2023-11-08
Added · Updated
Issued by the Namibia Financial Institutions Supervisory Authority (NAMFISA), this framework establishes a dynamic, forward-looking risk-based supervision methodology for non-bank financial institutions, including insurance companies, pension funds, financial market infrastructures, and capital markets intermediaries. The methodology requires supervisors to conduct a structured assessment of business profiles, macroeconomic and industry factors, significant activities, capital adequacy, liquidity, and governance functions to calculate composite risk ratings. These ratings directly dictate a proportional ladder of supervisory interventions, ensuring NAMFISA allocates resources efficiently and implements timely, risk-focused oversight measures.
NAMFISA RISK-BASED SUPERVISION METHODOLOGY FRAMEWORK
2 Table of Contents
3 2.9 Liquidity: Insurance Institutions, Pension Funds and Capital Markets Intermediaries .................................................................................................................. 17 2.10 Liquidity: Financial Market Infrastructures ........................................................... 18 3. Ladder of Supervisory Intervention....................................................................... 19 3.1 The Five Stages of Intervention ............................................................................... 20 4. Oversight Functions ............................................................................................... 25 4.1 Oversight: Compliance Function ............................................................................ 25 4.1.1 Definition of assessment ratings.......................................................................26 4.1.2 Assessment criteria............................................................................................27 4.1.3 Compliance performance...................................................................................30 4.1.4 Examples of indicators that the NBFI could use to guide its supervisory judgement....................................................................................................................31 4.2 Oversight: Risk Management Function.................................................................. 32 4.2.1 Definition of assessment ratings.......................................................................32 4.2.2 Assessment criteria............................................................................................33 4.2.3 Risk management performance.........................................................................36 4.2.4 Examples of indicators that the NBFI could use to guide its supervisory judgement....................................................................................................................37 4.3 Oversight: Actuarial Function ................................................................................. 38 4.3.1 Definition of assessment ratings.......................................................................38 4.3.2 Assessment criteria............................................................................................39 4.3.3 Actuarial performance........................................................................................43 4.3.4 Examples of indicators that the NBFI could use to guide its supervisory judgement....................................................................................................................44 4.4 Oversight: Internal Audit Function ......................................................................... 44 4.4.1 Definition of assessment ratings.......................................................................46 4.4.2 Assessment criteria............................................................................................47 4.4.3 Internal Audit performance................................................................................51
4 4.4.4 Examples of indicators that could be used to guide supervisory judgement51 4.5 Oversight: Senior Management Function .............................................................. 52 4.5.1 Definition of assessment ratings.......................................................................54 4.5.2 Assessment criteria............................................................................................55 4.5.3 Senior Management performance .....................................................................58 4.5.4 Examples of indicators that could be used to guide supervisory judgement59 4.6 Oversight: Board of directors/trustees Function .................................................. 60 4.6.1 Definition of assessment ratings.......................................................................60 4.6.2 Assessment criteria............................................................................................61 4.6.3 Board of directors/trustees performance .........................................................65 4.6.4 Examples of indicators that could be used to guide supervisory judgement66 5. Effective Date .......................................................................................................... 67 6. Revision ................................................................................................................... 67 7. Approval................................................................................................................... 67 Appendix A: Risk Matrix Tool .................................................................................... 68 Appendix B: Inherent Risk Categories and Definitions ........................................... 69 Appendix C: Inherent Risk Assessment Ratings, Overall Ratings for Quality of Risk Mitigation Control Functions and Overall Net Risk Ratings.................................... 71
5 2) Capital Assessment Ratings: Insurance Institutions, Financial Market Infrastructures and Capital Markets Intermediaries..................................................... 80 3) Funding Assessment Ratings: Pension Funds ................................................... 81 4) Earnings Assessment Ratings............................................................................... 82 5) Liquidity Assessment Ratings ............................................................................... 83 Appendix F: Assessment Criteria: Capital, Funding, Earnings and Liquidity ....... 84
1
2 1.3 Risk-based Supervision Framework Principles PRINCIPLE 1: SUPERVISORY METHODOLOGY NAMFISA’s supervisory methodology is risk and principle based, forward looking, and outcome focused for timely intervention. PRINCIPLE 2: BOARD OF DIRECTORS/TRUSTEES AND SENIOR MANAGEMENT ACCOUNTABILITY Financial institutions’ Boards of Directors and Trustees have a fiduciary duty, and, together with Senior Management, are ultimately accountable for the prudent management and financial soundness of their institutions and pension funds and their compliance with market conduct and legislative requirements. PRINCIPLE 3: RISK TOLERANCE NAMFISA’s supervisory approach seeks to (1) reduce the likelihood and impact of failure of financial institutions and pension funds, rather than prevent all failures, and (2) identify and address material market conduct and legislative compliance issues on a timely basis. PRINCIPLE 4: CONSOLIDATED SUPERVISION Financial conglomerates are supervised on a consolidated basis in conjunction with other supervisors. PRINCIPLE 5: SOUND PREDICTIVE JUDGEMENT Sound predictive judgement in identifying and assessing risk is fundamental to the effectiveness of NAMFISA’s supervisory approach. PRINCIPLE 6: USE OF GOVERNANCE AND OVERSIGHT FUNCTIONS Where appropriate, NAMFISA will draw on financial institutions’ governance and oversight functions to minimise duplication of effort. PRINCIPLE 7: RELIANCE ON AND USE OF EXTERNAL STAKEHOLDERS’ WORK NAMFISA relies on external auditors for the fairness of financial statements and will use their work to modify the scope of its supervision to minimise duplication of effort. Similarly, NAMFISA
