Region

Jurisdiction

Regulator

2023-08-15

Ordinance No. 71 of 22.07.2021 on the requirements to the system of governance of insurers and reinsurers

The Financial Supervision Commission of Bulgaria issued Ordinance No. 71 to establish detailed governance requirements for insurers and reinsurers operating in the Republic of Bulgaria. The regulation mandates sound management practices, including the segregation of responsibilities, documentation of significant decisions, and the implementation of robust risk management and contingency plans. It further requires periodic reviews of governance systems, adherence to specific remuneration rules, and the application of fit and proper criteria for key personnel.

Bulgaria

Financial Supervision Commission Bulgaria

ORDINANCE No. 71 of 22.07.2021 on the requirements to the system of governance of insurers and reinsurers Prom. - SG, issue 64 /03.08.2021 Adopted by Decision No. 227-H of 22.07.2021 of the Financial Supervision Commission Chapter one GENERAL Subject matter Art. 1. The ordinance set out more detailed requirements to the system of governance of insurers and reinsurers in accordance with the principles regulated in Chapter Seven of the Insurance Code. Objectives Art. 2. (1) The requirements regarding the system of governance are intended to ensure sound and prudent management of the insurer, respectively the reinsurer, and its independence in choosing its own organizational structure, which guarantees an appropriate allocation and segregation of responsibilities. (2) The system of governance shall ensure:

achieving the goals and fulfilling the tasks of the undertaking;
effectiveness and efficiency of internal processes in the undertaking;
economical and efficient use of resources;
identification, evaluation (including in perspective), management and adequate control of risks in accordance with the strategic goals and its risk strategy;
timeliness of the generation of the reporting and other corporate information;
preserving the confidentiality, integrity and availability of financial and management information;
the protection of the undertaking's assets;
compliance in the activity of the undertaking with the current regulations and internal programs, policies, plans, rules and procedures;
performance of the transferred activities according to the requirements established for the insurer or the reinsurer. Scope of application Art. 3. (1) The Ordinance applies both to individual insurers or reinsurers with seat of business in the Republic of Bulgaria, and respectively at group level for groups headed by an insurer, reinsurer, insurance holding or financial holding with mixed activity, with a seat of business in the Republic of Bulgaria. (2) In relation to insurers without the right of access to the single market of the European Union, the ordinance is applied, taking into account the special requirements for their financial status under chapters seventeen, eighteen and nineteen of the Insurance Code. Principle of proportionality Art. 4. (1) The system of governance shall be proportionate to the nature, scale and complexity of the activities conducted by of the insurer or reinsurer. (2) The Financial Supervision Commission (hereinafter referred to as the “FSC”) and the Deputy Chairperson in charge of the Insurance Supervision Department (hereinafter referred to as the “Deputy Chairperson”) supervise the system of governance, adjusting their supervisory measures with the nature, scale and complexity of the activities conducted by the insurer, respectively by the reinsurer. Chapter two REQUIREMENTS TO THE SYSTEM OF GOVERNANCE OF INSURERS AND REINSURERS Section I General Governance Requirements

Competent body Art. 5. (1) Within the meaning of this ordinance, the competent body of the insurer, respectively of the reinsurer, is its management or control body, determined pursuant to Art. 77, para. 1 of the Insurance Code. (2) For the performance of specific tasks related to the system of governance the insurer, respectively the reinsurer, may decide to form auxiliary bodies. (3) The competent body of the insurer, respectively the reinsurer, interacts with the auxiliary bodies, as well as with the executive directors and other persons who are authorized to manage or represent the insurer, respectively the reinsurer, hereinafter referred to as the “executive management”, and with the persons performing key functions in the insurer, respectively in the reinsurer, actively requesting information from them and challenging it to verification when necessary. (4) At the group level, the competent body of the insurer, respectively of the reinsurer that is a participating undertaking, of the insurance holding undertaking or of the financial holding undertaking with mixed activities, maintains appropriate interaction with the management and control bodies of all undertakings in the group that have a significant influence on the group's risk profile, actively requesting information from them and challenging their decisions on matters that may affect the entire group. Organizational and management structure Art. 6. (1) The competent body of the insurer, respectively of the reinsurer, adopts an organizational and management structure under Art. 77, para. 1, item 1 of the Insurance Code, which aims to support the strategic objectives and operations of the undertaking and promptly adapts it to changes in them or in the business environment in which it operates. (2) The internal acts of the insurer, respectively the reinsurer, shall be interconnected and in their totality shall guarantee the consistent application of the risk management and internal control policies with a view to ensuring sound and prudent management of the activity. The acts shall bind the members of the management and control body of the insurer, respectively the reinsurer, and all other employees of the undertaking, and contain a precise description of their rights and obligations depending on their field of activity. The competent body of the insurer, respectively the reinsurer, takes steps to acquaint the interested parties with their respective rights and obligations. (3) The management and control body of the insurer, respectively the reinsurer, are obliged to observe and enforce the observance of an organizational culture that helps the effective functioning of the management system in the undertaking, through appropriate organizational values and priorities. (4) The competent body of the insurer, respectively the reinsurer, shall provide within the organizational structure of the undertaking an appropriate status for each of the key functions, defining its responsibilities and powers. (5) The competent body of the insurer, respectively of the reinsurer, shall arrange within the management structure the work processes related to the material risks and determine how they will be implemented in order to ensure that they are subject to adequate monitoring and control. (6) At the group level, the competent body of the insurer, respectively of the reinsurer that is a participating undertaking, of the insurance holding or of the mixed-activity financial holding, shall assess how changes in the group structure impact the stable financial position of the affected entities and to make the necessary corrections in a timely manner. For the purposes of the assessment under the first sentence, the competent body may carry out its Own risk and solvency assessment (ORSA) at group level and at the level of affected entities. An ORSA should be carried out when changes in the structure of the group are expected to cause a significant change in the risk profile of the group or of the affected entities within it.

(7) The competent body of the insurer, respectively of the reinsurer that is a participating undertaking, of the insurance holding undertaking or of the mixed-activity financial holding undertaking shall have appropriate knowledge about the corporate organization of the group, the business model of its various entities, the connections and relations between them and the risks arising from the structure of the group in order to take appropriate measures. (8) The competent body of the insurer or reinsurer or of the undertaking at the head of the group shall assess the adequacy of the management and organizational structure at the level of the insurer or reinsurer, respectively at the group level. Significant decisions Art. 7. (1) The insurer, respectively the reinsurer, shall ensure that at least two persons who effectively manage the insurer, respectively the reinsurer, are involved in making any significant decision of the undertaking, before the decision is implemented. (2) Significant decisions within the meaning of para. 1 are those which:

affect the undertaking's business strategy, its activity or market behavior; or
may have significant legal or supervisory consequences, significant financial effect or great importance for the employees or users of insurance services of the undertaking, or which may affect the reputation of the undertaking; or
may have another significant effect on the undertaking. (3) The competent body of the insurer, respectively of the reinsurer, defines in the management structure more detailed criteria for determining the significant decisions under para. 1. Documentation of decisions of the governance bodies Art. 8. (1) The insurer, respectively the reinsurer, shall keep minutes of the meetings of its management and control bodies. (2) In the minutes of the meetings of the bodies under para. 1 are noted:
the decisions taken;
the reasons for them;
the information from the risk management system that was taken into account when making the decisions, when it is relevant to the decision in question; 4 the information about discussions held within the body or for coordination with other bodies or persons. (3) The minutes under para. 1 are drawn up and signed in writing or as electronic documents in accordance with the Electronic Documents and Electronic Certification Services Act. When the minutes are drawn up and signed in writing, they are stored on paper for a period of not less than 5 years, and after this term are stored as electronic documents, archived in the information system of the insurer, respectively the reinsurer, in the applicable terms according to the current legislation. When the minutes are drawn up and signed in electronic form, they are stored as electronic documents in the information system of the insurer, respectively the reinsurer, within the applicable terms according to the current legislation. Allocation and segregation of responsibilities and duties Art. 9. (1) The insurer, respectively the reinsurer, shall ensure:
clearly established and documented allocation, segregation and coordination of responsibilities and duties of functions in accordance with its policies;
the avoidance of overlapping functions;
incentives for effective cooperation between employees. (2) The insurer, respectively the reinsurer, shall ensure that in the segregation of responsibilities and duties at all levels, including at the level of the management and the control body, the persons who perform certain tasks are not simultaneously responsible for monitoring and the control of the quality of the performance, unless a way is found to avoid a conflict of interest that arises from the simultaneous performance of incompatible tasks.

(3) The persons who perform key functions have operational independence and can make decisions regarding the performance of their duties without interference from other units in the undertaking. The competent body of the insurer, respectively of the reinsurer, guarantees the operational independence of each key function, and when integrating it into the organizational structure of the undertaking does not allow impact, control or limitation on its activity by other functions, by the management and/or control body or by their members. (4) When an insurer, respectively a reinsurer, allows the simultaneous performance of more than one key function by the same person or unit, it shall justify this decision and introduce effective internal processes and procedures to ensure that operational independence of the key functions is not threatened. (5) The organizational and management structure of the insurer shall allow the heads of key functions, respectively the persons who perform the key functions, to report directly to the competent body of the insurer or reinsurer any findings, concerns and proposals without limitation regarding the nature and volume of the reported information. Before making a decision, the competent body shall give the affected persons and units the right to submit their comments, explanations or objections. (6) The competent body of the insurer, respectively the reinsurer, assesses whether, when and how to respond to the findings, concerns or proposals reported by the head of a key function, respectively by the person who performs a key function, but does not have the right to influence their change, to align with the reported position. (7) The competent body of the undertaking at the head of the group, defines in group-level policies the tasks and responsibilities of each individual entity within the group with a view to the general strategic goals and activities of the group. (8) An insurer or reinsurer that is a member of a group fulfills its obligations regarding the system of governance and develops its own internal rules in accordance with the strategy and policies at the group level. Decisions or procedures at group level are not allowed to lead to an individual insurer or reinsurer within it being in breach the existing regulations or prudential requirements within the meaning of Art. 68, para. 12 of the Insurance Code. (9) Each insurer, respectively reinsurer, is obliged to build and maintain an effective system for accountability, reporting and exchange of information with the aim of timely provision of information to all interested parties. Periodic review of the system of governance Art. 10. (1) The competent body of the insurer, respectively of the reinsurer shall determine the scope and frequency of the periodic review under Art. 76, para. 5 of the Insurance Code of the system of governance, taking into account the nature, scale and complexity of the activity both at the individual level and at the group level, as well as the structure of the group. (2) Periodic review procedures shall ensure the collection of information on key functions and an overview of the management system together with proposals for changes where necessary. In the periodic review process, the competent body takes into account the findings of the reviews of the internal audit function. (3) The insurer, respectively the reinsurer, shall ensure that the scope, findings and conclusions of the periodic review are appropriately documented and reported to the competent body. The insurer or reinsurer shall establish an appropriate verification and control mechanism to ensure that follow-up actions are taken and documented. Program of Operations and Policies Art. 11. (1) The program of operations of the insurer, respectively the reinsurer, under Art. 77, para. 1, item 2 of the Insurance Code and its updates shall reflect its operations both on the territory of the Republic of Bulgaria and in other Member States or in third countries in which it carries out or intends to operate within the three-year period. (2) The competent body of the insurer, respectively the reinsurer, shall update the program

of operations annually within the period under Art. 77, para. 1, item 2 of the Insurance Code, providing for the operations for a period not shorter than three years in the future. Before undertaking activities that are not provided for in the program of operations, the competent body of the insurer, respectively of the reinsurer, makes the relevant changes in it and outside the period under Art. 77, para. 1, item 2 of the Insurance Code, and if necessary - more than once within a year. (3) Before making a decision on updating the program of operations or making changes to it, the competent body of the insurer, respectively of the reinsurer, takes into account the results of the last regularly performed ORSA and assesses the need to carry out an extraordinary ORSA in any case when anticipated changes may materially affect risk or equity. (4) The competent body of the insurer, respectively of the reinsurer, submits the updated program of operations to the FSC no later than 14 days after the adoption of the update. (5) The insurer, respectively the reinsurer, brings all the policies that are part of the system of governance in line with each other, as well as with the program of operations, and when exercising its operational independence, it can shape and combine them in a way, which corresponds to its organizational structure and processes. Policy within the meaning of the first sentence is the totality of all internal acts and documents that contain the requirements in the relevant field, and shall clearly define at least:

the goals pursued by the policy;
the tasks to be performed;
the position or the person responsible for the performance of the tasks;
the processes and reporting procedures to be applied;
the obligation of the relevant organizational units to inform key functions of any facts relevant for the performance of their duties. (6) In the policies that cover key functions, the insurer, respectively the reinsurer, also addresses the organizational position of the key functions within the insurer, respectively the reinsurer, as well as their powers. (7) An insurer, or reinsurer, which is part of a group, shall ensure that its policies are consistent with the policies at the group level, adopted by the competent body of the undertaking at the head of the group. (8) The insurer, respectively the reinsurer, shall establish conditions for timely familiarization of its employees and service providers under Art. 110 of the Insurance Code with the adopted policies depending on the duties, functions or activities performed by them and with subsequent amendments and additions to them. (9) The periodic review of the policies of the insurer, respectively the reinsurer, under Art. 77, para. 2 of the Insurance Code covers all the undertaking's policies, including the documents for specifying the policies in certain areas, such as the ORSA policy, the internal rules for ensuring the information subject to disclosure in the solvency and financial position report under Art. 133, para. 1 of the Insurance Code is always up to date, the policy regarding the internal model in undertaking that apply an internal model, etc. (10) Any periodic review of the policies under para. 9 shall be documented, with the documentation noting the persons who carried out the review, the proposed changes, as well as the decisions taken by the competent body of the insurer, respectively the reinsurer, and the reasons for them. (11) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking shall ensure that the policies are applied equally and consistently across the group, as well as that the policies of the entities in the group correspond to the policies of the group, taking into account the specifics of each individual entity and group-level policies. Where the group includes undertakings other than insurers or reinsurers for which policies are also developed, these policies shall also be

consistent with the group policies. (12) The competent body of the insurer, respectively the reinsurer, submits the policies under Art. 77, para. 1, item 3 of the Insurance Code together with their subsequent important amendments and additions in the FSC no later than 14 days after their adoption. The competent body of the insurer, respectively of the reinsurer, which is a participating undertaking, of the insurance holding undertaking or the mixed-activity financial holding undertaking provides the policies under Art. 77, para. 1, item 3 of the Insurance Code at the group level together with their subsequent important amendments and additions in the FSC no later than 14 days after their adoption. Important amendments and additions within the meaning of the first or second sentences are those that meet the criteria under Art. 7, para. 2 or 3. Contingency plans Art. 12. (1) The insurer, respectively the reinsurer, develops a policy to ensure the business continuity and identifies the significant risks that shall be taken into account in the emergency action plans covering the areas where the undertaking is vulnerable, such as risks from natural disasters, fires, accidents, significant breakdowns of information systems, epidemics, etc. The business continuity policy and contingency plans are approved by the competent body of the insurer, respectively the reinsurer. (2) Based on the identified risks, the insurer, respectively the reinsurer, prepares written plans to ensure that the interruption of the activity and the possible losses from the possible realization of the risks under para. 1 will be limited and the undertaking will be able to continue its activities to the extent necessary to ensure at least the protection of employees, property and other assets. The plans also define the channels of communication in the event of an emergency. (3) The plans under para. 2 cover all essential activities of the insurer, respectively the reinsurer. The insurer, respectively the reinsurer, familiarizes the members of its management and control body, the executive management, as well as its other employees with their obligations according to the contingency plans. (4) The insurer, respectively the reinsurer, organizes periodic tests of the action plans in emergency situations to check their effectiveness, revising and updating them annually. Section II Additional requirements to the rules for determining remuneration Remuneration Committee Art. 13. (1) The insurer, respectively the reinsurer, with the right of access to the single market of the European Union, may establish a remuneration committee to assist the competent body of the insurer, respectively the reinsurer, in developing and revising the remuneration policy and for other purposes under Art. 275, para. 1, letter "e" of Delegated Regulation (EU) 2015/35, when this is necessary in view of the scale of the undertaking, the nature and scope of the activities, the internal organization and the resulting complexity of the remuneration policy and its interconnectedness with the undertaking's risk profile. An insurer without the right to access the single market of the European Union can also establish a remuneration committee. (2) The remuneration committee under Art. 275, para. 1, letter "e" of Delegated Regulation (EU) 2015/35:

assists the body under Art. 3, para. 1 of Ordinance No. 48 of 20.03.2013 on requirements for remuneration (SG No. 32 /2013), hereinafter referred to as “Ordinance No. 48”, on the development of the overall remuneration policy;
prepares decisions regarding remuneration;
reviews the policy regularly to ensure that it continues to correspond to changes in the undertaking's activities or the business environment;
identifies potential conflicts of interest in the formation of remuneration and the steps to overcome them;
provides adequate information to the authority under Art. 3, para. 1 of Ordinance No. 48 regarding the implementation of the remuneration policy and its results. (3) The remuneration committee shall have a composition that allows it to exercise a competent and independent assessment of the remuneration policy and its review and to perform the tasks under para. 2. (4) The remuneration committee has access to all documents and information it needs to create and maintain an effective remuneration policy. Section III Fit and proper requirements Application of fit requirements Art. 14. (1) The insurer, respectively the reinsurer, shall ensure that the persons who effectively run the undertaking or have other key functions are fit and take account of the respective duties allocated to individual persons to ensure appropriate diversity of qualifications, knowledge and relevant experience so that the insurer, respectively the reinsurer, is managed and overseen in a professional manner. In the sense of the first sentence, persons who perform key functions include not only the person who heads the key function, but also the other employees who are assigned to perform activities included in the scope of the key function. Qualification and experience requirements of an employee who is assigned to perform activities within the scope of a key function, other than the person who leads it, take into account the nature, scale and complexity of the assigned activities. (2) The insurer, respectively the reinsurer, shall make an initial assessment of the qualifications, knowledge and experience of the persons under para. 1 at the time of their selection or appointment to the relevant post, as well as ongoing assessment, providing appropriate training to ensure that individuals are able to meet the changing and increasing demands associated with their duties. (3) The members of the board of directors, respectively of the management and supervisory board of the insurer, respectively the reinsurer, with the right of access to the single market of the European Union shall at all times, including after changes in the composition, collectively possess appropriate qualifications , knowledge and experience at least of:
insurance and financial markets;
business strategy and business model;
system of governance;
financial and actuarial analysis;
regulatory and supervisory requirements. (4) For the purposes of para. 3:
“knowledge of insurance and financial markets” means: a) knowledge and understanding of the general business, economic and market environment in which the undertaking operates, and b) a good level of knowledge of the requirements of users of insurance services and of their ability to handle financial products;
“knowledge of business strategy and business model” means detailed knowledge of the undertaking's business strategy and model;
“knowledge of system of governance” means: a) knowledge and understanding of the risks faced by the undertaking and its ability to manage them; b) ability to evaluate the effectiveness of the organization of the undertaking to ensure reliable management, tracking and control of the activity, and c) ability, if necessary, to lead and control the implementation of changes in this organization;
“knowledge of financial and actuarial analysis” means the ability to correctly understand

