LogoRegulatory Alerts
2024-12-05

Order on the Management and Control of Insurance Undertakings

The Danish Financial Supervisory Authority issued this Order to implement Solvency II requirements, mandating that insurance companies establish robust governance, risk management, and internal control frameworks. The regulation assigns specific strategic oversight duties to boards of directors, including the approval of business models, capital plans, and risk policies, while restricting the delegation of critical decision-making powers to management. It further details operational requirements for organizational structure, conflict of interest prevention, and the implementation of clear reporting lines and accountability measures for both Group 1 and Group 2 insurance undertakings.

Finanstilsynet Denmark logo

Denmark

Finanstilsynet Denmark

Click to view thumbnail

Order on the Management and Control of Insurance Undertakings etc.1)

Pursuant to Section 95, paragraph 6, Section 96, paragraph 2, Section 126, paragraph 8, Section 132, paragraph 2, and Section 316, paragraph 1, of Act No. 718 of 13 June 2023 on insurance business, the following is enacted:

Chapter 1

Scope of Application

Section 1. This Order applies to the following undertakings:

  1. Insurance undertakings.
  2. Undertakings covered by Section 166, paragraphs 1 and 2, of the Act on Insurance Business.
  3. Branches in this country of insurance undertakings authorized in a country outside the European Union, with which the Union has not concluded an agreement in the financial sector, with the deviations that the branch relationship necessitates, or as provided for in or pursuant to an international agreement.

Paragraph 2. In addition to the rules in Articles 258-262 and 266-272 of Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II), this Order applies to the management and control of Group 1 insurance undertakings. Regarding key functions, rules apply in Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II), the Act on Insurance Business, and this Order.

Paragraph 3. For Group 2 insurance undertakings, Section 3, paragraph 2, Section 4, Section 5, paragraph 3, Section 6, paragraph 4, Section 7, paragraph 4, Section 9, paragraph 4, Section 17, paragraph 1, third sentence, Section 21, Section 25, Annex 1, No. 2, Annex 2, No. 2, 4-5, 7 and 9, and Annexes 6-9 do not apply.

Paragraph 4. The provisions for Group 1 insurance undertakings in this Order apply mutatis mutandis to the undertakings mentioned in paragraph 1, No. 2, with the adjustments that the group or group relationship necessitates, as well as to the branches mentioned in paragraph 1, No. 3.

Paragraph 5. Annex 4 on IT security applies only to Group 2 insurance undertakings.

Section 2. The board of directors or the management of the undertakings covered by Section 1, paragraph 1, shall take measures sufficient to ensure that the undertaking is managed soundly. The board of directors or the management shall in this context take a position on which measures are sufficient to ensure compliance with the provisions. Which measures are sufficient will depend on the undertaking's business model, including:

  1. the nature, extent, and complexity of the undertaking's risks and activities,
  2. the size of the undertaking,
  3. the structure of the undertaking and the structure of the group or group to which the undertaking may belong,
  4. the business and geographical areas in which the undertaking operates,
  5. the financial services offered by the undertaking, and
  6. the financial products traded by the undertaking.

Paragraph 2. The board of directors and the management of the undertakings covered by Section 1, paragraph 1, No. 2, shall take measures sufficient to ensure that the group or group is managed in a sound manner.

Chapter 2

Duties and Responsibilities of the Board of Directors

Section 3. As part of the overall and strategic management of the undertaking, the board of directors shall:

  1. make decisions on the undertaking's business model, including objectives for the matters mentioned in Section 2, paragraph 1,
  2. based on the business model, make decisions on the undertaking's policies, cf. Section 5,
  3. assess and make decisions on the undertaking's budgets, capital, liquidity, significant dispositions, specific risks, and the undertaking's own overall insurance matters,
  4. assess whether the management performs its duties in a sound manner and in accordance with the established risk profile, the established policies, and the guidelines to the management, and
  5. organize its work so that the management of the undertaking is sound, cf. Annex 5.

