LogoRegulatory Alerts
2011-07-15

Insurance Risk Management Framework for Insurance Companies Directive, 2011

Issued by the Malawi Registrar of Financial Institutions under the Insurance Act, 2010, this directive mandates all licensed insurance companies and license applicants to establish a comprehensive Risk Management Framework tailored to their operational scale and complexity. Insurers must appoint a dedicated Risk Management Function, develop and annually review a Board-approved Risk Management Strategy covering operational, financial, and strategic risks, and submit a signed risk declaration alongside their audited annual statements. Non-compliance triggers administrative penalties up to K500,000 and regulatory sanctions including dividend prohibitions, operational suspensions, or license cancellation to ensure prudent policyholder protection and corporate governance.

Reserve Bank of Malawi logo

Malawi

Reserve Bank of Malawi

Click to view thumbnail

31 The Malawi Gazette Supplement, dated 4th March, 2011, containing Regulations, Rules, etc. (No. 3A)

GOVERNMENT NOTICE NO. 5

INSURANCE ACT (ACT NO. 9 OF 2010)

INSURANCE (RISK MANAGEMENT FRAMEWORK FOR INSURANCE COMPANIES) DIRECTIVE, 2011

ARRANGEMENT OF PARAGRAPHS

PARAGRAPH

PART I.—PRELIMINARY

  1. Citation
  2. Application
  3. Interpretation

PART II.—OBJECTIVES AND RATIONALE

  1. Objectives
  2. Rationale

PART III.—SPECIFIC REQUIREMENTS

  1. Risk Management Framework
  2. Risk Management Function
  3. Risk Management Strategy
  4. Risk Management Declaration
  5. Business Plan

PART IV.—ADMINISTRATIVE PENALTIES AND ADMINISTRATIVE SANCTIONS

  1. Administrative penalties
  2. Administrative sanctions

IN EXERCISE of the powers conferred by section 79 (3) (r) of the Insurance Act, 2010, the Registrar has issued the following Directive.—

PART I.—PRELIMINARY

  1. This Directive may be cited as the Insurance (Risk Management Citation Framework for Insurance Companies) Directive, 2011.

  2. This Directive shall apply to— Application (a) insurance companies conducting insurance business in Malawi; and (b) applicants for a licence to conduct insurance business.

  3. In this Directive, unless the context otherwise requires— Interpretation “Insurer” means an insurer as defined in the Act, licensed to conduct general insurance business. “Registrar” means the Registrar of Financial Institutions appointed under section 8 of the Financial Services Act, 2010. Act No. 26 of 2010

32 4th March, 2011

PART II.—OBJECTIVES AND RATIONALE

Objectives 4. The objectives of this Directive include— (a) setting minimum standards for risk management of insurers; (b) promoting corporate self-discipline in the management of insurers; and (c) ensuring that insurers are managed in a sound and prudent manner by implementing systems for identifying, monitoring, assessing and mitigating risks that affect the ability of insurers to meet their obligations to policy holders.

Rationale 5.—(1) This Directive is issued on the basis that the Registrar shall ensure that the board of directors, hereafter referred to as the Board— (a) implements a risk management methodology; and (b) periodically reviews the Risk Management Framework.

(2) A key aspect of the supervision of insurers shall be an evaluation of the total Risk Management Framework.

PART III.—SPECIFIC REQUIREMENTS

Risk 6.—(1) An insurer shall have a Risk Management Framework to manage Management risks. Framework (2) The Risk Management Committee of the Board or the Audit Committee of the Board shall establish and maintain a comprehensive and appropriate Risk Management Framework.

(3) A Risk Management Framework shall— (a) provide reasonable assurance that risks of an insurer are prudently managed; and (b) have regard to size, business mix and complexity of operations of an insurer.

(4) A Risk Management Framework shall consist of systems, structures, processes and people within the insurer to identify, assess, mitigate and monitor internal and external sources of risks which have a material impact on operations of the insurer.

