does it ensure that this comprehensively covers the scope of operations, including risk categories (or risk factors) for interest rate risks, currency risks and price change risks for assets and liabilities (including off balance sheet), and overseas locations and important group companies? (ii) For risks held by that insurance company, are the following risks, for example, brought to light, and is it investigated whether these market risks should be managed? a. Interest Rate Risks Risk that changes in interest rates will affect present value (or period earnings) of assets and liabilities (including off balance sheet). As sources of interest rate risks, one must consider yield curve risk, basis risk and option risk. For example, the following assets have interest rate risks.
  • Stocks
  • Derivatives
  • Loans b. Currency Risks Risk that changes in currency rates will affect present value (or period earnings) of assets and liabilities (including off balance sheet). For example, the following have currency risks.
  • Foreign currency denominated assets and liabilities
  • Foreign currency transactions
  • Derivatives of the above (forwards, futures, swaps, options, etc.)
  • Assets and liabilities with cash flow determined by referring to currency rates (redemption amount, coupon rates, etc.) c. Price Change Risks
  • Stock Risks Risk that changes in stock price or stock price index will affect present value (or

223 period earnings) of assets and liabilities (including off balance sheet). For example, the following have stock risks.

  • Stocks
  • Warrant bonds
  • Derivatives of the above (forwards, futures, swaps, options, etc.)
  • Assets and liabilities with cash flow determined by referring to a stock or stock index, etc. (redemption amount, coupon rates, etc.)
  • Commodity risks Risk that changes in product price or product price index will affect present value (or period earnings) of assets and liabilities (including off balance sheet). For example, the following have commodity risks.
  • Derivatives of products (forwards, futures, swaps, options, etc.)
  • Assets and liabilities with cash flow determined by referring to a product price or product index, etc. (redemption amount, coupon rates, etc.) d. Other Market Risks Risk factors other than those with present value determined as mentioned in a, b and c above. For example, cash flow related to multiple indices, with assets and liabilities (including off balance sheet) determined by referring to multiple indices. (iii) For corporate bonds, credit derivatives, etc., for example, does the division bring to light risks that changes in credit spreads will affect present value (or period earnings)? Does it investigate whether they should be managed?8 (iv) For options, etc., for example, does the division bring to light the following risks? Does it investigate whether these market risks should be managed?
  • Risk (vega risk) that changes in volatility will affect present value (or period earnings).9
  • Non-linear portion of risk that the changes in underlying asset price will affect the present value (gamma risk).10 (v) If there are market risks which are not subject to market risk management, is it confirmed that they have minor effects? (2) Market Risk Measurement and Analysis (i) Does the Market Risk Management Division measure and analyze all risks subject to market risk management? Also, if earnings targets are set for each scope consistent with the insurance company’s organizational structure, assigned roles and responsibilities, etc., then are market risks measured and analyzed for each such scope?

8 Instead of identifying these as market risks, these are identified as market transaction related credit risks in some cases. 9 Vega risk is often classified as interest rate risk, currency risk, stock risk, commodity risk, etc., depending on the underlying asset. 10 Gamma risk is often classified as interest rate risk, currency risk, stock risk, commodity risk, etc., depending on the underlying asset.

224 (ii) Does the Market Risk Management Division measure present value (current price) of the position with a frequency which suits the size and characteristics of operations, as well as its risk profile? Also, are the greatest efforts made to obtain the current prices of items such as loans, for which there are no established techniques for obtaining current value? (iii) Does the Market Risk Management Division use appropriate market risk measurement and analysis methods (techniques, assumptions, etc.) which suit the size and characteristics of operations, as well as its risk profile? Also, are market risks measured and analyzed with consideration of both the factors which affect the present value of asset and liabilities (including off balance sheet), and the factors which affect period income? Note: Below are examples of techniques for measurement and analysis of market risks

  • Position balance, unrealized gain/loss, realized gain/loss
  • Gap analysis and static simulation analysis or dynamic simulation analysis, based on the asset maturity ladder, etc.
  • Sensitivity analysis (duration, basis point value (BPV), grid point sensitivity (GPS), etc.)
  • Scenario analysis using static simulation and dynamic simulation
  • Value at Risk (VaR)
  • Earnings at Risk (EaR) (iv) Does the Market Risk Management Division ensure the validity of its pricing models, risk measurement and analysis techniques (or measurement models), assumptions, etc.? For its pricing models and risk measurement techniques, does it use concepts and risk measurement techniques which are generally accepted in the financial industry? (3) Measurement of Risk Amounts by a Uniform Scale If market risk amounts are quantitatively measured by a uniform scale, does the Market Risk Management Division use a uniform scale to measure all identified risks subject to market risk management? If there are risks which cannot be sufficiently grasped by a uniform scale or which are not being measured, is supplementary information used to consider all identified risks subject to market risk management? (4) Stress Tests Does the Market Risk Management Division measure the amounts of changes in present values of assets and liabilities (including off balance sheet) during stresses of market risks, etc., periodically or as needed? Are appropriate stress test scenarios hypothesized and stress tests implemented, considering the large changes in the external environment (economy, markets, etc.) which occurred in the past, and the situation of the size and characteristics of the operation as well as its risk profile?
  1. Monitoring (1) Market Risk Monitoring

225 Based on the Market Risk Management Policy and Market Risk Management Rules, does the Market Risk Management Division consider the situation of that insurance company’s internal environment (risk profile, situation of use of limits, etc.) and external environment (economy, market, etc.), and monitor the status of that insurance company’s market risks with at appropriate frequency? For example, for an insurance company with a strategy of making active market transactions, does the Market Risk Management Division monitor the positions and loss amounts of major instruments (including major instruments in the specified trading account) during the day as needed? Also, does it understand the portfolio status periodically or as needed? Does it monitor the status of the internal environment and external environment, and validity of assumptions? (2) Monitoring of Situation of Compliance with Limits Does the Market Risk Management Division appropriately monitor the status of compliance with and use of limits? For example, for an insurance company with a strategy of making active market transactions, does the Market Risk Management Division monitor the status of compliance with limits during the day as needed? Does it provide and appropriately operate a position earnings management IT system for each investment manager or each portfolio? (3) Reporting to the Board of Directors or organization equivalent to the Board of Directors Based on the Market Risk Management Policy and Market Risk Management Rules, does the Market Risk Management Division directly report periodically or as needed on the status of market risk management and the status of market risks, providing information enabling appropriate assessment and decisions by the Board of Directors or organization equivalent to the Board of Directors? For example, does it report on the following items?

  • Market risk profile and its trend
  • Situation of compliance with and use of limits
  • Portfolio status
  • Characteristics (limitations and weak points) and validity of market risk measurement and analysis methods (techniques, assumptions, etc.) (4) Feedback to Market Division Does the Market Risk Management Division provide the market division, etc. with feedback on results of measurement, analysis and results regarding the situation of market risks?
  1. Control (1) Handling if there are Unmanageable Market Risks If risks not subject to market investment risk management do not have minor effects, or if risks subject to management cannot be appropriately managed, then does the Market Risk Management Division provide reports to the Board of Directors or organization equivalent to the Board of Directors, with information enabling it to decide on whether to eliminate or

226 shrink operations related to such risks? (2) Response when Limits are Exceeded When limits are exceeded, does the Market Risk Management Division quickly provide reports to the Board of Directors or organization equivalent to the Board of Directors, with information enabling it to decide whether to reduce positions, risks, etc.? (3) Portfolio Review Does the Market Risk Management Division provide a system for timely and appropriate review of the portfolio when securities are sold to provide liquidity, dividends or to cut losses. 4) Verification and Revision (1) More Advanced Market Risk Management11 Does the Market Risk Management Division examine to understand the limitations and weak points of market risk measurement and analysis methods (techniques, assumptions, etc.), and take actions to supplement these methods? Also, considering these limitations and weak points, does the division investigate, analyze and study for advanced market risk management commensurate with the risk profile? (2) Revision concerning Identification of Market Risks Does the Market Risk Management Division periodically or as needed check whether risks which are not subject to market risk management have large effects, due to changes in the size and characteristics of operations as well as in its risk profile, and changes in the external environment (economy, market, etc.)? Also, if such effects are deemed large, are appropriate responses taken? (3) Revision of Market Risk Assessment Methods (i) Does the Market Risk Management Division verify whether its market risk measurement and analysis scope, frequency, techniques, etc. suit the size and characteristics of operations as well as it risk profile, periodically or as needed? If revisions are needed, are they made by appropriate procedures based on internal rules, etc.? (ii) Does the Market Risk Management Division theoretically and empirically verify the validity of and revise its pricing model, market risk measurement and analysis techniques, assumptions, etc., periodically or as needed? Also, does the Market Risk Management Division compare the market risk measurement results vs. the actual earnings trends, to verify the effectiveness of and revise its market risk measurement methods? (4) Revision of Limit Setting Methods and of Limits Set Does the Market Risk Management Division verify whether the limit setting methods and

11 It should be noted that sophistication of risk management includes not only expansion of scope of risk measurement and improvement in precision and other aspects of risk management, but also enhancement of actions to complement the limitations and weaknesses of the management and the technique of utilizing measurement results.

227 limits set suit the size and characteristics of operations as well as it risk profile, periodically or as needed? If revisions are found necessary, does it quickly report information enabling appropriate assessment and decisions by the Board of Directors or organization equivalent to the Board of Directors? (5) Revision of Strategic Goals Does the Market Risk Management Division compare its market risk measurement results vs. the actual earnings trends, to verify the validity of its risk/return strategy? Does the Market Risk Management Division report information required for revising strategic goals, to the Board of Directors or organization equivalent to the Board of Directors?

228 III. Specific Issues Checkpoints

  • This chapter lists the check items for the inspector to examine individual specific problems, in accordance with the actual situation of market risk management.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapters I. and II. are absent or insufficient, thus causing the said problem, with the use of this Attachment for those chapters, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems found by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.
  1. Market Operations Management (1) Appropriate Market Operations Management Does the market division conduct appropriate market operations management, based on Market Risk Management Policy, Market Risk Management Rules, etc.? Does the Market Risk Management Division monitor whether there is appropriate market operations management, such as risk control in the market division? Does it report to the Board of Directors or organization equivalent to the Board of Directors, periodically or as needed? Are improvement actions taken quickly if market operations management are not being conducted based on strategic goals, Market Risk Management Policy, Market Risk Management Rules, etc.? (2) Transactions at Proper Prices Does the market division trade at proper prices? Does the Market Risk Management Division use the criteria of deviation from the actual market to check whether the market division trades at proper prices? (3) Limit Management (i) If limits are exceeded (risk limits, position limits, loss limits, etc.), or at risk of being exceeded, is there a framework for fast reporting to the Manager, and are authority and responses clearly established in internal rules? Also, do these internal rules state that the company cannot continue to hold a position with limits exceeded (if hard limits)? (ii) Are limits set in each division revised periodically (at least once each six months)? Also, for an insurance company with a strategy of making active market transactions, are clear

229 instructions given for the areas of responsibility of investment managers? (iii) Are internal rules on limits strictly applied? Also, if problems are found in the internal rules or operation, are appropriate improvement actions taken? (4) Analysis of Profit/Loss Situation and Checking of Inappropriate Handling For settlement operations, is there economically irrational, unsound handling, using derivative transactions including purchases of structured bonds, etc.? Also, if the market division produces excessive earnings, does the Market Risk Management Division analyze its factors, and check whether it is due to inappropriate handling such as evasion of internal rules? Does the Market Risk Management Division inspect relations between contract amount, notional principle, transaction volume, etc.? (5) Communication and Reporting to the Market Risk Management Division Does the market division quickly and correctly communicate all market risk related information to the Market Risk Management Division? If problems occur in market risk management, is this quickly and correctly reported to the Market Risk Management Division, instead of being handled by the people in charge or within the market division? (6) Development of Checks and Balances Framework (i) If there is not unified administration of the IT systems of the market division, Market Risk Management Division and Clerical Management Division, does the Market Risk Management Division obtain position information, etc. from both the market division and the Clerical Management Division, and check that there are no inconsistencies in position information, etc.? (ii) Does the Market Risk Management Division obtain the staff required for monitoring transactions? (iii) Does the Market Risk Management Division periodically closely inspect and analyze to check whether there are abnormalities in the appearance of period profits (including unrealized gains and losses)? For example, does it examine by comparing against risk amounts? (iv) Are the following matters kept in mind for wielding a checks and balances function?

  • By collusion between an investment manager and a person working in the Clerical Management Division, is the investment manager in a position where he can directly operate the accounting IT system, enabling him to give instructions?
  • Is there the problem of a veteran investment manager who also individually has the strong trust of his superior (director in charge, etc.), and in a sacred position vs. other staff? Is there awareness that if specific human resources are relied on, human risks increase?; is this carefully managed?
  • Is there a problem of management without properly functioning checks and balances? For example, is the confirmation group established under the Manager of the market

230 division, or is the same person serving as Manager of both the market division and Clerical Management Division?

  • For the transaction situations of investment managers, is recorded content compared against transaction records, by methods such as recording 24 hours and periodically extracting data? Is recorded sound stored for a certain period of time? Is storage and management of recordings managed by a section separate from the market division and Clerical Management Division (Market Risk Management Division, etc.), or other section of the Clerical Management Division with separated job responsibilities? It is desirable that phone calls of the Clerical Management Division also be recorded, to enable checking at a later date. When recordings of transaction situations of investment managers are compared against transaction records, instead of using recorded sound to check the transaction records, is it checked whether there are all transaction records pertaining to recorded sound?
  • Are investment managers thoroughly informed that the recorded sound of transaction situations of investment managers is periodically compared against transaction records? (7) Clerical Management System of Market Transactions (i) Strict Clerical Processes Are transactions in currencies, funds, securities, etc. and their derivatives handled strictly in accordance with internal rules and operational procedures? For example, are the following done for each market transaction? a. Does the Clerical Management Division for market transactions know about every single transaction? (For example, final checks on IT system inputs, checks by time stamps and serial numbers on transaction records) b. Are transaction details input without delay? c. For transaction record errors detected at the checking and adjustment stage, are corrections checked by the Manager of the Clerical Management Division for market transactions? d. Is there appropriate management and recording of transaction records which were incompletely handled because they will be processed in the future? e. Are confirmations sent and received by people other than people working on market transactions? f. Are confirmations appropriately compared against transaction records? g. Are there appropriate saving and storage conditions for transaction records, confirmations, etc.? h. Does the Internal Audit Division check evidence documents such as individual transaction records of the market division and Clerical Management Division for market transactions? Are they saved based on storage period (at least one year) established in internal rules and

231 operational procedures, etc.? (ii) Comparisons of Transactions, Balances, etc. Is transaction data in the market division compared against that in the Clerical Management Division for market transactions? If errors are found, is the cause found quickly, and is the data corrected based on previously established methods? For example, for securities transactions, are positions in the investment IT system of the market division compared periodically (at least once per year) against the balance (after checking) of securities held in accounts for the custody division and the financial instrument specialists in the Clerical Management Division? 2. Funds

  1. Screening Management (1) Decision Making Process When purchasing, are fund characteristics and corresponding risks understood, and does it pass through a decision making process based on internal rules, etc.? For example, are these appropriately checked: fund’s structure, investment manager risks, liquidity risks, and limitations of that insurance company’s management methods? (2) Screening During Purchase In screening during purchase, are the following matters appropriately checked based on selection criteria?
  • Investment strategy
  • Risk management policy and methods
  • Volatility
  • Stability of earnings
  • Leverage characteristics and policy (3) Obtaining Information Does the contract include information disclosure at an appropriate frequency? Also is the content of information disclosure sufficient for risk management?
  1. Ongoing Risk Management (1) Execution of Appropriate Risk Management Is risk management performed with sufficient understanding of product characteristics and the actual status of funds, such as whether there are audits and long or short term contract cancellation periods? (2) Understanding of Investment Status Are investment reports, etc. used to verify and check whether investments are in accordance

232 with previously explained investment strategy and investment guidelines? Also, are investment style changes checked appropriately? In addition to held amounts, are commitment amounts also checked appropriately? (3) Obtaining Information Is there a contract maintained for information disclosure at an appropriate frequency, sufficient for risk management? Is it complied with? 3) Other (1) Current Value Assessment Is the validity of each element for deciding current value verified and checked? For example, methods of assessing fund investment assets, and other basic matters. (2) Risk Amount Measurement Are risk amounts measured appropriately, corresponding to fund characteristics? Also, if investment limits are set according to risk amounts, are the measured risk amounts within the range of limits set appropriately by considering business strengths such as equity? 3. Securitization Products (1) Screening Management During purchase, is there awareness and understanding of the characteristics and corresponding risks of securitization products, etc.? Do these pass through a decision making process based on internal rules? For example, are the following points appropriately understood and investigated? Also, if external ratings are used, is a system provided to avoid excessive reliance on external ratings? For example, are rating techniques and meanings of ratings of rating agencies accurately understood in advance?

  • Content of underlying assets
  • Situation of senior-subordinate structure, liquidity enhancement and credit enhancement
  • Content of credit events
  • Operation and management related abilities and frameworks of participants, such as the originator which operates and manages the underlying asset portfolio (2) Execution of Appropriate Risk Management For risk management of securitization products, etc., in addition to focusing on the points related to screening management listed in 3.(1) above, the following matters shall be verified. (i) Is market liquidity of securitization products, etc. appropriately understood? For example, are the following points appropriately understood?
  • Comparison of market size against investment amount
  • Price spreads between the market’s sellers and buyers, and actual sellable price levels
  • Changes in market environment, by analyses of various indices, etc. (indices for

233 securitization products, etc.)

  • Securitization portfolio gains and losses, using stress scenario with market liquidity drying up (ii) Is there a system in place for investigating a timely response when concerns appear regarding market liquidity of securitization products, etc.? (iii) In trading CDS, are appropriate transaction practices adopted, from the viewpoint of enhancing transaction safety? (3) Current Value Assessment (i) Does current value assessment use frequently traded prices if they exist? Even if such prices do not exist, is it rationally assessed while considering trading frequency and buy-sell spreads? Also, if a current value assessment model is used, is it understood that the model is created based on certain assumptions? Is it appropriately verified, with periodic revision of the model’s assumptions and logic, including verification of whether they appropriately reflect actual market conditions and credit risk situations? (In the case of insurance which guarantees credit risks, for example, is there assessment during underwriting, are credit risk changes thereafter understood, and are liability values reassessed as needed?) (ii) If current value information is obtained from a third party, is it requested to provide as much information as possible on assessment techniques, and are there efforts to verify the validity of such assessments? Also, if using a current value assessment model provided by a third party, is that third party requested to provide as much detailed information as possible, with efforts to understand the model’s assumptions, characteristics and limitations? (4) Counterparty Credit Risk In derivative transactions, are the credit risks of major counterparties appropriately managed? For example, including the following points?
  • Management of exposure, by each counterparty and by each counterparty type
  • Understanding of risks by greater exposure, for example due to changes in current values of reference assets for derivative transactions
  • Confirmation of effectiveness of collateral and other credit enhancement actions
  1. Market Risk Measurement Techniques12
  1. Establishment of Market Risk Measurement System (i) Is the market risk measurement system operated in a form with no conceptual problems nor omissions? (ii) Based on Market Risk Management Policy, is the position of market risk measurement

12 Risk amount does not only refer to measurement by statistical techniques. It also includes techniques such as basis point value (BPV) and grid point sensitivity (GPS).