Paragraph 2. The board of directors of a life insurance undertaking shall, as part of the overall and strategic management of the undertaking, make decisions on which products the undertaking will offer, as well as the most significant features and characteristics of each product, cf. Annex 1. The result of the undertaking's product approval process, cf. Chapter II of Commission Delegated Regulation (EU) 2017/2358 of 21 September 2017 on product oversight and governance for insurance undertakings and insurance distributors, shall be included in the basis for the board's decisions. The undertaking shall document the decisions made regarding each product and the product management decided upon pursuant to Annexes 2 and 6. The documentation may, for example, be made in a separate document.

Paragraph 3. The board of directors of a Group 1 insurance undertaking shall further, as part of the overall and strategic management of the undertaking:

  1. at least once a year carry out an Own Risk and Solvency Assessment (ORSA), cf. Section 4,
  2. in accordance with Article 258(1)(k) of Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II), make decisions on the frequency and extent of the management's reporting to and information of the board of directors, such that the board of directors has a thorough overview of the undertaking and its risks, and that the reporting is otherwise comprehensive for the board's work,
  3. decide on a capital plan, which shall ensure that the undertaking's capital base will be sufficient to cover the risks that the undertaking can be expected to be exposed to during the continued operation of the undertaking in accordance with the established strategy, and
  4. decide on a capital contingency plan, which shall contain operational procedures that can be used in practice if the assumptions of the capital plan fail.

Paragraph 4. The board of directors of a Group 2 insurance undertaking shall further, as part of the overall and strategic management of the undertaking:

  1. make decisions on the frequency and extent of the management's reporting to and information of the board of directors, such that the board of directors has a thorough overview of the undertaking and its risks, and that the reporting is otherwise comprehensive for the board's work,
  2. decide on a capital plan, which shall ensure that the undertaking's basic capital will be sufficient to cover the risks that the undertaking can be expected to be exposed to during the continued operation of the undertaking in accordance with the established strategy, and
  3. decide on a capital contingency plan, which shall contain operational procedures that can be used in practice if the assumptions of the capital plan fail.

Section 4. The board of directors of a Group 1 insurance undertaking shall carry out the Own Risk and Solvency Assessment mentioned in Section 3, paragraph 2, No. 1, based on the undertaking's business model, risk profile, and risk tolerance limits. The board of directors shall ensure that the Own Risk and Solvency Assessment is carried out on a going concern basis both in the short and long term. The assessment shall include an assessment of whether the calculated solvency capital requirement has taken sufficient account of the impact of all material risks within the next 12 months. The assessment shall thus express the undertaking's ability to comply with the solvency capital requirement and the minimum capital requirement, both within a time horizon of 12 months and in a period corresponding at least to the undertaking's strategic planning period, cf. Article 262(2)(a) of Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II). The board of directors decides on the choice of methods, assumptions, parameters, etc., for the projections that form the basis for the long-term assessment.

Paragraph 2. If a Group 1 insurance undertaking uses the standard formula to calculate the whole or part of the solvency capital requirement, the board of directors' assessment of the Own Risk and Solvency Assessment shall focus on the differences between the standard formula and the Own Risk and Solvency Assessment that are due to risks that are either not included in the standard formula or that are overestimated or underestimated in the standard formula compared to the risk profile. It will not be sufficient to disclose the deviations by merely comparing the calculated solvency capital requirement with the result of the qualitative assessment of the undertaking's risks. If the undertaking uses a full or partial internal model to calculate the solvency capital requirement, the board of directors' assessment of the Own Risk and Solvency Assessment shall focus on the limitations of the internal model.

Paragraph 3. The board of directors of a Group 1 insurance undertaking decides how often and to what extent ongoing sensitivity analyses shall be carried out for all of the undertaking's material risks and the solvency capital requirement, cf. Annex 6.