3 relies on actuaries for the adequacy of policy liabilities and will use their work to modify the scope of its supervision of financial institutions. PRINCIPLE 8: RISK-FOCUSED AND TIMELY REPORTING Assessments and requirements are communicated to financial institutions in a risk-focused and timely manner. PRINCIPLE 9: CONTINUOUS AND DYNAMIC NAMFISA’s supervision is continuous and dynamic. This supervision requires the monitoring and identifying of changes in risks, arising from financial institutions and their operating environments, readily assessing the impact of these changes on the risk profiles of financial institutions, and dynamically adjusting supervisory priorities, as warranted, for timely intervention. PRINCIPLE 10: ALLOCATION OF RESOURCES NAMFISA allocates supervisory resources based on the risk profiles of the financial institutions as well as their systemic importance. 1.4 Assessing the Risk Profile of a Non-bank Financial Institution Assessing the risk profile of a non-bank financial institution (NBFI) is a dynamic process, which includes a carefully formulated series of steps. These steps include:
4 These steps are interrelated and operate in a dynamic manner, and they represent the building blocks for assessing the risk profile of an NBFI. The quality of assessment for each step can impact the quality of the assessments in the steps that follow, ultimately impacting the quality of the overall assessment. Therefore, it is of utmost importance that each step is carried out at an appropriate level of quality to achieve a sound overall assessment of the NBFI’s risk profile. A risk matrix is used to summarise the assessments undertaken during the supervisory process (see Appendix A for the risk matrix tool). The risk matrix highlights the NBFI’s significant activities; the key risks inherent in these activities; how well the key risks are managed and overseen; the residual risk of each significant activity; the overall residual risk of all the significant activities collectively; the adequacy of its earnings, capital, funding and liquidity; and the NBFI’s risk profile and the direction and stability of the risk profile. The risk matrix provides a one-page window into the NBFI’s operations and facilitates the visualization of the key-driving components of the NBFI’s risk profile. The assessments recorded in the risk matrix are supported by supervisory documentation. 1.5 Understanding and Assessing the Business Profile of an NBFI 1.5.1 Understanding the impact of macro factors on an NBFI The operations of NBFIs are increasingly more connected with one another and with other segments of the economy, which in turn are impacted by global and regional economic conditions. Consequently, the effective supervision of NBFIs requires an understanding and assessment of the broader environment and industry in which they operate. NAMFISA’s supervisory methodology looks beyond individual NBFIs. The methodology adopts a stronger macro perspective, which focuses on specific areas of risk and supervisory themes without detracting from the supervision of individual NBFIs. This enables NAMFISA to identify, monitor and analyse market, financial and other material environmental factors that could impact the financial sectors and the NBFIs that operate in these sectors.
5 The methods used to identify macro factors include surveillance of the broader economic environment and the industry to identify emerging trends and vulnerabilities, peer comparisons of individual NBFIs, the regular exchange of information and assessments with other regulators (as appropriate), and the exchange of information and possible joint assessments with the Bank of Namibia and regulators in other jurisdictions. Through this process, NAMFISA’s supervisors engage the NBFI’s management in discussions regarding the risks that their institution faces as well as an overview of the risks in the industry and the broader operating environment. The risk assessment process is iterative, which aims to establish a dynamic approach for the identification of potential risks and vulnerabilities. In addition, it will enable supervisors to link the activities and risks of individual NBFIs to the industry and the wider financial system, and vice versa. Environmental factors To identify the environmental factors in an NBFI’s operating environment, various factors need to be monitored. These monitored factors include the level of economic activity and gross domestic product, global and regional economic impacts, financial market indices, investor and business confidence, current and projected levels of interest rates, current and projected rates of inflation, health of the real estate sector, depth of capital markets and availability of investment products,
6 currency volatility, demographic and population trends, level of unemployment, local and/or international political stability, the impact of pandemics, and changes in sectoral and national legislative regimes. The monitoring process of the environmental factors enables supervisors to assess their probable impact on a sector as well as on individual NBFIs in the sector. Likewise, given the large-scale exposure of NBFIs to domestic, global and regional capital markets, NAMFISA intends to conduct stress tests to assess the impact of these capital markets on individual NBFIs. Industry factors An industry analysis involves the research and assessment of the state of the industry, with a view to identifying issues or emerging risks. The industry analysis is based on periodic information filed by institutions with NAMFISA and available industry information from other sources such as, amongst others, industry publications and rating agencies. The analysis provides NAMFISA with up-to-date information on industry developments and emerging issues and trends. For the analysis, NAMFISA considers factors such as trends and experiences regarding products and services offered, the nature and extent of competition, the introduction of new products, trends in growth, profitability, capital and liquidity levels of peers, the availability of required skilled resources, investment trends, the return on investments, and changes in technology. The analysis, which is conducted on a comparative basis, provides supervisors with a good understanding of industry trends and experiences, the risks that the industry faces, and systemwide vulnerabilities. In addition, it provides macro-industry-level input to the supervisory process, and it equips supervisors for the assessment of individual NBFIs in the context of the industry. 1.5.2 Understanding and assessing the business profile of an NBFI To understand the business profile of an NBFI, NAMFISA analyses its business models, objectives, strategies to achieve these objectives, ownership, organisation and accountability, and governance structures. It is important for NAMFISA to gain an understanding of the NBFI’s risk tolerance, as well as the institution’s track record regarding the execution of its strategies. This involves understanding the institution’s risk management philosophy, risk appetite metrics (quantitative and qualitative), and risk appetite statement and development process. Other factors that require consideration include the scope of operations; the target markets; the level of growth compared to peers; actual performance against plans; earnings, capital and