(5) A Risk Management Framework shall include a written Risk Management Strategy that complies with this Directive, and shall be approved by the Board.

(6) An insurer shall implement— (a) a written Risk Management Policy complying with the requirements of this Directive; (b) risk management policies and procedures to identify, assess, monitor, report and mitigate material risks, which the insurer is likely to face having regard to size, business mix and complexity of the operations of the insurer; and (c) a review process to ensure that the Risk Management Framework remains effective.

4th March, 2011 33

7.—(1) An insurer shall have a Risk Management Function that— Risk (a) is appropriate to the nature, scale, and diversity of the operations Management of the insurer; Function (b) has personnel with appropriate education and experience to fulfill this role; (c) is sufficiently resourced; and (d) has the necessary authority to conduct insurance activities in an effective and independent manner.

(2)—(a) an insurer shall appoint a person who shall be individually responsible for the Risk Management Function; and (b) the insurer shall advise the Registrar of the identity of the responsible person appointed under subparagraph 2 (a).

(3) An insurer that is part of an insurance group may rely on the Risk Management Function of the insurance group instead of having its own Risk Management Function, provided the criteria in subparagraph (1) are satisfied.

(4) The Risk Management Plan shall be specific to a licensed insurer, whether the insurer is a member of a group or that the Risk Management Function is carried out by a member of another group.

(5) The Risk Management Function shall be responsible for assisting the Board, Board committee and senior management in developing and maintaining the Risk Management Framework.

8.—(1) In this paragraph, Risk Management Strategy means a high level Risk strategic document intended to describe key elements in the Risk Management Management Strategy of an insurer. Strategy

(2) A Risk Management Strategy shall contain strict guidelines for managing risks including— (a) Operational Risk associated with operating units of underwrit- ing, claims and investment; (b) Insurance Risk related to the type of risk (whether a product has low or high risk); (c) Balance Sheet and Market Risk related to the strength of the balance sheet of the insurer and the degree of risk inherent in the investment portfolio; (d) Liquidity Risk related to the amount of cash which an insurer has for settling liabilities when they fall due; (e) Counterparty Default Risk related to credit risk, like non-payment and late remittance of premiums; (f) Risks arising from re-insurance arrangements which an insurer shall specifically cover through re-insurance treaties and facultative arrangements; (g) Concentration Risk which includes risks related to geographic location of the insurer and product risk arising from the writing of few product types;

34 4th March, 2011

(h) Contagion and Related Party Risks arising from an insurer affiliated to a large group of companies and being exposed to risks of the group as a whole; and (i) Strategic and Technical Risks arising from the Business Plan of the insurer;

(3) A Risk Management Strategy of an insurer shall include holding additional capital and higher levels of solvency than the statutory minimum.

(4) A Risk Management Strategy shall describe— (a) the risk governance relationship between the Board, Board committees and senior management; (b) the process for identifying and assessing risk; (c) the process for establishing mitigation and control mechanisms for individual risks; (d) the process for monitoring and reporting risk issues, including communication and escalation mechanisms; (e) policies employed in the business of the insurer; (f) the approach for ensuring that relevant staff have an awareness of risk issues and instilling an appropriate risk culture; (g) the process by which the Risk Management Framework and the Risk Management Strategy shall be reviewed; and (h) the mechanisms in place for monitoring and ensuring continuing compliance with the minimum capital requirements and solvency requirements.

(5) An insurer shall review its Risk Management Strategy annually to ensure it accurately documents the Risk Management Framework of the insurer.

(6) Where there are material changes to the operations of the insurer, the insurer shall— (a) review and amend its Risk Management Framework and if appropriate its Risk Management Strategy to take account of the changes; and (b) the Risk Management Strategy referred to in subparagraph 6 (a) shall be subject to approval of the Board and shall be submitted to the Registrar within ten business days of approval by the Board.

(7) An insurer shall not intentionally deviate from its Risk Management Strategy except where— (a) the deviation has been approved by the Board; and (b) the Registrar has been notified prior to the deviation.