Paragraph 4. The Danish Financial Supervisory Authority may approve that undertakings covered by Section 166, paragraphs 1 and 2, of the Act on Insurance Business carry out the Own Risk and Solvency Assessment at the group or group level and for all undertakings in the group or group at the same time and submit a consolidated document to the authority. An approval is conditional on the undertaking covered by Section 166, paragraphs 1 and 2, of the Act on Insurance Business ensuring that the group or group submits the consolidated document to the Danish Financial Supervisory Authority and relevant foreign supervisory authorities simultaneously, and that all undertakings in the group or group comply with the requirements for the Own Risk and Solvency Assessment.

Section 5. The undertaking's policies, cf. Section 3, paragraph 1, No. 2, shall contain the undertaking's overall strategic objectives for the relevant risk areas, including identification and delimitation of the risks the undertaking wishes to assume in the relevant areas, and instructions on how the strategic objectives are achieved. To the extent that a life insurance undertaking offers products where the customer bears a risk in accordance with the agreements entered into, the undertaking's policies shall also include the risks borne by the customer.

Paragraph 2. The policies shall, where relevant, cover:

  1. Policy on insurance risks, cf. Annex 1.
  2. Policy on market, counterparty, and credit risks (investment area), cf. Annex 2.
  3. Policy on operational risks, cf. Annex 3.
  4. IT security policy, cf. Annex 4.

Paragraph 3. In addition to the policies mentioned in Article 260(1) of Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II), the policies in a Group 1 insurance undertaking shall further cover:

  1. Risk management policy, cf. Annex 6.
  2. Internal control policy, cf. Article 258(2) of Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II).
  3. Internal audit policy, cf. Article 258(2) of Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II).
  4. Own Risk and Solvency Assessment policy, cf. Annex 6.
  5. Capital structure policy.
  6. Policy on comprehensive information in the Solvency and Financial Condition Report, cf. Section 164(1), first sentence, of the Act on Insurance Business.
  7. Other risk areas that the board of directors deems significant for the undertaking.

Paragraph 4. A Group 2 insurance undertaking shall, in addition to the policies mentioned in paragraph 2, further prepare a policy on the calculation of the Individual Solvency Requirement.

Paragraph 5. The undertaking's policies shall be prudent in relation to the undertaking's earnings and capital base as far as Group 1 insurance undertakings are concerned, or basic capital as far as Group 2 insurance undertakings are concerned.

Section 6. In fulfilling Section 3, paragraph 2, No. 1, for Group 1 insurance undertakings and Section 15 in the Order on Business Plans, Recovery Plans, Financing Plans, and Individual Solvency Requirements for Insurance Undertakings for Group 2 insurance undertakings, the board of directors shall continuously, but at least once a year, assess whether the undertaking's policies, cf. Section 5, as well as the guidelines to the management, cf. Sections 7 and 8, are sound in relation to the undertaking's business activities, organization, and resources, as well as the market conditions under which the undertaking's activities are conducted.

Paragraph 2. The assessment according to paragraph 1 shall be made in relation to:

  1. which risks the undertaking is exposed to, including the business model's influence on risks and risk levels,
  2. which activities the relevant risks are attached to,
  3. the extent of the individual risks, and
  4. how the risk types affect each other, if this is relevant.

Paragraph 3. The assessment according to paragraph 1 shall in due course also include a position on whether the undertaking has:

  1. a sound number of employees and competencies in risk-bearing activities,
  2. sound IT systems, and
  3. sound procedures for fast and effective communication across the undertaking and the group.

Paragraph 4. In a Group 1 insurance undertaking, the report from the person responsible for the risk management function, cf. Annex 6, shall be included in the board of directors' overall assessment basis, cf. paragraph 1.