234 techniques clearly established? For example, are they managed with understanding of the following matters? Is it also checked that there are no problems with important group companies? a. That insurance company’s strategic goals, size and characteristics of operations, and risk profile b. Basic design concept of market risk measurement techniques, considering a. above c. Based on b. above, identification and measurement of market risks (scope, techniques, assumptions, etc.) d. Characteristics (limitations and weak points) of market risk measurement techniques which result from c., and validity of those techniques e. Content of back testing for verifying d. (if use statistical techniques to measure risk amounts) f. Content of stress tests executed to supplement e. (if use statistical techniques to measure risks) (iii) If capital allocation operations13 are done, is capital allocation operations policy created with consideration of the results calculated by market risk measurement techniques? If there are market risks not subject to measurement, are there rational reasons for them not being measured? Also, is capital allocated with full consideration of those unmeasured risks? 2) Appropriate Involvement of Directors and Corporate Auditors (1) Understanding of Market Risk Measurement Techniques (i) Do directors understand that decisions concerning market risk measurement techniques and risk limits have serious implications for the insurance company’s corporate management and financial conditions? (ii) Does the director in charge of market risk management understand the market risk management techniques required for the business of the insurance company, and have a grasp on the nature (limitations and weaknesses) thereof? (iii) Do directors and corporate auditors seek to enhance their understanding of the market risk management techniques, by participating in training courses or through other means? (2) Approach to Market Risk Management (i) When needed, do directors involve themselves actively in market risk management based on the market risk measurement technique? (ii) Does the Board of Directors clearly establish the basic approach of market risk measurement techniques required for the operations of that insurance company? (iii) Does the Board of Directors consider the results of stress tests, when creating Market Risk

13 See the Checklist for Comprehensive Risk Management.

235 Management Policy and Market Risk Management Rules, etc.? 3) Establishment of Independent Market Risk Management Division (1) Ensuring Independence of Market Risk Management Division Is a Market Risk Management Division established which bears responsibility for design and operation of the market risk management system, with independence from the market division? (2) Clarification of Roles and Responsibilities of Market Risk Management Division Are the roles and responsibilities of the Market Risk Management Division clearly established in the Market Risk Management Rules? (3) Roles and Responsibilities of Market Risk Management Division (i) Does the Market Risk Management Division directly report calculation results of market risk measurement techniques, to the director in charge and the Board of Directors or organization equivalent to the Board of Directors? (ii) Does the Market Risk Management Division thoroughly inform all related divisions about internal rules and operational procedures, etc. which must be complied with? (iii) Does the Market Risk Management Division appropriately analyze and study results obtained from market risk measurement techniques? 4) Assignment of Staff for Market Risk Management (i) Are staff obtained who are skilled in using market risk measurement techniques and pricing models, corresponding to the operations of each division (market division, Market Risk Management Division, Clerical Management Division, Internal Audit Division, etc.)? (ii) Does the Manager have sufficient knowledge and experience in market risk measurement techniques and pricing models? 5) Research Framework for Market Risk Measurement Techniques Is a framework in place for researching market risk measurement techniques? For example, are the following matters being researched?

  • Response to limitations and weak points of market risk measurement techniques
  • Preventing obsolescence of market risk measurement techniques
  • Response to changes in market risk composition of portfolio
  • More advanced and precise market risk measurement techniques
  1. Development of Internal Rules on Market Risk Measurement Techniques (1) Development of Internal Rules Is there development and periodic revision of internal rules and operational procedures which

236 describe the policy, management and procedures for operation of market risk measurement techniques? Also, is consistency ensured with internal rules and operational procedures on the market risk management system? (2) Compliance with Internal Rules Is a system provided for compliance with internal rules and operational procedures, etc.? 7) Work on Market Risk Management Techniques in Usual Market Risk Management Procedures (1) Reporting of Market Risk Measurement Results (i) Are market risk measurement results quickly incorporated in a risk report, and reported to the Manager? (ii) If calculation results of market risk measurement techniques exceed limits, are appropriate responses taken? (iii) Is a report summarizing the status of major market risks, including comments to the Manager, prepared periodically and reported to the Manager? (2) Analysis and Use of Market Risk Measurement Results (i) Are calculation results of market risk measurement techniques appropriately analyzed, and used in market risk management? (ii) Does each related division use risk reports in its daily market risk management? (iii) Are market risk measurement results used sufficiently in creating strategic goals, Market Risk Management Policy and Market Risk Management Rules, as well as in monitoring, etc.? Are they also incorporated into investment policy and limits? (iv) Are market risk amounts calculated by market risk measurement techniques, then analyzed in relation to limits and earnings targets? (v) Are the calculation results of market risk measurement techniques (for example, Value at Risk (VaR)) used for performance assessment? Is performance assessed based on risk/return analysis using calculation results of market risk measurement techniques, for each earnings unit consistent with internal management? (3) Appropriate Operation of Market Risk Measurement Techniques (i) Is there appropriate handling of procedures for changing market risk measurement techniques? (ii) When changing market risk measurement techniques, is it checked that they are consistent with Market Risk Management Policy, and are they communicated to related divisions and important group companies? (iii) It is desirable that the market division and Market Risk Management Division use the same calculation results of market risk management techniques in their market risk management. But if not the same, are such differences understood?

237 8) Market Risk Measurement (1) Ensuring Appropriateness of Market Risk Measurement Techniques (i) Are market risk measurement techniques used which incorporate all important market risks held by the insurance company? If there are market risks which are not subject to measurement, is the validity of their unimportance confirmed? (ii) In adopting market risk measurement techniques, is it decided to adopt them after using test data to study and compare against results calculated by other measurement techniques? (2) Market Risk Measurement Techniques Incorporated into IT Systems (i) Do market risk measurement IT systems correctly incorporate market risk measurement techniques (measurement techniques, assumptions, etc.) and their changes? (ii) Is consistency ensured between the IT systems of the market division, Market Risk Management Division and Clerical Management Division? For example, it is desirable that the market division and Market Risk Management Division use the same models (market risk measurement models, pricing models, risk factor calculation techniques, etc.); but if not the same, are such differences understood? (3) Incorporation of Data into IT System (i) Are specific operating standards established and implemented, for obtaining data with appropriate timing, and finding and handling abnormal data? (ii) Is data error checking done? (iii) Are proper sources used for external data? If different sources are used, are there rational reasons, and are they consistent? Are there no problems regarding consistency, timeliness, reliability and independence of data sources? (iv) Are the correctness and completeness of positions data ensured? For example, is the process for input of transactions data by a direct link? Are manually input parts reviewed to check data correctness? (4) Handling of New Products etc. For New Products etc., are characteristics of market risks certainly understood before work begins, and are these incorporated into market risk measurement techniques? If not subject to market risk measurement techniques, are there valid reasons for not measuring them? 9) Back Testing (If Use Statistical Techniques to Measure Risk Amounts) (1) Back Testing Execution (i) Are there documented aims, execution methods, frequency, analysis procedures and reporting procedures for back testing? (ii) Is backtesting periodically executed using gains and losses actually generated, or using hypothetical gains and losses generated if the portfolio was held unchanged? To verify the

238 appropriateness of market risk measurement techniques, are gains and losses used which are suitable for statistical verification? (iii) If correlations measured from past data are considered in each broad risk category (Interest rate, currency, stock and commodity risks. However, option volatility is included in related risk categories), is back testing executed as needed for each broad risk category corresponding to the operations? (2) Analysis of Back Testing Results (i) When gains and losses exceeded the calculation results of market risk measurement techniques, are the causes analyzed and investigated, and models revised according to the causes? (ii) Are appropriate responses taken, corresponding to the number of times that gains and losses exceeded the calculation results of market risk measurement techniques? (iii) Based on results of back testing, is there understanding of the characteristics (limitations and weak points) of market risk measurement techniques and risks not captured, and are required responses taken to ensure the reliability and appropriateness of market risk measurement techniques? (iv) Are back testing results and their analysis and investigation details reported to the director in charge and Board of Directors or organization equivalent to the Board of Directors? For when back testing results and analysis finds problems are in the appropriateness of market risk measurement techniques, is a system ensured for quickly reporting to the Board of Directors or organization equivalent to the Board of Directors, and for preparing responses? 10) Stress Testing (If Use Statistical Techniques to Measure Risk Amounts) (1) Stress Testing Execution (i) Are there documented aims, execution methods, frequency, analysis procedures and reporting procedures for stress testing? (ii) Are stress tests appropriately executed periodically or as needed? (iii) Are major transactions covered by risk factors subject to stress tests? Also, are risk factors not subject to stress tests revised when needed? (2) Setting of Stress Scenarios Are scenarios set which incorporate matters which could have major effects on the insurance company, and which supplement the limitations and weak points of market risk measurement techniques?

  • Are stress scenarios set and applied to the current portfolio, using changes in market conditions during serious turmoil in the past which combined large price changes and sudden reduction in liquidity?
  • Are stress scenarios set which hypothesize the worst conditions for that insurance

239 company’s portfolio?

  • Do the stress scenarios incorporate that insurance company’s risk characteristics? For example, is there consideration of price characteristics of options, and instruments which have option-like qualities?
  • Are stress scenarios set for cases with the collapse of assumptions of market risk measurement techniques, etc.? (3) Use of Stress Test Results Are stress test results and their analysis and investigation details reported to the director in charge and Board of Directors or organization equivalent to the Board of Directors? For when a stress test predicts large losses, is a system ensured for quickly reporting to the Board of Directors or organization equivalent to the Board of Directors, and for preparing responses? Also, are these used to prepare responses corresponding to stress test results, and to incorporate them into investment policy and setting of limits?
  1. Verification of Correctness and Appropriateness of Market Risk Measurement Techniques (If Use Statistical Techniques to Measure Risk Amounts) (i) Are the correctness and appropriateness of market risk measurement techniques verified by people who are independent from development of market risk measurement techniques and who have sufficient abilities, during development and periodically thereafter? Is this also verified if there is possible loss of correctness and appropriateness of market risk measurement techniques due to important changes to market risk measurement techniques, market structure changes, or large changes in portfolio composition? (ii) Are risks not underestimated for market risk measurement techniques, due to inappropriate assumptions, etc.? (iii) Is back testing done to verify the correctness and appropriateness of market risk measurement techniques? For example, is verification enhanced by medium and long term analyses? (iv) Are models verified by appropriate techniques in light of the insurance company’s portfolio and structure of market risk measurement techniques, thereby obtaining valid verification results? (v) Does verification use hypothetical portfolios, for assessment with market risk measurement techniques which appropriately grasp effects which could arise from the portfolio’s structural characteristics?
  2. Records on Market Risk Measurement Techniques (If Use Statistical Techniques to Measure Risk Amounts) For the investigation process when selecting market risk measurement techniques,

240 assumptions, etc. as well as the grounds for decisions, is a framework in place to save detailed records for later verification, more precise and advance measurements, and to enable other people to take over the process? For example, are the following records saved?

  • Basic design concepts
  • Summary of market risk measurement techniques, and detailed written explanations (measurement techniques, assumptions, etc.)
  • Results of investigation for selecting market risk measurement techniques, and grounds for decisions
  • Details of executed verification of correctness and appropriateness of market risk measurement techniques, investigation results, and grounds for judgment
  • Execution of back testing and stress tests, their investigation results, and grounds for judgment
  • Pricing models for each instrument
  1. Audit (If Use Statistical Techniques to Measure Risk Amounts) (1) Development of Audit Program Is an audit program developed which exhaustively covers audits of market risk measurement techniques?
  • Are people working on internal audits skilled in market risk management techniques?
  • Are internal audits done at least once per year? (2) Audit Scope of Internal Audits Do internal audits cover the following matters?
  • Consistency between market risk measurement techniques, strategic goals, operation size and characteristics, and risk profile
  • Appropriateness of operations, considering the characteristics (limitations and weak points) of market risk measurement techniques
  • That records on market risk measurement techniques are documented appropriately, and updated without delay
  • Appropriate assignment of staff skilled in using market risk measurement techniques and pricing models
  • That calculation results of market risk measurement techniques are integrated into daily market risk management
  • Appropriateness of process for approving new models, including pricing models and market risk measurement techniques
  • Appropriate incorporation of changes in measurement techniques into the market risk management process
  • Suitability of scope of subject measurements understood by market risk measurement

241 techniques

  • That there is nothing missing in the IT system for managers
  • Rationality of pricing model’s logic
  • Validity of market risk measurement techniques, assumptions, etc.
  • Correctness and completeness of data used in market risk measurement
  • Consistency, timeliness, reliability and independence of data sources used when operating the market risk measurement techniques
  • Proper back testing process and results
  • Proper stress testing process and results
  • Appropriateness of periodic verification of market risk measurement techniques (3) Use of Internal Audit Results Does the Market Risk Management Division appropriately revise market risk measurement techniques, considering the results of internal audits? (4) Use of External Audit Results Are external audits executed appropriately (scope, frequency and depth), considering the content of operations and the execution situation of internal audits? Also, does the Market Risk Management Division appropriately revise market risk measurement techniques, considering the results of external audits?
  1. If Using Market Risk Measurement Models Developed by External Businesses14 (1) Appropriateness of Market Risk Measurement System (i) Do people working in the insurance company have sufficient knowledge about measurement techniques, and understand the process of modeling market risk measurement? (ii) Do the insurance company’s Market Risk Management Division and Internal Audit Division theoretically and empirically verify the validity of measurement techniques? (2) Proper Market Risk Measurement Models (i) Are there no black box parts of measurement models? If there are black box parts, is the validity of the quantitative models verified? (ii) Are consistency and correctness of data used in measurements ensured? (iii) Are measurement models chosen to suit the size and characteristics of the insurance company’s operations and its risk profile? (3) Management of Businesses Developing Market Risk Measurement Models (i) Is work outsourced to model development businesses which enable continuous model usage, and can work for more precise and advanced models? Is there periodic assessment of the businesses developing models?

14 If market risk measurement is outsourced, examine by suitably applying these examination items.

242 (ii) Are development businesses selected which have sufficient support frameworks for users of market risk measurement (training, consulting and maintenance)? (iii) Is there a system in place for receiving reports on the situation of verification of validity of measurement models of model development businesses, periodically or as needed? 6. IT System Development (1) Development of Investment Support IT System Is an investment support system provided which for all major instruments handled, enables current value assessment of positions of each investment manager (or unit) and each location, on a real time or at least a daily basis? Also, in insurance companies with a strategy of making active market transactions, is an IT system provided for position earnings management by each investment manager or each position? (2) Development of Computer System for Clerical Processes Is an accounting and information computer support system provided and managed, which sufficiently performs basic clerical processing, settlement and management of all major instruments handled? 7. Current Value Calculation (1) Development of Internal Rules From the viewpoints of eliminating arbitrariness of accounting processes and ensuring transparency, the Board of Directors or organization equivalent to the Board of Directors must establish clear internal rules, and continually use them. Are at least the following matters established? Also, are these internal rules treated as important rules, and when changing rules, are procedures followed which are equivalent to when establishing rules? a. Authority and duties of Manager of division which calculates current value b. Duty of compliance with internal rules, etc., and procedures for changing them c. Basic approach to current value calculation methods

  • Current value calculation by another organization independent from organizations which conduct specified transactions and non-specified transactions
  • Current value calculation methods (if current value calculation methods are established in other documents, the provisions in such documents)
  • If an organization which has front office functions must participate in calculation of current value, the method of its participation (2) Independence of Current Value Calculation Division From the viewpoint of ensuring fairness of current value calculation methods, is the market division different from the division in charge of calculating current value? Is the market

243 division not involved in calculations in a way causing loss of objectivity by the division in charge of current value calculation? (3) Ensuring Objectivity of Current Value Calculation (i) Is a current value calculation outline established based on internal rules, and is it used continually? Also, if a need arises for changing calculation methods due to system revision, development of assessment techniques, etc., are they quickly changed based on internal rules, etc.? Is the status of changes in calculation methods clear? (ii) To ensure fairness and validity of the current value calculation outline, is it checked by another division (for example, risk management division, Internal Audit Division, etc.) independent from the market division (division which has the so-called front office function) and the division which develops insurance products? Is it then appropriately approved by a person who has approval authority? Also, is the situation of that outline’s implementation periodically checked by another division which is independent from the market division, the division which develops insurance products, and the division in charge of calculating current value? (iii) Are current values properly calculated, based on the “Accounting Standard for Financial Instruments” (Accounting Standards Board of Japan)? Also, are current values calculated with self-responsibility? Especially if current value information is obtained from third parties, do users themselves periodically verify the validity of current values after obtaining them? (iv) Is the situation of ensuring objectivity of current value calculation included in emphasized matters of internal audits? 8. Specified Transaction Related (If Insurance Company Establishes a Specified Trading Account) (1) Development of Internal Rules From the viewpoints of eliminating arbitrariness in segmented accounting and ensuring transparency, the Board of Directors or organization equivalent to the Board of Directors must establish clear internal rules, and continually use them. In addition to the items in III.7.(1), are at least the following items established? Also, are these internal rules treated as important rules, and when changing rules, are procedures followed which are equivalent to when establishing rules? a. Based on the definition of “Specified Trading Aims,” clear investment rules related to segmented accounting

  • Definition of specified trading aims
  • Clear organizational divisions according to trading aims (personnel divisions by unit) and independent decision making authority

244

  • Restrictions on investment managers holding dual posts, in an organization which conducts specified trading and another organization
  • Prohibition on transfers between accounts (however, not prohibited if within a scope with notification to the authorities, based on laws and regulations)
  • Market limitations of trading counterparties of specified trading securities, and awareness of hedging aims b. Authority and duties of Manager of division which conducts specified trading c. Duty of compliance with internal rules, etc., and procedures for changing them d. If internal transactions are done, their rules and management methods
  • Definition of internal transactions and subject matters
  • Basic policy if internal transactions are done
  • Internal transactions approval by another organization independent from the front office organization
  • If internal transactions are done, approval procedures and documents saved e. Rules if consigned transactions are done (2) Organization and Staff Separation It is desirable that an organization which does transactions involving the specified trading account (at least organizations which have a so-called front office function) is an organization at the level of unit (for example, office, section or group) or larger, and has an organizational and personnel composition which is different from an organization which does similar transactions but does transactions involving the non-specified trading account with different aims. If specified trading and target assets are objectively and clearly separated from other transactions and assets, and if no risks of accounting manipulation are found, then the organization does not necessarily need to be divided. (3) Management of Books In specified trading account related books, can specified trading and target assets be managed clearly separated from other transactions and assets? (4) Prohibition of Non-Specified Trading Account Related Transactions by an Organization which does Specified Trading Account Related Transactions The organization which does transactions involving the specified trading account does not do transactions involving the non-specified trading account (nor vice-versa)? (However, this excludes a situation where specified trading and target assets are objectively and clearly separated from other transactions and assets, and no risks of accounting manipulation are found) (5) Prohibition of Arbitrary Account Selection Are there no arbitrary decisions on accounts, such as having transactions which normally

245 should be processed in the non-specified trading account processed instead as transactions in the specified trading account, for reasons such as market risk countermeasures? (6) Proper Internal Transactions For internal transactions in the same insurance company, accounting system differences can be used to post gains/losses. Therefore, from the viewpoint of eliminating arbitrary transactions, are internal transactions done properly in accordance with the “document which writes matters concerning handling when internal transactions are done” for the notification of establishing a specified trading account (or internal rules on specified trading accounts)? (7) Ensuring Objectivity of Current Value Calculations To ensure objectivity of current value calculations in the specified trading account, are the following matters especially included as points to keep in mind for internal management? a. Are there no violations of transaction scope limited by rules? (Inter-account trading cannot be done for securities exchange transactions, securities related transactions, nor acquisitions or transfers of monetary claims) b. Are internal transactions done appropriately based on internal rules, for example using current value? Are internal checks and balances functioning effectively? c. Are transactions clearly designated as internal transactions on slips, with separate custody? d. Are gains/losses not intentionally adjusted? (8) Information Disclosure From the viewpoint of disclosure, are the following matters disclosed regarding appropriate segmented accounting, and objective understanding and management of current value? a. Framework of specified trading account (definition of “transactions with specified trading aims,” specific target instruments, organizational divisions, etc.) b. Means to ensure objectivity of current prices c. Financial information concerning specified trading account

246 (Attachment 2) I. Development and Establishment of Credit Risk Management System by Management Checkpoints

  • Credit risk refers to the risk that due to worse financial conditions at the credit recipient, the value of assets (including off balance sheet assets) decreases or disappears, and the insurance company bears a loss. Within this, “country risk” in particular refers to risk that the insurance company bears a loss on credit provided to overseas, due to foreign exchange conditions, political and economic conditions, etc. of the country of the credit recipient.
  • The development and establishment of a credit risk management system at an insurance company is extremely important from the viewpoint of ensuring the soundness and appropriateness of the company’s business. Therefore, the company’s management is charged with and responsible for taking the initiative in developing and establishing such a system.
  • It is important that the inspector examine whether an appropriate credit risk management system is developed which suits the insurance company’s strategic goals, the size and characteristics of operations, and its risk profile. The types and levels of credit risks and assessment methods which the insurance company should adopt should be decided according to the insurance company’s strategic goals, diversity of operations, and complexity of risks faced. It should be kept in mind that complex or advanced credit risk assessment methods are not necessarily appropriate for all insurance companies.
  • The inspector should specifically determine whether the credit risk management system is functioning effectively, and whether the roles and responsibilities of the company’s management are being appropriately performed by way of reviewing, with the use of check items listed in Chapter I., whether or not the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) development of a system for assessment and improvement activities.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. and later, it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the system is not functioning effectively, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.