7 liquidity levels and historical trends; products and/or services offered; key business processes and activities being pursued; distribution channels and technologies; the nature and stability of funding sources; the nature and level of off-balance sheet exposures; asset quality and concentration; lapses and terminations of insurance institutions; and late payment or the nonpayment of members’ pension contributions. 1.5.3 Identifying significant activities The understanding and assessment of the broader environmental and industry factors and of the NBFI’s business profile provide NAMFISA with the necessary context to identify the significant activities of the NBFI. A significant activity of an NBFI could, for example, include a line of business, a business unit, or an entity-wide process (e.g. information technology). The significant activities are pertinent for the achievement of the NBFI’s objectives. The NBFI’s activities can be identified from various sources of information, including its organisational structure, strategic and business plans, capital allocations, and internal and external financial reporting. Once the NBFI’s significant activities have been identified, sound judgement is applied to determine the significance of the activities. For this purpose, materiality is used as a measure to gauge the relative significance of the activities for the achievement of the NBFI’s objectives. The materiality assessment is multi-dimensional, current and prospective, and it considers both qualitative and quantitative factors. Examples of criteria that may be used to determine materiality include: • assets generated by the activity in relation to the total assets; • revenue generated by the activity in relation to the total revenue; • net income before tax of the activity in relation to the total net income before tax; • risk-weighted assets generated by the activity in relation to the total risk-weighted assets; • internal allocation of capital to the activity in relation to the total capital; • strategic importance; • costs paid to an activity in relation to the total expenses; • the total funds under management; • the total funds under administration; • contributed capital invested in portfolio companies (unlisted);
8 • the number of personnel in each department; and • the number of clients per product. The activities identified as significant constitute those that are important for the achievement of the NBFI’s business objectives and strategies. The identification of the significant activities also takes into account those activities that the NBFI’s management considers significant, and how they are organised and managed by the institution. To assist with the efficiency and effectiveness of the assessment, the activities could be grouped or sub-divided. However, should this method be used, it is essential that supervisors ensure that the key risks in the activities are not masked and are assessed at the appropriate level. Once the significant activities have been identified, the risks inherent in these activities are assessed. 1.6 Defining Inherent Risk Categories and Related Assessments Inherent risk is intrinsic to an activity and cannot be separated from the activity. It arises from exposure to and uncertainty about current and potential future events. Inherent risk is evaluated by considering the probability of occurrence and the potential adverse impact on the NBFI’s overall financial condition. Inherent risk is assessed without considering the size of the activity and the quality of the NBFI’s risk management. The assessment of inherent risk is dynamic, forward looking, continuous, and based on sound predictive judgement. NBFIs are exposed to various risks; however, the type and extent of exposure varies depending on the activities undertaken by the institution. Also, NBFIs have a broad spectrum of risk characteristics, of which some are universal and others unique to a particular NBFI or industry. The nature of an NBFI’s inherent risk is determined according to a thorough understanding of its significant activities and the environment in which the NBFI operates. NAMFISA has identified inherent risk categories commonly associated with NBFIs, which include insurance risk, operational risk, credit risk, market risk, market conduct risk, legal and regulatory risk, and strategic risk. These inherent risk categories are defined in Appendix B. Once each significant activity’s inherent risks have been identified, a relevant rating is assigned to each risk. These ratings include low, moderate, above average, and high (refer to Appendix C for a detailed account of these ratings). Assessment of the inherent risks enables NAMFISA to
9 build expectations of the NBFI’s risk mitigation measures for each of the risks inherent in an activity. 1.6.1 Assessing the NBFI’s risk mitigation controls (operational management and oversight functions) Once the ratings for the inherent risks have been allocated, NAMFISA assesses the quality of the NBFI’s risk mitigation controls at two levels. The first level comprises operational management, which is responsible for managing inherent risks on a day-to-day basis. The second level comprises oversight functions, which are responsible for providing independent, entity-wide oversight of operational management. NAMFISA expects the NBFI to establish risk mitigation controls that are commensurate with the ratings of each inherent risk (i.e. a high inherent risk will require rigorous day-to-day control and oversight). For each significant activity, NAMFISA will assess operational management and the relevant oversight functions. Operational management and the oversight functions are discussed in detail below. Operational management Operational management is responsible for the day-to-day management and mitigation of the significant activity’s inherent risks. For each significant activity, NAMFISA will assess the quality of these controls individually. In other words, operational management is responsible for ensuring that the staff understands each significant activity’s inherent risks and how these risks are managed; and that the policies, procedures, processes, systems of internal control, and resources are adequate in order to effectively manage these inherent risks. In this regard, NAMFISA will assess whether these controls are adequate to manage the inherent risks. Oversight functions The oversight functions provide independent oversight of operational management within NBFIs. The oversight functions for each significant activity are assessed, which includes analysing the relevance of these functions to each specific significant activity. The presence and structure of the oversight functions will vary according to the nature, scope and complexity of the NBFI. When an NBFI lacks some of the oversight functions, is not independent or does not have an entity-
10 wide responsibility, NAMFISA expects other functions (internal or external to the NBFI) to provide the required independent oversight. The overall effectiveness of the oversight functions will be assessed and a relevant rating assigned. These ratings include strong, acceptable, needs improvement, and weak (refer to Appendix C for a detailed account of these ratings). NAMFISA will assess the oversight functions’ abilities to effectively control and oversee the management of the inherent risks in each significant activity. NAMFISA has identified the following six oversight functions that commonly exist in NBFIs:
11 Quality of Risk Management Identified Inherent Risk Low Moderate Above average High Net Risk Assessment Strong Low Low Moderate Above average Acceptable Low Moderate Above average High Needs improvement Moderate Above average High High Weak Above average High 1.6.3 Assessing the overall net risk of all significant activities and related definitions The overall net risk is the weighted aggregate of the net risks for all the significant activities within an NBFI. In this regard, the net risks of significant activities are aggregated by considering their relative materiality to determine the overall net risk of the NBFI. Significant activities with a higher materiality are considered to have a larger impact on the risk profile of the NBFI. Therefore, the ratings for materiality include low, medium, and high. Determining the overall net risk includes a qualitative assessment of the NBFI’s susceptibility to adverse events that may impact its capital, earnings, and fair treatment of consumers in the foreseeable future. The overall net risk rating is assessed before considering earnings, capital, funding and liquidity. The ratings for overall net risk include low, moderate, above average, and high (refer to Appendix C for a detailed account of these ratings). The assessment also determines the direction of the overall net risk (i.e. whether it is decreasing, stable, or increasing) over a specified period of time. Once the overall net risk has been determined, the adequacy of capital, funding, earnings and liquidity is assessed.
