Regulation No. 71 of 22.07.2021 on the Requirements for the Management System of Insurers and Reinsurers

REGULATION No. 71 of 22.07.2021 on the Requirements for the Management System of Insurers and Reinsurers Pub. - State Gazette, No. 64 of 03.08.2021; amended, No. 49 of 17.06.2025, effective from 17.06.2025. Adopted by Decision No. 227-N of 22.07.2021 of the Financial Supervision Commission Chapter One GENERAL PROVISIONS Subject Art. 1. This Regulation lays down detailed requirements for the management system of insurers and reinsurers in accordance with the principles set out in Chapter Seven of the Insurance Code. Objectives Art. 2. (1) The requirements regarding the management system aim to ensure reliable and stable management of the insurer, respectively the reinsurer, and its independence in choosing its own organizational structure, which shall guarantee a suitable distribution and separation of responsibilities. (2) The management system ensures:

1. achievement of the enterprise's objectives and fulfillment of its tasks;
2. effectiveness and efficiency of internal processes within the enterprise;
3. economical and efficient use of resources;
4. identification, assessment (including forward-looking), management, and adequate control of risks in accordance with its strategic objectives and risk strategy;
5. timeliness in generating reporting and other corporate information;
6. preservation of confidentiality, integrity, and availability of financial and management information;
7. protection of the enterprise's assets;
8. compliance in the enterprise's operations with applicable legislation and internal programs, policies, plans, rules, and procedures;
9. performance of transferred activities in accordance with the requirements established for the insurer or reinsurer. Scope of Application Art. 3. (1) This Regulation applies both to individual insurers or reinsurers with their registered office in the Republic of Bulgaria, and correspondingly at the group level, headed by an insurer, reinsurer, insurance holding company, or financial holding company with mixed activities with its registered office in the Republic of Bulgaria. (2) With regard to insurers without access to the single market of the European Union, this Regulation applies, taking into account the specific requirements regarding their financial condition under Chapters Seventeen, Eighteen, and Nineteen of the Insurance Code. Principle of Proportionality Art. 4. (1) The management system must be proportional to the nature, volume, and complexity of the activities carried out by the insurer, respectively the reinsurer. (2) The Financial Supervision Commission (hereinafter referred to as "the Commission") and the Deputy Chairman heading the "Insurance Supervision" Directorate (hereinafter referred to as "the Deputy Chairman") shall exercise supervision over the management system, aligning their supervisory measures with the nature, volume, and complexity of the activities carried out by the insurer, respectively the reinsurer.

Chapter Two REQUIREMENTS FOR THE MANAGEMENT SYSTEM OF INSURERS AND REINSURERS Section I General Requirements for Management Competent Body Art. 5. (1) For the purposes of this Regulation, the competent body of the insurer, respectively the reinsurer, is its management or supervisory body, designated in accordance with Art. 77, para. 1 of the Insurance Code. (2) For the performance of specific tasks related to the management system, the insurer, respectively the reinsurer, may decide to establish auxiliary bodies. (3) The competent body of the insurer, respectively the reinsurer, interacts with the auxiliary bodies, as well as with the executive directors and other persons authorized to manage or represent the insurer, respectively the reinsurer, hereinafter referred to as "the executive management", and with persons performing key functions in the insurer, respectively the reinsurer, actively requesting information from them and subjecting it to verification when necessary. (4) At the group level, the competent body of the insurer, respectively the reinsurer, which is a participating undertaking, of the insurance holding company, or of the financial holding company with mixed activities, maintains appropriate interaction with the management and supervisory bodies of all companies in the group that have a significant influence on the group's risk profile, actively requesting information from them and controlling their decisions on matters that may affect the entire group. Organizational and Management Structure Art. 6. (1) The competent body of the insurer, respectively the reinsurer, adopts an organizational and management structure pursuant to Art. 77, para. 1, item 1 of the Insurance Code, which shall facilitate the achievement of the enterprise's strategic objectives and activities, and adapts it promptly to changes therein or in the business environment in which it operates. (2) The internal acts of the insurer, respectively the reinsurer, must be mutually interlinked and, taken together, guarantee the consistent application of risk management and internal control policies with a view to ensuring reliable and sound management of operations. The acts must bind the members of the management and supervisory bodies of the insurer, respectively the reinsurer, and all other employees of the enterprise, and contain a precise description of their rights and obligations depending on their sphere of activity. The competent body of the insurer, respectively the reinsurer, takes measures to familiarize interested parties with their respective rights and obligations. (3) The management and supervisory bodies of the insurer, respectively the reinsurer, are obliged to observe and enforce the observance of an organizational culture that contributes to the effective functioning of the management system in the enterprise, through appropriate organizational values and priorities. (4) The competent body of the insurer, respectively the reinsurer, must provide within the enterprise's organizational structure an appropriate status for each of the key functions, defining its responsibilities and powers.