the financial and actuarial information in the undertaking, to identify the key issues, put in place the appropriate control measures and take the necessary measures based on this information; 5. “knowledge of the regulatory framework and supervisory requirements” means knowledge and understanding of the regulatory framework within which the undertaking operates, both from the point of view of the requirements and expectations of the supervisory authorities, and with a view to ensuring compliance of the activity with changes in regulations without delay. (5) Without limiting his obligations under para. 1 and 2, an insurer without access to the single market of the European Union takes measures to ensure that the members of its board of directors, respectively of its management and supervisory boards, generally possess appropriate qualifications, knowledge and experience under para. 3. In any case, when the insurer under the first sentence is unable to ensure full compliance with para. 3 and 4, he presents to the FSC an assessment of the risks arising from this, as well as measures to limit them. Application of proper requirements Art. 15. (1) When assessing whether a person who will hold a position under Art. 79, para. 1 of the Insurance Code is proper, the insurer, respectively the reinsurer, shall take into account any crimes, administrative violations or other actions committed by the person referred to in Art. 80, para. 1 and 3 of the Insurance Code, as well as other violations of the law that could call into question said persons’ integrity, including pending proceedings related to the imposition of penalties. (2) The insurer, respectively the reinsurer, shall carry out a background check of the propriety of the person holding a position under Art. 79, para. 1 of the Insurance Code, at the time of his election or appointment to the relevant position, as well as ongoing checks, with a view to guaranteeing the person's compliance with the proper requirements at any moment. (3) Except in the cases under Art. 80, para. 1, items 3 - 5 and 7 - 9 of the Insurance Code, the presence of information about a committed crime or other offense does not lead to the automatic recognition of the relevant person as improper, and each specific case is evaluated individually. (4) All persons under Art. 79, para. 1 of the Insurance Code shall avoid carrying out activities that create or could create conflicts of interest in their work for the insurer, respectively for the reinsurer. Fit and proper policies and procedures Art. 16. (1) The fit and proper requirements policy under Art. 79, para. 5 of the Insurance Code and under Art. 273(1) of Delegated Regulation (EU) 2015/35 shall include at least:

procedure for determining the positions for which notifying the FSC, for selection and appointment, respectively dismissal, of a person occupying such a position is required, except in cases where the obligation to notify is provided for in the Insurance Code, as well as a procedure for carrying out the notification to the FSC;
description of the procedure for assessing the fitness and propriety and lack of conflict of interest of the persons under Art. 79, para 1 of the Insurance Code, both when being considered for the specific position and on an on-going basis;
description of the period in which a regular internal assessment of compliance with the requirements for fitness, propriety and the lack of conflict of interest is carried out and the circumstances that lead to an extraordinary assessment of the fitness and propriety requirements; 4 description of the procedure for assessing the knowledge, skills, expert qualities and personal integrity of the persons under Art. 85, para. 1 of the Insurance Code in accordance with the internal standards, both when assessing the occupation of the specific position and on

an ongoing basis; 5. the measures to manage the conflicts of interest resulting from the reconciliation of different positions and functions by the same persons, and to limit the risk for the reliable and prudent management of the activity. (2) The period for carrying out a regular internal assessment under para. 1, items 3 and 4 cannot be longer than 2 years from the date of election or appointment to the relevant position, respectively from the date of the last assessment. (3) The circumstances under para. 1, items 3 and 4, which lead to an extraordinary assessment of the fitness and propriety requirements, include at least grounds for doubt that the person:

hinders the undertaking's operations in accordance with the applicable legislation;
increases the risk of committing financial offences or violations of measures against money laundering or terrorist financing;
puts at risk the reliable and prudent management of the undertaking, including in cases where different positions and functions are combined by the same persons. Outsourcing of key functions Art. 17. (1) The insurer, respectively the reinsurer, is obliged to apply the fit and proper procedures to assess the service provider, including the persons employed by him, or his subcontractor, who have been assigned or are about to be assigned the performance of a key function under Art. . 110 of the Insurance Code. (2) The insurer, respectively the reinsurer, designates a person within its undertaking who supervises the performance of the key function assigned to the service provider. This person shall be fit and proper and have sufficient knowledge and experience regarding the key function assigned to the service provider to be able to monitor the performance and results of the service provider. Art. 79, para. 3, sentence two of the Insurance Code applies for the person who supervises the performance of the key function assigned to a service provider, (3) The insurer, respectively the reinsurer, shall notify the FSC of each service provider to whom a key function has been assigned, of its subcontractor, if any, as well as of the person under para. 2. Notification Art. 18. (1) The insurer, respectively the reinsurer, shall notify the FSC of the persons selected to occupy positions for which prior approval is required under Art. 80, para. 10, Art. 82, Art. 93, para. 5 and Art. 95, para. 3 of the Insurance Code, as well as for the authorized representative of a branch of the insurer in another Member State under Art. 45, para. 2, item 3 of the Insurance Code, before their election or appointment to the respective position. (2) The insurer, respectively the reinsurer, shall notify the FSC of the persons holding positions under Art. 89, para. 2 and Art. 99, para. 2 of the Insurance Code and for the heads of any other key function under Art. 78, para. 1, item 5 of the Insurance Code within seven days of the appointment of the person to the respective position. (3) The insurer, respectively the reinsurer, shall notify the FSC of the persons under para. 1 and 2, who were dismissed from office, as well as the reasons for their dismissal. (4) The circumstances in connection with the fitness of a person under Art. 79, para. 1 of the Insurance Code are certified with a diploma of completed higher education, applying the requirements of Art. 80, para. 5 of the Insurance Code, and with other documents certifying acquired knowledge and skills relevant to the respective position. (5) The circumstances related to the professional experience of a person under Art. 79, para. 1 of the Insurance Code are certified with a resume, applying the requirements under Art. 80, para. 6 of the Insurance Code. (6) The notification under para. 1 and 2 contains the following information:
contact information of the insurer, respectively the reinsurer:

a) undertaking name and UIC of the insurer, respectively the reinsurer; b) names and position of the contact person; c) telephone number, e-mail address and fax number (if applicable) of the contact person; 2 indication of the circumstance being notified: a) initial election or appointment to a position; b) re-election or reappointment to the same position; c) change in information provided with a previous notification; 3. description of the position being notified: a) job title; b) powers and responsibilities of the position according to the organizational structure of the insurer or the reinsurer; c) description of the level of knowledge, competence and experience of the respective person, including requirements for education and experience of the person according to the organizational structure of the insurer or reinsurer; d) date of appointment for positions where approval by the FSC is not a condition precedent for holding the position; e) term of office, if applicable; f) whether the position has executive functions; g) any other information that the insurer, respectively the reinsurer, considers relevant for the assessment; 4. resume of the person to whom the notification refers, which contains at least: a) names; b) previous names of the person, if relevant; c) PIN or other personal identification number, when the person has one, such as when the personal identification number is issued by another country - and an indication of the country in which it was issued; d) Current address e) Phone number f) date and place of birth; g) citizenship; h) the place, respectively the places where the person gained professional experience, giving specific data about them, namely: name, legal form, seats of business, subject of activity, UIC or other registration number, when applicable, territorial scope of operations; i) the positions that the person held and their place in the organizational structure of the undertaking or institution, the period during which he held each position, a detailed description of each position, its functions, powers and duties; k) the reasons and circumstances under which the person left the positions held, and more specifically, whether there were cases of disciplinary dismissal or other cases of dismissal due to non-compliance with statutory requirements, requirements for the position or due to failure to manage the job, as well as cases of membership in management or control bodies of an undertaking, which were denied release from liability by a general meeting of partners or shareholders, as well as the reasons for such; l) detailed information on potential conflicts of interest, if applicable; m) qualified interest or any other form of significant influence in the insurer, respectively in the reinsurer; n) any other undertakings in which the person has a direct or indirect qualified interest, indicating the undertaking, seats of business, UIC or other registration number of the undertaking, the subject of activity, and the percentage of the owned interest; o) spouses, including ex-spouses, persons with whom the person is in de facto cohabitation, and persons with whom the person has children in single, direct relatives without limitation,

collateral relatives up to the third degree including relatives by marriage up to the third degree including with: aa) shareholding in the insurer, respectively in the reinsurer, or in any other undertaking that owns shares in it, as well as the amounts of these holdings; bb) any other financial relations with the insurer, respectively with the reinsurer, under the letter "m" or in any other undertaking that owns shares in it, as well as the nature of these financial relations; p) any other commitments that may lead to a conflict of interest with explanations of the circumstances and a statement of how the person to whom the notification relates intends to overcome potential conflicts of interest; 5) a notarized copy of a higher education diploma acquired in the Republic of Bulgaria, respectively a legalized translation of a higher education diploma acquired in a higher education institution outside the Republic of Bulgaria; 6. declaration of the circumstances under Art. 80, para. 1, items 4 - 9 of the Insurance Code. 7. declaration of the circumstances under Art. 80, para 3 of the Insurance Code. 8. declaration of the circumstances under Art. 80, para. 4 of the Insurance Code, if applicable; 9. evidence to establish the lack of previous convictions outside the Republic of Bulgaria according to Art. 80, para. 7 of the Insurance Code; 10. declaration under Art. 80, para. 9, sentence two of the Insurance Code, signed by two members of the management or control body of the insurer, respectively of the reinsurer, as well as by the official who has verified the credibility of the circumstances; 11. written consent under Art. 80, para. 9, sentence three of the Insurance Code, from the person for whom approval is requested, the FSC shall request confirmation of all circumstances disclosed in the approval proceedings, as well as to receive the necessary information from other authorities and persons with whom the relevant information is available. (7) To the notification under para. 1 the insurer, respectively the reinsurer, applies analysis and reasons for the selection of the person for the relevant position. Assessment of the fit and proper requirements by the FSC Art. 19. (1) The FSC evaluates the adequacy of the knowledge and experience and the reliability of the persons under Art. 79, para. 1 of the Insurance Code on the basis of the documents and information provided by the insurer or reinsurer and the assessed person, as well as the information collected ex officio by the FSC. (2) When it is established from the submitted notification and its attachments that the person to whom the notification refers has worked for an insurer, reinsurer or insurance intermediary in another Member State of the European Union or the European Economic Area, the FSC may make a request for information to the competent authorities of the respective member state for verification of the information provided and for the presence of circumstances that cast doubt on the qualification and reliability of the person. (3) When it is established from the submitted notification and its attachments that the person to whom the notification refers has worked for a credit institution in the Republic of Bulgaria or for a credit institution in another Member State of the European Union or the European Economic Area, the FSC may make a request for information to the Bulgarian National Bank or to the competent authorities of the relevant Member State to verify the information provided and the presence of circumstances that cast doubt on the fitness and propriety of the person. (4) When it is established from the submitted notification and its attachments that the person to whom the notification refers has worked for an undertaking subject to investment activity supervision in another Member State of the European Union or the European Economic Area, the FSC may make a request for information to the competent authorities of the relevant Member State to verify the information provided and the presence of circumstances that cast doubt on the fitness and propriety of the person. (5) In order to verify the information in the notification and its attachments, the FSC may

request information from other supervisory authorities or carry out cross-checks on documents or on the spot in undertakings where the person to whom the notification refers has acquired the professional you are experienced. (6) The FSC assesses the potential conflicts of interest that may arise from the combination of the various obligations arising from the combined positions and the measures taken by the insurer, respectively the reinsurer, to manage and limit these conflicts of interest in the cases, when the same person combines or, as a result of the approval issued by the FSC , will begin to combine a position as head of a key function under Art. 78, para. 1, item 1, 2, 4 or 5 of the Insurance Code with:

position as head of another key function, and/or
another position in the undertaking of the insurer, respectively the reinsurer, or
position as a member of the management or control body of the insurer, respectively of the reinsurer, or
position of a person who manages or represents the insurer, respectively the reinsurer. (7) The risk assessment under para. 6 is carried out taking into account the nature, volume and complexity of the activity of the insurer, respectively the reinsurer. (8) In cases where, during the evaluation, the FSC finds that there is a conflict of interest that creates a risk for the reliable and prudent management of the activity, the insurer, respectively the reinsurer, takes effective measures to limit it. Reassessment and ongoing assessment of fit and proper requirements Art. 20. (1) The FSC performs an ongoing assessment of the adequacy of the knowledge and experience and the reliability of the persons under Art. 79, para. 1 of the Insurance Code. (2) When, in the course of the ongoing supervision, new facts or circumstances relating to the adequacy of the knowledge and experience or the reliability of the persons under Art. 79, para. 1 of the Insurance Code, the committee, on the proposal of the Deputy Chairperson, reevaluates compliance with the fit and proper requirements. (3) The insurer provides up-to-date information on the fitness and propriety of the members of its management and control body upon notification of an intention to carry out cross-border activity in another Member State under the terms of the right of establishment, which will allow the FSC to assess whether they are in able to ensure a stable and prudent management of operations in the other member state, including information regarding knowledge of the market, the regulatory framework and other conditions under which operations will be carried out in the other member state. (4) For the purposes of ongoing supervision of compliance with fit and proper requirements in the process of supervisory review, each insurer, respectively reinsurer, shall notify the FSC of the terms in which it carries out a regular assessment of compliance with fit and proper requirements and of limitation of a conflict of interest, and within seven days of its execution, submits to the FSC a summary report on the regular periodic assessment for all persons subject to inspection, and on each extraordinary assessment for compliance with these requirements, with a presentation of the method of carrying out the assessment and the results thereof. Section IV Risk Management Role of the competent body of the insurer, respectively the reinsurer, in the risk management system Art. 21. (1) The competent body of the insurer, respectively of the reinsurer, is responsible for ensuring the effectiveness of the risk management system, and:
defines clearly and in detail the risk strategy of the insurer, respectively the reinsurer, in order to reflect its strategic goals;
determines the general risk tolerance limits, taking into account the risk strategy, the objective restrictions before the undertaking that hinder its ability to take risks, and other

relevant information, including its current risk profile and the interconnection between individual risks, etc. ; 3. approves risk tolerance limits for each category of risks to be applied in the current activity of the insurer, respectively the reinsurer; 4. approves and periodically reviews the main risk management strategies and policies. (2) Within the meaning of para. 1:

“risk strategy” (risk appetite) means the general attitude of the insurer, respectively the reinsurer, to the various categories of risks.
“risk tolerance limits” means the limits an undertaking imposes on itself when taking risks. (3) The competent body of the insurer, respectively of the reinsurer, creates conditions for a coordinated and integrated approach to the management of risks in the undertaking, guaranteeing its uniform application at all levels. (4) The competent body of the insurer, respectively the reinsurer, designates at least one of its members who is responsible for monitoring the risk management system. (5) The competent body of the insurer, respectively the reinsurer, ensures that the risk management processes correspond to the objective requirements of the undertaking and their results are taken into account when making all significant decisions. (6) The competent body of the insurer, respectively the reinsurer that is a participating undertaking, of the insurance holding undertaking or of a mixed-activity financial holding undertaking, ensures the effectiveness of the risk management system of the entire group, and the group risk management system includes at least:
strategic decisions and risk management policies at group level;
the definition of the risk strategy of the group and the general risk tolerance limits;
the identification, measurement, management, monitoring and reporting of risks at group level. (7) The competent body of the insurer, respectively of the reinsurer, which is a participating undertaking, of the insurance holding undertaking or of the fixed activity financial holding undertaking ensures that the strategic decisions and policies under para. 6, item 1 are in accordance with the structure of the group, with the size and specific characteristics of the entities that are part of the group. (8) The insurer, respectively the reinsurer, shall document the risk measurement and assessment. The undertaking at the head of the group shall ensure that the risk measurement and assessment of the group as a whole is documented. (9) The competent body under para. 1 shall ensure a continuous risk reporting process at all levels of the undertaking to support decision-making processes. The competent body under para. 6 fulfills the obligation under the first sentence at the group level. Risk Management Policy Art. 22. (1) The insurer, respectively the reinsurer, adopts a risk management policy under Art. 77, para. 1, item 3, letter "a" of the Insurance Code, which shall at least define:
the risk categories, both quantifiable and non-quantifiable risks, including at least the risks under § 1, items 40 - 45 of the additional provisions of the Insurance Code, the risk of non-compliance with the regulatory requirements under Art. 93, para. 1, item 3 of the Insurance Code, emerging risks that may have a significant effect on the undertaking, reputational risk and strategic risk, as well as risk measurement methods;
the way of managing each category of risk under item 1, as well as each potential aggregation of risks;
the connection of risk management with the assessment of aggregate needs in terms of solvency, as defined in the ORSA, the statutory established capital requirements and the risk tolerance limits the insurer, respectively the reinsurer;
risk tolerance limits within all relevant risk categories in accordance with the general risk strategy of the insurer, respectively the reinsurer;
the frequency and content of regular stress tests and situations that give rise to special purpose stress tests;
the consideration of the potential aggregation of risks, interactions between risks and their indirect effects. (2) The insurer, respectively the reinsurer, is obliged to develop regular stress tests in accordance with its risk profile, determining possible short-term and long-term risks and possible events or future changes in economic conditions that may have an adverse effect on its financial position. The insurer, respectively the reinsurer, may it also uses reverse stress tests, identifying circumstances that may threaten its existence and developing safeguards. (3) The insurer, respectively the reinsurer, chooses adequate scenarios for the development of stress tests based on the most unfavorable but possible cases that the undertaking may face, taking into account the significant secondary effects. (4) The risk management policy of insurers without the right to access the single market takes into account the fact that these insurers are not obliged to calculate their capital requirements using the standard formula for calculating the solvency capital requirement. Tasks of the risk management function Art. 23. In addition to what is provided for in the Insurance Code and in Delegated Regulation (EU) 2015/35, the risk manager reports to the competent body of the insurer, respectively the reinsurer, about the risks that have been identified as potentially material. The risk manager also reports on other specific areas of risk both on his own initiative and at the request of the competent body of the insurer, respectively the reinsurer. Underwriting and reserving risk management policy Art. 24. (1) In the risk management policy, the insurer, respectively the reinsurer, covers at least the following with respect to the underwriting risk and reserving risk:
types and characteristics of the insurance business, such as the type of insurance risk that the insurer, respectively the reinsurer, is willing to accept;
how to ensure the sufficiency of the premium income to cover the expected claims and expenses;
identification of the risks arising from the insurance obligations of the insurer, respectively the reinsurer, including embedded options and guaranteed surrender values in its products;
how in the process of developing a new product and calculating the premium, the insurer, respectively the reinsurer, takes into account the constraints related to investments;
how in the process of developing a new product and calculating the premium, the insurer, respectively the reinsurer, takes into account reinsurance (retroceding) and other risk mitigation techniques;
where applicable: a) the maximum acceptable exposures relative to specific risk concentrations; b) internal underwriting limits for different products and classes of insurance; c) considerations relating to reinsurance (retrocession) and other risk reduction strategies and their effectiveness. (2) The insurer, respectively the reinsurer, shall ensure compliance with its policies and procedures in relation to underwriting in all channels for distribution of the undertaking's products. Operational Risk Management Policy Art. 25. (1) In the risk management policy, the insurer, respectively the reinsurer, covers at least the following in regard to the operational risk:
identification of the operational risks it is or may be exposed to, as well as an assessment

of the way to mitigate them; 2. activities and internal processes for managing operational risks, including the information system that provides them; 3. risk tolerance limits in regard to the main operational risk areas of the insurer, respectively the reinsurer. (2) The insurer, respectively the reinsurer, shall introduce and implement processes for identifying, analyzing and reporting events representing operational risk. To this end, it established a process to collect and monitor the events representing operational risk. (3) For the purposes of operational risk management, the insurer, respectively the reinsurer, shall develop and analyze an appropriate set of operational risk scenarios, based at least on the following approaches:

failure of a key process, personnel or system;
occurrence of external events. (4) Simultaneously with the analysis of the operational risk scenarios, the insurer, respectively the reinsurer, shall identify and apply measures to mitigate them. (5) The insurer, respectively the reinsurer, collects and analyzes information on cases of operational risk within the undertaking and may analyze cases of operational risk in other organizations. The analysis examines at least the reasons for the occurrence of the incident, its consequences and the actions on the incident that were taken, respectively, which were not taken. (6) When determining the range of cases for which information is collected and analyzed, the insurer, respectively the reinsurer, shall take into account that some of the events are of low frequency and severe consequences, while others are of high frequency and milder consequences , and also that cases should be analyzed in which the manifestation of the risk did not lead to the occurrence of harmful consequences. Risk management policy - reinsurance and other risk mitigation techniques Art. 26. (1) In the risk management policy, the insurer, respectively the reinsurer, covers at least the following with regard to reinsurance and other risk mitigation techniques:
identification of the level of risk transfer that is appropriate for the undertaking’s defined risk tolerance limits, and which kind of reinsurance contracts are most suitable for this given the undertaking’s risk profile;
principles for selecting risk mitigation counterparties and procedures for assessing and monitoring the creditworthiness and diversification of reinsurance counterparties;
the procedures for assessing the effective transfer of risk and consideration of basis risk;
liquidity management to deal with any time gap between claim payments and reinsurance benefits. (2) The insurer, respectively the reinsurer, prepares a written analysis of the functioning and inherent risks of the techniques used to reduce risk, while observing the principle of proportionality, documents the risks that may arise from these techniques, the measures taken to counteract these risks and the potential consequences of the manifestation of these risks, including in a worst-case scenario. (3) When using special purpose vehicles for alternative transfer of insurance risk, the insurer, respectively the reinsurer:
continuously monitors through its management system whether the requirement for full financing of the scheme has been met;
takes into account any possible residual risks arising from the scheme and which may flow back to the insurer or reinsurer, within the framework of the risk management system and in the calculation of capital requirements. Strategic risk and reputational risk Art. 27. (1) In the risk management process, the insurer, respectively the reinsurer, shall

monitor and manage the following situations:

actual or potential exposure to strategic risk and reputational risk and the interrelationship between them and other material risks;
key issues affecting its reputation, taking into account stakeholder expectations and market sensitivities. (2) The risk manager reports promptly to the competent body and the executive management about his findings under para. 1. (3) Strategic risk is a function of the incompatibility of two or more of the following components:
the strategic goals of the undertaking;
the developed strategies for operations;
the resources invested in achieving these goals;
the quality of performance;
the state of the markets in which the undertaking operates. (4) The insurer, respectively the reinsurer, shall create a process for formulating strategic goals and for their transformation into short-term operation plans. Asset and Liability Management Policy Art. 28. In the risk management policy, the insurer or reinsurer shall cover at least the following in relation to asset - liability management:
the procedure for identification and assessment of the various mismatches between assets and liabilities, at least regarding terms and currency;
the techniques for mitigating the impact of inconsistencies to be used and the expected effect of the respective risk mitigation techniques in the management of assets and liabilities;
deliberate mismatches permitted
the methodology used and the frequency of stress tests and scenario tests that are performed. Investment Risk Management Policy Art. 29. (1) In the risk management policy, the insurer, respectively the reinsurer, covers at least the following with regard to investment:
the level of security, quality, liquidity and profitability for which the insurer, respectively the reinsurer is aiming, with regard to the whole portfolio of assets and how it plans to achieve them;
quantitative limits on assets and exposures, including off-balance sheet exposures, adopted to help ensure that the portfolio achieves the desired level of security, quality, liquidity, profitability and availability.
the level of availability for which the insurer, respectively the reinsurer is aiming , with regard to the whole portfolio of assets and how it plans to achieve it;
assessment of the financial market environment;
the conditions under which it can pledge or lend assets;
the link between market risk and other risks in adverse scenarios;
the procedure for appropriately valuing and verifying investment assets;
the procedures for monitoring the performance of the investments and reviewing the policy when necessary;
how assets should be selected in the best interest of users of insurance services. (2) The insurer, respectively the reinsurer, introduces and monitors compliance with quantitative limits under para. 1, item 2 in relation to each individual class of assets, counterparty, geographical area or industry. (3) The risk management function of the insurer, respectively the reinsurer, shall assess whether the quantitative limits for investments are appropriate in order for it to meet its obligations and ensure compliance with the requirements under Art. 124, para. 7 of the

Insurance Code, regularly performing the necessary stress tests for this purpose. (4) For the identification, measurement, monitoring, management and control of investment risks, the insurer, respectively the reinsurer, uses appropriate and recognized methods. (5) The insurer, respectively the reinsurer, shall introduce adequate internal control procedures to ensure that the investment activity is monitored and that the investments are carried out in compliance with the principles and procedures approved by its competent body. These procedures are consistent with the risks arising from the investment activities, including risks related to the coordination between the employees directly involved in servicing the users of insurance services and other employees, with compliance with the authorization rules and trading limits, with agreements between the parties involved in the transaction, with timely documentation of transactions, with authentication of quoted prices or with traceability. Liquidity Risk Management Policy Art. 30. (1) In the risk management policy, the insurer, respectively the reinsurer, covers at least the following elements with regard to liquidity risk:

procedure for determining the level of mismatch between cash inflows and outflows on both assets and liabilities, including expected cash flows on direct insurance and reinsurance, such as claims, early termination and redemption;
assessment of total liquidity needs in the short and medium term, including provision of sufficient liquidity as a suitable buffer to protect against liquidity shortages;
consideration of the level and method of monitoring liquid assets, including a quantification of the potential costs or financial losses resulting from enforced realization;
the identification and costs of alternative financing tools;
consideration of the impact on liquidity of the expected new activity. (2) The undertaking at the head of the group, creates an organization for the use of free funds in different undertakings within the group by monitoring the financial position of each of them and carrying out regular stress tests and tests on the transferability of funds. Section V Prudent investor principle and the system of governance Prudent investor principle Art. 31. The insurer, respectively the reinsurer, observes the prudent investor principle, which includes:
exercising due care in the process of development, adoption, implementation and control of the investment strategy in view of the objectives for which the funds are managed and in view of performance;
providing the relevant employees, external experts or service providers with the necessary knowledge, skills and commitment, and the insurer, respectively the reinsurer: a) ensures their qualification and absence of conflict of interest, and b) creates conditions for their familiarization with the specifics and needs of the portfolio;
control over the activities of the asset managers;
protection of the interests of users of insurance services;
diversification. Investment Risk Management Art. 32. (1) The insurer, respectively the reinsurer, develops and applies its own set of key indicators for investment risk in accordance with its investment risk management policy and business strategy, so that it does not depend solely on information provided by third parties, such as financial institutions , asset managers and credit rating agencies. (2) When making investment decisions, the insurer with the right of access to the single market of the European Union, respectively the reinsurer, takes into account the risks related to the investments, without relying solely on the fact that the investment risk is covered by the capital requirements. When making investment decisions, the insurer without the right to

access the single market of the European Union takes into account the risks associated with the investments, without relying solely on the fact that the investment risk is covered by the quantitative limits under chapter seventeen of the Insurance Code. Assessment of non-routine investment activities Art. 33. (1) Before making an investment or investment activity of non-routine nature, the insurer, respectively the reinsurer, is obliged to assess at least:

its ability to perform and manage the investment or investment activity;
the risks specifically related to the investment or investment activity and the impact of the investment or investment activity on the undertaking’s risk profile;
the compliance of the investment or the investment activity with the interests of the users of insurance services, with the liability constraints determined by the insurer, respectively the reinsurer, and with efficient portfolio management;
the impact of this investment or investment activity on the e quality, security, liquidity, profitability and availability of the whole portfolio. (2) For the purposes of this article:
“investment or investment activity of non-routine nature” means such an investment or investment activity which, in view of its volume or complexity, is not regularly carried out in the insurer's or reinsurer's practice;
“investment activity” means any action related to the management of an investment, including selling a call option, lending a security, issuing an instrument. (3) The insurer, respectively the reinsurer, develops and implements procedures that require, when there is an investment or investment activity posing significant risk or a change in the risk profile, that the risk manager of the undertaking to provide the competent body with information about this risk or a change in the risk profile of the undertaking. (4) When an investment or an investment activity leads to a significant risk, significantly changing the risk profile, the insurer, respectively the reinsurer, shall carry out ORSA before undertaking the investment or activity. Security, quality, liquidity and profitability of investment portfolios Art. 34. (1) The insurer, respectively the reinsurer, is obliged to regularly review and monitor the security, quality, liquidity and profitability of the whole portfolio, taking into account at least:
any liability constraint, including guarantees for policyholders, insured persons or beneficiaries, and any disclosed policy regarding future discretionary benefits and reasonable expectations of policyholders, insured persons or beneficiaries, where relevant;
the level and nature of the risks the undertaking is willing to accept;
the level of diversification of the whole portfolio;
the characteristics of the assets, including: a) credit quality of counterparties; b) liquidity; c) tangibility; d) sustainability; e) existence and quality of collateral or other assets backing the assets; f) debt/equity ratio or encumbrances; g) tranches;
events that could potentially change the characteristics of the investments, including any guarantees, or affect the value of the assets;
issues related to the location and availability of assets, including: a) non-transferability; b) legal issues in other countries;

c) currency measures; d) custodian risk; e) over-collateralization and lending. (2) When a specific investment does not meet all the characteristics of security, quality, liquidity and profitability, the insurer, respectively the reinsurer, may retain it only if it contributes to the security, quality, liquidity and profitability of the portfolio as a whole. (3) The insurer, respectively the reinsurer, defines measurable indicators for assessing compliance with the requirements for security, quality, liquidity and profitability regarding various categories of assets. Assets that do not meet measurables should be maintained at reasonable levels. (4) The insurer, respectively the reinsurer, shall determine internal limits regarding the number, volume and terms of asset loans or repo transactions and justify the need for such transactions in view of its business strategy and the management of its risks and liquidity. Profitability Art. 35. The insurer or reinsurer shall establish targets for the expected return on its investments, taking into account the need to obtain sustainable yield on its asset portfolio to meet the reasonable expectations of the policyholders, insured persons or beneficiaries. Conflict of interests Art. 36. (1) The insurer, respectively the reinsurer, shall describe in its investment policy how it identifies and manages any conflicts of interest that arise regarding investments, regardless whether they arise in the insurer, respectively in the reinsurer, or in the entity which manages the relevant assets. The insurer or reinsurer shall document the actions taken to manage these conflicts. (2) Conflict of interest within the meaning of para. 1 is present when the insurer, respectively the reinsurer, has an incentive to invest in assets that do not correspond to the objectives of the contracts in the insurance portfolio or to the best interest of the users of insurance services. (3) It is not allowed to assume obligations for investments in assets of a parent undertaking or of other undertakings in the group, when the investment does not comply with the requirements of Art. 124 of the Insurance Code. Unit-linked and index linked insurance contracts Art. 37. (1) The insurer shall ensure that it selects the investments of unit-linked and indexlinked insurance in the best interest of the users of insurance services, taking into account all the disclosed policy objectives. (2) In the case of business in units or shares in collective investment undertakings or the value of assets included in an internal fund owned by the insurer, the insurer shall take into account and manage the restrictions on insurance related to such units, shares or assets such as limitations in their liquidity, as well as the existence of contractual or legal transferability constraints. (3) The insurer shall assess the liquidity risk of the units or shares in the undertakings for collective investment in transferable securities, respectively of the assets in the internal funds with which the insurances are related, and:

takes into account the possibility that users of insurance services will redeem their insurances within the notice period;
guarantees that these units, shares in collective investment undertakings or the value of assets included in internal funds owned by the insurer are sufficiently liquid, so that they allow the purchase and sale to be carried out synchronized with receipt of the insurance premiums, respectively with the purchase of insurance;
takes into account the interests of the other users of insurance services in cases where certain shares, shares or assets in internal funds cannot be sold in a timely manner or at a fair

price in order to ensure the payment of redemption values, as a result of which the general portfolio would become unbalanced and would not correspond to the risk profile disclosed to users of insurance services. Assets not admitted to trading on a regulated financial market Art. 38. (1) The insurer, respectively the reinsurer, implements, manages, monitors and controls the procedures in relation to investments that are not admitted to trading on a regulated market, or to complex products that are difficult to value. (2) The insurer, respectively the reinsurer, treats assets admitted to trading, but not traded or traded on a non-regular basis, similarly to assets which are not admitted to trading on a regulated market. (3) Where mark-to-model asset valuation is applied, the risk management function is responsible for approving and reviewing the model after applying independent price verification and stress testing. The insurer, respectively the reinsurer, periodically assesses the need to develop reserve valuation models for the complex or potentially illiquid instruments. These models are compared, extrapolated or otherwise calculated based as much as possible on market data. The insurer, respectively the reinsurer, uses observable data as much as possible. (4) The insurer, respectively the reinsurer, shall have expert capacity to understand, manage and control structured products and their inherent risks, as well as to develop procedures for assessing the risks associated with such products. Derivatives Art. 39. (1) When using derivatives or other financial instruments with similar characteristics or effects, the insurer, respectively the reinsurer:

implements procedures for evaluating the strategy for using such products;
introduces risk management principles to be applied to them;
applies procedures in accordance with its investment risk management policy to monitor the performance of these products. (2) When using derivatives that can cause losses that are significantly greater than initially agreed, the insurer, respectively the reinsurer, assesses the structure of the entire portfolio and whether it creates a situation in which the possible loss can be too large compared to portfolio. (3) When derivatives are used to facilitate efficient portfolio management, the insurer or reinsurer shall show how the quality, security, liquidity or profitability of the whole portfolio has improved without significantly worsening any of these characteristics. (4) The insurer, respectively the reinsurer, uses derivatives as a hedging instrument in a way that does not create additional risks that have not been previously assessed. (5) The insurer, respectively the reinsurer, shall document the rationale and demonstrate the effective risk transfer obtained through the use of derivatives when derivatives are used for the purpose of contributing to a reduction of risks or as a risk mitigation technique. (6) When an insurer uses derivatives as part of the assets or liabilities held in relation to payments to insured persons who bear the risk of the investment, as an investment strategy, and not for the purpose of contributing to the mitigation of investment risks or to increase the efficiency of the management of the portfolio, the insurer reflects the increased risks arising from such transactions when exercising control over them. Securitized instruments Art. 40. When an insurer or reinsurer invests in securitized instruments, it shall ensure that its own interests and those of the originator or sponsor concerning the securitized assets are well understood and aligned, and:
ensures that the originator does not enter into transactions solely as a broker for these transactions;
knows the originator's objectives, and in particular makes sure at least that the assets are