12 2. Composite Risk Rating: Insurance Institutions, Pension Funds, Financial Market Infrastructures2 and Capital Markets Intermediaries3 The composite risk rating (CRR) is an assessment of the NBFI’s overall risk profile. The CRR is determined after considering the impact of capital, funding, earnings and liquidity in relation to the overall net risk. The ratings for composite risk include low, moderate, above average, and high, and the direction of composite risk is assessed as either decreasing, stable, or increasing over a specified period of time. The assessment ratings are discussed in detail in Appendix E. The composite risk rating is also used to determine the stage of supervisory intervention, which is commensurate with the overall risk profile of the NBFI. Capital, funding, earnings and liquidity are discussed in detail below. 2.1 Capital: Insurance Institutions Capital is a source of financial support, which is used to protect insurance institutions against unexpected losses. Maintaining sufficient capital is vitally important to ensure the financial safety and soundness of an insurance institution. An insurance institution’s capital is assessed based on the appropriateness of its level and quality, for the present and future and for normal and stressed conditions, relative to its overall net risk. Senior Management and the Board of Directors should provide oversight for the management of the capital. NAMFISA’s interest in the capital levels of insurance institutions stems from its legal mandate to protect consumers by ensuring that, in both normal and stressed conditions, insurance institutions are able to meet their obligations. Adequate capital should not be seen as a replacement for sound risk management; instead, it serves as a secondary mitigation measure in circumstances where primary risk controls are inadequate. NAMFISA expects insurance institutions to maintain sufficient capital in relation to their overall net risk. When assessing the capital of insurance institutions, NAMFISA considers factors such as capital adequacy (i.e. quantity and quality) in relation to the insurance institution’s overall net 2 Financial Market Infrastructures (FMIs) in Namibia include the Namibian Stock Exchange and other FMIs under the FIM Act. 3 In this document, Capital Markets Intermediaries refer to investment managers (IM), unlisted investment managers (UIM), management companies (Mancos), linked investment service providers (LISPs), and the trustees/custodians of management companies.
13 risk, access to capital, the future outlook, and the effectiveness of capital management policies and processes. The capital assessment criteria are described in Appendix F. Determining insurance institutions’ capital is a risk-based process, as set out in the Capital Standards4 . The assessment ratings for capital include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these assessment ratings). 2.2 Capital: Financial Market Infrastructures Capital is a source of financial support, which is used to protect financial market infrastructures (FMIs) against unexpected losses. Maintaining sufficient capital is vitally important to ensure the financial safety and soundness of FMIs. FMIs’ capital is assessed based on the appropriateness of their level and quality, for the present and future and for normal and stressed conditions, while taking into account the overall net risk of FMIs. Senior Management and the Board of Directors should provide oversight for the management of the capital. NAMFISA’s interest in the capital levels of FMIs stems from its legal mandate to protect investors by ensuring that, in both normal and stressed conditions, FMIs are able to meet their obligations. Adequate capital should not be seen as a replacement for sound risk management; instead, it serves as a secondary mitigation measure in circumstances where primary risk controls are inadequate. NAMFISA expects FMIs to maintain sufficient capital in relation to their overall net risk. When assessing the capital of FMIs, NAMFISA considers factors such as adequacy (i.e. quantity and quality) in relation to the FMIs overall net risk, access to capital, the future outlook, capital oversight by the Board and management, and the effectiveness of capital management policies and processes. The assessment criteria are described in Appendix F. For FMIs, determining an NBFI’s capital is a risk-based process, as set out in the Capital Standards. The assessment ratings for capital include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these assessment ratings). 4 Standard No. INS.S. 2.1: Capital Adequacy Requirements for Registered Insurers and Reinsurers; Standard No: INS.S.2.2: Determination, Calculation And Valuation Of Assets and Liabilities of Registered Insurers; and Standard No. MAF.S.7.3: Determination, Calculation And Valuation Of Categories Of Assets, Liabilities And Solvency Requirements Of A Medical Aid Fund
14 2.3 Capital: Capital Markets Intermediaries Capital is a source of financial support, which is used to protect capital markets intermediaries against unexpected losses. Maintaining sufficient capital is vitally important to ensure the financial safety and soundness of capital markets intermediaries. Capital markets intermediaries’ capital is assessed based on the appropriateness of their level and quality, for the present and future and for normal and stressed conditions, relative to their overall net risk. Senior Management and the Board of Directors should provide oversight for the management of the capital. NAMFISA’s interest in the capital levels of capital markets intermediaries stems from its legal mandate to protect investors by ensuring that, in both normal and stressed conditions, capital markets intermediaries are able to meet their obligations. Adequate capital should not be seen as a replacement for sound risk management; instead, it serves as a secondary mitigation measure in circumstances where primary risk controls are inadequate. NAMFISA expects capital markets intermediaries to maintain sufficient capital in relation to their overall net risk.When assessing the capital of capital markets intermediaries, NAMFISA considers factors such as adequacy (i.e. quantity and quality) in relation to the capital markets intermediaries’ overall net risk, access to capital, future outlook, the effectiveness of capital management policies and processes, and oversight. The assessment criteria are described in Appendix F. The assessment ratings for capital include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these assessment ratings). 2.4 Funding: Pension Funds Funding is the act of providing financial resources in the form of member and employer pension contributions to a retirement fund. For defined benefit pension funds, the purpose of funding is to ensure that sufficient assets will be accumulated to deliver the promised benefits on an ongoing basis, as set out in the fund rules, and to protect pension benefits in situations that involve employer insolvency or bankruptcy. If the funding ratio drops below a certain threshold, the employer of the retirement fund may be contractually forced to restore the funding level. Funding is assessed by the timely (i.e. within the timeframe as stipulated in the FIM Act) and accurate payment (i.e. contributions at set contribution rates as defined in the fund rules) of member and employer pension contributions, which is critical for the overall financial safety and