247

  1. Policy Development (1) Roles and Responsibilities of Directors Is the Board of Directors fully aware of the major effects that disregarding credit risk management has on achieving strategic goals? Does it emphasize credit risk management? In particular, does the director in charge understand the necessity of integrating not only loans but also assets which have credit risks as well as off balance sheet items (including market transaction related credit risks), and managing as one body the insurance company and its important group companies (within a scope which does not conflict with laws, regulations, etc.)? Also, does he fully understand the importance of techniques such as identification, assessment, monitoring and control of credit risk locations, credit risk types and characteristics and credit risks, and of credit risk management? Based on this understanding, does he accurately understand the status of the insurance company’s credit risk management, and investigate policies and specific actions towards development and establishment of a proper credit risk management system? For example, does the director in charge understand the limitations and weak points of methods to measure and analyze market risks (including techniques, assumptions, etc.), and investigate actions to supplement them? (2) Development and Dissemination of Strategic Goals of the Loan Division Does the Board of Directors or organization equivalent to the Board of Directors consider credit risks, and create strategic goals for the loan division, etc. which are consistent with the entire insurance company’s strategic goals? Does it inform the organization about these goals? In creating the strategic goals of the loan division, etc., does it consider business strengths such as equity? For example, does it consider the following items?
  • Does it not excessively prioritize gaining earnings, and disregard credit risk management? In particular, does it not set targets which disregard long term credit risks and prioritize gaining short term earnings, nor set performance assessments based on such targets?
  • Are these appropriate from the viewpoint of credit risk management, for example elimination of credit risk concentration in specific industries or specific company groups? (3) Development and Dissemination of Credit Risk Management Policy Does the Board of Directors establish policy on credit risk management (hereinafter referred to as “Credit Risk Management Policy”), and inform the entire organization about this? Is it appropriate? For example, are the following items clearly written?
  • Credit risk management related roles and responsibilities of director in charge and Board of Directors or organization equivalent to the Board of Directors

248

  • Policy on the organizational framework: establishment of the division for credit risk management (hereinafter referred to as the “Credit Risk Management Division”), granting of authority, etc.
  • Policy on identification, assessment, monitoring and control of credit risks (4) Revision of Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness, based on reports and findings of various investigations on the status of credit risk management, in a regular and timely manner or on an as needed basis?
  1. Development of Internal Rules and Organizational Frameworks (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the Credit Risk Management Division (hereinafter simply referred to as the “Manager” in this Attachment) develop internal rules that clearly specify the arrangements concerning credit risk management (hereinafter referred to as the “Credit Risk Management Rules”) and inform the organization in accordance with the Credit Risk Management Policy? Has the Board of Directors or organization equivalent to the Board of Directors approved the Credit Risk Management Rules, after determining whether they comply with the Credit Risk Management Policy and after legal checks, etc.? (2) Establishment of Credit Risk Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors have a Credit Risk Management Division established, and have the division prepared to undertake appropriate roles, in accordance with the Credit Risk Management Policy and the Credit Risk Management Rules?1 (ii) Has the Board of Directors allocated to the Credit Risk Management Division a Manager with the necessary knowledge and experience to supervise the division, and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Credit Risk Management Division an adequate number of staff members who have the necessary knowledge and experience to execute the relevant operations, and assigned such

1 When the Credit Risk Management Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division, or when a division in charge of other business also takes charge of credit risk management, or when a Manager or Managers take charge of credit risk management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the size and nature of the insurance company and its risk profile.

249 staff the authority necessary for conducting the aforementioned operations?2 (iv) Does the Board of Directors or organization equivalent to the Board of Directors keep the Credit Risk Management Division independent from the loan division, etc., and secure a check-and-balance system of the Credit Risk Management Division? (3) Development of Credit Risk Management System in Loan Division Through the Manager or Credit Risk Management Division, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure effectiveness of credit risk management, such as by providing a system to inform the divisions involving credit risks to be managed (e.g. loan division) about the internal rules and operational procedures which must be observed, and to ensure that such divisions observe them? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager to identify the internal rules and operational procedures that must be observed by the loan division, etc., and to carry out specific actions for ensuring observance such as by providing effective training on a regular basis? (4) Development of System for Reporting to and Approval by the Board of Directors or organization equivalent to the Board of Directors Does the Board of Directors or organization equivalent to the Board of Directors appropriately specify matters that require reporting and those that require approval, and does it have the Manager report the credit risk management status (including the status of credit concentration in specific industries or specific company groups) to the Board of Directors in a regular and timely manner or on an as needed basis, or have the Manager seek the approval of the Board of Directors? In particular, does it ensure that the Manager reports to the Board of Directors or organization equivalent to the Board of Directors without delay any matters that would seriously affect corporate management? (5) Development of System for Reporting to Corporate Auditor In the case that the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately, and does it provide a system to have the Manager directly report such matters?3 (6) Development of Internal Audit Guidelines and Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or Internal Audit Division Manager appropriately identify the matters to be audited with regard to credit risk management, develop guidelines that specify the

2 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of that deportment or post is reasonable in terms of a check-and-balance system and other aspects. 3 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report, and shall not restrict the authority and activities of the auditor in any way.

250 matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?4 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan, and provide a system to have these matters appropriately audited?

  • Status of development of the credit risk management system
  • Status of observance of the Credit Risk Management Policy, Credit Risk Management Rules, etc.
  • Appropriateness of the credit risk management processes, commensurate with the size and characteristics of operations, and risk profile
  • Validity of credit risk assessment methods (including techniques, assumptions, etc.)
  • Correctness and completeness of data used in credit risk assessment
  • Appropriateness of management, considering limitations and weak points of credit risk assessment methods
  • Appropriateness of stress test scenarios, etc.
  • Status of improvement of matters pointed out in an internal audit or in the last inspection (7) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner, by reviewing their effectiveness based on reports and findings on the status of credit risk management in a regular and timely manner or on an as needed basis?
  1. Assessment and Improvement Activities
  1. Analysis and Assessment (1) Analysis and Assessment of Credit Risk Management Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the credit risk management system and the particulars thereof, and appropriately examine their causes by precisely analyzing the status of credit risk management and assessing the effectiveness of asset investment risk management, based on all information available regarding the status of credit risk management, such as the results of audits by corporate auditors, internal audits and external audits, findings of various investigations, and reports from various divisions? In addition, if necessary, does it take all possible actions to find the causes by, for example, establishing fact findings committees, etc. consisting of non-interested persons? (2) Revision of Analysis and Assessment Processes

4 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan.

251 Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner, by reviewing their effectiveness based on reports and findings on the status of credit risk management in a regular and timely manner or on an as needed basis? 2) Improvement Activities (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the system, identified through the analysis, assessment and examination referred to in 3. 1) above, in a timely and appropriate manner based on the results obtained, by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner, by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner, by reviewing its effectiveness based on reports and findings on the status of credit risk management, in a regular and timely manner or on an as needed basis?

252 II. Development and Establishment of Credit Risk Management System by Manager Checkpoints

  • This chapter lists the check items to be used when the inspector reviews the roles and responsibilities to be performed by the Manager and the Credit Risk Management Division.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements in Chapter I of this Attachment are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the insurance company’s management fails to recognize problems found by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.
  1. Roles and Responsibilities of Manager (1) Development and Dissemination of Credit Risk Management Rules Has the Manager, in accordance with the Credit Risk Management Policy, decided the methods to identify, assess and monitor risks, and developed Credit Risk Management Rules (consistent with the comprehensive risk management system) that clearly define the arrangements on risk control, based on a full understanding of the locations, types and nature of the credit risks and management techniques? Does the Board of Directors or organization equivalent to the Board of Directors approve the Credit Risk Management Rules, and are they made known throughout the organization? (2) Content of Credit Risk Management Rules Do the Credit Risk Management Rules exhaustively cover the arrangements necessary for credit risk management, and specify the arrangements appropriately in a manner befitting the size and characteristics of operations and its risk profile? Are the rules appropriate? For example, do they clearly write arrangements for the following items?
  • Roles and responsibilities of Credit risk Management Division (including policy on scope of debts requiring management as problem debts, and on work for problem borrowers), and organizational arrangements
  • Identification of risks subject to credit risk management
  • Credit risk assessment methods
  • Methods of monitoring credit risks

253

  • System for reporting to the Board of Directors or organization equivalent to the Board of Directors (3) Development of Organizational Framework by Manager (i) Based on the Credit Risk Management Policy and Credit Risk Management Rules, does the Manager provide for actions to have the Credit Risk Management Division exercise a check-and-balance system, in order to conduct credit risk management appropriately? (ii) Does the Manager provide a system which quickly reports to the Comprehensive Risk Management Division or Asset Investment Risk Management Division, if system weak points or problems are found which affect comprehensive risk management? (iii) Does the Manager provide a highly reliable credit risk management IT system5 which suits the size and characteristics of operations and its risk profile? (iv) Does the Manager ensure the provision of training and education systems to enhance the ability of employees to conduct credit risk management in an effective manner, thus developing human resources with relevant expertise? (v) Does the Manager provide a system to ensure that matters specified by the Board of Directors or organization equivalent to the Board of Directors are reported in a regular and timely manner or on an as needed basis? In particular, does the Manager provide a system to ensure that matters that would seriously affect corporate management are quickly reported to the Board of Directors or organization equivalent to the Board of Directors? (4) Revision of Credit Risk Management Rules and Organizational Framework Does the Manager conduct monitoring on an ongoing basis, with regard to the status of the execution of operations at the Credit Risk Management Division? Does the Manager review the effectiveness of the credit risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the Credit Risk Management Rules and the relevant organizational framework, or present proposals for improvement to the Board of Directors or organization equivalent to the Board of Directors?
  1. Roles and Responsibilities of Credit Risk Management Division6 (1) Roles and Responsibilities of Screening Division (i) Does the framework not have the screening division influenced by the loan division, etc.? For example, is the screening division independent from the loan division etc., and the director in charge of the screening division does not also serve as a director of the loan

5 It should be noted that the computer system may be a centralized data processing environment system, distributed processing system, or end user computing (EUC) type. Same hereinafter. 6 Note that for the Credit Risk Management Division, regarding the screening division, credit management division and problem debts management division mentioned below, instead of verifying whether these divisions are established as organizations, examine whether the roles and responsibilities of these divisions are fulfilled as functions.

254 division, etc.? If the screening division is not independent from the loan division etc., or if the director in charge of the screening division also serves as a director of the loan division etc., is a system of checks and balances ensured for appropriate screening? (ii) Does the screening division accurately understand the financial conditions of credit recipients, funds usage and sources of repayment funds? Does it appropriately screen and manage the risk characteristics of credit projects? For example, does it not excessively rely on external credit ratings? Also, if the insurance company participates in syndicated loans, does it make loan decisions with appropriate understanding of the actual status of the borrowers? Moreover, if covenants are used in participation in syndicated loans and project finance, is a system provided to appropriately establish and manage covenants?7 (iii) Does the screening division verify whether the screening division’s instructions are appropriately executed in the loan division? (2) Roles and Responsibilities of Credit Management Division (i) Regarding the status of the credit recipient’s business conditions, does the Credit Management Division have the function and authority to manage as one body the insurance company and its important group companies (within a scope which does not conflict with laws, regulations, etc.)? Also, is a system in place for integrated management not only of loans, but also for assets and off balance sheet items which have credit risks (including market transaction related credit risks)? (ii) Does the Credit Management Division bring to light credit risks which are faced, and identify risks to be managed, considering the risk profile brought to light? Does it also use credit ratings to assess and measure credit risks, corresponding to the size and characteristics of that insurance company’s operations as well as its risk profile? (For credit ratings, see III.(1) Credit Ratings. For credit risk measurement techniques, see III.(7) Examination Items if Credit Risk Measurement Techniques are Used.) (iii) Does the Credit Management Division set credit limits and manage credit concentration risks, to appropriately control credit risks? (For credit limits, see III.(2) Credit Limits. For management of credit concentration risks, see III.(3) Management of Credit Concentration Risks) (iv) Does the Credit Management Division appropriately understand and manage the credit portfolio status (status of concentration of credit to specific industries or specific company groups, etc.)? Does it periodically report on the portfolio status to the Board of Directors or organization equivalent to the Board of Directors? (v) Does the Credit Management Division verify whether amortization and reserve amounts suit the credit risks? Also, does it correctly report amortization and reserve amounts to the Board

7 Note that another division provides ongoing management of covenants in some cases.

255 of Directors? (vi) Does the Credit Management Division verify the appropriateness of credit management, such as correctness of credit ratings and management of credit recipients? Does it report these verification results to the Board of Directors or organization equivalent to the Board of Directors, periodically or as needed? (3) Roles and Responsibilities of Division which Manages Problem Debts (i) Is the division which manages problem debts aware of the effects that problem debts have on soundness of the insurance company’s business? Based on the Credit Risk Management Rules, is there a system in place to quickly understand debts which must be managed as problem debts? (ii) Based on the Credit Risk Management Rules, does the division which manages problem debts appropriately understand the business conditions of problem borrowers and manage the debts, and based on requests of debtors, guide creation of a restructuring plan as needed, and liquidate and collect its debt? (iii) Does the division which manages problem debts provide a system for reporting on the situation of problem debts, regarding reporting items established by the Board of Directors or organization equivalent to the Board of Directors?

256 III. Specific Issues Checkpoints

  • This chapter lists the check items for the inspector to examine individual specific problems, in accordance with the actual situation of credit risk management. Examination of these items must be done based on the intention of these items, while considering the product characteristics.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapters I. and II. are absent or insufficient, thus causing the said problem, with the use of this Attachment of those chapters, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems found by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented. (1) Credit Ratings In order to accurately assess and measure credit risks, is an appropriate credit rating system developed in view of the size and characteristics of operations as well as risk profile? Is credit classification significant and consistent from the viewpoint of credit risk management? (i) Are credit ratings assigned corresponding to the degree of a debtor’s credit risks, based on finances of debtors, ratings by credit rating agencies, information of credit research institutions, etc.? Also, are credit ratings consistent with debtor classifications? (ii) Are credit ratings assigned correctly in a verifiable objective form? Also, is a system in place to establish appropriate effective periods, with timely revisions? Moreover, is a system in place for timely and appropriate incorporation into credit ratings of information on late debt payments, worse cash flow, worse business results, change in parent company support, bankruptcy of large customer, etc.? (2) Credit Limits (i) In the case of a large credit or repeated, ongoing credit, are credit limits set in advance as needed (credit amount ceiling, ceiling on percent of total credit amount, credit amount triggering reconsideration of credit policy, etc.)? Does the credit management division manage these specific limit settings and revisions, receiving approval by the Board of Directors or organization equivalent to the Board of Directors, in compliance with established criteria, independently from the Marketing and Sales Division, etc.?

257 (ii) Does the credit management division create internal rules and operating procedures on credit limits, for reporting to the credit management division (or as needed, to the Board of Directors or organization equivalent to the Board of Directors) when credit limits are exceeded, and which establish authority, procedures, etc.? Also, does it appropriately manage credit limits in compliance with these rules? (3) Management of Credit Concentration Risks (i) For large credit recipients which could have large effects on the insurance company’s business, is a system in place to select and examine them according to rational criteria, to individually and continually monitor their credit situations and financial conditions, and individually manage them? Does selection and examination of large customers target company groups as a whole, including related companies? (ii) Does the Board of Directors or organization equivalent to the Board of Directors itself accurately understand the large credit recipients, and proactively manage credit risks of large credit recipients? (iii) For credit to targets with similar risk characteristics (specific industries, regions, instruments, etc.), is a system in place for appropriate management by credit risk diversification, such as debt securitization and setting credit limits for each portfolio? (4) Screening and Management of Individual Projects (i) Is an appropriate screening system developed to achieve a smooth supply funds to loan borrowers who operate sound businesses? For example, does it prohibit loans to gain insurance contracts, speculative real estate loans, and excessive financial engineering loans? Does it reject provision of funds to antisocial forces? Also, is there no inappropriate treatment, such as using the Insurance Inspection Manual or financial inspections by the authorities as reasons to reject provision of new loans or reject provision of funds to or collect funds from borrowers operating sound businesses? (ii) Regarding credit for micro, small and medium-sized enterprises, etc., does the insurance company comprehensively consider the credit recipient’s business status and credit rating when performing credit management, such as credit ratings considering the business and financial aspect characteristics of micro, small and medium-sized enterprises, etc., which are generally easily affected by the economy, and easily end up with excessive debt due to temporary causes? (iii) Are standards for securities investment set considering credit risks? For example, are they set together with loans, setting standards for specific securities so credit provision is not overweight in specific industries, specific issuers (including country risk)? Also, are standards set to enable strict management of investment in especially high risk instruments? (5) Management of Problem Debts

258 (i) In managing problem debts, are the debtor’s rehabilitation possibilities appropriately scrutinized, and for debtors which can be rehabilitated, are the greatest efforts put in the direction of its rehabilitation? In such cases, is there a system in place so that based on a request from the debtor, the insurance company works as needed on creating a rehabilitation plan which is well regarded in the market, using a company breakup, debt-equity swap, debt-debt swap, company rehabilitation fund, etc., executing quick action by legal procedures or workout in accordance with the Guidelines of Workout for Restructuring Debt Owed by Individual Debtors? (ii) For debtors with late payments, are the causes of late payments understood and analyzed? (iii) If debts are moved off balance sheet by sale or securitization, is there a system in place to enable confirmation and verification that those credit risks are clearly detached, without credit enhancement, etc. causing it to bear substantial credit risks of such debts? Also, is a system provided so that in sale or securitization of problem debts, protection of the original debtors is considered, and debts are not transferred to parties who would pressure debtors or impair the tranquility of their lives or business? (6) Verification of Amortization and Reserve Amounts When the Board of Directors or organization equivalent to the Board of Directors receives a report on amortization and reserve amounts, does it verify that the levels of amortization and reserve amounts are sufficient to suit the level of credit risks? (7) Examination Items if Credit Risk Measurement Techniques are Used (i) Establishment of Credit Risk Measurement System A. Is it operated in a form without conceptual problems in the credit risk measurement system, and without omission? B. Under the Credit Risk Management Policy, is the positioning of credit risk measurement techniques (models) clearly established, and is it operated with understanding of the following matters, etc.? Also, is it confirmed that there are also no problems for important group companies? a. That insurance company’s strategic goals and size and characteristics, as well as risk profile b. Considering a., the basic design concept of credit risk measurement techniques c. Based on b., the identification and measurement of credit risks (scope, techniques, assumptions, etc.) d. Characteristics (limitations and weak points) of credit risk measurement techniques generated by c., and validity of such techniques e. Details of verification methods to verify d.