not securitized because market conditions in relation to them have become riskier; 3. undertakes one or more of the following measures to ensure that there is an alignment of interests, namely: a) performs due diligence, including an analysis of the risks of the proposed securitized investments; b) ensures that the originator has provided the insurer, respectively the reinsurer, with the documentation governing the investment, that the issuing undertaking will retain a current net economic interest, which in any case will not be less than a corresponding predetermined share; c) ensures that the originator meets the following criteria: the issuing undertaking or, where applicable, the sponsor, funds the transaction based on reliable and clearly defined criteria and clearly establishes the process for approval, amendment, renewal and refinancing of the securitized assets in relation to the exposures subject to securitization, if they apply to the exposures that are not yet securitized; d) verifies that the originator or, where applicable, the sponsor has effective systems in place for the ongoing management and control of its assets, risk-bearing portfolios and exposures; e) verifies that the originator or, where applicable, the sponsor adequately diversifies each portfolio of assets in accordance with its target market and overall credit strategy; f) ensures that the originator or, where applicable, the sponsor provides free access to any relevant information needed by the insurer, respectively the reinsurer, for the purposes of compliance with the regulatory requirements; g) verifies that the originator or, where applicable, the sponsor, has a written asset risk policy that includes its risk strategy and provisioning policy, and verifies how it measures, tracks and controls that risk; h) ensures that the originator or, where applicable, the sponsor discloses the level of retained net economic interest as well as any measures that may call into question the retention of the minimum required economic interest. Section VI Own funds requirements and the system of governance Capital Management Policy Art. 41. (1) The insurer with right of access to the single market of the European Union, respectively the reinsurer, adopts a capital management policy that includes a description of the procedures to:

ensure that the own-fund items, both at issue and subsequently, are classified in accordance with the characteristics in Art. 71, 73, 75 and 77 of Delegated Regulation (EU) 2015/35;
monitor tier by tier the issuance of own fund items according to the medium-term capital management plan, and ensure before issuance of any own fund items that it can satisfy the criteria for the appropriate tier on a continuous basis;
monitor that own-funds items are not encumbered by the existence of any agreements or connected transactions, or as a consequence of a group structure, which would undermine their efficacy as capital;
Ensure that the actions required or permitted under the contractual, statutory or legal provisions governing an own-fund item are initiated and completed in a timely manner;
Ensure that ancillary own-fund items can be, and are, called in a timely manner when necessary
identify and document any arrangements, legislation or products that give rise to ringfenced funds, and ensure that appropriate calculations and adjustments in the determination of the solvency capital requirement and own funds are made;
Ensure that the contractual terms governing own-fund item items are clear and

unambiguous in relation to the criteria for classification into tiers; 8. ensure that any policy or statement in respect of ordinary share dividends is taken into account when considering the capital position and the assessment of foreseeable dividends; 9. identify and document the instances in which distributions on tier one own-fund items might be cancelled on a discretionary basis; 10. identify, document and enforce the cases in which distributions on an own-fund item shall be deferred or cancelled in accordance with Art. 71, paragraph 1, letter "l" and Article 73, paragraph 1, letter "g" of Delegated Regulation (EU) 2015/35; 11. identify the extent to which the insurer, respectively the reinsurer, uses own-fund items that are subject to the transitional provisions of the Insurance Code; 12. ensure that the manner in which the items included in own funds under the transitional provisions of the Insurance Code operate during stress, and in particular the way in which these elements absorb losses, is subject to assessment and that if necessary , is taken into account in the ORSA. (2) The insurer without right of access to the single market of the European Union, adopts a capital management policy that includes a description of the procedures to:

ensure that own-fund items, both at issue and subsequently, meet the requirements of Chapter Seven of Ordinance No. 51 of 28.04.2016 on own funds and on the solvency requirements of insurers, reinsurers and groups of insurers and reinsurers ( SG issue 38 /2016), hereinafter referred to as “Ordinance No. 51”.
monitor the issuance of own-fund items and ensures before the issuance of an item from own funds that it can permanently satisfy the requirements of Chapter Seven of Ordinance No. 51;
monitor that own-funds items are not encumbered by the existence of any agreements or connected transactions, or as a consequence of a group structure, which would undermine their efficacy as capital;
Ensure that the actions required or permitted under the contractual, statutory or legal provisions governing an own-fund item are initiated and completed in a timely manner;
Ensure that the contractual terms governing own-fund item items are clear and unambiguous in relation to the criteria of Chapter Seven of Ordinance No.51;
ensure that any policy or statement in respect of ordinary share dividends is taken into account when considering the capital position and the assessment of foreseeable dividends;
identify and document the instances in which distributions on own-fund items might be cancelled on a discretionary basis;
identify, document and apply the cases in which distribution on an own-fund item should be deferred or cancelled. (3) The capital management policy of the insurer, respectively the reinsurer, should provide that in the conditions of extraordinary circumstances (crisis, pandemic or others), established or announced by the competent authorities in the Republic of Bulgaria and in connection with which recommendations have been issued or statements have been made by the European Commission, the European Insurance and Occupational Pensions Authority or the European Systemic Risk Board, or instructions have been issued by the FSC, the insurer, or the reinsurer, respectively:
applies increased requirements for prudence when distributing dividends, when redeeming shares or when paying variable remuneration, and
carries out an assessment of the aggregate capital needs, and: a) takes into account the degree of uncertainty regarding the depth, magnitude and duration of the impact of extraordinary circumstances on the financial markets and on the economy and the consequences of this uncertainty on its business model and solvency, liquidity and financial position;

(b) provides for prudential thresholds below which any dividend distributions, share redemptions or variable remuneration payments are suspended. Medium-term capital management plan Art. 42. (1) The insurer with the right of access to the single market of the European Union, respectively the reinsurer, develops a medium-term capital management plan, which is accepted and controlled by the competent body of the insurer, respectively the reinsurer, and which includes at least considerations of:

planned capital issuance;
the maturity of the own-fund items, which includes both the contractual maturity and the possibility of early repayment or redemption related to the own-funds items of the insurer, respectively the reinsurer;
the result of the projections made in the ORSA;
the manner in which any issuance, redemption or repayment, or other variation in the valuation of own-funds items affects the application of the limits on tears;
the way in which the implementation of the distribution policy affects own funds;
the impact of the end of the transitional period. (2) The competent body of the insurer, respectively the reinsurer, supervises the development and compliance with the medium-term capital management plan. (3) The competent body of the insurer, respectively of the reinsurer, revises the plan at least when:
the undertaking's business model changes or projections of capital needs turn out to be inaccurate;
frequent issuance, redemption or repayment of capital is required or there are other factors affecting the sufficiency of own funds, including losses from the activity;
the coverage of the capital requirement for solvency shows a tendency to decrease and when the conclusions of the ORSA substantiate the need for a larger amount of own funds. (4) The insurer without the right of access to the single market of the European Union may develop a medium-term capital management plan. Section VII Internal Controls Internal control environment Art. 43.(1) The insurer, respectively the reinsurer, promotes the importance of performing appropriate internal control by ensuring that all employees are aware of their role in the internal control system. The insurer, respectively the reinsurer, develops and implements control activities that are commensurate with the risks arising from the activities and processes that need to be controlled. (2) The competent body of the insurer, respectively of the reinsurer, adopts the internal control policy, providing the means for its effective implementation by the executive management and the employees in managerial positions. (3) The competent body of the insurer, respectively of the reinsurer, within the framework of the internal control system provides for:
control mechanisms at different levels of the organizational and management structure, for different periods of time and with different degrees of detail according to specific needs;
a set of control activities to be carried out in the various units of the undertaking;
data protection measures, appropriate security controls, access controls to computer systems and data to ensure the integrity of registers and information and other measures under chapter four;
measures to identify and manage potential conflicts of interest. (4) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, ensures the consistent

application of the internal control systems across the group. (5) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, ensures that within the system of governance at the group level, the concentration of risks and the transactions within the group are adequately evaluated, tracked and report as well as being taken into account for the purposes of assessing interrelationships and interdependencies within the group. Monitoring and reporting Art. 44. (1) Within the internal control system, the insurer, respectively the reinsurer, establishes a monitoring and reporting mechanism that provides the competent body with the information necessary for decision-making. (2) The information in the information system under Art. 114 of the Insurance Code shall have the following characteristics:

completeness - to cover all aspects of the undertaking in terms of quantity and quality, including indicators that may have direct or indirect consequences on the strategic planning of the activity;
reliability - to be checked upon receipt and in any case before its use;
clarity - to be presented in a way that is easy to interpret, ensuring the clarity of its main components;
consistency - to be registered by methods that make it comparable;
timeliness - to be available immediately to facilitate effective decision-making processes and to allow the undertaking to predict and respond promptly to future events;
relevance - be directly related to the purpose for which it is requested and continuously reviewed and expanded to ensure that it meets the needs of the undertaking. (3) The insurer, respectively the reinsurer:
determines the order and forms for reporting the fulfillment of goals and tasks, as well as the essential risks related to the activity;
creates incentives for timeliness, accuracy and completeness of reporting, as well as for submitting proposals to improve the activity;
creates incentives for reporting unfavorable news to the higher levels of the organizational structure and for avoiding the blocking of negative information along the lines of accountability;
introduces mechanisms and procedures for revealing weaknesses. Compliance function Art. 45. (1) The compliance function in the insurer, respectively in the reinsurer, develops and implements a compliance policy under Art. 270, paragraph 1 of Delegated Regulation (EU) 2015/35, submits it for approval to the competent body of the insurer, respectively the reinsurer, and revises it annually. (2) In addition to what is established in Art. 270, paragraph 1 of Delegated Regulation (EU) 2015/35, the policy under para. 1 regulates the order, manner and methods for carrying out the functions under Art. 93, para. 1 of the Insurance Code. (3) The annual report of the head of the compliance function under Art. 94, para. 2 of the Insurance Code shall contain at least:
information on the implementation of the compliance plan under Art. 270, paragraph 1 of Delegated Regulation (EU) 2015/35;
analysis and assessment of under Art. 93, para. 1, items 2 and 3 of the Insurance Code.
the assessment of the adequacy of the measures under Art. 270, paragraph 2 of Delegated Regulation (EU) 2015/35. (4) The head of the compliance function shall inform the Deputy Chairperson on the basis of Art. 94, para. 3 of the Insurance Code, when adequate actions have not been taken to remedy the violations and faults identified by the function within a period of more than 3 months from

the date of notification to the competent body of the insurer, respectively the reinsurer, or when the violations and weaknesses have not been remedied in for more than 12 months from the date of notification to the competent body of the insurer, respectively the reinsurer. Section VIII Internal Audit Function Independence of the internal audit function and avoidance of conflict of interest Art. 46. (1) The insurer, respectively the reinsurer, guarantees that the internal audit function is objective and independent, does not perform operational functions in the undertaking and is not exposed to undue influence by other functions, including the other key functions. (2) If the prerequisites under Art. 271, para. 2 of Delegated Regulation (EU) 2015/35, the implementation of the internal audit function can be combined with any of the other key functions under Art. 78, para. 1, item 1, 2 or 4 of the Insurance Code only if the risk profile of the insurer, respectively the reinsurer, does not include significant or complex risks, including if the undertaking writes standard insurances, the volume of activity is insignificant and its investments do not include complex products. For the purposes of applying Art. 271, paragraph 2, letter "c" of Delegated Regulation (EU) 2015/35 the maintenance costs of persons carrying out the internal audit function who do not perform other key functions are disproportionate when the insurer proves that any decision other than combining with another key function would lead to administrative costs that the undertaking could not bear. (3) Combining the function of internal audit with operational functions in the insurer, respectively in the reinsurer, is not allowed. (4) The insurer, respectively the reinsurer, guarantees that when conducting an audit and when evaluating and reporting the results of the audit, the internal audit function is not subject to influence by the governing body, which may impair its independence, objectivity and impartiality. (5) The insurer, respectively the reinsurer, shall take adequate measures to reduce the risk of conflict of interest in connection with the implementation of the internal audit function, and may provide for personnel rotation, assignment of the commitment to more than one employee in the internal audit unit audit, review of the activity by another employee within the internal audit unit or other appropriate measures depending on the resources of the undertaking. (6) The internal audit function and the internal auditors carry out their activities in accordance with the standards of professional practice for internal auditing and the code of ethics. (7) The insurer, respectively the reinsurer, shall ensure that the internal auditors will not audit activities or functions that they performed in the time period that is the subject of the audit. (8) The insurer, respectively the reinsurer, shall ensure that the internal audit function independently plans and carries out its activities within the undertaking and freely reports its results and assessments. (9) Internal auditors should have:

professional skills in the field of internal audit professional practice standards, procedures and techniques for conducting audits;
knowledge and experience in the field of accounting standards;
knowledge of the principles of corporate governance, risk management and good insurance practice. (10) Internal auditors are required to:
apply the standards for professional practice in internal auditing;
adhere to the rules established by the code of ethics;
be honest, objective, diligent and loyal;
know how to interact and work with people. Internal Audit Policy Art. 47. (1) The insurer, respectively the reinsurer, should have an internal audit policy which covers at least the following :
the terms and conditions under which the internal audit function may be requested to provide an opinion or assistance or perform other special tasks;
where relevant, the criteria for the rotation of the tasks of the employees engaged in the performance of the internal audit. (2) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, ensures that the audit policy at group level describes the way in which the internal audit function:
coordinates the internal audit activity across the group;
ensures compliance with the requirements of the internal audit at group level. (3) The internal audit function develops the internal audit policy and submits it to the competent body of the insurer, respectively the reinsurer, for approval. Internal Audit Plan Art. 48. (1) The insurer, respectively the reinsurer, ensures that the plan for carrying out the audits under Art. 96, para. 1 of the Insurance Code:
is based on a methodical risk analysis that takes into account all activities and the overall management system, as well as the expected development of activities and innovations;
covers all significant activities to be reviewed within a reasonable period of time. (2) The annual plan for carrying out the audits, the assessment of the necessary resources, as well as any additional significant changes to them are prepared by the head of the internal audit function of the insurer, respectively the reinsurer, and are provided to the competent body of the insurer, respectively to the reinsurer as defined by the internal audit policy. (3) The internal audit function prepares a plan for each audit engagement, which includes the scope, duration, objectives, description of the activities that are necessary to achieve them and allocation of resources for the implementation of the engagement. According to the findings during the audit activity, the internal audit plan may be amended and supplemented during the period of its implementation. Internal audit function tasks Art. 49. (1) For each performed audit, an audit report is prepared, in which the main findings of the internal auditor are reflected, highlighting the significance of the identified weaknesses and the importance of the recommendations made. (2) The audit report under para. 1 contains:
findings of any weaknesses regarding the effectiveness and adequacy of the internal control system;
findings regarding significant weaknesses regarding compliance with internal policies, procedures and processes;
findings of other weaknesses at the discretion of the internal auditor;
findings of how previous findings and recommendations of the internal audit were reflected, if applicable;
recommendations for remedying the identified weaknesses and the persons who should take these measures. (3) The audit report is handed over to the audited unit and its superior units according to the organizational structure and to the competent body of the insurer, respectively the reinsurer, which finally determines the measures to overcome the identified weaknesses, as well as the units and persons within the undertaking who should take the intended measures. (4) The internal audit function shall develop appropriate procedures for verifying and documenting compliance with the recommendations made in the audit reports.