Section 7. Based on the Own Risk and Solvency Assessment for Group 1 insurance undertakings, cf. Section 3, paragraph 2, No. 1, the risk assessment for Group 2 insurance undertakings, cf. Section 15 in the Order on Business Plans, Recovery Plans, Financing Plans, and Individual Solvency Requirements for Insurance Undertakings, and in accordance with the policies decided upon in Section 5, the board of directors shall issue written guidelines to the management.

Paragraph 2. The guidelines according to paragraph 1 shall specify which dispositions the management may make as part of its position, and which decisions the management may possibly make with subsequent notification to the board of directors.

Paragraph 3. The board of directors may not delegate powers to the management that belong to the board of directors' overall management tasks, cf. Sections 3-6, or are otherwise of an unusual nature or of great significance to the undertaking. Among other things, the following powers may not be delegated to the management:

  1. Decision on outsourcing of critical or important operational functions or activities.
  2. Approval of unusual or significant exposures, cf. however Section 117(1), fourth and fifth sentences, of the Act on Companies (Companies Act) and exposures covered by Sections 117-120 of the Act on Insurance Business.
  3. The annual review of major assets and liabilities, cf. the principles in Section 115, No. 1, of the Act on Companies (Companies Act).
  4. Appointment of the management, the responsible actuary, and the head of audit.
  5. Decision on principles for the calculation of risks, cf. Section 8, paragraph 1, No. 2, including the use of internal models not covered by paragraph 4 in the ongoing risk management.

Paragraph 4. In a Group 1 insurance undertaking, the board of directors may further not delegate the power to make decisions on applications for approval of internal models for the calculation of the solvency capital requirement, cf. Section 16, No. 1, in the Order on the Calculation of the Solvency Capital Requirement using an Internal Model for Group 1 Insurance Undertakings etc., to the management.

Paragraph 5. In a Group 2 insurance undertaking, the board of directors may further not delegate the power to make decisions on the individual solvency requirement, cf. Section 156(4) of the Act on Insurance Business, to the management.

Section 8. The guidelines according to Section 7, paragraphs 1 and 2, shall, where relevant:

  1. contain controllable limits for the size of the risks that the management is authorized to assume on behalf of the undertaking and, where relevant, on behalf of the customer, and
  2. establish the principles for how the utilization of the limits for each type of risk is calculated, including how risk arising from financial instruments and funds managed on behalf of the undertaking by external portfolio managers is included in the overall risk calculation.

Paragraph 2. The guidelines shall unequivocally specify the size of the individual set risk limit, e.g., as absolute figures, or by relating the risk to the undertaking's own equity, capital base as far as Group 1 insurance undertakings are concerned, or basic capital as far as Group 2 insurance undertakings are concerned.

Paragraph 3. The guidelines may only exceptionally provide for the possibility that the management may dispose of risks on a scale that lies outside the established risk profile and the guidelines' limits, and only if the prerequisites for this are stated in the guidelines. If these prerequisites cannot be established, prior authorization to exceed the guidelines' limits may not be given to the management.

Paragraph 4. The board of directors of a Group 2 insurance undertaking shall, when designing the guidelines to the management, be assured that the director or the members of the management collectively possess the necessary knowledge and experience to apply the powers contained in the guidelines in a sound manner for the undertaking.

Paragraph 5. It shall be clear from the guidelines how and how frequently reporting to the board of directors shall take place. This shall include how and how frequently the management shall report on the areas where the board of directors has set limits for the management, or where limits are set in legislation. It shall thus be clear from the reporting whether limits set in legislation are complied with. It shall be clear to what extent the risk limits set by the board of directors are utilized both currently and over time, including whether there have been breaches of the limits. Finally, the reporting shall include a basis for the board of directors' assessment of the reliability of models used, if the undertaking uses such models.

Paragraph 6. The reporting according to paragraph 5 shall also include reporting on funds and risks arising from funds managed by external portfolio managers, as it remains the board of directors' responsibility that funds managed by external portfolio managers and other funds together are placed within the guidelines set by the board of directors and in accordance with legislation.