259 C. In the case where capital allocation management8 is employed, has the policy of capital allocation management been developed based on the results calculated by the credit risk measurement technique? If there are credit risks which are not measured with this technique, are there reasonable grounds for excluding them from the measurement? Is the Risk Capital allocated with due consideration for the risks excluded from the measurement? (ii) Appropriate Participation by Directors and Corporate Auditors A. Understanding of Credit Risk Measurement Techniques a. Do directors understand that decisions on credit risk measurement techniques, risk limits and risk capital limits (if capital allocation management is employed) greatly affect the business and its finances? b. Does the director in charge understand the credit risk measurement techniques that are necessary in that insurance company’s business? Does he understand their characteristics (limitations and weak points)? c. Are directors and corporate auditors deepening their understanding of credit risk measurement techniques, by receiving training, etc.? B. Credit Risk Management Initiatives Does the Board of Directors actively participate, as needed, in credit risk management by credit risk measurement techniques? (iii) Measurement of Credit Risks A. Measurement of Credit Risk Amount by Uniform Scale Are credit risk amounts understood quantitatively by a uniform scale? It is desirable that a uniform scale is used to understand and measure all necessary credit risk elements. But if there are credit risks which are not sufficiently understood and measured by the uniform scale, is complementary information used to ensure that all necessary elements are considered in business decision making? For measurements of credit risk amounts, are rational, objective, precise methods adopted, for example VaR methods using statistical techniques? B. Ongoing Verification and Stress Tests a. Does the Credit Management Division do ongoing verification (backtesting, etc.) to periodically analyze the validity of measurement techniques? Also, are measurement techniques revised based on internal rules, etc.? b. Does the Credit Management Division consider the limitations and weak points of credit risk measurement techniques, run stress tests based on stress scenarios, understand stress conditions of credit risks, and appropriately use them?

8 See the Checklist for Comprehensive Risk Management.

260 C. Verification System and Management System for Measurement Techniques Is the validity of credit risk measurement techniques and assumptions verified during development and periodically thereafter, by people who are independent from development of credit risk measurement techniques, and who have sufficient abilities? If deficiencies are found in credit risk measurement techniques, assumptions, etc., are they appropriately corrected? Also, are a framework and internal rules developed to prevent modification of credit risk measurement techniques, assumptions, etc., without rational reasons? Are credit risk measurement techniques managed appropriately, in accordance with those established internal rules, etc.? (iv) Records on Credit Risk Measurement Techniques Is a system in place to save records necessary for later verification and more precise and advanced measurements, about the investigation process and decision grounds when selecting credit risk measurement techniques, assumptions, etc., and to enable other people to take over the work? (v) Audit A. Audit Program Development Is an audit program developed which exhaustively covers audit of credit risk measurement techniques? B. Audit Scope of Internal Audits Do internal audits cover the following items?

  • Consistency between credit risk measurement techniques, strategic goals, size and characteristics of operations, and risk profile
  • Appropriateness of management, considering the characteristics of credit risk measurement techniques (limitations and weak points)
  • That records on credit risk measurement techniques are documented appropriately, and updated without delay
  • Changes in credit risk management processes are appropriately incorporated into measurement techniques
  • Validity of scope subject to measurement, understood by credit risk measurement techniques
  • That there are no omissions in the IT systems for management
  • Validity of credit risk measurement techniques, assumptions, etc.
  • Correctness and completeness of data used in credit risk measurement
  • Proper process of ongoing verification (back testing, etc.) and results C. Use of Audit Results

261 Does the credit management division consider audit results, and appropriately revise credit risk measurement techniques? (vi) Credit Risk Measurement Models Developed by External Businesses9 A. Appropriateness of Credit Risk Measurement System a. Do people working in the insurance company have sufficient knowledge of measurement techniques, and understand the process of modeling credit risk measurement? b. Do the insurance company’s Credit Management Division and Internal Audit Division theoretical and empirically verify the validity of measurement techniques? B. Proper Credit Risk Measurement Models a. Are there no black box parts of measurement models? If there are black box parts, is the validity of measurement models verified? b. Are consistency and correctness of data used in measurements ensured? c. Are measurement models chosen to suit the size and characteristics of the insurance company’s operations and its risk profile? C. Management of Businesses Developing Credit Risk Measurement Models a. Is work outsourced to model development businesses which enable continuous model usage, and can work for more precise and advanced models? Is there periodic assessment of the businesses developing models? b. Are development businesses selected which have sufficient support frameworks for users of credit risk measurement (training, consulting and maintenance)? c. Is there a system in place for receiving reports on the situation of verification of validity of measurement models of model development businesses, periodically or as needed? (8) Credit Risk Management concerning Market Transactions (i) Measurement of Credit Risk Amounts concerning Market Transactions Are measurements of credit risk amounts at least understood by the notional principle method or original exposure method (method of having notional and contract principle multiplied by the factor for each instrument and transaction period)? Also, if the strategy is to conduct active market transactions or if the company establishes overseas locations and conducts market transactions, is credit risk amount measured by the current exposure method (total of reconstruction cost and potential exposure)? (ii) Integrated On and Off-balance Sheet Management of Positions, Current Value Assessment and Credit Risk Amounts At least monthly, or when providing new credit or credit renewal, at that time (or nearly that time), is each customer’s on and off-balance sheet combined credit risk amount understood

9 If credit risk measurement is outsourced, examine by suitably applying these examination items.

262 correctly? In an insurance company with a strategy making active market transactions, is each transaction’s individual situation understood, and current value and credit risk amount managed by aggregating accounts under the same name with on and off-balance sheet combined? Is the credit risk Manager provided with timely and correct information on the status of exposures and credit limits? (iii) Clarification of Credit Approval Framework, and Independence of Credit Approval Function In selecting transaction counterparties, are the transaction counterparty’s credit risks, etc. fully investigated? In an insurance company with a strategy of making active market transactions, are customers’ credit risks analyzed at least once per year? Also, if frequent and ongoing transactions are done, is a credit limit established? Are credit limit setting and revision managed by a division which is independent from the market division, etc.? Also, it is desirable that set credit limits are consistent with other credit standards. (iv) Development of Rules on Credit Limits, and Appropriate Management of Credit Limits Is there clearly established management policy for when credit limits are neared (credit risk enhancement actions, etc.), and a clearly established framework of reporting to the Manager when a credit limit is exceeded, rules on authority, procedures, etc.? Also, are credit limits appropriately managed in accordance with the rules? In an insurance company with a strategy of making active market transactions, if a credit risk amount reached the credit limit, does it halt transactions which would lead to providing new credit, and report to the Manager (to the representative director and Board of Directors as needed) in accordance with the rules? Is policy on handling revision of the credit limit then decided and implemented after obtaining the Manager’s approval? It is also desirable that for existing transactions, risk reduction actions are taken such as requiring additional collateral. It is also effective to establish rules on managing credit limits, for example setting an appropriate alarm point at a stage before the credit risk amount to a customer reaches its ceiling, and if an alarm point is reached, starting to discuss credit risk enhancement actions with the customer. (v) Use of Risk Reduction Actions To reduce credit risks, it is desirable to confirm the legal validity of contracts, and use netting contracts, collateral requirements, guarantees, etc.

263 Checklist for Operational Risk, etc. Management I. Development and Establishment of Operational Risk, etc. Management System by Management Checkpoints

  • In this checklist, “Operational Risk, etc.” refers to items (1) to (4) below, and “Operational Risk, etc. Management” refers to appropriate management of items (1) to (4). (1) Risk that officers or employees neglect to do correct clerical work, or create an accident or act illicitly, resulting in loss borne by the insurance company (hereinafter referred to as “Administrative Risk”). (2) Risk that IT system defects, such as when the computer system goes down or malfunctions, will result in loss borne by the insurance company; moreover, risk that illicit computer use will result in loss borne by the insurance company (hereinafter referred to as “IT System Risk”). (3) Risk that a reduction in new insurance policies due to worse insurance company’s finances will cause a decrease in insurance premium revenues, that large volume or large value policy cancellations will create an increase in cancellation repayment expenditures, that funds outflow in a huge disaster will cause worse cash flow, or that the company must unavoidably trade at remarkably lower prices than usual to obtain funds (hereinafter referred to as “Cash Flow Risk”). Also, risk that market turmoil prevents transactions in the market, or that the company must unavoidably trade at prices which are remarkably more disadvantageous than usual, resulting in bearing loss (hereinafter referred to as “Market Liquidity Risk”). Cash Flow Risk and Market Liquidity Risk combined are referred to as “Liquidity Risk.” (4) Other risks which the insurance company defines as “Operational Risk” (hereinafter referred to as “Other Operational Risks”)
  • The development and establishment of an Operational Risk, etc. Management system at an insurance company is extremely important from the viewpoint of ensuring the soundness and appropriateness of the insurance company’s business. Therefore, the company’s management is charged with and responsible for taking the initiative in developing and establishing such a system.
  • In examining the Operational Risk, etc. Management system, it is important that the inspector examine whether an appropriate Operational Risk, etc. Management system is developed which suits the size and characteristics of the insurance company’s operations, and its risk profile. Quantification of Administrative Risk, IT System Risk and Liquidity Risk is still not established for insurance companies, so it is not written in this checklist, but the inspector shall examine whether the insurance company is unceasingly working towards more advanced risk management.
  • In conducting an inspection to check the Information Technology Risk management system, one must fully consider the importance of individual IT systems (size of that IT system’s effects on customer transactions or business decisions) and characteristics (this signifies characteristics of a centralized data processing environment system in a computer center, distributed processing system such as a client server system, single

264 systems established by the user division, etc., and there are management techniques which suit each.). Also, if as a result of examination using this checklist, problems are found in the Information Technology Risk management system, and if it is recognized that even deeper examination of operations is required, the inspector shall work based on the “FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions” (The Center for Financial Industry Information Systems). Moreover, based on this checklist, the inspector shall also examine risks that information the insurance company holds which should be protected is falsified, deleted or leaked outside the company.

  • This checklist writes examinations items concerning the Liquidity Risk management system, with the Liquidity Risk management division positioned as the division which monitors the state of compliance with internal standards on cash flow, and the cash flow management division positioned as the division which manages and operates cash flow. The inspector must consider that depending on the insurance company, the Liquidity Risk management division and cash flow management division have different roles which must be fulfilled and responsibilities which must be borne; the inspector must examine whether Liquidity Risk management functions appropriately overall.
  • The inspector should specifically determine whether the Operational Risk, etc. Management system is functioning effectively, and whether the roles and responsibilities of the company’s management are being appropriately performed by way of reviewing, with the use of check items listed in Chapter I., whether or not the management is appropriately implementing (1) policy development, (2) development of internal rules and organizational frameworks and (3) development of a system for assessment and improvement activities.
  • If a problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II. onwards, it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize weaknesses or problems recognized by the inspector, it is also necessary to explore in particular the possibility that the system is not functioning effectively, and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor, and determine whether or not effective improvement actions have been developed and implemented.
  1. Policy Development (1) Roles and Responsibilities of Directors Is the Board of Directors fully aware of the major effects that disregarding management of Operational Risks, etc. has on achieving strategic goals? Does it emphasize Operational Risk, etc. Management? In particular, does the director in charge fully understand the importance of techniques such as identification, assessment, monitoring and control of Operational Risk, etc. and their locations, types and characteristics of Operational Risk, etc., and of their

265 management? Based on this understanding, does he accurately understand the status of the insurance company’s management of Operational Risks, etc., and investigate policies and specific actions towards development and establishment of a proper Operational Risk, etc. Management system? (2) Strategic Goals (i) Does the Board of Directors consider IT system innovation, and include IT system strategy policy which handles IT systems as part of management strategy, in its strategic goals in accordance with the entire insurance company’s management policy? For example, are the following matters clearly written in its IT system strategy policy?

  • Priority of IT system development
  • Computerization plan
  • IT system investment plan (ii) Does the Board of Directors understand that if it creates obstacles for liquidity, this can directly lead to business bankruptcy? Does the Board of Directors consider Liquidity Risk when it establishes strategic goals? (3) Development and Dissemination of Operational Risk, etc. Management Policy (i) Does the Board of Directors or organization equivalent to the Board of Directors establish the policies listed below for management of Operational Risk, etc. (hereinafter referred to as “Operational Risk, etc. Management Policies”)? Does it inform the entire organization about the following policies?
  • Administrative Risk management (hereinafter referred to as “Administrative Risk Management Policy”)
  • IT System Risk management (hereinafter referred to as “IT System Risk Management Policy”)
  • Liquidity Risk management (hereinafter referred to as “Liquidity Risk Management Policy”) (ii) Is Administrative Risk Management Policy appropriate? For example, does it clearly write the following matters?
  • Regarding administrative risk management, the roles and responsibilities of director in charge and Board of Directors or organization equivalent to the Board of Directors
  • Policy on organizational framework of division for administrative risk management (hereinafter referred to as the “Administrative Risk Management Division”): establishment, granting authority, etc.
  • Policy on identification, assessment, monitoring and control of administrative risks (iii) Is IT System Risk Management Policy appropriate? For example, are the following matters clearly written?
  • Regarding IT system risk management, the roles and responsibilities of director in

266 charge and Board of Directors or organization equivalent to the Board of Directors

  • Policy on organizational framework: establishment of division for IT System Risk management (hereinafter referred to as the “IT System Risk Management Division”), granting authority, etc.
  • Policy on identification, assessment, monitoring and control of IT system risks
  • Security policy (Basic policy to appropriately protect the organization’s information assets. This writes (1) Information assets which must be protected, (2) Reasons they must be protected, (3) Locations of responsibility, etc.)1 (iv) Is Liquidity Risk Management Policy appropriate? For example, are the following matters clearly written?
  • Regarding Liquidity Risk management, roles and responsibilities of director in charge and Board of Directors or organization equivalent to the Board of Directors
  • Policy on organizational framework: establishment of division for Liquidity Risk management (hereinafter referred to as the “Liquidity Risk Management Division”), and division for cash flow management (hereinafter referred to as the “Cash Flow Management Division”), granting authority, etc.
  • Policy on establishing limits on Liquidity Risk
  • Policy on allocation of roles and responsibilities of Cash Flow Management Division and cash flow management division
  • Policy on identification, assessment, monitoring and control of Liquidity Risk
  • Policy on liquidity crisis management (4) Revision of Policy Development Process Does the Board of Directors revise the policy development process in a timely manner by reviewing its effectiveness based on reports and findings on the status of management of Operational Risk, etc. in a regular and timely manner or on an as needed basis?
  1. Development of Internal Rules and Organizational Frameworks
  1. Development of Administrative Risk Management System (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the Administrative Risk Management Division develop internal rules that clearly specify the arrangements concerning administrative risk management (hereinafter referred to as the “Administrative Risk Management Rules”) and disseminate them throughout the organization, in accordance with the Administrative Risk Management Policy? Does the

1

  • The scope subject to “security policy” does not only include information saved in the computer system and recording media, etc. It also includes information printed on paper.
  • See the Manual for the Development of Security Policy in Financial Institutions (edited by The Center for Financial Industry Information Systems).

267 Board of Directors or organization equivalent to the Board of Directors approve the Administrative Risk Management Rules, after determining whether they comply with the Administrative Risk Management Policy after legal checks, etc.? (2) Establishment of System of Administrative Risk Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors have a Administrative Risk Management Division established and have the division prepared to undertake appropriate roles in accordance with the Administrative Risk Management Policy and the Administrative Risk Management Rules?2 (ii) Has the Board of Directors allocated to the Administrative Risk Management Division a Manager with the necessary knowledge and experience to supervise the division, and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Administrative Risk Management Division an adequate number of staff members with the necessary knowledge and experience to execute the relevant operations, and assigned such staff the authority necessary for implementing operations?3 (iv) Does the Board of Directors or organization equivalent to the Board of Directors secure a check-and-balance system of the Administrative Risk Management Division against operational divisions? (3) Development of Administrative Risk Management System in Operational Divisions and Business Locations, etc. Through the Manager or the Administrative Risk Management Division, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure the effectiveness of administrative risk management, such as by providing a system to inform the operational divisions and business locations about the internal rules and operational procedures which must be observed, and have such divisions and locations observe them? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager of the Administrative Risk Management Division to identify the internal

2 When the Administrative Risk Management Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division or when a division in charge of other business also takes charge of administrative risk management or when a Manager or Managers take charge of administrative risk management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the scale and nature of the insurance company and its risk profile. 3 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of the Administrative Risk Management Division is reasonable in terms of a check-and-balance system and other aspects.

268 rules and operational procedures that should be observed by operational divisions and business locations, and to carry out specific measures for ensuring observance such as providing effective training on a regular basis? (4) System for Reporting to and Approval by Board of Directors or Organization Equivalent to the Board of Directors Has the Board of Directors or organization equivalent to the Board of Directors appropriately specified matters that require reporting and those that require approval and does it have the Manager of the Administrative Risk Management Division report the current status to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis, or have the Manager seek the approval of the Board of Directors or organization equivalent to the Board of Directors on the relevant matters? In particular, does it ensure that the Manager reports to the Board of Directors or organization equivalent to the Board of Directors without delay any matters that would seriously affect corporate management or significantly undermine customer interests? (5) System for Reporting to Corporate Auditor In the case where the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately and do they provide a system to have the Manager of the Administrative Risk Management Division directly report such matters to the auditor?4

(6) Development of Internal Audit Guidelines and Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or the Manager of the Internal Audit Division appropriately identify the matters to be audited with regard to administrative risk management, develop guidelines that specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?5 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan and provide a system to have these matters appropriately audited?

  • Status of development of the administrative risk management system
  • Status of observance of the Administrative Risk Management Policy, the Administrative Risk Management Rules, etc.
  • Appropriateness of the administrative risk management processes commensurate with the scales and natures of the business, and its risk profile
  • Status of improvement of matters pointed out in an internal audit or on the occasion of the

4 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report and shall not restrict the authority and activities of the auditor in any way. 5 The Board of Directors or organization equivalent to the Board of Directors to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan.

269 last inspection (7) Revision of the Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner, by reviewing its effectiveness based on reports and findings on the status of administrative risk management in a regular and timely manner or on an as needed basis?

  1. Development of Information Technology Risk Management System (1) Development and Dissemination of Internal Rules Has the Board of Directors or organization equivalent to the Board of Directors had the Manager of the IT System Risk Management Division develop internal rules that clearly specify the arrangements concerning IT system risk management (hereinafter referred to as the “IT System Risk Management Rules”) and disseminated them throughout the organization in accordance with the IT System Risk Management Policy? Has the Board of Directors or organization equivalent to the Board of Directors approved the IT System Risk Management Rules after determining if they comply with the IT System Risk Management Policy after legal checks, etc.? (2) Establishment of System of IT System Risk Management Division (i) Does the Board of Directors or organization equivalent to the Board of Directors have the IT System Risk Management Division established and have the division prepared to undertake appropriate roles in accordance with the IT System Risk Management Policy and the IT System Risk Management Rules?6 (ii) Has the Board of Directors allocated to the IT System Risk Management Division a Manager with the necessary knowledge and experience to supervise the division, and enabled the Manager to implement management operations by assigning him/her the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the IT System Risk Management Division an adequate number of staff members with the necessary knowledge and experience to execute the relevant operations and assigned such staff the authority necessary for implementing the operations?7

6 When the IT System Risk Management Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division or when a division in charge of other business also takes charge of IT system risk management or when a Manager or Managers take charge of IT system risk management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the scale and nature of the insurance company and its risk profile. 7 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of

270 (iv) Does the Board of Directors or organization equivalent to the Board of Directors secure a check-and-balance system of the IT System Risk Management Division against operational divisions? (3) Development of Information Technology Risk Management System in Operational Divisions, Business locations, etc. Through the IT System Risk Management Division or the Manager of the IT System Risk Management Division, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure effectiveness of IT system risk management, such as by providing a system to inform the operational divisions and business locations about the internal rules and operational procedures which must be observed, and have such divisions and locations observe them? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager of the IT System Risk Management Division to identify the internal rules and operational procedures that should be observed by operational divisions, business locations, etc. and to carry out specific measures for ensuring observance such as providing effective training on a regular basis? (4) System for Reporting to and Approval by Board of Directors or Organization Equivalent to the Board of Directors Does the Board of Directors or organization equivalent to the Board of Directors appropriately specify matters that require reporting and those that require approval, and have the Manager of the IT System Risk Management Division report the current status to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis, or have the Manager seek the approval on the relevant matters? In particular, does it ensure that the Manager reports to the Board of Directors or organization equivalent to the Board of Directors without delay any matters that would seriously affect corporate management or significantly undermine customer interests? (5) System for Reporting to Corporate Auditor In the case where the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately and do they provide a system to have the Manager of the IT System Risk Management Division directly report such matters to the auditor?8 (6) Development of Internal Audit Guidelines and an Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or the Manager of the Internal Audit Division appropriately identify the matters to be audited with regard to IT system risk management, develop guidelines that

the IT System Risk Management Division is reasonable in terms of a check-and-balance system and other aspects. 8 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report and shall not restrict the authority and activities of the auditor in any way.