15 soundness of a retirement fund. Retirement fund contributions are required by law to be paid habitually and on time. Such funding provides a cushion by absorbing short-term liquidity requirements and long-term pension benefit payments, and it ensures that the funding level aspirations are maintained. The employer of a fund may not be able to make its part of the contributions or make a remedial contribution if the financial position of the employer is weak. Therefore, a high probability exists that the weak financial position of the fund will correspond with the weak financial position of the employer, due to the fact that both are affected by macro-economic shocks. The risk of default by the sponsor is a source of risk to the retirement fund. NAMFISA assesses funding by taking into account the pattern of member and employer pension contributions to a retirement fund on a monthly basis (or any other specific payment intervals as prescribed in the fund rules). For defined benefit funds, if the funding level drops below a certain threshold, the employers of the fund are contractually forced to restore the funding level. Therefore, the employers’ financial position is also carefully considered. Funding is assessed according to a retirement fund’s overall net risk, and the assessment ratings include strong, acceptable, needs improvement, and weak. The assessment criteria and ratings are discussed in detail in Appendix E and F, respectively. 2.5 Earnings: Insurance Institutions Earnings are an important contributor to an insurance institution’s long-term viability as they contribute to the internal generation of capital. Earnings are the distributable profits of an insurance institution in a given financial year, based on the year-end financial statements after deductions (e.g. tax) have been considered. Earnings are assessed based on their quality, quantity, and consistency as a source of internally generated capital. Strong and sustainable levels of earnings are vitally important to ensure that insurance institutions remain financially sound. NAMFISA assesses the earnings by taking into account factors such as historical trends and the stability of earnings (i.e. quantity, quality, volatility, composition and sustainability), sources of earnings (core versus non-core), the future outlook (for both normal and stressed conditions), peer group comparisons, retention rates, and dividend policies. Earnings are assessed according
16 to the insurance institution’s overall net risk. The assessment criteria are discussed in detail in Appendix F. The assessment ratings include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these ratings). 2.6 Earnings: Pension Funds Earnings refers to the revenue stream of retirement funds. Retirement fund earnings are derived from one source: the net investment income gained from investment assets. Earnings provide a source of financial support by contributing to a retirement fund’s external generation of capital. Earnings are an important contributor to a retirement fund’s short- and long-term viability and they help grow retirement fund assets for the benefit of the members. Earnings are assessed based on net investment returns relative to the benchmark (i.e. the investment return objectives as set out in the retirement fund’s investment policy statement and the needs requirement of the Asset Liability Model). The assessment takes into account historical trends and the future outlook (for both normal and stressed conditions). The assessment ratings used to assess a retirement fund’s earnings and ability to continue to generate earnings include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these ratings). 2.7 Earnings: Financial Market Infrastructures Earnings are an important contributor to financial market infrastructures’ (FMIs) long-term viability as they contribute to the internal generation of capital. Earnings are the distributable profits of FMIs in a given financial year, based on the year-end financial statements after deductions (e.g. tax) have been considered. Earnings are assessed based on their quality, quantity, and consistency as a source of internally generated capital. Strong and sustainable levels of earnings are vitally important to ensure that FMIs remain financially sound. NAMFISA assesses the earnings by taking into account factors such as historical trends and the stability of earnings (i.e. quantity, quality, volatility, composition and sustainability), sources of earnings (core versus non-core), the future outlook (for both normal and stressed conditions),
17 peer group comparisons, retention rates, and dividend policies. Earnings are assessed according to FMIs’ overall net risk. The assessment criteria are discussed in detail in Appendix F. The assessment ratings include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these ratings). 2.8 Earnings: Capital Markets Intermediaries Earnings are an important contributor to capital markets intermediaries’ long-term viability as they contribute to the internal generation of capital. Earnings are the distributable profits of capital markets intermediaries in a given financial year, based on the year-end financial statements after deductions (e.g. tax) have been considered. Earnings are assessed based on their quality, quantity, and consistency as a source of internally generated capital. Strong and sustainable levels of earnings are vitally important to ensure that capital markets intermediaries remain financially sound. NAMFISA assesses the earnings by taking into account factors such as historical trends and the stability of earnings (i.e. quantity, quality, volatility, composition and sustainability), sources of earnings (core versus non-core), the future outlook (for both normal and stressed conditions), peer group comparisons, retention rates, and dividend policies. Earnings are assessed according to capital markets intermediaries’ overall net risk. The assessment criteria are discussed in detail in Appendix F. The assessment ratings include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these ratings). 2.9 Liquidity: Insurance Institutions, Pension Funds and Capital Markets Intermediaries Liquidity risk refers to an NBFI’s inability to maintain sufficient liquid assets to meet its on- and off-balance sheet contractual obligations, as and when they fall due. It encompasses the quality and quantity of the NBFI’s liquid assets available to meet its obligations under normal and stressed conditions.