(5) The annual report of the internal audit function under Art. 96, para. 3 of the Insurance Code shall include the identified weaknesses and deficiencies, the estimated term for their elimination, as well as information on the implementation of previous audit recommendations. (6) The competent body of the insurer, respectively the reinsurer, shall periodically discuss the organization, the audit plan, the adequacy of resources to achieve the objectives of the internal audit, as well as the summarized results and recommendations of the internal audit function and their implementation. Internal Audit Documentation Art. 50. (1) The insurer, respectively the reinsurer, shall keep a record of the activity of the internal audit function in a way that allows an assessment of its effectiveness. (2) For each audit, a file containing an inventory of the examined documents, other information collected during the audit procedures, findings and recommendations of the internal auditors is prepared. The objections of the audited units, the decisions made by the competent body as a result of the findings and recommendations and information on the measures taken in response to the findings and recommendations are attached to the file. (3) The performed audits are documented so that it is possible to follow the implementation of the recommendations made by the internal auditors and the elimination of the weaknesses identified by them. (4) Each file under para. 2 is stored for a period of 5 years from the date of the audit report. (5) The internal audit function keeps a register of the performed audits and the files on them. Section IX Actuarial Function Tasks of the actuarial function Art. 51. (1) The insurer, respectively the reinsurer, shall take appropriate measures to address potential conflicts of interest if it decides to add additional tasks or activities to the tasks and activities of the responsible actuary. (2) The insurer, respectively the reinsurer, guarantees that the process of calculating the technical reserves is distinguished from the process of checking and validating the calculation and that the two processes are independent, avoiding conflicts of interest. The degree of separation of obligations for the calculation of technical reserves and their verification shall be proportional to the nature, scale and complexity of the risks in the calculation of technical reserves, as in the case of an insurer or reinsurer that does not represent a small or mediumsized undertaking within the meaning of the Small and Medium-sized Enterprises Act and is not part of a group, the person who performs the verification of the calculation of technical reserves is not allowed to have commitments regarding their calculation itself. (3) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, require the actuarial function at group level to provide opinion regarding:

underwriting risks at group level;
asset and liability management;
solvency at group level;
the group's solvency outlook, including group-level stress tests;
distribution of dividends and discretionary payments;
the signature policies;
the reinsurance policy and reinsurance program for the group as a whole, as well as on other risk mitigation techniques;
the sufficiency of the premiums and the fairness of the discretionary payments or of the methodology for their determination. Coordinating the calculation of technical provisions

Art. 52. (1) The insurer, respectively the reinsurer, requires the responsible actuary to identify any inconsistency with the regulatory requirements for the calculation of technical provisions and to propose corrections when necessary. (2) The obligation of the responsible actuary to coordinate the calculation of the technical reserves under Art. 100, para. 1, item 1 of the Insurance Code also includes:

ensuring the adequacy of the methodologies used and the models underlying them, including the assumptions made in the process of calculating the technical provisions;
assessment of the sufficiency and quality of the data used to calculate the technical provisions. (3) The responsible actuary verifies the methodologies for calculating the technical provisions by performing back testing on the basis of data for previous periods and by taking into account changes over time. (4) The insurer, respectively the reinsurer, requires explanations from the responsible actuary regarding all significant effects on the amount of technical reserves resulting from changes in information, methodologies or assumptions between the valuation dates. Data quality Art. 53. (1) The responsible actuary shall assess the consistency of the internal and external data used in the calculation of the technical provisions with the data quality standards under Art. 162 of the Insurance Code in connection with Art. 19 of Delegated Regulation (EU) 2015/35. Where relevant, the responsible actuary makes recommendations on internal procedures to improve data quality so as to ensure that the insurer, respectively, the reinsurer, is able to meet these standards. (2) When assessing the suitability of the segmentation of the insurance obligations of the insurer, respectively the reinsurer, into homogeneous groups, the responsible actuary shall take into account any limitation of the data, including insufficient detail or insufficient quantity. An appropriate level of data detail exists when it is possible to identify trends affecting the various risk factors and it is ensured that sufficient data are available to ensure the application of the methodologies and statistical analysis. (3) The responsible actuary reconciles all relevant market data that are used to model the obligations of the insurer, respectively the reinsurer, and ensures that these data are adequately integrated into the model. (4) The responsible actuary carries out the comparison and verification of the technical provisions against the practical results and proposes solutions in case of establishing significant differences, including changes in the assumptions or methodologies. (5) In case of substantial uncertainty about the accuracy of the data, the responsible actuary shall prepare a report describing the uncertainty and explaining any approach taken in relation to the uncertainty in calculating the technical provisions. (6) The responsible actuary of the insurer without the right of access to the single market of the European Union shall assess the compliance of the internal and external data used in the calculation of the technical reserves with the data quality standards under Chapter Two of Ordinance No. 53 of 23.12. 2016 on the requirements for reporting, the assessment of assets and liabilities and the formation of technical reserves of insurers, reinsurers and the Guarantee Fund (SG No. 6 /2017), hereinafter referred to as “Ordinance No. 53” Testing against experience Art. 54. (1) The insurer with the right of access to the single market of the European Union, respectively the reinsurer, ensures that the responsible actuary reports to the competent body on all significant deviations of the practical results compared to the best estimate. (2) The report under para. 1 contains an analysis of the reasons for the deviations and, if appropriate, suggests changes in assumptions and modifications to the estimation model to

improve the calculation of the best estimate together with evidence and reasons justifying the proposed changes. (3) When applying an approach to each individual case under Art. 162, para. 2 of the Insurance Code, when calculating the best estimate, the responsible actuary describes the rationale for the assumptions used and explains how the best estimate was calculated in accordance with the regulatory requirements. (4) The insurer without the right of access to the single market of the European Union ensures that the responsible actuary reports to the competent body on all significant deviations of the practical results regarding the calculation of technical provisions. The report contains an analysis of the reasons for the deviations and, if appropriate, suggests changes in assumptions and modifications to the estimation model to improve the calculation of the technical provisions together with evidence and reasons justifying the proposed changes. Underwriting policy and reinsurance arrangements Art. 55. (1) The insurer, respectively the reinsurer, requires the responsible actuary, when providing the opinion on the underwriting policy and reinsurance contracts, to take into account the interconnections between them and the technical provisions and, where relevant, to provide recommendations on suitable strategies for the undertaking to follow in these areas. (2) In addition to the requirements under Art. 272, parа. 6 of Delegated Regulation (EU) 2015/35, the responsible actuary of an insurer with the right to access the single market of the European Union in the opinion on the general underwriting policy also discusses the following issues:

whether the pricing of insurance products corresponds to the undertaking's risk tolerance policy;
the main risk factors affecting the profitability of the activity to be recorded in the following year, including the potential impact on the future profitability of external factors, such as inflation, legal risk, changes in the volume of the activity performed and changes in the market environment;
when applicable, the possible financial impact of planned substantial changes in the terms of the insurance (reinsurance) contracts;
the degree of possible deviations from the estimate of the expected profitability;
the compatibility of this degree of possible deviations with the risk strategy of the insurer (reinsurer). (3) The scope of the opinion regarding the general underwriting policy is determined by the relevance of the information for the purposes of the revision of this policy by the competent body of the insurer, respectively the reinsurer, and it is not necessary to cover all its elements. (4) In the opinion on the adequacy of the reinsurance contracts, the responsible actuary may also discuss the following issues:
the compliance of the reinsurance contracts of the insurer, respectively of the reinsurer, with its risk strategy;
the effect of reinsurance on the determination of technical reserves after deduction of reinsurance;
the effectiveness of the reinsurance contracts of the insurer, respectively of the reinsurer, to reduce the volatility of its own funds. (5) In the opinion on the adequacy of reinsurance contracts, the responsible actuary shall include an assessment of how the reinsurance cover may react in a series of stress scenarios, such as exposure of the portfolio to damage resulting from catastrophic events, to risk accumulation, to insolvency of reinsurers, until the reinsurance cover is exhausted. (6) The responsible actuary shall provide information to the competent body of the insurer, respectively the reinsurer, in order to enable them to make decisions regarding the underwriting policy and passive reinsurance. In its opinions on the underwriting policy and on the

reinsurance contracts, the responsible actuary describes and explores different decision-making options. The actuarial function of an insurer or reinsurer using an internal model Art. 56. (1) An insurer with the right of access to the single market of the European Union, respectively a reinsurer that applies or intends to apply an internal model, obliges the responsible actuary to contribute, depending on his area of expertise, to the determination of the risks that are covered by the internal model, as well as how the dependencies between these risks and the dependencies between these risks and other risks are derived. This input is based on technical analysis and should reflect the experience and expertise of the actuarial function. (2) The responsible actuary, in addition to the powers under Art. 100, para. 1 of the Insurance Code also performs the following functions:

supports the risk management function in the design, implementation, testing and validation of the internal model, and : a) within its responsibility for analyzing the sufficiency and quality of internal and external data used in the calculation of technical provisions, expresses an opinion on whether it is appropriate to examine a specific area of modeling within the internal model in relation to the limitations of the data that may be applied; b) assists the risk management function in determining the level of technical complexity of the internal model; c) assists the risk management function in modeling underwriting risks and ensuring consistency and lack of contradiction between the assumptions made for the calculation of the technical reserves and the assumptions for the calculation of the Solvency Capital Requirement;
assists in the implementation of the internal model;
uses the results of the internal model to justify the analyzes performed by it. (3) In the process of applying the internal model, the responsible actuary shares his observations and conclusions with the risk management function. When, in the process of information exchange, weaknesses or opportunities to improve the work of the internal model are identified, the responsible actuary and the person leading the risk management function make reasonable proposals for its improvement. (4) The responsible actuary participates in the internal model validation process by collecting and analyzing information for the purposes of comparing the practical results of the internal model against the expected results and performs other tasks in the sphere of his competence. (5) Paragraphs 1 - 4 do not apply to insurers without the right of access to the single market of the European Union. Section X Management and control function of requirements for qualification and good reputation (fit and proper requirements) in the field of distribution of insurance products (function under Article 293, paragraph 2 of the Insurance Code) Requirements Art. 57. The competent body of the insurer, respectively the reinsurer, determines the requirements for the qualification of the person who performs the function under Art. 293, para. 2 of the Insurance Code. Tasks Art. 58. The function under Art. 293, para. 2 of the Insurance Code:
maintains an up-to-date list of: a) employees of the insurer, respectively the reinsurer, directly engaged in the distribution of insurance or reinsurance products; b) the other persons in the organizational structure of the insurer, respectively the reinsurer,

who are responsible for the activities of distribution of insurance or reinsurance products; 2. applies the rules and procedures adopted by the insurer for the implementation of ongoing control of compliance with the requirements for qualification and good reputation of the employees under item 1. Training Art. 59. (1) The insurer, respectively the reinsurer, shall develop and implement a plan and schedule for:

the trainings and examinations of the employees under Art. 58, item 1, who enter work at the insurer, respectively at the reinsurer;
trainings and exams under Art. 317, para. 1 and 2 and Art. 321b, para. 2 in connection with Art. 317, para. 1 and 2 of the Code on the insurance of: a) the insurance agents and intermediaries who offer insurance products as an additional activity, with which the insurer has contracts under Art. 313, para. 3, respectively under Art. 321b, para. 1 in connection with Art. 313, para. 3 of the Insurance Code; b) the employees of the persons under letter "a", directly engaged in the distribution of insurance products, the members of their management bodies and other persons in managerial positions, responsible for carrying out the activities of distribution of insurance products;
the subsequent professional training under Art. 292, para. 2 of the Insurance Code of persons under Art. 58, item 1, respectively under Art. 317, para. 3 of the Insurance Code - of persons under item 2;
the activities in connection with the current control for compliance with the requirements for knowledge, skills and good reputation. (2) The materials for training the persons under para. 1 include:
a training program that guarantees the mastery of professional knowledge and skills according to Appendix No. 3 of the Insurance Code, depending on the classes of insurance offered by the insurer, and shall contain: a) a detailed description of the knowledge and skills, the mastery of which is envisaged within each element of the relevant sections of Annex No. 3 of the Insurance Code, in order to ensure the proper performance of the duties of the person who will carry out the activity of distributing insurance , respectively reinsurance products; b) description of the modules in which the mastery of knowledge and skills and their content is specified, when modules are planned; c) description of the forms of training (in-person, remote or a combination thereof) and their material and technical support; d) description of the duration of the training, which is planned in a way that allows the acquisition of the knowledge and skills provided for under letter "a";
the criteria demonstrating that the person being trained has mastered the knowledge and skills to ensure the accurate performance of their duties;
the rules for verifying mastery of acquired knowledge and skills. (3) The insurer, respectively the reinsurer, provides information to the insurance brokers who distribute insurance or reinsurance products, about the changes in insurance or reinsurance products and in the policies for their distribution in order to update the training rules for their employees and may train employees on insurance brokers within the training of their employees and insurance agents. Policies Art. 60. (1) The policy under Art. 77, para. 1, item 3, letter "m" of the Insurance Code defines at least:
the positions directly occupied with distribution of insurance or reinsurance products, as well as the positions in the organizational structure of the insurer, which are responsible for the distribution of insurance or reinsurance products, which shall meet the requirements for

knowledge and skills according to Annex no. 3 to the Insurance Code and the specific requirements for the knowledge and skills of different categories of persons depending on the nature and complexity of their work; 2. the forms and manner of providing professional training under Art. 292, para. 1, sentence two of the Insurance Code upon commencing employment with the insurer; 3. the forms and manners of conducting continuing professional training under Art. 292, para. 2 of the Insurance Code and its documentation; 4. the procedure for exercising ongoing control for compliance with the requirements for knowledge and skills. (2) The policy under Art. 77, para. 1, item 3, letter "n." of the Insurance Code:

defines the procedures for assessing compliance with the requirements for good reputation at the time of starting work at the insurer, respectively the reinsurer, as well as for the exercise of ongoing control for compliance with the requirements for good reputation;
may determine additional requirements for the good reputation of the employees directly engaged in distribution of insurance or reinsurance products, as well as the relevant persons in the organizational structure of the insurer who are responsible for distribution of insurance or reinsurance products, except for those provided in the law. (3) When the policies under para. 1 and 2 are separate acts in the part concerning the requirements for the knowledge and skills and the good reputation of the relevant persons in the organizational structure of the insurer, they are coordinated with the policy under Art. 16. (4) The policies under para. 1 and 2 shall cover the insurer's internal procedures for verifying compliance with the requirements under Art. 318, respectively under Art. 321b, para. 3 in connection with Art. 318 of the Insurance Code, regarding insurance agents and intermediaries distributing insurance products as an additional activity of the insurer, their employees directly engaged in the distribution of insurance products, and members of their management bodies. Documentation Art. 61. (1) For the conducted trainings and exams under Art. 292, para. 1, second sentence of the Insurance Code when commencing employment with an insurer, respectively a reinsurer, and for the conducted trainings and examinations under Art. 317, para. 1 and 2 and Art. 321b, para. 2 in connection with Art. 317, para. 1 and 2 of the Insurance Code, for persons under Art. 59, para. 1, item 2, the function under Art. 293, para. 2 of the Insurance Code prepares and keeps documentation the for professional training, maintaining a register of the issued certificates for the conducted training and for the acquired knowledge and skills. (2) The insurer, respectively the reinsurer, shall provide information to the persons who have been trained in accordance with this ordinance, including in cases where they are no longer agents or employees at the insurer, respectively the reinsurer. (3) For each conducted subsequent professional training under Art. 292, para. 2 of the Insurance Code, respectively under Art. 317, para. 3 and Art. 321b, para. 2 in connection with Art. 317, para. 3 of the Insurance Code, the function under Art. 293, para. 2 of the Insurance Code prepares a record that contains data on the topics, materials and duration of the training, the names and signatures of the persons who have undergone the training and the person who conducted the training, as well as data on the manner in which the successful completion of training was determined. The records are kept for a period of 5 years from the date of the training. (4) When the trainings were conducted using means of distance communication, para. 3 applies with the exception of the requirement that the protocol contain the signatures of the persons who have completed the training. Section XI Other Functions in the System of Governance

General rules Art. 62. When the insurer, respectively the reinsurer, on the basis of Art. 78, para. 1, item 5 of the Insurance Code defined a function as a key function, the decision of the competent body defines:

the tasks and powers of the function;
the requirements for fitness, propriety and professional experience of the persons who will carry out the function, as well as the person who will lead it, as well as the requirements for a subsequent increase in qualification, which would guarantee the fulfillment of their duties at the appropriate level;
the rules for interaction with other functions and structures within the insurer, respectively the reinsurer, and for avoiding conflicts of interest;
reporting rules.
other rules and requirements at the discretion of the competent body. Complaints Handling Art. 63. (1) The insurer guarantees a fair process of consideration of the complaints of users of insurance services, as well as identification and prevention of possible conflicts of interest during their consideration. (2) The handling of complaints is assigned to a unit that is different from the units implementing the distribution of insurance products, respectively settlement of claims. It is not allowed to assign the work on a specific complaint to a person who participated in the distribution of insurance products, respectively in the settlement of a claim to which the complaint refers. (3) The rules under Art. 104, para. 1 of the Insurance Code contain at least the following regarding the handling of complaints:
procedure for filing complaints, which: a) provides an opportunity to submit them on paper or electronically; b) provides the opportunity to submit them in any office of the insurer and indicates an email address or other electronic service for submitting a complaint electronically; c) determine indicative required elements of the complaint with an indication that their noncompliance cannot lead to the complaint’s inadmissibility except in cases where contact information is not provided;
information that filing a complaint is free of charge for interested parties;
procedure for registering complaints and for informing the complainant about the date and number of the registration;
rules ensuring: a) complaints handling within a period of up to one month from their receipt, respectively; b) provision of factual and legal justification for the determined amount of the compensation within 7 days from the receipt of a complaint by a user of insurance services regarding the amount of the determined compensation;
rules guaranteeing fair handling of complaints;
content of the information and procedure for notifying users of insurance services in accordance with Art. 324, para. 1, item 4 of the Insurance Code, as well as upon request in the case of a declared interest in filing a complaint. (4) The insurer keeps a register of complaints, which contains:
unique serial number and date of submission;
details of the applicant: a) names/undertaking as indicated in the complaint; b) contact details as indicated in the complaint (address, e-mail, telephone and other contact details);
subject of the complaint and summary content of the statements and requests of the

applicant; 4. where applicable: a) class of insurance; b) name of the insurance product; c) insurance policy number; d) insurance claim number; 5. date and ref. number of the response to the complaint; 6. summary content of the response to the complaint; 7. a brief description of the consequences of the complaint (change of conclusion on a claim, measures taken by the competent body of the insurer, by function of the insurer, etc.); 8 information on archiving the complaint file. (5) The register under para. 4 may be kept as part of the information system under Art. 114 of the Insurance Code or contain references to the information contained therein. (6) When examining and preparing a response to complaints, the insurer:

collects all relevant evidence and information necessary for their comprehensive consideration and fair resolution;
prepares responses to complaints in clear and understandable language;
when making a decision that does not fully or partially satisfy the applicant's request, justifies the answer with a comprehensive enumeration of the established facts and circumstances and comprehensive legal considerations with an indication of the relevant statutory provisions and contractual clauses;
upon making a decision that does not fully or partially satisfy the applicant's request, informs him of his right to appeal to the FSC (respectively to another competent supervisory authority when carrying out activities under the right of establishment or the freedom to provide services), respectively to a body for out-of-court dispute resolution or to a competent judicial body. (7) For each complaint received by the insurer, a file containing all documents collected or created by the insurer is created and stored in the unit responsible for the handling of complaints. (8) The insurer reports the complaints in accordance with Ordinance No. 53. (9) The competent body of the insurer analyzes the information from the examination of the complaints in order to ensure the identification and overcoming any issues that the complaints indicate, and:
establishes the root causes for individual complaints, for groups of complaints that have a similar subject or characteristics, and for complaints in general;
assesses whether these root causes may affect other products or processes of the insurer's activity;
adopts measures to overcome the established root causes of the submitted complaints;
ensures compliance with the measures adopted under item 3. Section XII Valuation of assets and liabilities other than technical provisions Valuation of assets and liabilities other than technical provisions Art. 64. .In its policy and procedures for valuation of assets and liabilities under Art. 77, para. 1, item 3, letter “k” of the Insurance Code and under Art. 267(1) of Delegated Regulation (EU) 2015/35, the insurer, respectively the reinsurer, should cover at least the following:
the methodology and criteria to be used for the assessment of active and non-active markets;
the requirements to ensure adequate documentation of the valuation process and of the undertraining controls, including those for data quality;
the requirements on the documentation of the valuation approaches used regarding: a) their designs and the way in which they are implemented;