271 specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?9 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan and provide a system to have these matters appropriately audited?

  • Status of development of the Information Technology risk management system
  • Status of observance of the IT System Risk Management Policy, the IT System Risk Management Rules, etc.
  • Appropriateness of the IT system risk management processes commensurate with the scales and natures of the business and risk profile
  • Status of improvement of matters pointed out in an internal audit or on the occasion of the last inspection (7) Revision of the Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner, by reviewing its effectiveness based on reports and findings on the status of IT system risk management in a regular and timely manner or on an as needed basis?
  1. Development of Liquidity Risk Management System (1) Development and Dissemination of Internal Rules Does the Board of Directors or organization equivalent to the Board of Directors have the Manager of the Liquidity Risk Management Division develop internal rules that clearly specify the arrangements concerning liquidity risk management (hereinafter referred to as the “Liquidity Risk Management Rules”) and inform the organization, in accordance with the Liquidity Risk Management Policy? Has the Board of Directors or organization equivalent to the Board of Directors approved the Liquidity Risk Management Rules, after determining whether they comply with the Liquidity Management Policy and after (2) Setting and Revision of Limits For appropriate Liquidity Risk management, does the Board of Directors or organization equivalent to the Board of Directors, set and revise limits, such as limit amounts for investment of assets with no market or very low liquidity, depending on the details of asset investments, as needed? Does it also set and revise limits for maintaining a certain balance of liquid assets? (3) Establishment of Systems of Liquidity Risk Management Division and Cash Flow Management Division

9 The Board of Directors or organization equivalent to the Board of Directors to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan.

272 (i) Does the Board of Directors or organization equivalent to the Board of Directors establish a Liquidity Risk Management Division and Cash Flow Management Division, and provide a system which assigns to them appropriate roles, in accordance with Liquidity Risk Management Policy and Liquidity Risk Management Rules?10 (ii) Has the Board of Directors allocated Managers to the Liquidity Risk Management Division and Cash Flow Management Division, with the necessary knowledge and experience to supervise the divisions, and enabled the Managers to implement management operations by assigning them the necessary authority therefor? (iii) Has the Board of Directors or organization equivalent to the Board of Directors allocated to the Liquidity Risk Management Division an adequate number of staff members with the necessary knowledge and experience to execute the relevant operations, and assigned such staff the authority necessary for implementing operations?11 (iv) Does the Board of Directors or organization equivalent to the Board of Directors keep the Liquidity Risk Management Division independent from the Cash Flow Management Division, asset investment division, Insurance Underwriting Division, etc., and secure a check-and￾balance system of the Liquidity Risk Management Division? (4) Development of Liquidity Risk Management System in Cash Flow Management Division, Asset Investment Division, Insurance Underwriting Division, etc. Through the Liquidity Risk Management Division or Manager or Liquidity Risk Management Division, does the Board of Directors or organization equivalent to the Board of Directors provide a system to ensure effectiveness of liquidity risk management, such as by providing a system to inform the divisions involving liquidity risks to be managed (e.g. Cash Flow Management Division, asset investment division, Insurance Underwriting Division, etc.) about the internal rules and operational procedures which must be observed, and to ensure that such divisions observe them? For example, does the Board of Directors or organization equivalent to the Board of Directors instruct the Manager of the Liquidity Risk Management Division to identify the internal rules and operational procedures that must be observed by the Cash Flow Management Division, asset investment division, Insurance Underwriting Division, etc., and to carry out specific actions for ensuring observance such as by providing effective training on

10 When the Liquidity Risk Management Division is not established as an independent division (e.g., when the division is consolidated with another risk management division to form a single division or when a division in charge of other business also takes charge of Liquidity Risk management or when a Manager or Managers take charge of Liquidity Risk management instead of a division or a department), the inspector shall review whether or not such a system is sufficiently reasonable and provides the same functions as in the case of establishing an independent division commensurate with the scale and nature of the insurance company and its risk profile. 11 When a department or a post other than the Board of Directors or organization equivalent to the Board of Directors is empowered to allocate staff and assign them authority, the inspector shall review, in light of the nature of such a department or post, whether or not the structure of that deportment or post is reasonable in terms of a check-and-balance system and other aspects.

273 a regular basis? (5) System for Reporting to and Approval by Board of Directors or organization equivalent to the Board of Directors Has the Board of Directors or organization equivalent to the Board of Directors appropriately specified matters that require reporting and those that require approval, and does it have the Manager of the Liquidity Risk Management Division and the Manager of the Cash Flow Management Division report the current status to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis, or have the Manager seek the approval of the Board of Directors or organization equivalent to the Board of Directors on the relevant matters? In particular, does it ensure that the Managers report to the Board of Directors or organization equivalent to the Board of Directors without delay any matters that would seriously affect corporate management or significantly undermine customer interests? (6) Development of System for Reporting to Corporate Auditor In the case that the Board of Directors has specified matters to be directly reported to a corporate auditor, has it specified such matters appropriately, and does it provide a system to have the Manager of the Liquidity Risk Management Division directly report such matters?12

12 It should be noted that this shall not preclude a corporate auditor from voluntarily seeking a report, and shall not restrict the authority and activities of the auditor in any way.

274 (7) Development of Internal Audit Guidelines and Internal Audit Plan Does the Board of Directors or organization equivalent to the Board of Directors have the Internal Audit Division or Internal Audit Division Manager appropriately identify the matters to be audited with regard to Liquidity Risk management, develop guidelines that specify the matters subject to internal audit and the audit procedure (hereinafter referred to as “Internal Audit Guidelines”) and an internal audit plan, and approve such guidelines and plan?13 For example, does it have the following matters clearly specified in the Internal Audit Guidelines or the internal audit plan, and provide a system to have these matters appropriately audited?

  • Status of development of the Liquidity Risk management system
  • Status of observance of the Liquidity Risk Management Policy, Liquidity Risk Management Rules, etc.
  • Appropriateness of the Liquidity Risk management system14
  • Appropriateness of the Liquidity Risk management processes, commensurate with the size and characteristics of operations and risk profile
  • Validity of Liquidity Risk analysis and assessment methods, assumptions, etc.
  • Effectiveness of Liquidity Risk management
  • Status of improvement of matters pointed out in an internal audit or in the last inspection (8) Revision of Development Process of Internal Rules and Organizational Frameworks Does the Board of Directors or organization equivalent to the Board of Directors revise the development process of internal rules and organizational frameworks in a timely manner, by reviewing their effectiveness based on reports and findings on the status of Liquidity Risk management in a regular and timely manner or on an as needed basis?
  1. Assessment and Improvement Activities
  1. Analysis and Assessment (1) Analysis and Assessment of Operational Risk, etc. Management Does the Board of Directors or organization equivalent to the Board of Directors appropriately determine whether there are any weaknesses or problems in the management system of Operational Risk, etc. and the particulars thereof, and appropriately examine their causes by precisely analyzing the status of Operational Risk, etc. Management, and assessing the effectiveness of Operational Risk, etc. Management, based on all information available regarding the status of Operational Risk, etc. Management, such as the results of audits by corporate auditors, internal audits and external audits,15 findings of various investigations and

13 The Board of Directors or organization equivalent to the Board of Directors only needs to have approved the basic matters with regard to an internal audit plan. 14 It should be noted that the computer system may be a centralized data processing environment system, distributed processing system, or end user computing (EUC) type. Same hereinafter. 15 External audits as mentioned here shall not be limited to audits of financial statements by accounting

275 reports from various divisions? In addition, if necessary, does it take all possible measures to find the causes by, for example, establishing fact finding committees etc. consisting of non￾interested persons? (2) Revision of the Analysis and Assessment Processes Does the Board of Directors or organization equivalent to the Board of Directors revise the analysis and assessment processes in a timely manner by reviewing their effectiveness based on reports and findings on the status of Operational Risk, etc. Management in a regular and timely manner or on an as needed basis? 2) Improvement Activities (1) Implementation of Improvements Does the Board of Directors or organization equivalent to the Board of Directors provide a system to implement improvements in the areas of the problems and weaknesses in the Information Technology risk management system, identified through the analysis, assessment and examination referred to in 3. 1) above in a timely and appropriate manner, based on the results obtained by developing and implementing an improvement plan as required or by other appropriate methods? (2) Progress Status of Improvement Activities Does the Board of Directors or organization equivalent to the Board of Directors provide a system to follow up on the efforts for improvement in a timely and appropriate manner, by reviewing the progress status in a regular and timely manner or on an as needed basis? (3) Revision of Improvement Process Does the Board of Directors or organization equivalent to the Board of Directors revise the improvement process in a timely manner, by reviewing its effectiveness based on reports and findings on the status of Operational Risk, etc. Management, in a regular and timely manner or on an as needed basis?

auditors, but the inspector should bear in mind that currently, audits other than the audit of financial statements required under the rules and the verification of the internal control system conducted as part of the procedures of this audit are not obligatory. However, in the case where the inspected insurance company undergoes an external audit other than the financial statements audit in order to secure the effectiveness of the internal control system, the inspector should review the effectiveness of the internal control system by examining in a comprehensive manner along with the financial statements audit results.

276 II. Development and Establishment of Operational Risk, etc. Management System by Manager Checkpoints

  • This chapter lists the check items to be used when the inspector reviews the roles and responsibilities to be performed by the: (1) Administrative Risk Management Division and the Manager of the Administrative Risk Management Division (2) IT System Risk Management Division and the Manager of the IT System Risk Management Division (3) Liquidity Risk Management Division and the Manager of the Liquidity Risk Management Division
  • For Liquidity Risks, the inspector must keep in mind that the scope of the roles and responsibilities to be performed by the Liquidity Risk Management Division and Cash Flow Management Division shall differ, depending on the size and characteristics of the insurance company’s operations and its risk profile. The inspector must review whether Liquidity Risk management is functioning appropriately as a whole.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter II., it is necessary to exhaustively examine which of the elements listed in Chapter I. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  1. Administrative Risk Management
  1. Roles and Responsibilities of Manager of the Administrative Risk Management Division (1) Development and Dissemination of Administrative Risk Management Rules Has the Manager of the Administrative Risk Management Division, in accordance with the Administrative Risk Management Policy, identified the risks, decided the methods of assessment and monitoring thereof and developed the Administrative Risk Management Rules that clearly define the arrangements on risk control and mitigation, based on full understanding of the scope, types and nature of risks and the administrative risk management technique? Have the Administrative Risk Management Rules been disseminated throughout the organization upon approval by the Board of Directors or organization equivalent to the Board of Directors? (2) Administrative Risk Management Rules Do the Administrative Risk Management Rules exhaustively cover the arrangements

277 necessary for the Administrative Risk management and specify the arrangements appropriately in a manner befitting the scales and natures of the insurance company’s business, and its risk profile? Are the rules appropriate? For example, do they specify the following arrangements?

  • Roles, responsibilities and the organizational framework of the Administrative Risk Management Division
  • Identification of risks to be subjected to the administrative risk management
  • Methods of the administrative risk assessment
  • Methods of risk monitoring
  • Reporting to the Board of Directors or organization equivalent to the Board of Directors (3) Development of Organizational Frameworks by Manager of the Administrative Risk Management Division (i) Does the Manager of the Administrative Risk Management Division, in accordance with the Administrative Risk Management Policy and the Administrative Risk Management Rules, provide for measures to have the Administrative Risk Management Division exercise a check-and-balance system in order to conduct administrative risk management system appropriately? (ii) Does the Manager of the Administrative Risk Management Division ensure the system of training and education to enhance the ability of employees to conduct administrative risk management in an effective manner, thus developing human resources with relevant expertise? (iii) Does the Manager of the Administrative Risk Management Division provide a system to ensure that matters specified by the Board of Directors or organization equivalent to the Board of Directors are reported to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis? In particular, does the Manager provide a system to ensure that matters that would seriously affect corporate management are reported to the Board of Directors or organization equivalent to the Board of Directors without delay? (iv) Does the Manager of the Administrative Risk Management Division provide arrangements, in coordination with a person in charge of personnel management, etc., to ensure that employees (including Managers of the Administrative Risk Management Division) stay away from the workplace for one full week on end at least once per year for purposes such as holidays, training or provisional internal transfer from the viewpoint of preventing inappropriate incidents? Does the Manager of the Administrative Risk Management Division oversee such arrangements and ensure the implementation of the relevant measures? (v) Does the Manager of the Administrative Risk Management Division, in coordination with a

278 person in charge of personnel management, etc., ensure that personnel rotations are conducted appropriately so as to prevent a certain employee from engaging in the same business at the same department for a long period of time from the viewpoint of preventing inappropriate incidents? In the case where an employee must engage in the same business at the same department for a long period of time for an unavoidable reason, are there other arrangements to ensure the prevention of inappropriate incidents? Does the Manager of the Administrative Risk Management Division oversee such arrangements and ensure the implementation of the relevant measures? (vi) With regard to contract workers, etc., does the Manager of the Administrative Risk Management Division oversee personnel management with due consideration for the following points from the viewpoint of preventing inappropriate incidents?

  • Is the scope of business that can be undertaken by contract workers, etc. clearly defined?
  • Is there a system to ensure that personnel and labor management (including the provision of training) is conducted in light of the nature of contract workers, etc. such as a lack of personnel information concerning them compared with regular employees and the fact that a check-and-balance system functions against such workers on a daily basis? (vii) Does the Manager of the Administrative Risk Management Division provide a system in which if a request is received from the Comprehensive Risk Management Division about New Products etc., the inherent administrative risks are identified in advance, and reported to the Comprehensive Risk Management Division, based on New Products Management Policy?16 (4) Revision of Administrative Risk Management Rules and Organizational Frameworks Does the Manager of the Administrative Risk Management Division conduct monitoring on an ongoing basis with regard to the status of the execution of operations at the Administrative Risk Management Division? Does the Manager review the effectiveness of the administrative risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the Administrative Risk Management Rules and the relevant organizational frameworks or present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement?
  1. Roles and Responsibilities of Administrative Risk Management Division17 (1) Roles and Responsibilities of Clerical Supervisory Division (i) Does the Clerical Supervisory Division have clerical rules in place? Are the clerical rules

16 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4). 17 It should be noted that the purpose of this inspection item is not to review whether or not divisions such as the Clerical Supervisory Division and the clerical guidance division have been established as Administrative Risk Management Divisions but to review whether or not the functions required for such divisions are being performed.

279 comprehensive, appropriately specified in accordance with Laws (including but not limited to laws and regulations, etc.) and suited to the scales and natures of the insurance company’s business, and its risk profile? Do the rules stipulate matters concerning clerical work not only at business locations, etc. but also at operational divisions? Do the clerical rules stipulate the following procedures clearly and exhaustively?

  • Handling of cases not covered by the clerical rules and cases where there are differences of interpretation concerning the clerical rules.
  • Insurance solicitation (prohibited acts, etc.)
  • Exceptional cases such as handling of cash, physical certificates, and important documents (insurance premium receipts, etc.)
  • Solicitation which is not in person, such as by mail (ii) Does the Clerical Supervisory Division, in coordination with other relevant risk management divisions, etc. provide a system to analyze the causes of problems detected as a result of auditing, inappropriate incidents, accidents related to operational processes, Consultation, Complaints, etc. and consider measures to prevent the recurrence thereof? Does the division revise and improve the clerical rules as necessary? (iii) Does the Clerical Supervisory Division revise and improve the clerical rules as necessary according to changes in external environments such as legal amendments? (iv) Does the Clerical Supervisory Division provide for measures to consistently check the administrative risk management system at operational divisions and business locations, etc.? (v) Does the Clerical Supervisory Division provide a system to prevent the Managers of operational divisions and the heads of business locations from concealing violation of Laws? (vi) Has the Clerical Supervisory Division developed standards and guidelines for implementing self-inspections by operational divisions, business locations, etc., and insurance sales representatives based on the opinions of the Internal Audit Division? (vii) Does the Clerical Supervisory Division receive reports on the results of self-inspections by operational divisions, business locations, etc., and insurance sales representatives? Does it review the effectiveness of the self-inspections? (viii) Does the clerical supervisory division identify administrative risks when handling New Products etc., introducing new IT systems, or starting business at overseas locations and subsidiaries? For example, in product development, does it investigate consistency with various existing rules? Are such investigations conducted without improper influence by the Marketing and Sales Division?18 (ix) When developing, revising and improving of clerical rules, and creating execution standards

18 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4).

280 and execution guidelines for self-inspection, does the clerical supervisory division appropriately cooperate with the Insurance Sales Management Division and other risk management divisions, etc.? (2) Roles and Responsibilities of Clerical Guidance Division (i) Does the Clerical Guidance Division provide guidance and training to ensure appropriate clerical processes at operational divisions, business locations, etc., and insurance sales representatives? (ii) Does the Clerical Guidance Division utilize the results of auditing by the Internal Audit Division, and cooperate with the Internal Audit Division and Insurance Sales Management Division etc., to enhance the level of clerical work at operational divisions, business locations, etc. and insurance sales representatives? (iii) Does the Clerical Guidance Division promptly and accurately respond to inquiries from operational divisions, business locations, etc., and insurance sales representatives?

  1. Information Technology Risk Management System
  1. Roles and Responsibilities of Manager of the IT System Risk Management Division (1) Development and Dissemination of IT System Risk Management Rules Has the Manager of the IT System Risk Management Division, in accordance with the IT System Risk Management Policy, identified the risks, decided the methods of assessment and monitoring thereof and developed the IT System Risk Management Rules that clearly define the arrangements on risk control, based on a full understanding of the scope, types and nature of risks and the technique of managing IT system risk? Have the IT System Risk Management Rules been disseminated throughout the organization upon approval from the Board of Directors or organization equivalent to the Board of Directors? (2) IT System Risk Management Rules Do the IT System Risk Management Rules exhaustively cover the arrangements necessary for IT system risk management and specify the arrangements appropriately in a manner befitting the scales and natures of the insurance company’s business, and its risk profile. Do the rules specify the following items, for example?
  • Arrangements on the roles, responsibilities and organizational framework of the IT System Risk Management Division
  • Arrangements on the identification of risks to be subject to the IT system risk management
  • Arrangements on the method of assessing IT system risks
  • Arrangements on the method of monitoring IT system risks
  • Arrangements on system to report to the Board of Directors or organization equivalent to the Board of Directors

281 (3) Development of Organizational Frameworks by Manager of the IT System Risk Management Division (i) Does the Manager of the IT System Risk Management Division, in accordance with the IT System Risk Management Policy and the IT System Risk Management Rules, provide for measures to have the IT System Risk Management Division exercise a check-and-balance system in order to conduct IT system risk management appropriately? (ii) Does the Manager of the IT System Risk Management Division ensure the system of training and education to enhance the ability of employees to conduct IT system risk management in an effective manner, thus developing human resources with relevant expertise? (iii) Does the Manager of the IT System Risk Management Division provide a system to ensure that matters specified by the Board of Directors or organization equivalent to the Board of Directors are reported to the Board of Directors or organization equivalent to the Board of Directors in a regular and timely manner or on an as needed basis? In particular, does the Manager provide a system to ensure that matters that would seriously affect corporate management are reported to the Board of Directors or organization equivalent to the Board of Directors without delay? (iv) Has the Manager of the IT System Risk Management Division assigned a security Manager responsible for overseeing appropriate management to ensure that security is maintained in accordance with the prescribed policies, standards and procedures and assigned the security Manager the authority necessary for implementing management business? (v) Has the Manager of the IT System Risk Management Division, with a view to securing safe and smooth operation of computer systems and the prevention of violation of Laws, specified the procedures for computer system management, assigned a computer system Manager responsible for ensuring appropriate system management and assigned the said Manager the authority necessary for implementing management operations? Has the Manager also assigned system Managers with regard to systems designed, developed and operated by user divisions on their own, such as an end-user computing (EUC) system? It is desirable that a system Manager be assigned to all systems and operations. (vi) Has the Manager of the IT System Risk Management Division assigned a data Manager responsible for securing the confidentiality, completeness and usability of data and assigned the data Manager the authority necessary for implementing management operations? (vii) Has the Manager of the IT System Risk Management Division assigned a network Manager responsible for overseeing the status of network operation and controlling and monitoring access and assigned the network Manager the authority necessary for implementing management operations? (viii) Does the Manager of the IT System Risk Management Division provide a system in which

282 if a request is received from the Comprehensive Risk Management Division about New Products etc., the inherent administrative risks are identified in advance, and reported to the Comprehensive Risk Management Division, based on New Products Management Policy?19 (4) Revision of IT System Risk Management Rules and Organizational Frameworks Does the Manager of the IT System Risk Management Division conduct monitoring on an ongoing basis with regard to the status of the execution of operations at the IT System Risk Management Division? Does the Manager review the effectiveness of the Information Technology risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the IT System Risk Management Rules and the relevant organizational framework or present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement?