18 NAMFISA assesses liquidity on an entity-wide level by considering the level of the NBFI’s liquidity risk and the quality of its liquidity management processes, for the present and future and for normal and stressed conditions. In addition, under a management company, liquidity is assessed at the unit trust portfolio level. An adequate level of liquidity is critical for the overall financial safety and soundness of NBFIs. NAMFISA expects NBFIs to hold an appropriate stock of high-quality, unencumbered assets, which can be traded or exchanged, even under stressed circumstances. The level of liquidity risk is influenced by the NBFI’s balance sheet composition, its funding sources, liquidity strategy, and prevailing market conditions and events. The assessment criteria for liquidity are discussed in detail in Appendix F. The assessment ratings for liquidity include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these ratings). 2.10 Liquidity: Financial Market Infrastructures Liquidity risk refers to FMIs’ inability to maintain sufficient liquid assets to meet their on- and offbalance sheet contractual obligations, as and when they fall due. It encompasses the quality and quantity of FMIs’ liquid assets available to meet their obligations under normal and stressed conditions. FMIs should effectively measure, monitor and manage their liquidity risk. FMIs should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlements of payment obligations with a high degree of confidence for a wide range of potential stress scenarios. The potential stress scenarios must include, but not be limited to, the default of the participant and its affiliates, which would generate the largest aggregate liquidity obligation for FMIs in extreme but plausible market conditions. NAMFISA expects FMIs to hold liquid assets funded by equity (e.g. common stock, disclosed reserves or other retained earnings) to enable them to continue operations and services as a going concern should they incur general business losses. The amount of liquid net assets funded by equity required by FMIs should be determined according to their general business risk profiles, and the length of time required to achieve a recovery or orderly wind-down of their critical operations and services, should such action be necessary.
19 The assessment ratings for liquidity include strong, acceptable, needs improvement, and weak (refer to Appendix E for a detailed account of these ratings). 3. Ladder of Supervisory Intervention The level of supervisory intervention will be guided by the composite risk rating (CRR) in relation to the Ladder of Supervisory Intervention (LoSI). The LoSI sets out the procedures that NAMFISA will generally follow in the events of concern regarding the operations of an NBFI or noncompliance with applicable legislation, regulations, standards, directives, and best practice guidelines issued by NAMFISA. The LoSI aims to promote awareness, enhance the transparency of NAMFISA’s intervention process, and summarise the circumstances for which intervention measures may be expected. The LoSI has two key purposes, which are to: • support the early identification of risks to an NBFI’s viability to ensure that appropriate and timely remedial action is taken to reduce the probability of failure; and • flag the actions NAMFISA needs to take before the resolution of an NBFI. NAMFISA supervises NBFIs through a risk-based supervision approach. All assessments made throughout the intervention process consider the unique circumstances of an NBFI, including its nature, scope, complexity and risk profile. The LoSI describes the types of corrective measures that can be applied in cases where an NBFI fails to meet regulatory requirements or enters into what NAMFISA deems unsound or risky business practices or undesirable market conduct practices. In this regard, the LoSI proposes a range of intervention measures applicable to the significance of prudential and market conduct concerns. The LoSI neither limits NAMFISA in its powers to protect consumers nor prevents it from taking any action deemed necessary at any stage during the supervisory process. If required, the LoSI will be updated in the future to reflect any changes to the intervention process or to the roles and responsibilities of NAMFISA during the intervention process. The five stages of intervention are aligned with the composite risk ratings; in other words, each stage of intervention and its corresponding activities, which are described in the LoSI, are linked to the appropriate composite risk rating for ease of reference. The following table illustrates the composite risk ratings and their assigned stage of intervention.
20 Composite Risk Rating Stage of Intervention Low 1 – Normal Moderate 2 – Early warning Above average 3 – Risk to financial viability, solvency and conduct of business High 4 – Future financial viability in serious doubt and/or gross violation of the Treating Customers Fairly Principles 5 – Not viable or insolvency imminent 3.1 The Five Stages of Intervention STAGE 1: Normal Composite risk rating: Low Should NAMFISA determine that the NBFI’s financial condition, policies and procedures are sound and that its practices, conditions and circumstances (including market conduct practices) do not indicate significant problems or control deficiencies, the low composite risk rating is assigned and the NBFI will undergo normal ongoing monitoring. The circumstances that could lead to a Stage 1 classification include: • The combination of the NBFI’s overall net risk, capital, funding, earnings and liquidity makes the institution resilient to most adverse business and economic conditions. • The NBFI’s performance has been satisfactory to good, with most key indicators comparable to or in excess of industry norms. • The NBFI’s financial performance and market conduct has been satisfactory to good, with most key indicators comparable to industry norms. • The NBFI’s governance functions are strongly committed to addressing supervisory concerns that might arise. • The NBFI complies with all the conditions and/or requirements upon which it was registered. Intervention activities Intervention activities for NBFIs classified under Stage 1 include: a) a quarterly, bi-annual and annual analysis of the NBFI’s financial statements;
21 b) assessment, monitoring and updating of the NBFI’s risk profile; c) an actuarial review and stress-testing of insurers and pension funds; d) periodic prudential and market conduct meetings with the NBFI’s management; e) focused and thematic on-site examinations; and f) meetings and discussions with the NBFI’s management concerning any imminent issues or risks that require attention and, if necessary, intervention. STAGE 2: Early warning Composite risk rating: Moderate Should NAMFISA determine any deficiencies or concerns regarding the NBFI’s financial condition, policies or procedures or the existence of other practices, conditions and circumstances (including market conduct practices) that could lead to the development of problems that result from not maintaining the status under Stage 1, the moderate composite risk rating is assigned to the NBFI. The circumstances that could lead to a Stage 2 classification include: • The NBFI’s overall net risk and its capital, funding, earnings and liquidity support the institution’s resilience. • The NBFI has issues concerning its risk management or controls that, although not serious enough to present a threat to financial viability or market conduct, could result in serious problems if not addressed. • The NBFI’s statutory requirements are submitted either late or not at all. • The NBFI does not adhere to on- or off-site review recommendations or action plans. Intervention activities For this stage, the intensity of supervisory activities will increase. In addition to the intervention activities for Stage 1, NAMFISA will employ one or more of the intervention activities listed for Stage 2, which include: a) formally notifying, in writing, the NBFI’s management, Board of directors/trustees, external auditors and/or the appointed valuator of the identified deficiencies; b) meeting with the NBFI’s management, Board of directors/trustees, external auditors and/or the appointed valuator to discuss the identified deficiencies;
22 c) requesting the NBFI to submit an action plan to rectify the deficiencies within a specified timeframe; d) requesting the NBFI’s external auditor to expand the audit scope, perform other procedures, and/or undertake an examination of the institution’s affairs, as required by NAMFISA; e) requesting the appointed valuator to expand the scope of the normal review and to undertake an examination of the NBFI’s financial affairs (as required by NAMFISA), which includes calculating liabilities using other assumptions and calculating funding requirements to generate a revised or early actuarial report; f) requesting an independent review of the NBFI’s financial statements, as needed; g) imposing administrative penalties and/or other legally sanctioned remedies for noncompliance with requirements; and h) intensifying the monitoring of the NBFI (as warranted), through expanding the scope and level of the institution’s reporting information and increasing the frequency of its reporting to ensure concerns are being addressed on a timely basis. STAGE 3: Risk to financial viability, solvency and market conduct of business Composite risk rating: Above average At this stage, concerns regarding the NBFI’s material safety and soundness are present, and the institution is vulnerable to adverse business and economic conditions. NAMFISA has identified problems in respect of prudential and/or market conduct that could deteriorate into a serious situation if not addressed promptly; however, these problems are not serious enough to present an immediate threat to financial viability and solvency. Considerable doubt exists with regard to the future benefits of members and policyholders, the protection of investors’ funds, and the sustainability of the NBFI. The circumstances that could lead to a Stage 3 classification include: • The combination of the NBFI’s overall net risk and its capital, funding, earnings and liquidity makes it vulnerable to adverse business and economic conditions, which could deteriorate into serious problems if not addressed, jeopardising the NBFI’s financial viability, solvency and/or funding level.