(5) The competent body of the insurer, respectively the reinsurer, must arrange within the management structure the work processes related to material risks, and determine how they will be executed, to guarantee that they are subject to adequate monitoring and control. (6) At the group level, the competent body of the insurer, respectively the reinsurer, which is a participating undertaking, of the insurance holding company, or of the financial holding company with mixed activities, must assess how changes in the group's structure affect the sound financial condition of the affected entities and promptly make necessary corrections. For the purposes of the assessment in the first sentence, the competent body may conduct its own Own Risk and Solvency Assessment (ORSA) at the group level and at the level of affected enterprises. ORSA must be conducted when changes in the group's structure are expected to cause a significant change in the risk profile of the group or of the affected enterprises within it. (7) The competent body of the insurer, respectively the reinsurer, which is a participating undertaking, of the insurance holding company, or of the financial holding company with mixed activities, must have adequate knowledge regarding the corporate organization of the group, the business model of its various entities, the links and relationships between them, and the risks arising from the group's structure, in order to take appropriate measures. (8) The competent body of the insurer or reinsurer, or of the enterprise heading the group, must assess the adequacy of the management and organizational structure at the level of the insurer or reinsurer, respectively at the group level. Important Decisions Art. 7. (1) The insurer, respectively the reinsurer, must guarantee that at least two persons who actually manage the insurer, respectively the reinsurer, participate in the taking of every important decision of the enterprise before the decision is implemented. (2) Important decisions for the purposes of para. 1 are those that:

1. affect the enterprise's business strategy, its operations, or market behavior; or
2. may have significant legal or supervisory consequences, a significant financial effect, or great importance for employees or users of the enterprise's insurance services, or may affect the enterprise's reputation; or
3. may have any other material effect on the enterprise. (3) The competent body of the insurer, respectively the reinsurer, defines in the management structure more detailed criteria for determining important decisions pursuant to para. 1. Documentation of Decisions of Management Bodies Art. 8. (Amended - State Gazette, No. 49 of 2025, effective from 17.06.2025.) (1) The insurer, respectively the reinsurer, keeps minutes of the meetings of its management and supervisory bodies. (2) The minutes of the meetings of the bodies referred to in para. 1 shall record:
4. the decisions taken;
5. the reasons for them;
6. information from the risk management system taken into account when making decisions, where relevant to the discussed decision;
7. information on discussions held within the body or for coordination with other bodies or persons.

(3) (Amended - State Gazette, No. 49 of 2025, effective from 17.06.2025.) The minutes referred to in para. 1 shall be prepared and signed in written form or as electronic documents within the meaning of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ, L 257/73 of 28 August 2014). When the minutes are drawn up and signed in written form, they are stored on paper media for a period of no less than 5 years, and after that period they are stored as electronic documents, archived in the information system of the insurer, respectively the reinsurer, for the applicable periods in accordance with current legislation. When the minutes are drawn up and signed in electronic form, they are stored as electronic documents in the information system of the insurer, respectively the reinsurer, for the applicable periods in accordance with current legislation. Distribution and Separation of Responsibilities and Duties Art. 9. (1) The insurer, respectively the reinsurer, must guarantee:

1. clearly established and documented distribution, separation, and coordination of responsibilities and duties of functions in accordance with its policies;
2. avoidance of overlap of functions;
3. incentives for effective cooperation among employees. (2) The insurer, respectively the reinsurer, must guarantee that in the separation of responsibilities and duties at all levels, including at the level of the management and supervisory bodies, persons performing specific tasks are not simultaneously responsible for monitoring and controlling the quality of their performance, unless a way is found to avoid a conflict of interest arising from the simultaneous performance of incompatible tasks. (3) Persons performing key functions have operational independence and can make decisions related to the performance of their duties without interference from other units within the enterprise. The competent body of the insurer, respectively the reinsurer, guarantees the operational independence of each key function, ensuring that upon its integration into the enterprise's organizational structure, conditions for influence, control, or restriction on its activities by other functions, the management and/or supervisory bodies, or their members, are not permitted. (4) When an insurer, respectively reinsurer, allows the simultaneous performance of more than one key function by the same person or unit, it must justify the taking of this decision and implement effective internal processes and procedures to guarantee that the operational independence of key functions is not jeopardized. (5) The organizational and management structure of the insurer must allow heads of key functions, respectively persons performing key functions, to report directly to the competent body of the insurer or reinsurer any findings, concerns, and proposals without restriction regarding the nature and volume of the reported information. Before making a decision, the competent body must grant the affected persons and units the right to provide their comments, explanations, or objections. (6) The competent body of the insurer, respectively the reinsurer, assesses whether, when, and how to respond to findings, concerns, or proposals reported by the head of a key function, respectively the person performing a key function, but has no right to exert influence to change them in order to align them with its position. (7) The competent body of the enterprise heading the group defines in group-level policies the tasks and responsibilities of each individual enterprise within the group with regard to the group's overall strategic objectives and activities. (8) An insurer, respectively reinsurer, which is a member of a group, fulfills its obligations regarding the management system and develops its own internal rules in accordance with group-level strategy and policies. It is not permitted for group-level decisions or procedures to lead to an individual insurer or reinsurer within them violating existing legislation or prudential requirements within the meaning of Art. 68, para. 12 of the Insurance Code. (9) Every insurer, respectively reinsurer, is obliged to establish and maintain an effective accountability, reporting, and information exchange system in order to timely provide information to all interested parties. Periodic Review of the Management System Art. 10. (1) The competent body of the insurer, respectively the reinsurer, must determine the scope and frequency of the periodic review pursuant to Art. 76, para. 5 of the Insurance Code of the management system, taking into account the nature, scale, and complexity of the activities at both individual and group levels, as well as the group's structure. (2) The procedures for periodic review guarantee the collection of information regarding key functions and a general overview of the management system together with proposals for changes where necessary. In the process of periodic review, the competent body takes into account the findings from the internal audit function reviews. (3) The insurer, respectively the reinsurer, must guarantee that the scope, findings, and conclusions of the periodic review are properly documented and reported to the competent body. The insurer, respectively the reinsurer, establishes an appropriate verification and control mechanism to guarantee that follow-up actions are taken and documented. Programme of Operations and Policies Art. 11. (1) The programme of operations of the insurer, respectively the reinsurer, pursuant to Art. 77, para. 1, item 2 of the Insurance Code, and its updates, must reflect its activities both within the territory of the Republic of Bulgaria and in other Member States or third countries where it carries out or intends to carry out activities within a three-year period. (2) The competent body of the insurer, respectively the reinsurer, must update the programme of operations annually within the timeframe of Art. 77, para. 1, item 2 of the Insurance Code, providing for activities for a period of no less than three years ahead. Before undertaking activities not provided for in the programme of operations, the competent body of the insurer, respectively the reinsurer, makes the corresponding updates to it outside the timeframe of Art. 77, para. 1, item 2 of the Insurance Code, and if necessary - more than once within a single year. (3) Before making a decision to update the programme of operations or to make changes to it, the competent body of the insurer, respectively the reinsurer, takes into account the results of the last regularly conducted ORSA and assesses the need to conduct an ad hoc ORSA in any case where the planned changes may substantially affect risk or own funds. (4) The competent body of the insurer, respectively the reinsurer, submits its updated programme of operations to the Commission no later than 14 days after the adoption of the update. (5) The insurer, respectively the reinsurer, aligns all policies that are part of the management system with each other, as well as with its programme of operations, and in exercising its operational independence may formulate and combine them in a manner that corresponds to its organizational structure and processes. A policy within the meaning of the first sentence is the collection of all internal acts and documents containing requirements in the respective area, and must clearly define at least:
4. the objectives pursued by the policy;
5. the tasks that must be fulfilled;
6. the position or person responsible for fulfilling the tasks;
7. the processes and reporting procedures to be applied;
8. the obligation of the relevant organizational units to inform key functions regarding all facts relevant to the performance of their duties. (6) In policies regulating key functions, the insurer, respectively the reinsurer, also arranges the organizational position of key functions within the insurer, respectively the reinsurer, as well as their powers. (7) An insurer, respectively reinsurer, which is part of a group, must align its policies with group-level policies adopted by the competent body of the enterprise heading the group. (8) The insurer, respectively the reinsurer, must create conditions for the timely familiarization of its employees and service providers pursuant to Art. 110 of the Insurance Code with the adopted policies depending on the duties, functions, or activities they perform, and with subsequent amendments and supplements thereto. (9) The periodic review of the policies of the insurer, respectively the reinsurer, pursuant to Art. 77, para. 2 of the Insurance Code covers all policies of the enterprise, including documents specifying policies in certain areas, such as the ORSA policy, internal rules for ensuring constant currency of information subject to disclosure in the solvency and financial condition report pursuant to Art. 133, para. 1 of the Insurance Code, the policy regarding the internal model in enterprises applying an internal model, etc. (10) Any periodic review of policies pursuant to para. 9 must be documented, with the documentation recording the persons who conducted the review, the proposed changes made, as well as the decisions taken by the competent body of the insurer, respectively the reinsurer, and the reasons therefor. (11) The insurer, respectively the reinsurer, which is a participating undertaking, the insurance holding company, or the financial holding company with mixed activities, must ensure that policies are applied uniformly and consistently throughout the group, as well as that the policies of enterprises in the group correspond to group policies, taking into account the specifics of each individual enterprise and group-level policies. When the group includes enterprises that are not insurers or reinsurers, for which policies are also developed, these policies must also correspond to group policies. (12) The competent body of the insurer, respectively the reinsurer, submits the policies pursuant to Art. 77, para. 1, item 3 of the Insurance Code together with subsequent material amendments and supplements to the Commission no later than 14 days after their adoption. The competent body of the insurer, respectively the reinsurer, which is a participating undertaking, of the insurance holding company, or of the financial holding company with mixed activities, submits group-level policies pursuant to Art. 77, para. 1, item 3 of the Insurance Code together with subsequent material amendments and supplements to the Commission no later than 14 days after their adoption. Material amendments and supplements within the meaning of the first or second sentence are those that meet the criteria of Art. 7, para. 2 or 3. Emergency Action Plans Art. 12. (1) The insurer, respectively the reinsurer, develops a policy for ensuring business continuity and identifies material risks that must be taken into account in emergency action plans, covering areas where the enterprise is vulnerable, such as natural disaster risks, fires, accidents, significant IT system failures, epidemics, etc. The policy for ensuring business continuity and the emergency action plans are approved by the competent body of the insurer, respectively the reinsurer. (2) Based on the identified risks, the insurer, respectively the reinsurer, prepares written plans to guarantee that business interruption and potential losses from the possible realization of the risks referred to in para. 1 will be limited, and the enterprise will be able to continue its operations at the necessary scale to ensure at least the protection of employees, property, and other assets. The plans also define communication channels in case of an emergency situation. (3) The plans referred to in para. 2 cover all material activities of the insurer, respectively the reinsurer. The insurer, respectively the reinsurer, familiarizes the members of its management and supervisory bodies, the executive management, as well as its other employees, with their duties according to the emergency action plans. (4) The insurer, respectively the reinsurer, organizes periodic testing of the emergency action plans to verify their effectiveness, reviewing and updating them annually. Section II Additional Requirements for Remuneration Rules Remuneration Committee Art. 13. (1) An insurer with access to the single market of the European Union, respectively the reinsurer, may establish a remuneration committee to assist the competent body of the insurer, respectively the reinsurer, in developing and reviewing the remuneration policy and for other purposes under Art. 275(1)(d) of Delegated Regulation (EU) 2015/35, when necessary with regard to the size of the enterprise, the nature and scope of the activities carried out, the internal organization, and the resulting complexity of the remuneration policy and its linkage to the enterprise's risk profile. An insurer without access to the single market of the European Union may also establish a remuneration committee. (2) The Remuneration Committee