  1. Roles and Responsibilities of IT System Risk Management Division (1) Awareness and Assessment of IT System Risk (i) Is the IT System Risk Management Division aware of risks common to computer systems in general, and does it conduct assessments thereof, including an assessment of risks involved in various systems for different operational functions, such as operation systems, information systems and asset investment systems? (ii) Is the IT System Risk Management Division aware of risks concerning computer systems developed by user divisions on their own such as an EUC system, and has it assessed the risks? (iii) Is the IT System Risk Management Division aware that expansion of networks and progress in technology have led to a diversification and increase in risks, and has it made a relevant assessment? (iv) Is the IT System Risk Management Division aware of risks involved in transactions conducted over the Internet, and does it understand the scope of the risks and assessed the risks? For example, is the division aware of the risk that problems related to the absence of face-to-face contact, troubleshooting, and involvement of third parties, etc. may arise and has it assessed the risk? (v) Does the IT System Risk Management Division identify IT system risks when handling New Products etc., introducing new IT systems, or starting business at overseas locations and subsidiaries?20 (2) Monitoring of Status of IT System Risks (i) Does the IT System Risk Management Division conduct monitoring with regard to the status of IT system risks of the insurance company with an appropriate frequency in

19 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4). 20 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4).

283 accordance with the IT System Risk Management Policy and the IT System Risk Management Rules, etc.? (ii) Does the IT System Risk Management Division, in accordance with the IT System Risk Management Policy and the IT System Risk Management Rules, etc., provide information necessary for the Board of Directors or organization equivalent to the Board of Directors to make appropriate assessments and decisions with regard to the status of IT system risks in a regular and timely manner or on an as needed basis? (3) Control (i) Does the IT System Risk Management Division report information which enables the Board of Directors or organization equivalent to the Board of Directors to take decisions on countermeasures for important IT system risks? (ii) When the IT System Risk Management Division executes a countermeasure to reduce an IT system risk, is it careful about generating new risks? (4) Review and Revision Does the IT System Risk Management Division, in accordance with the IT System Risk Management Policy and the IT System Risk Management Rules, etc., regularly review whether the IT system risk management method is suited to the scales and natures of the insurance company’s business, and its risk profile, and revise the method?

  1. Liquidity Risk Management Division
  1. Roles and Responsibilities of Manager of Liquidity Risk Management Division and Manager of Cash Flow Management Division (1) Development of Liquidity Risk Management Rules Has the Manager of the Liquidity Risk Management Division, in accordance with the Liquidity Risk Management Policy, decided the methods to assess, identify and monitor risks, and developed Liquidity Risk Management Rules (consistent with the comprehensive risk management system) that clearly define the arrangements on risk control, based on a full understanding of the locations, types and nature of the liquidity risks and management techniques? Does the Board of Directors or organization equivalent to the Board of Directors approve the Liquidity Risk Management Rules, and are they made known throughout the organization? (2) Content of Liquidity Risk Management Rules Do the Liquidity Risk Management Rules exhaustively cover the arrangements necessary for liquidity risk management, and specify the arrangements appropriately in a manner befitting the sizes and natures of the business and its risk profile? Are the rules appropriate? For example, do they clearly write arrangements for the following items?
  • Roles, responsibilities and organization of the Liquidity Risk Management Division

284

  • Identification of factors which affect Liquidity Risks, and reporting standards when causes arise
  • Liquidity Risk analysis and assessment methods
  • Liquidity Risk monitoring methods
  • Settings of Liquidity Risk limits
  • Comprehensive management of assets and liabilities
  • Cooperation with Comprehensive Risk Management Division
  • Cash flow tightness classification and judgment criteria (for example, normal time, concern time, crisis time, huge disaster time)
  • For cash flow tightness classification: management techniques, reporting methods, approval methods, and countermeasures
  • Countermeasures in entire insurance company when liquidity crisis occurs
  • System for reporting to Board of Directors or organization equivalent to the Board of Directors (3) Creation of Liquidity Crisis Contingency Plan Does the Liquidity Risk Management Division create a contingency plan in accordance with Liquidity Risk Management Policy and Liquidity Risk Management Rules? Does this contingency plan clearly establish a definition of liquidity crisis, communication and reporting framework during liquidity crises (framework for direct reporting to representative director, etc.), response methods (ensuring procurement means), approval authority, line of command, etc.? Is the company informed about the liquidity crisis contingency plan, after receiving approval by the Board of Directors or organization equivalent to the Board of Directors? (4) Development of Organizational Framework by Manager of Liquidity Risk Management Division and Manager of Cash Flow Management Division (i) Does the Manager of the Liquidity Risk Management Division, in accordance with the Administrative Risk Management Policy and the Administrative Risk Management Rules, provide for measures to have the Liquidity Risk Management Division exercise a check￾and-balance system in order to conduct liquidity risk management system appropriately? (ii) Does the Manager of the Liquidity Risk Management Division provide a system for reporting to the Comprehensive Risk Management Division, if system weak points or problems etc. are found which affect comprehensive risk management? (iii) Does the Manager of the Liquidity Risk Management Division provide a system in which if a request is received from the Comprehensive Risk Management Division about New Products etc., the inherent administrative risks are identified in advance, and reported to the Comprehensive Risk Management Division, based on New Products Management Policy?21

21 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4).

285 (iv) Do the Manager of the Liquidity Risk Management Division and the Manager of Cash Flow Management Division provide a system to identify information which should be obtained, from the viewpoint of appropriate liquidity risk management which suits the risk profile? (For example, large transaction trends). Are reports on this obtained from divisions which have that information, periodically or as needed? (v) Do the Manager of the Liquidity Risk Management Division and the Manager of Cash Flow Management Division provide a highly reliable liquidity risk management IT system which suits the size and characteristics of operations and the risk profile? (vi) Do the Manager of the Liquidity Risk Management Division and the Manager of Cash Flow Management Division ensure the system of training and education to enhance the ability of employees to conduct liquidity risk management in an effective manner, thus developing human resources with relevant expertise? (vii) Do the Manager of the Liquidity Risk Management Division and the Manager of Cash Flow Management Division provide a system to ensure that matters specified by the Board of Directors or organization equivalent to the Board of Directors are reported to the Board of Directors or organization equivalent to the Board of Directors, in a regular and timely manner or on an as needed basis? In particular, do these Managers provide a system to ensure that matters that would seriously affect corporate management are reported to the Board of Directors or organization equivalent to the Board of Directors without delay? (5) Revision of Liquidity Risk Management Rules and Organizational Frameworks Does the Manager of the Liquidity Risk Management Division conduct monitoring on an ongoing basis with regard to the status of the execution of operations at the Liquidity Risk Management Division and Cash Flow Management Division? Does the Manager review the effectiveness of the liquidity risk management system in a regular and timely manner or on an as needed basis, and, as necessary, revise the Liquidity Risk Management Rules and the relevant organizational frameworks or present the Board of Directors or organization equivalent to the Board of Directors with proposals for improvement?

  1. Roles and Responsibilities of Liquidity Risk Management Division (1) Identification and Assessment of Liquidity Risks (i) Identification of Factors which Affect Liquidity Risks a. Does the Liquidity Risk Management Division identify internally generated causes and externally generated causes which affect liquidity risks? Also, does it understand that credit risk, market risk, Operational Risk, etc. affect liquidity risk? Does it identify causes which affect liquidity risks, for example large fund movements, worse business results situation, large market drop, or clerical processing system failure? b. When handling New Products etc., introducing new IT systems, or starting business at

286 overseas locations and subsidiaries, does the Liquidity Risk Management Division understand the locations and effects of liquidity risks in advance?22 (ii) Comprehensive Management of Liquidity Risks Does the Liquidity Risk Management Division comprehensively manage each liquidity risk, not only managing liquidity risks by each currency? Does it also understand the cash flow status of important ground companies which affect that insurance company’s liquidity risks? (iii) Management of Reinsurance Ceding Contracts In managing Cash Flow Risk, does the Liquidity Risk Management Division fully consider that depending on the financial conditions of reinsurers, there are risks that it will not receive ceded reinsurance payouts? (iv) Assessment of Liquidity Risks a. Does the Liquidity Risk Management Division appropriately analyze and assess liquidity risks in a way that suits the size and characteristics of operations, and the risk profile? For example, does it assess the situation of liquidity risks by obtaining information on and analyzing the following situations?

  • Characteristics of each country’s currency handled domestically and overseas
  • Market liquidity situation of each financial instrument (market size, transaction volume, etc.)
  • Cash flow situation overall and by each currency
  • Actual and planned insurance premium revenues and insurance payout expenditures
  • Composition and balance of held assets, by currency, instrument and period
  • Balance of liquid assets
  • Market fundraising conditions and fundraising possibilities
  • Balance of contracted credit reception lines and credit provision lines b. Does the Liquidity Risk Management Division consider the situation of equity and comprehensive management of assets and liabilities, then use multiple scenarios which consider both internally generated causes and externally generated causes, to analyze and assess liquidity risks? (v) Decisions on Cash Flow Tightness Classification Does the Liquidity Risk Management Division cooperate with the Cash Flow Management Division, and collect and analyze information on the internal environment such as that insurance company’s risk profile, and on the external environment such as the economy and markets, etc.? Does that insurance company appropriately classify cash flow tightness for the conditions? (2) Monitoring

22 See “Checklist for Business Management (Governance) (for Basic Elements),” Chapter I. 3. (4).

287 (i) Liquidity Risk Monitoring Does the Liquidity Risk Management Division collect and analyze information on the internal environment such as reports from the Cash Flow Management Division and information on that insurance company’s risk profile, and on the external environment such as the economy and markets, etc., based on Liquidity Risk Management Policy and Liquidity Risk Management Rules? Does it continually monitor these trends? Also is the monitored information effective for liquidity risk management? (ii) Monitoring Status of Compliance with Limits When the Liquidity Risk Management Division sets limits, does it appropriately monitor the status of compliance and use of these limits? (iii) Monitoring the Appropriateness of Decision Standards for Cash Flow Tightness Classification Does the Liquidity Risk Management Division monitor the status of various indices which are decision standards for cash flow tightness classification, and the appropriateness of decision standards? (iv) Reporting to Board of Directors or organization equivalent to the Board of Directors Does the Liquidity Risk Management Division, in accordance with the Liquidity Risk Management Policy and the Liquidity Risk Management Rules, etc., provide information necessary for the Board of Directors or organization equivalent to the Board of Directors to make appropriate assessments and decisions with regard to the status of liquidity risks in a regular and timely manner or on an as needed basis? For example, does it report on the following matters?

  • Factors which have large effects on liquidity
  • Situation of external environment, such as the economy and markets
  • Status of cash flow tightness
  • Level and trend of liquidity risks
  • Status of compliance with and use of limits (v) Feedback to Cash Flow Management Division and Asset Investment Division Does the Liquidity Risk Management Division give feedback to the Cash Flow Management Division and Asset Investment Division, with results of analysis, assessment and investigation of the situation of liquidity risks? (3) Control (i) Response when Limits are Exceeded If the Liquidity Risk Management Division sets limits, then when those limits are exceeded, does it quickly report to the Board of Directors or organization equivalent to the Board of Directors, to provide information which enables it to create countermeasures? (ii) Response when Cash Flow Tightness Changes

288 When current cash flow tightness classification changes or when there is risk of it changing, does the Liquidity Risk Management Division quickly report to the Board of Directors or organization equivalent to the Board of Directors, to provide information on the cash flow tightness conditions and forecast, which enables it to create countermeasures? (iii) Ensuring Fundraising Means During Liquidity Crises Does the Liquidity Risk Management Division constantly know the balance of domestic and foreign immediately salable assets (Japanese government bonds, etc.) held, and when funds can be raised and the amount of money that can be raised? Does the Cash Flow Management Division ensure means of fundraising in preparation for a crisis, such as by establishing borrowing lines which enable fundraising from market financial institutions? (4) Verification and Revision (i) Verification of Validity of Identification of Factors which Affect Liquidity Risks, and Revision of Reporting Standards when Factors Arise Does the Liquidity Risk Management Division verify the validity of identification of internally generated and externally generated factors which affect liquidity risks, and revise them, periodically or as needed? Also, regarding reporting standards when factors arise, does it verify whether those standards are appropriate, corresponding to the internal environment such as that insurance company’s risk profile, and the external environment such as the economy and markets, periodically or as needed? Does it then revise those standards? (ii) Revision of Liquidity Risk Analysis and Assessment Methods Does the Liquidity Risk Management Division verify whether the liquidity risk analysis and assessment methods suit the size and characteristics of operations as well as its risk profile and the external environment, periodically or as needed? Does it then revise them? In particular, are the assumptions for analysis and assessment continually valid? (iii) Method of Setting Limits, Revision of Levels Does the Liquidity Risk Management Division use multiple stress scenarios to assess the degree of effects, and analyze and assess internally generated factors and externally generated factors which affect liquidity risks, to verify whether the limits it sets as needed and its setting methods and limit levels suit the size and characteristics of operations, its risk profile, financial conditions and fundraising ability, periodically or as needed? If found that they must be revised, is information quickly reported to Board of Directors or organization equivalent to the Board of Directors, enabling it to appropriately assess and take decisions? (iv) Revision of Cash Flow Tightness Classification, and Decision Standards Does the Liquidity Risk Management Division use multiple stress scenarios from the following viewpoints to assess the degree of effects, and check the effectiveness of countermeasures. Does it thereby verify whether there it has appropriate cash flow tightness

289 classifications, decision standards, management techniques, reporting methods, approval methods, etc., periodically or as needed? Does it then revise them?

  • Are cash flow tightness classifications appropriate, considering specific tightness status and countermeasures for cash flow tightness (for example, normal time, concern time, crisis time, etc.)?
  • To enable timely and appropriate countermeasures, are cash flow tightness classification decision standards as specific and easily recognized as possible? For example, does it establish multiple decision standards such as liquid assets (including effective fundraising means), ratings by credit rating agencies, and the insurance company’s stock price and corporate bond spreads, to enable timely and appropriate recognition of the status of cash flow tightness?
  • Are there effective management techniques, reporting methods, approval methods, etc., corresponding to cash flow tightness, which broadly consider countermeasures for both assets and liabilities? (v) Revision of Crisis Contingency Plan Does the Liquidity Risk Management Division have the Cash Flow Management Division and Marketing and Sales Division run hypothetical training, to periodically check the effectiveness of the liquidity crisis contingency plan? If found that changes in conditions make it necessary to revise that contingency plan, is that contingency plan revised without delay, after receiving approval by the Board of Directors or organization equivalent to the Board of Directors (Board of Directors for important revisions)?
  1. Roles and Responsibilities of Cash Flow Management Division (i) Appropriate Cash Flow Operations and Management Does it collect and analyze information on the internal environment such as that insurance company’s risk profile, and the external environment such as the economy and markets, and appropriately manage cash flow, based on Liquidity Risk Management Policy and Liquidity Risk Management Rules, etc.? In performing such management, does it assess liquidity from the aspects of both assets and liabilities, and understand the status of ensuring liquidity, such as timing and amount possible to prepare for payment of insurance benefits? (2) Creation of Cash Flow Table Does the Cash Flow Management Division create a daily cash flow table, and weekly, monthly and quarterly basis cash flow forecasts, for each currency? (3) Understanding the Effects on Cash Flow Does the Cash Flow Management Division work for early understanding of effects on cash flow, by managing the following?
  • Concentration of insurance premiums and insurance benefits

290

  • Market fundraising
  • Composition of assets held, by currency, by instrument and by period
  • Planned and actual new insurance policies and cancellations
  • Balance of contracted credit reception line, credit provision lines
  • Cash on hand (including ATMs)
  • Cash flow of each country’s currency
  • Cash flow, also considering flows between different currencies
  • etc. (4) Understanding of Planned Investment Amounts Based on reports from each division, does the Cash Flow Management Division understand the planned investment amounts (planned amounts of securities, loans, etc.), possible fundraising amounts (amounts which can be raised in the interbank market, open market, etc.)? In order to accurately understand planned investment amounts and possible fundraising amounts, does it receive timely reports and information from the Insurance Underwriting Division, etc.? In understanding the planned investment amounts and possible fundraising amounts, does it consider the following matters?
  • Actual and planned insurance premium revenues and insurance payout expenditures
  • Liquid assets
  • Off balance sheet transactions
  • Commitment lines
  • Overdraft contracts
  • Understanding of investment periods corresponding to the actual status (for example, investments which are formally short term, but are actually long term investments)
  • Cash flow tightness (for example, normal time, concern time, crisis time, etc.) (5) Liquidity Crisis Management Does the Cash Flow Management Division constantly take appropriate actions based on the trading environment, to enable fundraising which smoothly turns assets into cash during a liquidity crisis, such as by disposal of securities? (6) Control of Liquidity Risks (i) Does the Cash Flow Management Division control Liquidity Risk, based on Liquidity Risk Management Policy and Liquidity Risk Management Rules, etc.? (ii) When it sets limits, does the Cash Flow Management Division manage in compliance with those limits? (7) Ensuring Fundraising Means During a Liquidity Crisis Does the Cash Flow Management Division constantly know the balance of domestic and foreign immediately salable assets (Japanese government bonds, etc.) held, and when funds can be raised and the amount of money that can be raised? Does the Cash Flow Management

291 Division ensure means of fundraising in preparation for a crisis, such as by establishing borrowing lines which enable fundraising from market financial institutions? (8) Reporting to Liquidity Risk Management Division Does the Cash Flow Management Division collect and analyze information on the internal environment such as that insurance company’s risk profile, and the external environment such as the economy and markets? Does it report to the Liquidity Risk Management Division regarding the results and about the cash flow situation and forecast, periodically or depending on the tightness status? (9) Reporting to Board of Directors or organization equivalent to the Board of Directors Does the Cash Flow Management Division provide reports on the cash flow status and forecasts to the representative director and director in charge, periodically or depending on the tightness status? Does it also report to the Board of Directors or organization equivalent to the Board of Directors, periodically or as needed? Moreover, does the Board of Directors or organization equivalent to the Board of Directors verify that the content of reports received are in compliance with Liquidity Risk Management Policy?