Chapter 3

Duties and Responsibilities of the Management

Section 9. The management shall carry out the daily management of the undertaking in accordance with the provisions of legislation, including the Act on Companies (Companies Act) and the Act on Insurance Business, the policies adopted by the board of directors, cf. Section 5, the guidelines given by the board of directors, cf. Sections 7 and 8, and any other oral or written decisions and instructions from the board of directors.

Paragraph 2. The management shall ensure that the policies and guidelines adopted by the board of directors are implemented in the undertaking's daily operations.

Paragraph 3. The management is obliged to pass on information to the board of directors that the board has requested, as well as information that the management assesses may be of significance for the board's work.

Paragraph 4. The management is obliged to pass on the information to the persons responsible for key functions, cf. Section 126(4) and Section 127(1) of the Act on Insurance Business, that the management assesses may be of significance for their work.

Paragraph 5. The management has the daily managerial responsibility for ensuring that the undertaking only makes dispositions that the management and employees can, in due course, assess the risks and consequences of.

Paragraph 6. The management shall approve the undertaking's business processes, cf. Section 14(1), or appoint one or more persons or organizational units with the necessary professional knowledge to do so.

Paragraph 7. The management shall ensure that there are instructions on which measures shall be taken in connection with the departure of key employees.

Paragraph 8. The management of a Group 2 insurance undertaking shall ensure that there are instructions on which measures shall be taken in connection with serious operational disruptions, IT outages, and other operational disruptions.

Chapter 4

Organization and Allocation of Responsibilities

Tasks and Resources

Section 10. A Group 2 insurance undertaking shall be organized into organizational units with clearly defined work tasks, including all employees having clear authorities, areas of responsibility, and lines of reporting. It shall be clear to the individual units and employees which tasks are to be performed and how the tasks are to be performed.

Paragraph 2. The organizational units in a Group 2 insurance undertaking shall be staffed in terms of resources and competencies such that the units can solve the tasks that fall to them to perform in a sound manner.

Information to the Board of Directors and Other Management Levels etc.

Section 11. A Group 2 insurance undertaking shall be organized such that the information that is to reach the board of directors, management, and management at other organizational levels can reach them in a clear and comprehensive form for their work, including within time frames and in a form that ensures that any measures can be put into effect without unnecessary delay.

Prevention of Conflicts of Interest

Section 12. A Group 2 insurance undertaking shall have procedures for handling and prevention of conflicts of interest.

Paragraph 2. A Group 1 insurance undertaking and a Group 2 insurance undertaking shall be organized such that there is sound separation of functions.

Paragraph 3. The undertaking shall have separation of functions in the area of insurance risks. This implies that employees involved in the acceptance of insurance may not:

  1. handle or perform claims handling,
  2. handle or perform insurance payments, or
  3. be responsible for the preparation of reporting.

Paragraph 4. The undertaking shall have separation of functions in the investment area, which implies that employees involved in entering into trades and risk-taking may not:

  1. handle or perform the execution of trades,
  2. perform internal controls,
  3. be responsible for valuation and calculation of results and risks, or
  1. The Order contains provisions that implement parts of Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2014 on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II). Certain provisions from Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the access to and the exercise of the activities of Insurance and Reinsurance Undertakings (Solvency II), Official Journal of the European Union 2015, No. L 12, page 1, have been included in the Order. According to Article 288 of the TFEU, a regulation applies directly in each Member State. The reproduction of these provisions in the Order is thus solely justified by practical considerations and does not affect the direct validity of the regulation in Denmark.

Act Series A
2024 Issued on 7 December 2024
5 December 2024. No. 1405.
Ministry of Industry, Business and Financial Affairs,
Danish Financial Supervisory Authority, Ref. No. 24-019525
CQ003085

5 December 2024. 2 No. 1405.

5 December 2024. 3 No. 1405.

5 December 2024. 4 No. 1405.

Share