(8) Where there are institutional, operational or other developments that materially affect the risk profile of the insurer, the insurer shall— (a) notify the Registrar as soon as practicable after the event has happened; and

4th March, 2011 35

(b) amend its Risk Management Framework and, if appropriate, the Risk Management Strategy to take account of the change.

9.—(1) The Board shall provide the Registrar with a declaration on risk Risk management, (hereafter referred to as the “Risk Management Declaration”). Management Declaration (2) The Risk Management Declaration shall be signed by two directors.

(3) The Risk Management Declaration shall state that— (a) after having made appropriate inquiries, the insurer has systems in place for insuring compliance with the Financial Services Act, 2010, Act No. 26 of the Insurance Act and any Directives; 2010 (b) the Board and senior management are satisfied with the efficacy Act No. 9 of of the systems in subparagraph 3 (a) and systems surrounding the 2010 production of financial information of the insurer; (c) the insurer has a Risk Management Strategy, in accordance with the requirements of this Directive, outlining the approach of the insurer to risk management; (d) in the past financial year the insurer has substantially implemented its Risk Management Strategy having regard to the risks it is designed to control; and (e) the insurer has submitted a copy of its current Risk Management Strategy to the Registrar.

(4) The insurer shall submit the Risk Management Declaration to the Registrar on the day on which the audited annual financial statements of the insurer are required to be submitted to the Registrar.

(5) Where the Board qualifies the Risk Management Declaration, the qualified Risk Management Declaration shall include— (a) a description of any material deviations from the obligations of the insurer; (b) the steps taken or proposed to be taken to remedy those breaches.

10.—(1) An insurer shall maintain a Business Plan which shall be Business Plan approved by the Board.

(2) The Business Plan of the insurer shall be a three-year plan and shall be reviewed annually.

(3) Where an insurer is a member of a group, the insurer shall prepare its own Business Plan.

(4) The Registrar may request copies of— (a) the Business Plan after it has been approved by the Board; and (b) any revised Business Plan.

36 4th March, 2011

PART IV.—ADMINISTRATIVE PENALTIES AND ADMINISTRATIVE SANCTIONS

Administrative 11. Where the Registrar determines that an insurer or an insurance penalties intermediary has not met the requirements of this Directive, the Registrar shall Act No. 26 of impose administrative penalties in accordance with the provisions of the 2010 Financial Services Act, 2010, to correct the situation, including but not limited to— (a) a monetary penalty of five hundred thousand Kwacha (K500,000); (b) a written warning; or (c) a direction to the insurer or an insurance intermediary to compensate persons who have suffered loss because of the contravention.

Administrative 12. In addition to the penalties prescribed in paragraph 11, the Registrar sanctions may take any or all of the following actions against an insurer or insurance intermediary— (a) imposition of directions as stipulated under section 39 of the Act No. 26 of Financial Services Act, 2010; 2010 (b) prohibition from declaring or paying dividends; (c) prohibition from declaring or paying bonuses, salary incentives or other discretionary compensation to directors or managing officers; (d) suspension of the establishment of new branches or expansion into new insurance or financial activities; (e) suspension of the acceptance of new risks and certain classes of insurance business; (f) suspension of acquisition of fixed assets; (g) closure of an insurer to accept new business; and (h) suspension or cancellation of licence where the insurer persistently fails to comply with this Directive.

Made this 2nd day of February, 2011.

DR. PERKS M. LIGOYA (FILE NO. MF/2/10) Registrar

GOVERNMENT NOTICE NO. 6

INSURANCE ACT (ACT NO. 9 OF 2010)

INSURANCE (SUITABILITY OF PERSONS ASSOCIATED WITH OWNERSHIP AND MANAGEMENT OF INSURERS AND INSURANCE BROKERS) DIRECTIVE, 2011

ARRANGEMENT OF PARAGRAPHS

PARAGRAPH

PART I.—PRELIMINARY

  1. Citation
  2. Application
  3. Interpretation
Share