23 • The NBFI has issues concerning its risk management or controls that, although not serious enough to present a threat to financial viability or the conduct of business, could result in more serious problems if not addressed promptly. • The NBFI has an unusual number or serious nature of market conduct violations. Intervention activities For this stage, the intensity of supervisory actions will increase. In addition to the intervention activities for Stages 1 and 2, NAMFISA will employ one or more of the intervention activities listed for Stage 3, which include: a) increasing the frequency, depth and scope of on- and off-site inspections, as warranted; b) appointing an inspector (or inspectors) to carry out an investigation at the NBFI’s expense; c) imposing or amending conditions of registration, including but not limited to restrictions on the payment of dividends and the acquisition of new business, as well as other restrictions tailored to the specific circumstances of the NBFI, as deemed necessary by NAMFISA; d) enhancing the monitoring of the NBFI by expanding the scope and level of its reporting information; e) requesting the NBFI to strengthen the Board of directors/trustees and/or management, which includes the dismissal of members who are not fit and proper; f) issuing public notices to members, policyholders, investors, and the public concerning business restrictions or conditions that have been imposed on the NBFI; and g) imposing administrative penalties for non-compliance with requirements and seeking criminal prosecution of serious offences. STAGE 4: Future financial viability in serious doubt and/or gross violation of the Treating Customers Fairly Principles Composite risk rating: High At this stage, NAMFISA has established that the NBFI has failed to remedy the identified problems and, as a result, the institution presents severe safety and soundness and/or market conduct concerns. The conditions experienced by the NBFI pose a material threat to its future financial viability, solvency, funding level and/or market conduct practices as well as its policyholders’ and
24 members’ benefits and investors’ funds unless effective corrective measures are promptly undertaken. The circumstances that could lead to a Stage 4 classification include: • The combination of the NBFI’s overall net risk and its capital, funding, earnings and liquidity makes it vulnerable to adverse business and economic conditions, which pose a serious threat to its financial viability, solvency and/or funding level and the fair treatment of customers unless effective corrective action is promptly undertaken. • The NBFI has serious risk management and/or governance or control deficiencies, which pose a serious threat to its financial viability, solvency and/or the fair treatment of customers unless effective corrective action is promptly undertaken. • The NBFI has grossly violated the Treating Customers Fairly Principles. Intervention activities For this stage, NAMFISA will continue to follow up on previous supervisory interventions and to intensify inspections. In addition to the intervention activities for Stages 1, 2 and 3, NAMFISA will employ one or more of the intervention activities listed for Stage 4, which include: a) meeting on a regular basis with the NBFI’s management, Board of directors/trustees, and auditors or actuaries; b) requesting changes to management and/or the composition of the Board of directors/trustees; c) enhancing the NBFI’s existing business restrictions or imposing additional restrictions; d) requesting the Board of directors/trustees to provide a letter of commitment, which must: − clearly state that those charged with the governance of the NBFI (i.e. the Board of directors/trustees) are aware of the concerns raised by NAMFISA and that they approve of the required remedial steps to enable the NBFI to effectively deal with the raised concerns; and − include the signatures of all concerned; e) applying to the High Court to appoint a Statutory Manager approved by NAMFISA to manage the affairs of the NBFI; and f) suspending or revoking the NBFI’s licence.
25 STAGE 5: Not viable or insolvency imminent Composite risk rating: High At this stage, NAMFISA has determined that the NBFI is experiencing severe financial difficulties and business practices (including market conduct practices) have deteriorated to such an extent that the institution has failed to meet the regulatory capital, surplus, funding, solvency and/or liquidity requirements in conjunction with an inability to rectify the situation on an immediate basis. The NBFI’s employer (or shareholders) has no intention of recapitalizing the institution. The circumstances that could lead to a Stage 5 classification include: • The NBFI has failed to meet the minimum regulatory capital, funding, solvency and/or liquidity requirements. • The NBFI has failed to implement the remedial measures. • The required conditions for the winding-up or deregistration of the NBFI have been met. Intervention activities In addition to the intervention activities for Stages 1, 2, 3 and 4, NAMFISA will employ one or both of the intervention activities listed for Stage 5, which include: a) applying to the High Court for the winding-up of the NBFI (should NAMFISA determine that there is no reasonable prospect of the NBFI returning to financial soundness); and b) revoking the registration of the NBFI and notifying the public accordingly. 4. Oversight Functions 4.1 Oversight: Compliance Function Within an NBFI, Compliance is an independent function that: • sets the policies and procedures for adherence to regulatory requirements; • monitors the NBFI’s compliance with these policies and procedures; • establishes, implements and maintains a compliance plan; and • reports on compliance matters to Senior Management and the Board of directors/trustees.