292 III. Specific Issues Checkpoints

  • This chapter lists the check items to be used when the inspector reviews specific issues particular to the actual management status of Operational Risk, etc.
  • If any problem is recognized as a result of reviews conducted with the use of the check items listed in Chapter III., it is necessary to exhaustively examine which of the elements listed in Chapter I. and II. are absent or insufficient, thus causing the said problem, and review findings thereof through dialogue between the inspector and the insurance company.
  • If the company’s management fails to recognize problems recognized by the inspector, it is also necessary to strictly explore in particular the possibility that the systems and processes listed in Chapter I. are not functioning appropriately and review findings thereof through dialogue.
  • The inspector should review the status of improvements with regard to the issues pointed out on the occasion of the last inspection that are not minor and determine whether or not effective improvement measures have been developed and implemented.
  • As needed, the inspector refers to the Administrative Risk Management System and Information Technology Risk Management System, etc., and checks whether the Operational Risk, etc. Management system is functioning effectively, and whether the roles and responsibilities of the company’s management are being appropriately performed.
  1. Administrative Risk Management System
  1. Clerical Process System at Operational Divisions and Business Locations, etc. (1) Roles of Operational Division and Business Location Managers Do the Managers of operational divisions and business location, etc. (i) maintain a constant grasp of administrative risks related to clerical processes? (ii) check the status of clerical processes and compliance with the clerical rules and items involving various risks? (iii) endeavor to prevent situations in which persons in charge of examining clerical processes and giving approval thereof fail to perform their proper functions because of excessive workloads? (iv) have a grasp on problems related to clerical processes at the operational divisions or business locations of which they are in charge and make improvements? (v) strictly handle exceptional cases in particular? (vi) handle cases not covered by the clerical rules in a responsible manner in coordination with the Clerical Supervisory Division and the relevant operational divisions? (vii) cooperate with the Insurance Sales Management Division, and provide appropriate instructions and supervision so insurance sales representatives do not do prohibited acts?

293 (2) Strict Clerical Management (i) Are clerical processes conducted strictly? (ii) Is it ensured that examination and approval procedures are implemented strictly, rather than conducted formally or perfunctorily? (iii) When accidents or inappropriate incidents involving cash or agencies (consumption or misuse) occur, are they immediately communicated to the Managers of the Operational Division or business location and also reported to the Clerical Supervisory Division and the Internal Audit Division, etc.? (iv) Especially for the handling of insurance contract applications and first insurance premium payment receipts, are there strict checks according to clerical rules? (v) Are exceptional cases always processed upon approval from the Operational Division Managers, business location Managers or Managers in charge of relevant business, etc.? (vi) When operational divisions or business locations handle cases not covered by the clerical rules, are such cases always processed based on the instructions from the operational division or business location Manager in coordination with the Clerical Supervisory Division and other relevant operational divisions? (3) Appropriateness of Self-Inspection (i) Are effective self-inspections conducted in a regular and timely manner or on an as needed basis by operational divisions, business locations, etc., and insurance sales representatives, in cooperation with the Insurance Sales Management Division and other risk management divisions, etc., in accordance with the standards and guidelines for implementing such inspections in order to prevent accidents, inappropriate incidents and violation of Laws and avoid the spread of damage to customers? (ii) Are the results of self-inspection reported in a regular and timely manner or on an as needed basis by the relevant operational divisions, business locations, etc., and insurance sales representatives to the Clerical Supervisory Division and the Internal Audit Division? (iii) Are the results of self-inspection utilized to improve clerical work at operational divisions and business locations? 2. Information Technology Risk Management System

  1. Information Security Management (1) Roles and Responsibilities of Security Manager, etc. (i) Roles and Responsibilities of Security Manager a. Does the security Manager oversee security related to all the following areas: system planning, development, operation and maintenance? b. Does the security Manager report security problems related to serious system

294 malfunctioning, accidents and crime, etc. to the IT System Risk Management Division? c. Does the security Manager ensure security with regard to the following items, for example? (a) Physical security

  • Measures to prevent physical intrusion and crime prevention equipment
  • Enhancement of computer operation environment
  • System for maintenance and inspection of equipment, etc. (b) Logical security
  • The check-and-balance between the divisions involved in system development and operation and within each division
  • System for development management
  • Measures to prevent electronic intrusion
  • Program management
  • Response to system problems
  • Assessment and management of outside software packages at the time of introduction
  • Operational security management, etc. d. Does the security Manager supervise security matters related to system, data and network management? (ii) Roles and Responsibilities of System Manager a. Does the system Manager regularly inspect computer system assets and make appropriate adjustments by procuring new assets and disposing of unnecessary ones? b. Does the system Manager conduct appropriate and sufficient management with regard to all facilities and equipment installed at operational divisions, business locations, etc. and computer centers? c. Does the system Manager conduct appropriate and sufficient management with regard to computers used outside the premises of the company? (iii) Roles and Responsibilities of Data Manager a. Does the data Manager ensure safe and smooth management of data by specifying procedures for data management and approval of data use, etc. as part of the internal rules and operational procedures and the like and fully disseminating them to relevant parties? b. Does the data Manager conduct appropriate and sufficient management to ensure protection of data and prevention of unauthorized use of data? (iv) Roles and Responsibilities of Network Manager a. Does the network Manager ensure appropriate, efficient and safe network operation by specifying procedures for network management and approval of network use, etc. as part of the internal rules and operational procedures and the like and fully disseminating them to relevant parties? b. Does the network Manager have in place measures to provide a backup in the event of a

295 network breakdown? (2) Prevention of Unauthorized Use (i) Does the insurance company have in place a system to verify the authenticity of the user or the computer terminal connected with the computer system in a manner suited to the nature of the relevant business and the connection method in order to prevent unauthorized use? (ii) Does the insurance company regularly obtain records of system operations as evidence for future audits and regularly check them in order to keep surveillance on the status of unauthorized access? (iii) Does the insurance company specify the methods of establishing and managing the rights to the use of computer terminals and access to data and files in light of the level of importance thereof? (iv) For IT systems used by sales agencies, is access authority properly deleted to disable access after business is halted? (3) Computer Viruses, etc. Does the insurance company provide for a system to prevent the intrusion of computer viruses and other unauthorized programs and promptly detect such an intrusion if any and remove the intruding program?

  • Infection with computer viruses
  • Registry of programs that have not undergone legitimate procedures
  • Intentional alteration of legitimate programs (4) Management of Transactions Conducted over Internet (i) Does the insurance company provide a system to accept Consultations, Complaints, etc. from customers? (ii) Does the insurance company have in place a supplementary system in case a system breakdown or malfunctioning makes appropriate processing impossible? Is the allocation of responsibilities in the event of a system breakdown specified? (iii) Does the insurance company provide countermeasures to prevent misrecognition of the service provider that may arise from Web site links, etc.? (iv) Does the insurance company disclose, on its Web site, for example, information concerning details of its financial conditions and business as well as details of the services provided through transactions conducted over the Internet? (v) Does the insurance company verify the customer identification from the viewpoints of avoiding moral risks, preventing money laundering, etc.? (vi) Does the insurance company provide a system to prevent leakage of customer information and alteration etc. thereof, etc. attempted by intruding outsiders and insiders using unauthorized access? (vii) Does the insurance company, in light of the fact that transactions conducted over the Internet

296 involve no face-to-face contact, store records on transactions with customers for a certain period of time as necessary without alteration or deletion? (viii) Does the insurance company protect customers against unauthorized use by providing the function of allowing them to check the status of their own use. (ix) Does the insurance company seek to prevent phishing in a manner befitting its business, by, for example, providing for measures to allow users to verify the authenticity of the Web site accessed? 2) System Planning, Development and Operation, etc. (1) System of Mutual Check and Balance between System Development and Operation Divisions Does the insurance company have system development and operation divisions established separately with separate responsibilities in order to prevent personal mistakes and malicious acts? In the case where it is difficult to establish clearly separate divisions for system development and operation due to the lack of a sufficient number of staff members, does the insurance company seek to introduce a check-and-balance system by rotating persons in charge of system development and operation regularly, for example? With regard to EUC and other systems for which organizational division of system development and operation is difficult, does the company use the Internal Audit Division, etc. to exercise check and balance? (2) System of System Planning and Development (i) Planning and Development System a. Does the insurance company have in place internal rules and operational procedures with regard to system planning and development with a view to introducing highly reliable and efficient systems? b. Does the insurance company establish a cross-divisional examination organization, such as computerization committees, and conduct deliberations when engaging in system planning and development, for example? c. Does the insurance company have medium and long-term development plans in place? d. Does the Board of Directors receive information concerning deliberations on effects of investment in each system as necessary according to the level of the importance of the relevant system? (The Board of Directors should always receive reports concerning deliberations on effects of investment in the system division as a whole.) e. Does the insurance company have clear rules concerning deliberations and approval with regard to system development projects? f. Is a revision of an actual use system implemented upon approval? g. To prevent computer program errors when developing and changing insurance products, is

297 there a system to work for sufficient cooperation between the user divisions and the IT system division? Especially for verification of IT system functions for calculation results of important matters such as insurance premiums and dividends, is there a system for proactive involvement by the user divisions? (ii) Development Management a. Is the method of documentation and programming related to system development standardized? b. Is a Manager assigned for each development project? Also, is a project plan created (goals, outline, schedule, IT system investment amount, framework, reporting rules, etc.) and are related people informed? c. Does the Board of Directors or organization equivalent to the Board of Directors check the progress status in light of the level of importance and nature of the relevant system? d. Do the IT system division and user divisions cooperate to appropriately manage the status of progress? (iii) Development of Internal Rules and Operational Procedures, etc. a. Has the insurance company developed internal rules and operational procedures, etc. concerning system design, development and operation and does it revise the rules and operational procedures in a manner befitting its actual operating conditions? b. Has the insurance company established standard documentation rules concerning system design plans, and does it compile documents in accordance with the rules? c. Do the computer systems developed leave auditing trails (journals and other records that allow tracing of the processing history) according to the purpose of the use, etc.? d. Are manuals and documents related to development compiled in ways that can be easily understood by third parties with relevant expertise? (iv) Tests, etc. a. Is appropriate and sufficient testing conducted according to testing plans? Also, do test plans set quality control standards, and are test results verified? b. Is a system for testing structured in a way to prevent inadequate tests and reviews that would cause problems with long-lasting effects on customers or serious miscalculations in risk management-related documents and materials that are used for corporate management decision-making? c. Is general testing conducted appropriately, with involvement of user divisions, for example? d. Is acceptance made by executives and employees with sufficient knowledge? Especially for tests concerning important matters such as insurance premiums and dividends, are the user divisions involved, and are test results checked? (v) Decision on System Transition a. Does the insurance company have a Manager assigned with clear responsibility for system

298 transition? b. Does the insurance company develop system transition plans? Has it assigned clear roles and responsibilities to the system development and operation, user divisions, etc.? c. Does the insurance company have criteria for judgments with regard to system transition and make decisions based on them? (vi) Post-System Transition Review a. Does the insurance company conduct a post-system transition review after a certain period from the start of operation? b. Does the insurance company conduct examination and assessment with regard to the fulfillment of the user requirements and the cost-effectiveness in the post-system transition review? c. Are the results of the post-system transition review reflected in future improvement plans for the relevant system? d. Are the results of the post-system transition review reported to the Managers of the system development division and user divisions, etc.? e. Does the insurance company have user divisions conduct sample checks as necessary after news products and arrangements are introduced? (vii) Human Resource Development Does the insurance company provide training in ways to nurture staff adept not only in technology but also in the function skills for which system development is conducted? Does it train staff adept in derivatives, electronic payments, electronic transactions and other areas requiring high degrees of specialization, as well as in new technologies, for example? (3) System of System Operation Framework (i) Clarification of Separation of Responsibilities a. Does the insurance company clearly separate responsibilities for system data reception, operation, operation results verification, and data and program storage? b. Does the insurance company ban system operators from accessing data and programs outside of their areas of responsibility? (ii) System Operation Management a. Are regular operations implemented based on work schedules, instructions, etc.? b. Are operations implemented based on approved work schedules, instructions, etc.? c. Are all operations recorded, and does the Manager of the system operation division check them with the use of prescribed checklists? d. Does the insurance company have important operations conducted by two or more persons? Are operations automated as much as possible? e. Does the insurance company provide arrangements to prepare report outputs and obtain and keep work histories so as to enable the Manager of the system operation division to check

299 the results of operation processes? f. Does the insurance company in principle ban system developers from accessing operations? When a developer must access operations for reasons such as system problems, does the insurance company ensure that the Manager of the relevant operation verifies the identity of the developer and conducts follow-up inspections of the access records? (iii) Actual Use Data Management a. Has the institution specified the policy and procedures concerning the provision of actual use data for use in IT system failure responses and IT system testing? b. Is management of actual use data provided for use in system testing conducted appropriately, in accordance with the policy and procedures specified by the insurance company? c. Are appropriate safety countermeasures taken against threats such as illicit access to actual use data or loss, destruction, falsification, leakage, etc. of actual use data? (iv) System Problem Management a. Does the insurance company provide a system to ensure that system problems are recorded and reported to the IT System Risk Management Division as necessary? Does it also investigate the effects of IT system failures, find the causes, and take actions to prevent reoccurrence? b. Does the insurance company ensure that the IT System Risk Management Division and other relevant divisions promptly work together to resolve major system problems that may seriously affect customers and corporate management and report such problems to the Board of Directors? c. Does the insurance company regularly analyze the details of IT system failures (e.g. trend analysis by recording past occurrences and classifying causes), and take actions to resolve them, thereby working to prevent IT system failures? d. Does the insurance company provide a system to ensure that problems occurring at the outsourcing contractor consigned with system operation are reported to the company? (4) IT System Audit (i) Does the Internal Audit Division independent from the system division regularly conduct a system audit? Is there also a system in place for cooperation as needed between IT system audits and audits other than of the IT system? (ii) Does the Internal Audit Division have staff adept in system-related matters? (iii) Techniques and Content of Audits by Internal Audit Division a. Do audit subjects cover overall operations related to IT system risks? b. Are internal audits done periodically, corresponding to the types and degrees of risks, with understanding of the status of management of risks in the IT system division and divisions which build their own IT systems?

300 c. Are checks done on procedures on use of computer equipment (terminals, ATMs, etc.) and electronic media, etc. at business locations, etc. other than the IT system division, from the viewpoint of IT system risks? d. In doing internal audits, it is desirable to take evidence of IT system operation details, such as by checking the audit trail (records such as journals to enable tracking history of process details). (iv) Is an external audit with regard to IT system risk management conducted by accounting auditors and IT system auditors, etc. as necessary? 3) Crime Prevention, Back-up and Prevention of Unauthorized Use (1) Crime Prevention (i) Does the insurance company have an anti-crime organization and have a Manager with clear responsibility thereof? (ii) Does the insurance company exercise appropriate and sufficient supervision over entry into and exit from work areas, handling of important keys, etc. in order to prevent acts that may threaten the safety of computer systems? (2) Computer Crimes and Accidents Does the insurance company provide a system to ensure that sufficient attention is paid to the risk of computer crimes and accidents (intrusion of unauthorized programs such as viruses, destruction of CDs/ATMs and cash theft therefrom, card fraud, theft of information by outsiders, leakage of information by insiders, hardware problems, software problems, operation errors, transmission line failures, power outages, external computer failures etc.) and that follow-up checks such as inspections are conducted? (3) Disaster Mitigation (i) Does the insurance company have a disaster mitigation organization in place to mitigate damage and help continue business in the event of disaster and have a Manager assigned with clear responsibility thereof? (ii) When there is a disaster-mitigation organization, is it organized along the line of the insurance company’s business and is there a Manager with clear responsibility for all business categories? (iii) Does the insurance company have measures in place to cope with fire, earthquakes, and flooding? (iv) Does the insurance company have prescribed emergency evacuation areas for important data etc.? (4) Back-up (i) Does the insurance company create back-ups to prepare for damage to and failure of important data files and programs and have a management method thereof specified?

301 (ii) Does the insurance company take care to ensure decentralized storage and remote-location storage with regard to the back-ups created? (iii) Does the insurance company have off-site back-up systems with regard to important systems? (iv) Does the insurance company document its back-up cycle? (v) Are steps arranged for using backup data to recover data? (5) Development of Contingency Plan (i) Does the insurance company have contingency plans in place to prepare for malfunctioning of computers systems due to disaster and other events? (ii) Does the insurance company seek approval of the Board of Directors when it develops contingency plans or conduct important revisions of the plans? (Does it seek the approval of the Board of Directors or organization equivalent to the Board of Directors for other, less important revisions?) (iii) Does the insurance company refer to the “Manual for the Development of Contingency Plans in Financial Institutions” (edited by The Center for Financial Industry Information Systems) when developing contingency plans? (iv) When developing contingency plans, does the insurance company assume emergencies arising not only from disasters but also from other factors within and outside the insurance company ? (v) When developing contingency plans, does the insurance company analyze possible effects on the settlement systems and possible damage to customers? (iv) Does the insurance company regularly conduct practices based on contingency plans? Are such practices conducted on a company-wide basis and, as necessary, with the involvement of outsourcing contractors, etc.? 4) Outsourcing Management23 (1) Management of Outsourced Operations (i) Planning and Execution of Outsourced Operations In planning and executing IT system related outsourcing operations, does the insurance company identify IT system risks inherent in those outsourced operations, is it aware of issues such as service quality and management of risks such as certainty of continuity, and does it determine the scope of outsourcing and establish specific risk management actions? (ii) Selection of Outsourcing Contractors a. In selecting outsourcing contractors, are criteria established for selecting outsourcing

23 There are diverse forms of outsourcing and outsourced operations. For these items, one must verify while considering the content of outsourced operations and their importance in the insurance company, etc.

302 contractors? For example, from the viewpoint of IT system risk management, are the following points assessed?

  • Can a sufficient level of service provision be received from the viewpoint of effectiveness for the insurance company? For example, credibility of past outsourcing experience, technical level of outsourcing operations, and executing framework.
  • Does it have the financial and business strength to enable service provision in accordance with the outsourcing contract, and which can bear losses?
  • Are there problems from the viewpoint of the insurance company’s reputation? b. Are there periodic assessments of the outsourced operations and the contractor? Depending on the content of outsourced operations, it is desirable that the outsourced operations are assessed by a third party institution. (iii) Content of Outsourcing Contract a. Under the contract, etc., is a system built which enables sufficient risk management for outsourced operations (system to recognize and assess risks, problem correction, etc.)? b. Is a duty of confidentiality contract signed with the outsourcing contractor? c. If the outsourcing contractor subcontracts, are there provisions in the outsourcing contract with the outsourcing contractor which stipulate obligations and responsibilities under the contract for the subcontractor? (iv) Monitoring of Outsourcing Contractor a. Are managers assigned who appropriately manage outsourced IT systems and operations? Do they manage and verify the status of compliance with rules based on the outsourcing contract, and the execution status of the outsourced operations? b. Is the IT system and data access authority granted to the outsourcing contractor’s employees limited to the minimum scope required for them to executed the outsourced operations? (v) Correction of Problems Is the outsourcing contractor informed about problems found, and are the problems quickly corrected? (2) Verification at System-Related Outsourcing Contractor (i) Is the outsourcing contractor aware of IT system risk with regard to the system in its entirety for which it has begun operations and does it assess the risk? (ii) Does the outsourcing contractor regularly subject the operations to audits by way of outsourcing insurance company or external audits? In the case of an external audit, does the outsourcing contractor report the results of the audit to the outsourcing insurance company? (iii) Does the outsourcing contractor meet the security level required by the insurance company, etc. and is there a prior agreement on the details thereof between the outsourcing contractor and the insurance company, etc.?