b) the adequacy of information, parameters and assumptions; 4. the process for independent review and verification of valuation approaches; 5. the requirements for regular reporting to the competent body of the insurer, respectively the reinsurer, on matters related to the governance on valuation. (2) The insurer, respectively the reinsurer, consistently applies appropriate methodology and criteria to determine whether the markets are active, based on the criteria defined in the international accounting standards approved by Regulation (EC) No. 1606/2002 of the European Parliament and of the Council of July 19, 2002 on the application of international accounting standards (OB, L 243/1 of September 11, 2002), and adequately documents the methodology and performed assessments of market activity. (3) The insurer, respectively the reinsurer, shall expressly regulate the method of valuation of assets and liabilities which are difficult to valuate or in respect of which its valuations are uncertain, as well as shall regulate in detail the procedures for applying alternative valuation methods. (4) The insurer, respectively the reinsurer, shall provide an audit trail, which in a reliable and transparent manner consistently documents the relevant steps taken in the process of valuating assets and liabilities, identifying and recording what actions, by whom, when and where they were performed in the provision of the information and its processing. Data quality control procedures Art. 65. (1) In order to control the quality of data and in order to identify deficiencies and measure, monitor, manage and document the quality of the data, the insurer, respectively the reinsurer, introduces procedures that include:

assessment of data completeness;
assessment of the appropriateness and suitability of data from both internal and external sources;
independent review and verification of data quality; (2) The policies and procedures implemented by the insurer, respectively by the reinsurer, provide for the need for periodic comparison of market information and data against alternative sources and results. (3) The insurer, respectively the reinsurer, performs a series of checks on the completeness and relevance of the data, taking into account any analysis that was carried out by the internal audit, by an independent financial audit or by another person. (4) When deficiencies are identified in the data, the insurer, respectively the reinsurer, documents them, identifies their possible impact and assesses whether and how quality can be improved. (5) In order to guarantee the reliability of the inputs, including data, parameters and assumptions, the insurer, respectively the reinsurer, shall provide for a combination of internal controls and procedures to ensure that:
input is performed only by authorized users;
the inputs are not compromised by subsequent changes;
any changes in inputs and data are subject to monitoring. Documentation when using alternative valuation methods Art. 66. (1) When using alternative valuation methods, the insurer, respectively the reinsurer, documents:
description of the method, purpose, key assumptions, limitations and output;
the circumstances under which the method would not work effectively;
description and analysis of the valuation process and controls related to this method;
analysis of the valuation uncertainty associated with the method;
a description of back-testing procedures applied to the results of the method and, where possible, a comparison with comparable models or other indicators, which should be carried

out when the valuation method is first introduced and at least once annually thereafter; 6. description of the tools or programs used. (2) The documentation for each alternative valuation method shall include an operations manual or similar document that describes the procedures used to operate, maintain and update the valuation method. This manual should be detailed enough to enable a qualified third party to operate and independently maintain the valuation method. Independent review and verification of valuation methods Art. 67. (1) The insurer, respectively the reinsurer, ensures that the independent review of the valuation methods in accordance with Art. 267, paragraph 4, letter "b" of Commission Delegated Regulation (EU) 2015/35 takes place before the application of a new method or a major change of a method already applied, and regularly thereafter. (2) The insurer, respectively the reinsurer, determines the frequency of the review in line with the significance of the method for the decision-making and risk management processes, and the review under para. 1 is carried out at least once a year. (3) The insurer, respectively the reinsurer, applies the same principles for the independent review and verification both for internally created valuation methods or models, and for valuation methods or models supplied by third parties. (4) The insurer, respectively the reinsurer shall introduce processes for reporting the results of the independent review and verification, as well as the recommendations for corrective actions, to the appropriate management level of the insurer, respectively the reinsurer, as, when not otherwise provided, the management function of the risk leads the process and reports its results to the competent body of the insurer, respectively the reinsurer. (5) The insurer, respectively the reinsurer, may provide for the process of independent examination and verification to be carried out internally or by external experts. (6) The insurer, respectively the reinsurer, takes measures to distinguish the responsibility for designing and applying the valuation approaches from the responsibilities for performing an independent review and verification. (7) When using valuation methods or models provided by third parties, the insurer or reinsurer shall understand the methodologies used, the underlying assumptions of the model, the results generated and the sensitivity inherent in the model. (8) The independent review and verification of models provided by third parties includes a review of any information from the service provider describing the model, as well as an assessment of whether its theoretical basis and logic are generally accepted and reasoned. (9) The insurer, respectively the reinsurer, shall ensure that a report is drawn up for each independent review and verification, which provides information on:

the quality of valuation methods;
any known structural weaknesses in the valuation methods used;
any concerns related to the accuracy and appropriateness of the inputs, such as data, parameters and assumptions used;
comparisons with previous reports. (10) The insurer without the right of access to the single market of the European Union is obliged to know the methods for valuation of assets and liabilities, other than technical provisions which it applies. Oversight by the competent body and executive management Art. 68.(1) The competent body and the executive management of the insurer, respectively the reinsurer, shall have the necessary knowledge for overall understanding of the valuation approaches and the uncertainties involved in the valuation process in order to ensure appropriate control of the risk management process concerning valuation. (2) With the assistance of the key functions, the persons under para. 1 exercise control, which includes:
periodic monitoring of the effectiveness of the approved policies and procedures, including those for the independent review and verification;
review of reports on independent review and verification, documentation and internal control;
intervention as appropriate to ensure proper valuation risk management. Performing independent external valuation or verification Art. 69. (1) The FSC may require the insurer, respectively the reinsurer, to carry out an independent valuation or verification of material assets or liabilities, at least in the event of a risk of inaccuracies in their assessment with possible significant consequences for the solvency of the undertaking. The first sentence also applies to real estate valuated in accordance with Art. 76 of Ordinance No. 53. (2) The risk of inaccuracies in the valuation under para. 1 is present:
if there is an inactive market for a given asset or liability;
the auditor of the insurer, respectively the reinsurer, has expressed doubts regarding some aspects of the undertaking's accounting statements;
the valuation of the asset or liability has not changed in accordance with the FSC's expectations, including when the valuation has remained the same for a long period of time or has not changed in the conditions of the change of similar assets or liabilities in the market, etc.;
in other similar cases. (3) The FSC appoints an independent appraiser for whom the requirements under Art. 76, para. 1 - 4 of Ordinance No. 53. Section XIII Outsourcing Critical or important functions or activities Art. 70. (1) The insurer, respectively the reinsurer, determines and documents whether the outsourced function or activity is a critical or important function or activity based on whether this function or activity is essential for its operation and whether it would be able to provide services to the users of insurance services. without the respective function or activity. (2) Critical or important functions and activities are at least:
development and pricing of insurance products;
investment of assets or portfolio management;
settlement of insurance claims;
the compliance function, the internal audit function, the risk management function and the actuarial function;
accounting;
ensuring data storage;
the provision of current, daily maintenance of information systems;
the ORSA process. (3) When the functions or activities under para. 1 or 2 are partially outsourced, the insurer or reinsurer, respectively, assesses whether these outsourced parts are themselves critical or important depending on the extent to which they are outsourced, both in terms of scope and time. (4) The following operational functions or activities are not considered critical or important:
provision of consulting services performed by the insurer, respectively the reinsurer, and other services that are not part of the insurance or reinsurance activities, such as legal consultations, training of employees and agents and security of the premises and employees;
purchase of standardized services, including services for the collection of market information;
providing logistical support, such as cleaning or catering;
providing human resources support such as recruiting temporary employees and processing payroll. (5) The transfer of a function or activity by the insurer, respectively by the reinsurer, to service providers does not limit the responsibility of its competent body for the lawful implementation of the function or activity as a whole. (6) In the event that it is provided in the outsourcing agreement, the service provider may assign the performance of the service to a subcontractor. In this case, the insurer, respectively the reinsurer, shall stipulate in the outsourcing agreement an obligation of the service provider to inform him of any transfer of activity to a subcontractor and to ensure his rights to control the activity of the subcontractor in connection with the performance of the transferred function or activity, as well as to ensure the fulfillment of the obligations of the subcontractor to provide information to the FSC and to assist in carrying out inspections. Underwriting Art. 71. (1) When an insurance intermediary is given authority to underwrite business or to settle insurance claims under certain conditions in the name and on account of the insurer, respectively the reinsurer, the insurer, respectively the reinsurer, shall ensure that the activity of this intermediary is subject to the outsourcing requirements. (2) Underwriting business within the meaning of para. 1 is present when the insurance intermediary has the right to independent judgment whether to take out insurance within its predetermined limits and conditions. (3) The activity of distribution of products, expressed in contacting, offering and carrying out preparatory activity for the conclusion of an insurance contract, when the insurance intermediary does not carry out an independent assessment of the risk, is not accepted for recording activity even in cases where the insurance intermediary signs the insurance contract on behalf of the insurer, respectively the reinsurer, provided that this is done on the basis of its express instructions or practiced under standardized insurance products. Outsourcing of functions or activities within a group Art. 72. (1) If critical or important functions or activities are outsourced within the group, the participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking documents which functions relate to which legal entity and ensures that the performance of the key functions at the level of insurer, respectively reinsurer, is not impaired as a result of the outsourcing. (2) When the service provider is a legal entity from the same group as the outsourcing undertaking , the inspection of the service provider can be less detailed, provided that, on the one hand, the management body of the insurer, respectively the reinsurer, knows more well the service provider, and on the other hand, has sufficient control over it or can influence its actions. (3) When outsourcing critical or important functions or activities within the group, the insurer, respectively the reinsurer, shall enter into a written agreement in which the obligations and responsibilities of both parties shall be determined. (4) The outsourcing of critical or important functions or activities to another undertaking within the group does not release the insurer, respectively the reinsurer, from the responsibility for their performance and for managing the contract for the transfer of activity, including by means of appropriate action plans in emergency situations. Outsourcing policy Art. 73. (1) In the policy under Art. 77, para. 1, item 3, letter "e" of the Insurance Code, the insurer, respectively the reinsurer, shall determine its approach and processes for outsourcing activities, including:
the criteria for determining the outsourced function or activity within the meaning of Art.

110 of the Insurance Code; 2. the process for determining whether a function or activity is critical or important; 3. the process and criteria for selecting a service provider of appropriate quality; 4. order and frequency for evaluating the performance of the service provider; 5. the stipulations that shall be included in the written outsourcing agreement taking into account the requirements set forth in Delegated Regulation (EU) 2015/35 in relation to insurers with the right to access the single market of the European Union; 6. the requirements to the plans for the performance of the activity in emergency situations, including exit plans from emergency situations with limiting adverse consequences to a minimum (hereinafter referred to as "exit strategies") in connection with critical or important functions assigned to service providers or activities. (2) For the purposes of selecting a service provider under para. 1, item 3, the insurer, respectively the reinsurer, defines in the policy the procedure for carrying out an inspection before making a decision to conclude an outsourcing agreement. Matters subject to assessment include the financial and technical capabilities of the service provider, its capacity to perform the function or activity subject to outsourcing, its control system, any conflict of interest, including between the service provider and the insurer or reinsurer respectively, or arrangements with competitors, as well as the expected change in operational risk for the insurer, respectively for the reinsurer, as a result of outsourcing the function or activity. (3) The policy under para. 1 shall determine the conditions under which it is possible for the service provider to outsource the performance of the function or activity to a subcontractor, as well as provisions for early termination of the agreement with the service provider. In the event that the function or activity is critical or important for the insurer, respectively the reinsurer, its subcontracting should be approved in advance by the insurer, respectively the reinsurer. (4) The conclusions of the service provider selection are subject to documentation by the insurer, respectively by the reinsurer, who may revise them at any time. (5) In the plans under para. 1, item 6, the insurer, respectively the reinsurer, shall provide under what circumstances and how the outsourced functions and activities can be taken over by a new service provider or start to be carried out again by the insurer, respectively the reinsurer . (6) The competent body of the insurer, respectively of the reinsurer, subject to compliance with the requirements under Art. 110, para. 3 of the Insurance Code approves the transfer of functions or activities to service providers and regularly requires reports on their implementation. (7) The insurer, respectively the reinsurer, includes in its system of governance a process for monitoring and reviewing the quality of the performance of outsourced functions or activities in order to ensure effective control, and effectively monitors whether the service provider complies with all contractual conditions, and in case it does not accurately perform the functions or activities in accordance with the terms of the outsourcing agreement, takes appropriate action, including the termination of the outsourcing agreement. Written notification to the FSC Art. 74. (1) In its written notification to the FSC of any outsourcing agreement for critical or important functions or activities pursuant to Art. 111, para. 4 of the Insurance Code, the insurer, respectively the reinsurer, presents a description of the scope and the rationale for the outsourcing and the service provider’s name, as well as information about the assessment under Art. 73, para. 2 and the results thereof. When outsourcing concerns a key function under Art. 78, para. 1, item 1-4 of the Insurance Code, the information should also include the name of the person in charge of the outsourced function or activities at the service provider, as well as evidence for compliance with the fit and proper requirements.

(2) The insurer provides the FSC with information on the performance of the outsourced function or activity in any case where there are circumstances that are relevant for supervisory purposes, including:

circumstances necessitating a re-assessment of compliance with the requirements for outsourcing activities to service providers, such as: a) significant changes in the outsourcing agreement; b) subcontracting the outsourced function or activity; c) change of service provider;
circumstances that adversely affect the insurer's ability to fulfill its obligations towards users of insurance services or significant problems in the performance of services by the original service provider, such as: a) failure to perform the outsourced function or activity as a result of interruption of business; b) non-compliance with applicable regulations; c) serious violations of the given instructions; d) inadequate risk management; e) insufficient transparency in relations with the assignor; f) any other circumstances that lead to dissatisfaction of the assignor or users of insurance services with the quality of the services provided by the service provider. Outsourcing Functions or Activities to Cloud Service Providers Art. 75. (1) When outsourcing functions and activities to cloud service providers, the insurer, respectively the reinsurer, complies with the Guidelines for outsourcing to cloud service providers (EIOPA-BoS-20-002), issued by the European Insurance and Occupational Pensions Authority , which the FSC has decided to implement according to Art. 13, para. 1, item 26 of the Financial Supervision Commission Act. (2) The Financial Supervision Commission issued the instructions regarding implementation of para. 1. Section XIV Group governance specific requirements Obligations to define internal governance requirements Art. 76. (1) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking sets adequate internal governance requirements across the group, appropriate to the structure, activity and risks of the group and its related entities, and creates the appropriate structure and organization for risk management at group level, defining a clear allocation of responsibilities between all entities in the group. (2) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group, does not affect the obligations and does not limit the responsibility of the competent body of each entity within the group when creating its own system of governance. Group-level governance system Art. 77. (1) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group:
has in place appropriate and effective tools, procedures and lines of accountability and responsibility, enabling it to oversee and steer the work of the risk management and internal control systems at individual level;
has in place reporting lines within the group and effective systems to ensure information flows in the group bottom-up and top-down;
documents and notifies all entities within the group about the tools used to identify, measure, monitor, manage and report all risks to which the group is exposed;
takes into account the interests of all entities belonging to the group and how these interests contribute to the single purpose of the group as a whole in the long term. (2) The competent body of the insurer, respectively the reinsurer, which is a participating undertaking, the of the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group:
is responsible for adopting the general strategy of the group and its policies, as well as for their subsequent review and change;
responsible for the review of the overall economic activity of the group;
adopts a management structure that contributes to the effective control of the entities within the group, taking into account the nature, volume and complexity of the risks to which the group and its individual entities within the group are exposed;
guarantees the general consistency of the group's management structure, taking into account the structure and activity of the various entities within the group;
has appropriate mechanisms to control whether each undertaking within the group complies with all the requirements related to it in terms of internal management;
ensures that accountability systems within the group are clear, transparent and appropriate to ensure adequate and timely communication within the group. (3) The competent body of the insurer, respectively the reinsurer, which is a participating undertaking, the of the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group knows:
individual entities within the group;
the connections and relationships between them;
group-specific risks;
inter-group transactions;
the ways in which the funding, capital and risk profile of the group may be affected in normal and adverse conditions. (4) The competent body of the insurer, respectively of the reinsurer, which is a participating undertaking, of the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, ensures that each undertaking within the group receives sufficient information about the general objectives and risks of the group, as well as that the exchange of information between the entities of the group on matters essential to the system of governance is documented and can be promptly made available if necessary to the competent body, the control functions within the group and the supervisory authorities. (5) The competent body of the insurer, respectively of the reinsurer, which is a participating undertaking, of the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, establishes conditions to receive timely information about the risks arising from the group's structure, including information on the factors determining the risks and reports assessing the overall structure of the group, the activities of the individual entities within the group and their compliance with the approved strategy. Risks with a significant impact at group level Art. 78. (1) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, takes into account in its risk management system both the risks at the individual and group level, as well as their mutual dependence, and in particular:
reputational risk and risks arising from transactions within the group and risk concentrations, including risk of contagion, at the group level;
the interdependencies between risks arising from the conducting business through different entities and in different jurisdictions;
risks arising from entities in third countries;
risks arising from non-regulated entities;
risks arising from other regulated entities. (2) To meet its obligations under para. 1, the participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group shall have:
a process for identifying material risks at group level;
a system for measuring risk at group level;
a system of limits for managing exposures and other risk concentrations;
processes for carrying out stress tests and for analyzing scenarios and interrelationships;
information systems and reporting to ensure the risk management process. Risk concentrations at group level Art. 79. The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group shall ensure that procedures and processes are in place to identify, measure, manage, monitor and report risk concentrations. Intra - group transactions; Art. 80. The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, ensures that the risk management system in the group and the individual insurers, respectively reinsurers, includes processes and reporting procedures for identifying, measuring, monitoring, management and reporting of transactions within the group, including significant and very significant transactions within the group, in accordance with Art. 264, respectively with Art. 211 of the Insurance Code. Group risk management Art. 81. (1) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, in its risk management at group level applies appropriate processes and procedures for identifying, measuring, managing, monitoring and reporting the risks to which the group and each individual entity are or may be exposed. (2) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, ensures that the structure and organization of the group's risk management do not impair the legal possibility of the insurer, respectively the reinsurer, to fulfill its legal, regulatory and contractual obligations. (3) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, assesses how and to what extent the risks within the group are effectively identified, measured, managed and monitored. Chapter Three REQUIREMENTS FOR OWN RISK AND SOLVENCY ASSESSMENT Section I General Rules General approach Art. 82. (1) The insurer, respectively the reinsurer, establishes an ORSA procedure with appropriate and adequate techniques to suit its organizational structure and risk management system, taking into account the nature, volume and complexity of the risks inherent in its operations. (2) The insurer, respectively the reinsurer, carries out ORSA with the all due care in order to assess in good faith all the risks inherent in its activity and to determine the corresponding capital needs. (3) For the purposes of the ORSA, the insurer, respectively the reinsurer, implements

adequate and stable processes for assessment, monitoring and measurement of its risks and the aggregate needs in terms of solvency, as well as ensures that the results of the assessment are an integral and important part of the decision-making processes. (4) In the ORSA process, the insurer, respectively the reinsurer, collects and processes information from all relevant business areas of the entity. (5) The insurer, respectively the reinsurer, develops an ORSA model:

taking into account its way of managing risks through capital or other risk mitigation techniques;
taking into account its risk profile, the approved risk tolerance limits and its activity strategy;
to assist in solving practical tasks, including whether to retain or transfer a given risk, how to optimize capital management and how to determine appropriate premium levels. Role of the competent body. Top down approach Art. 83. (1) The competent body of the insurer, respectively the reinsurer, takes an active part in the processes related to ORSA, including by guiding the performance of the valuation and by subjecting the results to verification. (2) The competent body of the insurer, respectively the reinsurer, shall subject the identification and assessment of the risks and other factors that are subject to ORSA, as well as the assumptions that determine the calculation of the solvency capital requirement, to be verified assessing whether they are appropriate for assessing the risks of the entity. (3) Taking into account the conclusions of the ORSA, the competent body of the insurer, respectively of the reinsurer, approves the long-term and short-term capital plan, taking into account the strategies regarding the activity and the risk that it has planned for the entity, providing in it alternatives ensuring that the capital requirements will be covered even in cases of extraordinary adverse circumstances. Documentation Art. 84. The insurer, respectively the reinsurer, maintains at least the following documentation regarding ORSA:
Rules for the ORSA.
documentation of each performed ORSA;
internal report for each ORSA;
supervisory report on the ORSA. Rules for the ORSA. Art. 85. As part of the risk management policy under Art. 77, para. 1, item 3, letter "a" of the Insurance Code, the competent body of the insurer, respectively of the reinsurer, adopts rules for the ORSA, which include at least a description of:
the process and procedures for carrying out the ORSA;
the relationship between the risk profile, the approved risk tolerance limits and the aggregate solvency needs;
the methods and methodologies, including information on: (a) how and how often stress tests, sensitivity analysis, reverse stress tests or other relevant analyzes should be applied; b) data quality standards; c) the frequency of conducting the assessment and justification of its adequacy, taking into account the risk profile of the insurer, respectively the reinsurer, the variability of its overall solvency needs relevant to its capital position; d) timing for the performance of the ORSA and the circumstances that would trigger the need for it to be carried out outside the regular schedule. Documentation of the ORSA Art. 86. (1) The insurer, respectively the reinsurer, certifies and documents each ORSA

and its results, including the assessment of established deviations in its risk profile from the assumptions underlying the calculation of the solvency capital requirement in such a degree of detail that allows to a qualified third party to verify the assessment. (2) The documentation for each ORSA includes:

the analysis of individual risks, including a description and explanation of the considered risks;
the relationship between the risk assessment and the capital allocation process and an explanation of how the approved risk limits were taken into account;
explanation of how risks not covered by own funds are managed;
technical specification of the approach used for the ORSA, including: (a) a detailed description of the key structure together with a list and justification of the assumptions justifying the use of the particular approach; (b) a process for determining the dependencies, if any, and a rationale for the confidence interval chosen, if any; c) a description of the stress tests and scenario analyzes used and the manner in which their results were accepted; (d) an explanation of how the uncertainties of the parameters and data were estimated;
a value or a range of values for the overall solvency needs for a period of one year, as well as for a longer period, and a description of the way in which the insurer, respectively the reinsurer, expects to meet these needs;
action plans as a result of the assessment and the justifications thereof, including documentation of any strategies for raising additional own funds, when necessary, and the proposed schedule of actions to improve the financial position of the insurer, respectively the reinsurer;
detailed conclusions and the justification for them based on the assessment of the continuous compliance with the requirements regarding regulatory capital and technical reserves; 8 description of the changes made to the internal model in the process of its application - for undertakings that use an internal model to calculate the solvency capital requirement;
identification and explanation of the differences between the undertaking's risk profile and the assumptions underlying the solvency capital requirement, and in case of significant deviations that lead to underestimation or overestimation of the solvency capital requirement, the internal documentation indicates the ways in which the insurer, the reinsurer, respectively, has reacted or will react;
a description of the internal and external factors considered in the perspective-oriented assessment;
details of any planned relevant management actions, including a rationale for those actions and their impact on the assessment;
documentation of the inspection process by the competent body. Internal reporting on the ORSA Art. 87. (1) The insurer, respectively the reinsurer, informs all its relevant employees at least about the results and conclusions of the ORSA, after the procedure and results have been approved by the competent body. (2) The information provided to the competent body of the insurer, respectively the reinsurer, shall be sufficiently detailed so that it can be used in the strategic decision-making process, and the information provided to the relevant employees shall be sufficiently detailed, so that they can take the necessary follow-up action. Section II Special rules for conducting the ORSA Assessment of overall solvency needs Art. 88. (1) The insurer, respectively the reinsurer, makes a quantification of capital

needs and a description of other means necessary to reflect all significant risks, regardless of whether these risks can be quantified or not. (2) Where appropriate, the insurer, respectively the reinsurer, subjects the identified material risks to a sufficiently wide range of stress tests or scenario analysis to provide an adequate basis for the assessment of overall solvency needs. (3) When the insurer, respectively the reinsurer, is part of a group, in its ORSA it shall take into account all risks at group level that can significantly affect it. (4) In the ORSA process, the insurer, respectively the reinsurer, assesses the impact and effectiveness of reinsurance and other risk mitigation techniques. Where there is no effective risk transfer, this circumstance is taken into account in the assessment of overall solvency needs. (5) After identifying the essential risks to which it is exposed, the insurer, respectively the reinsurer, decides whether these risks will be covered by capital or risk mitigation instruments, or both. In case the risks are covered by capital, it is necessary to carry out an assessment of the risk and the level of its materiality, determining the required capital for the material risks and explaining how they will be managed, and in case of applying risk mitigation techniques, the insurer, respectively the reinsurer, explains which techniques are applied to which risks and the reasons for this. (6) When performing the ORSA, the insurer, respectively the reinsurer, assesses whether it has sufficient financial resources and realistic plans for raising additional capital if needed. When assessing the sufficiency of financial resources, the insurer, respectively the reinsurer, takes into account the quality and volatility of its own funds, paying particular attention to their ability to absorb losses under different scenarios. (7) When carrying out the assessment of the overall solvency needs, the insurer, respectively the reinsurer, takes into account all significant risks to which it is exposed, including short-term, medium-term and long-term risks, quantifiable and non-quantifiable risks. For the purposes of the assessment, the insurer, respectively the reinsurer, collects information from all relevant sources in the entity. (8) When performing the assessment of overall solvency needs the insurer, respectively the reinsurer, shall perform at least the following:

consider the material risks arising from the assets and liabilities, including from agreements within the group and from off-balance sheet agreements;
consider the entity 's management practices, systems and controls, including the use of risk mitigation techniques;
evaluate the quality of processes and inputs and especially the adequacy of the internal management system, taking into account the risks that may arise from its inadequacy or weaknesses;
links activity planning with solvency needs;
explicitly identifies possible future scenarios;
foresees measures in case of potential external stress;
uses an assessment base that is consistent throughout the assessment of overall solvency needs. (9) When carrying out the assessment of overall solvency needs the insurer, respectively the reinsurer, takes into account the management actions that may be taken in unfavorable circumstances, assessing the possible consequences of such actions, including their financial effect, and takes into account possible preconditions that may affect their effectiveness as risk mitigation measures. The manner in which management actions will be carried out in conditions of financial difficulties is also subject to assessment. (10) When an insurer, respectively a reinsurer, uses the standard formula as a basis for the assessment of its overall solvency needs, it shall justify why this is appropriate in relation to

the risks inherent in its activity and shall reflect its risk profile. (11) When an insurer or reinsurer uses an internal model, the explanations and justifications for the use of the internal model may be used, but for the use of different bases for recognition and assessment within the ORSA, the insurer or reinsurer shall present a special explanation. (12) Paragraphs 10 and 11 do not apply to persons who do not have access to the single market of the European Union. Projections of capital needs Art. 89. (1) The insurer, respectively the reinsurer, ensures that the assessment of overall solvency needs is perspective-oriented, including in the medium and long term, when appropriate. (2) Within the scope of the ORSA, the insurer, respectively the reinsurer, analyzes the possibilities of the undertaking to continue its current activity and the necessary financial resources for this for a period of more than one year in the future, including by analyzing the risks that may arise in the long term perspective. (3) The insurer, respectively the reinsurer, makes a projection of its capital needs for the period of its activity program under Art. 77, para. 1, item 2 of the Insurance Code, taking into account medium and long-term risks, when applicable. The projection according to the preceding sentence is carried out taking into account the likely changes to the risk profile and the activity program during the planning period and the sensitivity of the assumptions used. When a new activity program is adopted or when it is amended, the changes are reflected in the ORSA, taking into account the new risk profile, the volume of activity and the business mix that are expected. (4) The insurer, respectively the reinsurer, identifies and takes into account the external factors that may have an adverse impact on its overall solvency needs or on the amount of own funds, and takes into account in its plans for capital management and in the projections of capital the way it can respond to unexpected changes in external factors. Valuation and recognition bases of the overall solvency needs Art. 90. (1) The insurer, respectively the reinsurer, if it uses valuation and recognition bases that are different from those under Art. 8 - 16 of Delegated Regulation (EU) 2015/35 in the assessment of overall solvency needs, shall explain in the report under Art. 87 how the use of these different bases ensures better consideration of the specific risk profile, the approved risk tolerance limits and the business strategy of the insurer, respectively reinsurer, while at the same time meeting the requirements for sound and prudent management of the business. (2) The insurer, respectively the reinsurer, shall quantitatively calculate the influence of different valuation and recognition bases on the overall solvency needs assessment in cases where the bases used are different from those indicated in Art. 8 - 16 of Delegated Regulation (EU) 2015/35 on the assessment of overall solvency needs. Continuous compliance with capital requirements Art. 91. (1) The insurer, respectively the reinsurer, analyzes whether it continuously complies with the solvency capital requirement and the minimum capital requirement and as part of this assessment includes at least the following:

the potential future material changes in the risk profile;
the quantity and quality of its own funds for the entire period of the operations program under Art. 77, para. 1, item 2 of the Insurance Code;
the detailed breakdown of own funds by tiers and how it can change as a result of redemption, repayment and maturities for the entire period of the operations program under Art. 77, para. 1, item 2 of the Insurance Code. (2) In order to assess the continuous compliance with the capital requirements and the technical reserve requirements the insurer, respectively the reinsurer, uses recognition and

valuation bases that are in accordance with the principles under Art. 8 - 16 of Delegated Regulation (EU) 2015/35. (3) The insurer, respectively the reinsurer, discusses changes in the undertaking's risk profile, assesses whether they may affect the minimum capital requirement or the solvency capital requirement at a future point in time and takes into account the results of the assessment in the capital management process. (4) The insurer, respectively the reinsurer, assesses the changes that may occur with its own funds in stress situations, and for this purpose performs stress tests and scenario analyzes in order to assess the sustainability of its business. (5) For the purposes of capital planning and projections of own funds and capital requirements, the insurer, respectively the reinsurer, selects appropriate methods, assumptions, parameters, dependencies and confidence intervals to be used in its process, and regularly performs stress tests, reverse stress tests and scenario analyzes of a frequency and scope appropriate to the scope, complexity and nature of the activity to inform the objectives of the ORSA. (6) When assessing the quantity, quality and composition of its own funds, the insurer, respectively the reinsurer, takes into account the combination between basic own funds and additional own funds, the combination of basic funds of different tiers, the relative quality of own funds and their ability to absorb losses. (7) When assessing the future requirements for own funds, the insurer, respectively the reinsurer, takes into account:

capital management, including at least the issuance, redemption or repayment of capital instruments, dividends and other forms of distribution of income or capital and claims on items of additional own funds, including projected changes and contingency plans as a result of a stress situation;
the interaction between capital management and the risk profile and its expected development and development under stressed circumstances;
if applicable, the ability of the undertaking to raise own funds of appropriate quality and in an appropriate period of time, taking into account access to capital markets, the state of the markets, dependence on a certain base of investors or other members within the group and the impact of other businesses seeking to raise own funds at the same time;
how the average duration of own funds items relates to the average duration of insurance liabilities and future own funds needs. (8) The insurer, respectively the reinsurer, also evaluates and identifies relevant compensating or neutralizing measures that it can realistically take to restore or improve its capital adequacy or cash flow status after possible future stress events. (9) An insurer without the right to access the single market of the European Union analyzes whether it constantly respects the solvency limit and the minimum guarantee capital. Paragraphs 1 - 8 apply accordingly, taking into account the methods for calculating the solvency limit. Continuous compliance with technical provision requirements Art. 92. (1) In order to assess the continuous compliance with the technical provision requirements, the insurer, respectively the reinsurer, creates and implements processes and procedures for regular review of the calculation of the technical provisions. (2) The insurer, respectively the reinsurer, requires its actuarial function to:
provide information on whether the undertaking continuously complies with the requirements regarding the calculation of technical provisions;
identify potential risks arising from uncertainty associated with these calculations. (3) The information related to compliance with the requirements for the calculation of technical provisions and the risks arising from their calculation corresponds to the information

in the annual actuarial report. Deviations from assumptions in the calculation of Solvency Capital Requirement Art. 93. (1) The insurer, respectively the reinsurer, assesses whether its risk profile deviates from the assumptions underlying the SCR calculation, and whether these deviations are significant. When, during a qualitative analysis, it is established that the deviation is not significant, the insurer, respectively the reinsurer, may choose not to perform a quantitative assessment. (2) For the purposes of para. 1, first sentence, the insurer, respectively the reinsurer, compares the assumptions underlying the Solvency Capital Requirement calculation with its own understanding of its risk profile in order to protect itself from the automatic application of statutory capital requirements that may not be adequate for its activity. (3) The assumptions underlying the standard formula for insurers, respectively for reinsurers that use a standard formula, are published on the FSC's website. (4) The insurer, respectively the reinsurer, assesses the significance of the deviation of its specific risk profile from the relevant assumptions underlying the modules and sub-modules for calculating the solvency capital requirement, the correlations between the modules and submodules and the building blocks of the modules and sub-modules . (5) The insurer, respectively the reinsurer, makes the necessary assessment of the following differences between the risk profile of the undertaking and the assumptions underlying the Solvency Capital Requirement calculation:

differences that are due to risks not taken into account in the standard formula, and
differences that are underestimated or overestimated in the standard formula compared to the risk profile. (6) The assessment process includes:
risk profile analysis and assessment of the reasons why the standard formula is appropriate, including risk ranking;
analysis of the sensitivity of the standard formula to changes in the risk profile, including the influence of reinsurance contracts, diversification effects and the effects of other risk mitigation techniques;
analysis of the sensitivity of the solvency capital requirement in relation to the main parameters, including parameters specific to the undertaking;
development of the issue of the suitability of the standard formula parameters or the undertaking-specific parameters;
an explanation of why the nature, volume and complexity of the risks justify the use of simplifications;
analysis of how the results of the standard formula are used in the decision-making process. (7) When, in the process of qualitative and quantitative assessment, significant deviations are found between the undertaking's risk profile and the solvency capital requirement calculation, the insurer, respectively the reinsurer, identifies measures in response to the deviations, including bringing the risk profile into line with the standard formula, application of undertaking-specific parameters, development of a full or partial internal model, risk reduction, etc. (8) The insurer, respectively the reinsurer, are not allowed to determine that the risk profile deviates significantly from the assumptions underlying the solvency capital requirement by comparing the value of the overall solvency needs determined by the ORSA, with the capital solvency requirement. (9) An insurer, respectively a reinsurer, applying an internal model along with the use of the model for assessing equity and solvency under Art. 176, para. 1, item 2 of the Insurance Code, carries out an ORSA, which includes the assessment of:
the impact of excluded material risks or larger lines of business on the state of solvency in the case of a partial internal model;
the interconnections between the risks that are covered and those that are excluded from the scope of the model;
the identification of risks, other than those covered by the internal model, which may cause a change in it. (10) Paragraphs 1 - 9 do not apply to insurers without the right of access to the single market of the European Union. Link to strategic management process and decision-making framework Art. 94. (1) The insurer, respectively the reinsurer, reports the results of the ORSA and the conclusions drawn during the process of carrying out this assessment, at least in:
its capital management;
its operations planning;
the development, structure and content of its products. (2) The insurer, respectively the reinsurer, takes into account the results of the performed ORSA in the process of determining the program for its operations. (3) As an integral part of its operations program, the insurer, respectively the reinsurer, develops its own strategies for managing its overall solvency needs and statutory capital requirements, respectively the solvency limit in relation to insurers without the right to access the single market of European Union, and includes them in the management of all material risks to which it is exposed. (4) Before making any strategic or other important decision that may significantly affect the risk or the equity, the insurer, respectively the reinsurer, assesses it through the ORSA. The assessment can also be made by considering how the results of the latest assessment of overall solvency needs would change if certain decisions were made and how those decisions would affect the statutory capital requirements, and in relation to insurers without access to the single market of the European Union - how these decisions would affect the solvency margin. Frequency of own risk and solvency assessment Art. 95. (1) The insurer, respectively the reinsurer, performs the ORSA at least once a year. (2) The insurer, respectively the reinsurer, determines when to carry out the regular ORSA, which shall have the same reference date as the date of calculation of the solvency capital requirement, respectively the solvency margin in relation to insurers without the right to access the single market of the European Union , with different reference dates being permissible if there is no significant change in the risk profile between them. (3) In addition to the regular performance of the ORSA, the insurer, respectively the reinsurer, performs an extraordinary assessment immediately after any significant change in its risk profile in circumstances that have led to significant:
changes in the organizational structure, including mergers, acquisitions and sales;
changes in the venture capital model;
changes in reinsurance arrangements;
disturbances in the capital market;
regulatory or legal changes, such as significant changes in capital requirements;
increase in unquantified risks, including strategic, reputational or liquidity risk;
other changes related to the risk profile of the insurer, respectively the reinsurer. (4) The extraordinary ORSA shall focus on those aspects of the risk profile that have potentially undergone a significant change compared to the most recent regular ORSA and provide an updated conclusion on the overall solvency needs, continued compliance with capital requirements or technical provisions requirements or a plan to prevent or eliminate potential or newly emerging or unexpected solvency risks, without the need to carry out a comprehensive assessment of the risk profile and corresponding solvency needs. When the