303 (iv) Is it ensured that user review or testing by the insurance company, etc. are conducted at the planning, design/development and testing stages? (v) Is it ensured that objective assessment is conducted the Quality Control Division, etc. with regard to the status of compliance with standard development rules and the status of quality control? (vi) With regard to the status of system operation, have matters to be reported to the insurance company, etc. been specified, and does the outsourcing contractor report regularly? (vii) Are there a prescribed system and procedures for the outsourcing contractor to report system problems? (viii) When the outsourcing contractor undertakes business with two or more insurance companies, does it provide a system to make judgments with regard to the effects of a problem in a system for one of the company in regards to the business of others and take appropriate measures? 5) Risk Management System Concerning System Integration Verification with regard to risk management related to system integration should be conducted based on “Checklist for System Integration Risk Management (Approval No. 567 dated Dec. 26, 2002). 3. Liquidity Risk Management System

  1. Roles and Responsibilities of the Asset Investment Division and Insurance Underwriting Division If causes arise which affect liquidity risks and which meet reporting standards, do the asset Investment division and Insurance Underwriting Division, etc. quickly report to the Liquidity Risk Management Division and the Cash Flow Management Division?
  2. Market Liquidity Risk Management (1) Appropriate Understanding of Market Liquidity Does the Liquidity Risk Management Division correctly understand the status of market liquidity? Also, as needed, does it report on market liquidity to the representative director and the Board of Directors or organization equivalent to the Board of Directors? (2) Setting of Limits and Execution of Revisions Depending on the market situation, considering the possibility that it cannot trade at the current price planned in the market or cannot trade at the volume planned, does the Liquidity Risk Management Division consider market liquidity conditions, appropriately obtain approval by the Board of Directors or organization equivalent to the Board of Directors (in an

304 emergency, director in charge decides, which is later reported to and verified by the Board of Directors or organization equivalent to the Board of Directors), and set limits as needed? Also, are limits revised periodically (at least once each six months) and when conditions require it, due to changes in investment instruments or in the market environment, etc.? (3) Investment with Consideration of Market Liquidity Risk Does the asset investment division invest while considering the market size, transaction volume and liquidity of each instrument? Also, is it aware that the sale of a large volume of instruments at one time can itself create Market Liquidity Risks, and does it manage with consideration of such effects? (4) Execution of Monitoring Does the Liquidity Risk Management Division understand the daily position status of each product, and monitor changes in market size and credit status? (5) Execution of Reporting Does the Liquidity Risk Management Division correctly report the understood status of positions to the director in charge (as needed, to the representative director and Board of Directors) based on rules? Also, if there is possibility that trading in instruments will itself create liquidity risks, if limits are exceeded, or if during a concern time or crisis time, are the greatest efforts made to frequently report to the representative director or Board of Directors, and take appropriate countermeasures? 4. Other Operational Risks Management System

  1. Roles and Responsibilities of Major Divisions Responsible for Managing Other Operational Risks (1) Legal Risk Management Division With regard to legal risks as defined by the insurance company, such as loss and damage arising from failure to perform duties owed to customers due to negligence and inappropriate business market practices (including fines imposed as a regulatory measure or in relation to dispute settlement, penalties for breach of contract and damages), is a division in charge of legal risk management aware of risks faced by the insurance company and does it appropriately conduct management thereof? For example, with regard to items listed in the “Checklist for Legal Compliance” and the “Checklist for Customer Protection Management” does the Legal Risk Management Division recognize risks that constitute legal risks as defined by the insurance company as such and appropriately conduct management thereof? (2) Human Risk Management Division With regard to human risks as defined by the insurance company such as loss and damage arising from complaints/unfair treatment (issues related to pay, allowances dismissal, etc.), discriminatory practices (sexual harassment and the like), is a division in charge of human risk

305 management aware of risks faced by it and does it conduct appropriate management thereof? As a way to ensure appropriate risk management, does the insurance company provide training and education so as to enhance the ability of operational divisions and business locations, etc. to manage such risks, for example? (3) Tangible Asset Risk Management Division With regard to tangible asset risks as defined by the insurance company such as destruction of and damage to tangible assets arising from disasters and other events, is a division in charge of tangible risk management aware of risks faced by the insurance company and does it conduct appropriate management thereof? (4) Reputational Risk Management Division With regard to reputational risks as defined by the insurance company such as loss and damage arising from deterioration in the company’s reputation and circulation of unfounded rumors, is a division in charge of reputational risk management aware of risks faced by the company and does it conduct appropriate management thereof? It is desirable that the insurance company investigates methods of responding when unfounded rumors arise about other insurance companies or related businesses, etc. As a way to ensure appropriate risk management, does the division take the following measures, for example?

  • Has the Reputational Risk Management Division specified how operational divisions and business locations, etc. are to respond to circulation of unfounded rumors? Especially for response when unfounded rumors lead to cancellations of insurance policies, are rules established on initial responses, such as understanding the status of the Marketing and Sales Division of branches, etc., on customer handling, explanations outside the company, etc.?
  • Does the Reputational Risk Management Division regularly check whether there are unfounded rumors circulating in each media category (e.g. the Internet, speculative news reports, etc.)?
  • Also, is there a framework for quickly communicating to the Financial Services Agency sections and offices, cooperating businesses, security companies, etc.?
  1. Situation of Development and Establishment of Crisis Management System (1) Actions in Normal Times (i) In normal times, is there work on initiatives for prevention, such as periodic inspection and training to be aware of what a crisis is, and to avoid them as much as possible (take actions to prepare for unavoidable crises)? (ii) Is a crisis management manual prepared? Also, is the crisis management manual unceasingly revised, corresponding to the actual state of operations itself and risk management situation? In preparing the crisis management manual, it is desirable that it be

306 designed based on judgments of objective levels. Reference: Examples of Assumed Crises a. Natural disaster (earthquake, wind or water damage, unusual weather, infections disease, etc.) b. Terrorism, war (including if occur in a foreign country) c. Accident (large electrical blackout, computer failure, etc.) d. Unfounded rumors (word of mouth, Internet, email, etc.) e. Crime against the company (threats, intervention of antisocial forces, data theft, etc.) f. Business trouble (handling of Consultations and Complaints, data entry errors, etc.) g. Personnel troubles (internal disputes, sexual harassment, etc.) h. Labor troubles (internal complaints, death from overwork, human resources outflow, etc.) (iii) Does the crisis management manual include the importance of initial responses, such as the importance of accurate understanding of the situation and objective status judgment, and the importance of information delivery in the initial stage when a crisis occurs? (iv) Is there a clear chain of command during crises, and a framework for communication within the organization and to related people (including related government authorities) during crises? It is desirable that the framework prepared for crises is planned for each division and each business location such as branches, under a countermeasures headquarters which supervises the entire organization, corresponding to the level and type of crisis. (v) Does the business continuity plan include work for early recovery, even in an event such as a large scale disaster, epidemic or terrorist act? Is continuity of minimum required operations for protecting insurance policyholders possible? In such a case, is a framework in place to respond in cooperation with industry organizations which that insurance company belongs to (The Life Insurance Association of Japan, The General Insurance Association of Japan, Foreign Non-Life Insurance Association of Japan, Inc.) and other insurance companies? Also, corresponding the actual state of operations, is there a plan to respond to the halt of operations which have international aspects? For example, does the plan have appropriate content which clearly specifies the following matters?

  • To prepare against disasters, are safety countermeasures taken for computer systems, customer data, etc. (computerization of paper information, backup of data files and programs, etc.)?
  • Do these backup frameworks avoid geographical concentration?
  • For important operations from the viewpoint of protecting insurance policyholders, such as appropriate payment of insurance benefits based on insurance contracts, are preparations arranged for handling by temporary means (manual work based on backup data, etc.)?
  • When creating the business continuity plan and making important revisions, is approval

307 by the Board of Directors obtained? Also, is the business continuity framework verified by independent bodies such as an internal audit and external audit? (vi) During a crisis such as a large scale natural disaster, is there clear positioning of functions to continue and recover insurance benefit payment operations? In normal times, is a system prepared to work for continuing and recovering payment operations when a disaster strikes? Also, is a system in place for expedient means for payment of insurance benefits to insurance policyholders (see Supervisory Guidelines “III-1-6 in Financial Measures in Disasters”)? (vii) Is there work on detailed information delivery and information collection in normal times? Also, when a disaster strikes, are the information delivery framework and collection framework sufficient, corresponding to the level and type of crisis? (2) Response During Crisis When a crisis situation occurs or when its possibility is recognized, is the crisis response (status of crisis management framework preparation, status of communication to related people, information delivery status, etc.) sufficient for the level and type of crisis? (3) Response After Situation Stabilizes After the crisis situation stabilizes, are the causes of its occurrence analyzed, and is there work to prevent reoccurrence?

308 (Appendix) Checklist for Field Inspections

(1) This checklist presents sample reference points for inspectors to use in conducting field inspections of business bases, etc., of insurance companies, life insurance sales representatives, and nonlife insurance agencies. It shall be noted that when using this checklist, the purpose of the inspector shall be not merely to point out simple, minor deficiencies or administrative errors, but rather to confirm whether a proper compliance system, insurance sales management system, and customer protection management system, etc., have been established. (2) In conducting an inspection, it shall be noted that it is primarily the responsibility of the internal audit division of the insurance company to actually verify the administrative management system. Therefore, a field inspection does not need to cover all the items illustrated herein, as long as the inspector can verify that the respective divisions, including the internal audit division, are functioning effectively; if, on the other hand, the respective divisions are found not to be functioning effectively, a more in-depth audit must be conducted. (3) It shall be noted that the items on this checklist are for illustrative purposes only, and any matters that are not set forth herein may also be subject to a field inspection.

  1. Common Items
  1. Appropriateness of Insurance Sales (1) Are prohibited activities conducted as set forth in each item of Article 300, Paragraph 1 of the Law, or the “significantly inappropriate activities concerning insurance sales” stipulated in Article 307, Paragraph 1, Item 3 of the Law? Particularly, it shall be noted that the following activities are highly likely to meet the definition of inappropriate activities: a. Embezzlement or misappropriation of insurance premiums b. Improper use of seals c. Sales activities without interviews (with the exception of sales of policies that do not require face-to-face interviews) d. Falsified contracts (fictitious contracts), contracts under assumed names, contracts without consent e. Falsified reporting of sales performance (sales performance manipulation) and illegal fabrication of work records (2) Are the contents of insurance contracts and risks involved, etc., appropriately and sufficiently explained to customers, considering the customer’s needs, knowledge, experience and asset situation? Are appropriate and sufficient explanations provided to

309 customers when selling variable insurance and foreign currency-denominated insurance or other insurance products for which the risk is borne by customers, in accordance with laws and regulations such as the Financial Instruments and Exchange Act which the Insurance Business Act applies mutatis mutandis to specified insurance contracts? Are confirmations made, without fail, that customers have received such explanations? (3) Are important matters relating to the content of insurance contracts explained in an appropriate manner, for example, by certainly delivering a document describing such matters to customers at an appropriate time? (4) When selling insurance policies with premiums calculated using expected surrender ratios and for which no surrender values are paid, is a document certainly delivered at an appropriate time to customers, describing that surrender value will not be paid? (5) Are documents certainly delivered to customers at an appropriate time, including leaflets concerning contracts or covenants, etc. corresponding to the insurance product, etc., which will facilitate the understanding of the content of contracts? (6) When describing insurance contracts, are measures taken so that customers fully understand the content thereof? Are such descriptions provided in accordance with the nature of products? (7) When comparisons with other products are performed, are they described in an appropriate and accurate manner? (8) If there are displays about forecast dividends, do they not lead to customers misunderstanding that dividend amounts are certain? (9) In connection with participation in the Insurance Policyholders Protection Corporation of Japan, is the explanation given that is required under Article 53, Paragraph 1, Item 8 of the Enforcement Regulations? Is it explained that financial assistance from the said Corporation is provided under certain conditions and within a certain limit, and that insurance policies are not completely protected? (10) Is the cooling-off system thoroughly indicated to customers and administered in an appropriate manner? 2) Appropriate management of sales-related administrative affairs (1) Is guidance and management of insurance sales representatives provided in an appropriate manner? Specifically, does the insurance company guide and manage nonlife insurance agencies so that they will maintain records, etc., which clearly distinguish received

310 insurance premiums from their own assets and clarify cash receipts and disbursements, remit received insurance premiums to the insurance company without delay, or otherwise deposit them in separate bank accounts or postal savings accounts, which shall be settled at the latest by the month following the month in which the insurance company records insurance policies? (2) Does the insurance company perform internal audits appropriately with sufficient frequency? (3) Does the insurance company properly manage the money appropriated for the initial payment of insurance premiums throughout the process, including issuance of a receipt, collection, and custody? (4) Does the insurance company properly manage receipts of insurance policy (premium collection) cards, premium collection sheets, other types of receipts, etc., for subsequent premium collections? Does it also properly manage unpaid contracts? (5) Are measures taken to ensure that there are no discrepancies in cash balances? (6) Are advance disbursements, advance payments, and loans to insurance sales representatives managed in an appropriate manner? (7) Are payments for selling expenses appropriate? (8) Are identification cards issued and recovered in an appropriate manner? (9) Is the management of other administrative affairs conducted in an appropriate manner? For example, are efforts made to avoid, and to correct the following points? a. Files of insurance premium receipts, certificates of compulsory automobile liability insurance, receipt stamps for compulsory automobile liability insurance, certification seals of compulsory automobile liability insurance:

  • Differences in the remaining serially numbered items for the above documents
  • Incomplete or incorrect entries in any delivery control register
  • Delay or failure to recover deposit receipts and certificates that are required to be recovered
  • Defective custody methods b. Policyholder loans:
  • Delay or failure to collect application forms for policyholder loans and promissory notes
  • Defective entries of application forms for policyholder loans, promissory notes, and billing documents
  1. Employment, Appointment, and Registration (Notification) of Sales Representatives (1) Does the insurance company have standards in place with regard to knowledge of laws and ordinances concerning insurance sales and insurance policies, the ability to perform duties of insurance sales activities, and business objectives, etc., of the insurance business

311 for conducting appropriate evaluation of qualifications when hiring and appointing insurance sales representatives? (2) Is a system in place under which sales activities can be prevented from occurring prior to or without registration? (3) Is a system in place under which delays can be prevented in the processing of items that require notification? In particular, are deregistration applications processed immediately upon receipt from insurance sales representatives? 4) Responses to complaints, etc. (1) Are the content of complaints, etc., from customers (including inquiries, etc., that might emerge as misconduct) recorded and maintained in the form of a journal record book, etc., together with handling results? (2) Are there any complaints, etc., from customers that should be reported to the headquarters but have not been? Furthermore, are appropriate recurrence prevention measures taken? (3) Have there been any occurrences of inappropriate treatment of policyholders, etc., accident victims, or survivors, etc.? 5) Customer information management Is customer information managed properly so that it is not maintained in an unlocked area or left on a desk, etc.? 6) Co-Insurance policies, etc. In the case of coinsurance contracts and joint sales of insurance products, are actions taken to avoid creating misunderstandings among policyholders about the insurance type and underwriting company? 2. Items Related to Life Insurance

  1. Application of exceptions to the exclusive system With respect to a life insurance representative acting as the intermediary for more than one insurance company (Article 282, Paragraph 3 of the Law), are measures taken for prevention of improper sales of replacement policies among such insurance companies and control of customer information, etc.?
  2. Insurance policies on the life of another (1) For insurance contracts on the life of another person and life insurance contracts with a minor as the insured party, from the viewpoint of working to protect the insured party by preventing misuse of the insurance contract, are there initiatives to work for an insurance contract in accordance with the aims and intentions? For example, are the following initiatives taken? a. Regarding “death benefit insurance” stipulated in the Ordinance, Article 53-7,

312 Paragraph 2, compliance with rules which limit the amount of insurance payout, and other rules on underwriting b. If there is another person’s life insurance contract with an employee as insured person, arrangements to ensure a contract in accordance with the aims and intentions, such as obtaining a source of funds for the condolence benefit or substitute employee recruitment for the employee or his surviving family c. If the insured person is a minor, actions to prevent misuse of the insurance contract, such as confirmation of the necessity of that insurance contract (2) Regarding confirmation of agreement of the insured person in another person’s life insurance contract, is it appropriately done by a method determined in the business methods document, for example the insured person signs or places his seal in the insured person agreement box of the insurance contract application? Especially for an insurance contract with an employee as the insured person, are actions taken to enable the insured person to certainly become aware of the contract’s details, such as the insurance benefit recipient and insurance benefit amount, for example by the following methods? a. Provide to the insured person a document which writes details of the contract b. Regarding actions to make the insured person aware of the contract details, record of matters confirmed from the insurance contracting person (excluding individual insurance contracts) 3) Variable insurance and annuities (1) Are sales activities conducted in an appropriate manner? For example, does the insurance company ensure that there are no occurrences of the following acts? a. Providing conclusive judgments on future investment returns b. Forecasting investment performance of separate accounts on the basis of a specific past period that is arbitrarily selected by insurance sales representatives c. Guaranteeing coverage amounts or a surrender value not set forth in contracts (2) Are documents describing asset management policies certainly delivered to customers? 4) Foreign currency denominated insurance Are sales activities for insurance policies with coverage amounts, etc., that are denominated in foreign currencies conducted in an appropriate manner? Is a document certainly delivered to customers mentioning that foreign exchange losses may arise? 5) Replacement and conversion policies (1) When concluding replacement or conversion policies, is it explained without exception to customers that such policies may result in disadvantages to customers? (2) When concluding conversion policies, is a document certainly delivered to policyholders that compares existing and new policies, and describes that policyholders can revise insurance coverage while continuing existing policies?

313 6) Restrictions on sales to the employees of insurance sales intermediaries or their affiliates When the life insurance sales representative is a corporation, does it refrain from soliciting or offering insurance policies underwritten by the life insurance company to its officers or employees, and the officers or employees of a corporation that is closely related to such insurance sales representative in terms of capital affiliation, etc. (excluding those policies listed in Article 2 of Public Notice No. 238, 1998 issued by the Ministry of Finance)? 7) Own-case solicitations, etc. (1) Do insurance sales representatives refrain from engaging in own-case contracts or other insurance sales for the purpose of obtaining discounts or rebates, etc., of insurance premiums? (2) When the life insurance sales representative is a corporation and concludes insurance policies with itself or a closely related corporation, does it refrain from engaging in insurance sales for the purpose of obtaining discounts or rebates of insurance premiums through the payment of commissions, etc.? 3. Items Related to Nonlife Insurance

  1. Own-case solicitations, etc. (1) Are appropriate measures taken to prevent violations of the prohibition on self-contracts, etc. (Article 295 of the Law)? (2) Does the company fully comprehend the status of own-case situations at member insurance agencies, and rigorously supervise and instruct agencies in order to ensure the appropriate calculation of insurance premiums related to self-contracts, etc.? (3) Are policies transferred to other insurance agencies in order to evade the prohibition on own-case contracts, etc.? Are measures taken to prevent the transfer of policies?
  2. Overinsurance (setting coverage amounts in excess of insured value) To prevent excessive insurance contracts, are items which should be confirmed specified, and other procedures and a system developed?
  3. Post-loss policies (policies concluded after the occurrence of insured events) To prevent post-loss policies, are items which should be confirmed specified, and other procedures and a system developed?
  4. Replacement and conversion policies Are medical life insurance and other long-term insurance policies treated in accordance with the provisions set forth in 2.(5)?
  5. Insurance Contracts on Lives of Others (1) For insurance contracts on the life of another person and death benefit insurance contracts with a minor as the insured party, from the viewpoint of protecting the insured person by preventing misuse of the insurance contract, are there initiatives to work for an insurance

314 contract in accordance with the aims and intentions? For example, are the following initiatives taken? a. Regarding “death benefit insurance” stipulated in the Ordinance, Article 53-7, Paragraph 2, compliance with rules which limit the amount of insurance payout, and other rules on underwriting b. If there is another person’s life insurance contract with an employee as insured person, arrangements to ensure a contract in accordance with the aims and intentions, such as obtaining a source of funds for the condolence benefit or substitute employee recruitment for the employee or his surviving family c. If the insured person is a minor, actions to prevent misuse of the insurance contract, such as confirmation of the necessity of that insurance contract (2) Regarding confirmation of agreement of the insured person in another person’s life insurance contract, is it appropriately done by a method determined in the business methods document, for example the insured person signs or places his seal in the insured person agreement box of the insurance contract application? Especially for an insurance contract with an employee as the insured person, are actions taken to enable the insured person to certainly become aware of the contract’s details, such as the insurance benefit recipient and insurance benefit amount, for example by the following methods? a. Provide to the insured person a document which writes details of the contract b. Regarding actions to make the insured person aware of the contract details, record of matters confirmed from the insurance contracting person

Share