extraordinary ORSA is carried out as part of the strategic decision-making process, it focuses on examining how the strategic decision in question will affect the risk profile and how it will affect the overall solvency needs and ongoing compliance with capital requirements. (5) The insurer, respectively the reinsurer, submits the supervisory report for the ORSA to the FSC within the time frame under Art. 312, paragraph 1, letter "b" of Delegated Regulation (EU) 2015/35. Section III Special rules for conducting the group level ORSA Scope of the group ORSA Art. 96. (1) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, designs the group ORSA in a way that reflects the nature of the group's structure and its risk profile. It takes into account in the group ORSA the material risks arising from all entities in the group. (2) The own risk and solvency assessment at the group level adequately covers all the specifics of the specific group and includes at least:

risks that are specific to the group, including risks arising from unsupervised entities, interdependencies within the group and their impact on the risk profile, and others;
risks that may not be taken into account at the level of the individual undertaking, but shall be taken into account in the assessment of the group, including the risk of spreading within the group (contagion), and others;
differences between insurers, respectively reinsurers participating in the group, including in the area of the operations program, activity planning period and risk profile and others;
national characteristics in the countries of origin, their effects and how they are reflected at the group level. (3) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, which is responsible for performing the ORSA at the group level, provides all the necessary information for the assessment and reliability of its results. (4) When performing the group ORSA, the person under para. 3 covers the material risks arising from all entities within the group:
insurers and reinsurers, including captive insurers and reinsurers and insurers and reinsurers with seats of business in third countries;
other undertakings subject to financial supervision, which are taken into account when calculating the solvency at group level;
other undertakings that are not subject to financial supervision. (5) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, which is responsible for performing the ORSA at the group level, takes steps to overcome any constraints or complications with respect to the assessment of insurers or reinsurers based in third countries. (6) The nature of the assessment with respect to entities in the group which are not subject to financial supervision is determined by the nature, size and complexity of each such entity and by its role within the group. Reporting to the FSC Art. 97. (1) The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group, presents to the FSC a supervision report for the group level ORSA. The document with the results of the group ORSA is prepared in Bulgarian. (2) If a single ORSA document has been prepared under Art. 265, para. 4 of the Insurance

Code, the participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, shall promptly provide, upon request by a member or a new member of the supervisory college, a translation into the official language of the Member State of that part of the assessment containing information on an insurer, respectively a reinsurer, within the group. (3) It is not mandatory for all individual undertakings of the group to be included in the scope of the ORSA under Art. 265, para. 4 of the Insurance Code and to be included in the single ORSA document. In the case of an application to perform an ORSA according to Art. 265, para. 4 of the Insurance Code, all assessments of individual entities covered by the application shall be included in the single ORSA document. (4) Paragraph 2 does not apply to insurers without the right of access to the single market of the European Union. A group of insurers without the right of access to the single market of the European Union can prepare a single ORSA document, and Art. 265, para. 7 and 8 of the Insurance Code shall apply accordingly. Specific requirements at group level regarding overall solvency needs Art. 98. The participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking, at the head of the group, should adequately assess the impact of all group specific risks and interdependencies within the group and the impact of these risks and interdependencies on the overall solvency needs, and in addition to the risks taken into account when calculating the Solvency Capital Requirement, they should consider all significant risks, especially ones that are not quantifiable. The undertaking at the head of the groups should take into consideration the specificities of the group and the fact that some risks may be scaled up at the level of the group. The interdependencies of the risks of the undertaking at the head of the group and the risks of individual undertakings are also subject to investigation. (2) Group-specific risks include

risk of spreading within the group (contagion), including the effect of transferring risks manifested in some parts of the group to other parts of it, etc.;
risks arising from transactions within the group, as well as from risk concentration, in particular related to: a) shareholdings; b) intra-group reinsurance or intra-group reinsurance; c) Intra - group loans; d) outsourcing within the group;
operational risks arising from the complexity of the group's structure;
other risks arising from the complexity of the group's structure. (3) The undertaking at the head of the group shall, within the framework of the group's ORSA, analyses the effects of diversification at the group level, which includes an analysis of the rationality of the diversification effects allowed at the level of the group, compared to the group's risk profile and aggregate needs in relation to the solvency of the group. (4) In accordance with Article. 86, the participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group shall include in the documentation of the group ORSA at least information on the following factors that are taken into account in the assessment of overall solvency needs:
identification of possible sources of capital within the group and determination of potential needs for additional capital;
the assessment of the availability, transferability or substitutability of the capital;
information on all planned transfers of capital within the framework of the group, which would have a material impact on any legal entity of the group, and the consequences thereof;
coordination of individual strategies with those established at the group level;
specific risks to which the group may be exposed. Group specificities on continuous compliance with regulatory capital requirements Art. 99. In accordance with Article. 86, the participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group shall include in the documentation of the group ORSA at least information on the following factors that are taken into account in the assessment of continuous compliance with regulatory requirements
identification of the sources of own funds within the group and whether there is a need for additional funds;
the assessment of the availability, transferability or substitutability of own funds;
information on all planned transfers of own funds within the framework of the group, which would have a material impact on any legal entity of the group, and the consequences thereof;
coordination of individual strategies with those established at the group level;
specific risks to which the group may be exposed. Specific requirements for single ORSA document at group level Art. 100. (1) In the case of an application to perform an ORSA in accordance with Art. 265, para. 7 of the Insurance Code, the participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking provides the FSC with the following:
a list of insurers, respectively reinsurers, whose individual own assessments of risk and solvency are included in the single ORSA document and the reasons for this choice;
a description of how the governance requirements are met at the level of the insurer, respectively reinsurer, and in particular how the competent body of each subsidiary participates in the process of evaluating and approving the results;
a description of how the single ORSA document is organized, so as to allow the group supervisory authority to distinguish the individual assessments provided for other supervisory authorities - members of the supervisory college;
if necessary, specifically noting the required written translations with particular attention to timeliness and content. (2) The performance of the single document ORSA at the group level reflects the nature, volume and complexity of the group and the risks therein and concentrates on the essential parts of the group, without exempting the subsidiaries of the group from the obligation to perform the ORSA on individual level. In the process of single document ORSA at the group level the assessments of the subsidiary insurers and reinsurers at the individual level are documented under Art. 90 of the Insurance Code. (3) The ORSA report in accordance with Art. 265, para. 4 of the Insurance Code meets the following requirements:
the results of each subsidiary shall be individually identifiable in the structure provided for the single ORSA report to enable an appropriate supervisory review process to be carried out at an individual level by the individual supervisory authorities concerned;
the single ORSA report shall meet the requirements of the supervisory authority of the group, as well as of the individual supervisory authorities concerned. (4) When carrying out ORSA at the group level for insurers without the right of access to the single market of the European Union, para. 1 and 3 shall be applied accordingly, bearing in mind that the FSC is the sole supervisory authority of all insurers in the group. Integration of related third-party insurance and reinsurance undertaking Art. 101. In the assessment of the overall solvency needs at group level, the participating insurance or reinsurance undertaking, the insurance holding undertaking or the mixed-activity financial holding undertaking at the head of the group shall include the risks of the activity in

third countries in a consistent manner as is carried out in relation to the activity in the European Economic Area, with special attention to the assessment of portability and substitutability of capital. Chapter Four REQUIREMENTS TO THE SECURITY AND GOVERNANCE OF INFORMATION AND COMMUNICATION TECHNOLOGIES OF INSURERS AND REINSURERS Requirements for the security and governance of information and communication technologies of insurers and reinsurers Art. 102. (1) The insurer, respectively the reinsurer, complies with the Guidelines on information and communication technology security and governance (EIOPA-BoS-20/ 600), issued by the European Insurance and Occupational Pensions Authority , which the FSC has decided to implement according to Art. 13, para. 1, item 26 of the Financial Supervision Commission Act. (2) The Financial Supervision Commission issued the instructions regarding implementation of para. 1. SUPPLEMENTARY PROVISIONS § 1. Pursuant to this ordinance:

“Sensitivity Analysis” is the study of how uncertainty in the output of a mathematical model or system can be partitioned and distributed among various sources of uncertainty in the inputs.
“Group Level” means a coherent economic entity (holistic view) consisting of all legal entities that are part of the group, as specified in the Guidelines issued by the European Insurance and Occupational Pensions Authority regarding the system of governance.
“Group ORSA” means ORSA carried out at group level.
“Service Provider” is a third party that performs a process, service or activity or parts thereof under an outsourcing agreement.
“Cloud Service Provider” is a service provider that, by virtue of an outsourcing agreement, is responsible for the provision of cloud services (services provided by processing data in a cloud space, namely, a model for realizing ubiquitous, convenient, on-demand network access to a shared set of configurable computing resources (such as networks, servers, repositories, applications and services, etc.) that can be quickly provisioned and implemented with minimal management effort or interaction with the cloud service provider).
“Code of Ethics” is the Code of Ethics issued by the Institute of Internal Auditors, Altamonte Springs, Florida, USA, and its translation into Bulgarian.
“Single ORSA document” is a single document (supervisory report on ORSA) covering the own risk and solvency assessment carried out at group level and at the level of certain divisions within the group on the same reference date and period, subject to supervisory approval, as specified in the third subparagraph from Art. 246, paragraph 4 of Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of insurance and reinsurance (Solvency II) (OB, L 335/1 of 17 December 2009) . 8 "Persons who effectively run the insurer, respectively the reinsurer" are the members of the management and supervisory board, respectively the board of directors - for joint-stock undertakings, respectively the management and control board - for cooperatives, and also the members of the executive management under Art. 5, para. 3.
“Key Functions” are the functions under Art. 78, para. 1, items 1 - 4 of the Insurance Code, as well as the functions under Art. 78, para. 1, item 5 of the Insurance Code, which the insurer, respectively the reinsurer, has expressly defined as such due to their specific importance for its activity and organization.
“Employees in a key function” of an insurer are the persons working within the key

function. 11. “Audit Engagement” is the engagement within the meaning of the standards of professional practice in internal auditing. 12. “Operational function” is any function related to the commercial activity of the insurer, respectively the reinsurer, which is different from the key functions under Art. 78, para. 1, items 1 - 4 of the Insurance Code. 13. “Legal Risk” is the risk of loss resulting from: a) an insufficiently well-documented or legally formed transaction, as a result of which the counterparty may avoid fulfilling its obligations under it; or b) claim for realization of responsibility as a result of non-fulfillment of legal obligations; or c) failure to take legal action to protect rights or property; or d) changes in the regulatory framework. 14. “Reputational Risk” is the risk of losses resulting from a decrease in confidence in the insurer or reinsurer and from disputes or conflicts with users of insurance services or other stakeholders. 15. "Standards of Professional Practice in Internal Auditing” are the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors, Altamonte Springs, Florida, USA. § 2. (1) Except when the FSC, respectively the Deputy Chairperson, have determined otherwise, an insurer, reinsurer or other person obliged under this ordinance shall provide the information prepared by him to the supervisory authority in an electronic format that allows reading on an electronic device and electronic search of words and numbers. (2) When information under para. 1 is provided on paper, it is accompanied by an electronic version of the document that meets the requirements of para. 1. (3) In cases where the electronic document contains an electronic statement addressed to the FSC or the Deputy Chairperson, it shall be signed with a qualified electronic signature. (4) When an updated document is submitted, it shall be accompanied by a version graphically reflecting the changes compared to the previous version submitted to the FSC. § 3. (1) With this ordinance , the requirements of the following guidelines adopted by the European Insurance and Occupational Pension Insurance Authority are introduced into the FSC's practice:

Guidelines on the System of Governance (EIOPA-BoS-14/253 EN) together with the Technical Annex thereto;
Guidelines for Own Risk and Solvency Assessment (EIOPA-BoS-14/259 EN);
Guidelines on Complaints-Handling by Insurance Undertakings (EIOPA-BoS-12/069 EN) (2) With this ordinance , the application of the following guidelines adopted by the European Insurance and Occupational Pension Insurance Authority is ensured:
Guidelines on Outsourcing to Cloud Service Providers (EIOPA-BoS-20-002);
Guidelines on Information and Communication Technology Security and Governance (EIOPA-BoS-20/600) TRANSITIONAL AND FINAL PROVISIONS § 4. (1) Insurers, respectively reinsurers, shall bring their policies and procedures, as well as their internal documents, in line with this ordinance within 6 months of its entry into force. (2) The FSC accepts the instructions under Art. 75, para. 2 and Art. 102, para. 2 within 2 months from the entry into force of this regulation. § 5. Proceedings before the FSC or the Deputy Chairperson, which began before the entry into force of this ordinance, are concluded according to the previous terms and procedures, and the requirements of this ordinance do not apply to them.

§ 6. Ordinance No. 5 of 15.10.2003 on carrying out activities as an insurance broker and insurance agent (SG, issue 96 /2003) is revoked. § 7. Ordinance No. 32 of 13.09.2006 on the requirements for the organization and activity of the internal control service of insurers, reinsurers and entities included in an insurance or reinsurance group (promulgated, SG issue 81 /2006; amended and supplemented, issue 4 /2010) is revoked. § 8. In Ordinance No. 48 of 20.03.2013 on the requirements for remuneration (promulgated, SG No. 32 /2013; amended and supplemented, issue 41 and 41 /2019 and issue 61 / 2020) the following amendments and additions are made:

In Art. 2: a) a new paragraph 3 is created: “(3) Employees performing control functions in the insurer, respectively in the reinsurer, within the meaning of para. 1, item 4, are the persons who manage the functions under Art. 78, para. 1, items 1 - 3 of the Insurance Code, and the employees in the units that perform these functions. The remuneration policy of the insurer, respectively the reinsurer, determines the positions of the employees that may have a significant impact on the risk profile of the undertaking under para. 1, item 5, or contains a methodology for their determination.; b) the previous para. 3 becomes para. 4.
In Art. 4: a) a new paragraph 3 is created: “(3) The remuneration policy of insurers and reinsurers shall meet the requirements under para. 1, items 1 - 4, and within the meaning of item 1, the “acceptable level” is determined according to the risk management policies and the risk-taking limits provided for in them, including in relations with service providers. The remuneration policy cannot jeopardize the ability of the insurer, respectively the reinsurer, to maintain the required own funds.; b) the previous para. 3 becomes para; 5. a) a paragraph 4 is created: “(4 ) The insurer, respectively the reinsurer, guarantees that the measures to avoid conflict of interests under para. 1, item 3 cover at least:
the persons who develop the remuneration policy, who approve or revise it, as well as who prepare, conclude or revise agreements regarding remuneration;
the persons who conclude or write insurance or reinsurance contracts, which may significantly affect the risk profile of the insurer or reinsurer;
asset managers.”
Art. 4a is created: Article 4а. (1) The insurer, respectively the reinsurer, which is a participating undertaking, the insurance holding or the mixed-activity financial holding, shall adopt a remuneration policy for the entire group, and the policy shall reflect the complexity and structure of the group with the aim of uniform and consistent application across the group in line with the group's risk management strategies. The policy applies to all individuals at group level and to each individual entity. (2) The insurer, respectively the reinsurer, which is a participating undertaking, the insurance holding or the mixed-activity financial holding, shall ensure that:
there is interconnected of the remuneration policies in the group and their compliance with the legal and regulatory requirements in relation to the undertakings that are part of it, and they are implemented correctly;
all undertakings of the group comply with the legal and regulatory requirements regarding remuneration;
conditions have been created for the management of significant risks at the group level, related to the implementation of the remuneration policy in the group.
In Art. 6, para. 2, after the words “non-financial indicators”, a comma is placed and the following is added: “and in the case of an employee of an insurer, respectively of a reinsurer - on compliance with risk management rules and the ordinance and internal acts of the insurer, respectively to the reinsurer"
In § 5 of the transitional and final provisions after the words “Art. 77, para. 5” is added “and in connection with Art. 265, para. 1”. § 9. This ordinance is issued on the basis of Art. 77, para. 5 in connection with Art. 265, para. 1, Art. 90, para. 8, Art. 111, para. 4, Art. 104, para. 6 and Art. 232, para. 5 of the Insurance Code and was adopted by Decision No. 227-H of 22.07.2021 of the Financial Supervision Commission. Chairperson: Boyko Atanasov