26 NAMFISA must be satisfied that effective compliance policies, rules and procedures are being followed and that Senior Management will take the appropriate corrective action when compliance failures are identified. The Board of directors/trustees is ultimately responsible for ensuring compliance with all laws, regulations, standards, and circulars and directives. However, the Board of directors/trustees may mandate Senior Management to establish a compliance function. The Compliance function should be independent and sufficiently resourced; its responsibilities should be clearly specified; and its activities should be subject to periodic and independent review by the Internal Audit function. 4.1.1 Definition of assessment ratings An assessment of the quality of the Compliance function’s oversight of the NBFI’s compliance with applicable laws, regulations, standards, and circulars and directives is conducted. As such, the performance of the function is assessed as strong, acceptable, needs improvement, or weak. The overall rating of the function takes into account the appropriateness of its characteristics and the effectiveness of its performance in executing its mandate within the framework of the nature, scope, complexity and risk profile of the NBFI. The characteristics of the performance indicators that guide the determination of an overall rating are as follows: Strong The Compliance function’s characteristics surpass the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function has constantly exhibited a highly effective performance. The function’s characteristics and/or performance are superior to supervisory expectations. Acceptable The Compliance function’s characteristics meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function’s performance has been effective. The function’s characteristics and/or performance meet supervisory expectations. Needs improvement The Compliance function’s characteristics generally meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI; however, there are important areas that require improvement, as they could influence effectiveness in the future or during adverse conditions. The function’s performance has generally been effective, but there are key areas
27 where improvement is needed. The areas that require improvement are not critical enough to cause prudential and market conduct concerns should they be addressed adequately and in a timely manner. Weak The Compliance function’s characteristics do not meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI, and may influence effectiveness in the future or during adverse conditions. The function’s performance has exhibited critical activities where effectiveness needs to be improved through immediate action. The function’s characteristics and/or performance often do not meet supervisory expectations. 4.1.2 Assessment criteria The following criteria describe the characteristics NAMFISA uses when assessing the quality of the Compliance function’s oversight of the management of the NBFI’s compliance with applicable laws, regulations, standards, and circulars and directives. The application and weighting of the individual criteria are dependent on the nature, scope, complexity and risk profile of the NBFI and will be collectively assessed with the function’s performance in rating its overall effectiveness. Mandate The criteria include: • the extent to which the Compliance function’s mandate establishes: − clear objectives and entity-wide authority for its activities; − the authority to oversee the effectiveness and consistency of management and governance functions’ compliance practices; − the authority to carry out its responsibilities independently; − the right of access to the NBFI’s records, information and personnel; − a requirement to opine on the adequacy and effectiveness of the compliance processes and status of compliance; and − the authority to follow up on actions taken by management in response to identified issues and related recommendations; and • the extent to which the mandate is communicated within the NBFI.
28 Organisational structure The criteria include the: • appropriateness of the stature and authority of the function head within the NBFI for the function to be effective in fulfilling its mandate; • extent to which the function head has direct access to the CEO, Senior Management and the Board of directors/trustees (or a Board Committee); • appropriateness of the function’s organisational structure and authority of the function head within the NBFI to enable the function to be effective in fulfilling its mandate; and • extent to which the function is independent of the NBFI’s business activities and dayto-day compliance processes and is not involved in the activities or financial performance of a line of business or product line. Resources The criteria include the: • adequacy of the function’s processes to determine the required: − level of resources necessary to carry out responsibilities and in response to changes in the NBFI’s business activities and strategies, as well as its operating environment; − qualifications and competencies of staff; and − continuing professional development programmes to enhance staff competencies; • adequacy of the function’s resources and appropriateness of its collective qualifications and competencies for executing its mandate; and • sufficiency of staff development programmes. Policies, practices and methodology The criteria include the adequacy of policies and practices to: • ensure that the function’s approach and practices align with industry and regulatory compliance practices and are appropriate for executing its mandate; • keep abreast of new and changing legislation and changes in the NBFI’s risk profile; • promptly develop or amend the NBFI’s compliance policies as legislation is introduced or amended or as new or changing business activities impose different legislative requirements on the NBFI;
29 • document new or amended compliance policies and communicate them throughout the NBFI on a timely basis; • assist management in identifying, addressing and integrating significant legislative or regulatory requirements into their business activities through appropriate procedural controls; and • monitor adherence to applicable laws, regulations, standards and guidelines throughout the NBFI in order to ensure that significant issues are identified and brought to the attention of Senior Management for timely resolution, as well as to support Senior Management’s opinion on the status of compliance. Reporting The criteria include the adequacy of policies and practices to: • report significant compliance findings and recommendations to management so that timely corrective action can be taken; and • monitor and follow up on the effective implementation of management actions in response to compliance findings and recommendations. Internal Audit oversight The criteria include the: • extent to which the Internal Audit programme includes reviews of the Compliance function and its key controls and has the appropriate resources to carry out the reviews, and the extent to which the scope and frequency of its reviews are sufficient to assess the effectiveness of the Compliance function; and • adequacy of the Internal Audit function’s communication of its recommendations and follow-ups with respect to the Compliance function. Senior Management oversight The criteria include the: • adequacy of policies and practices for Senior Management to support the Board of directors/trustees (or Board Committee) on the: − appointment and/or removal, performance review, remuneration and succession plan of the function head; − function’s mandate, budget and resources (staffing and skill sets); and − function’s annual work plan including any material changes to that plan;
30 • adequacy of policies and practices to assess the effectiveness of the function, including communicating results to Senior Management and, as appropriate, the Board of directors/trustees (or a Board committee); • adequacy of policies and practices to report periodically to Senior Management on issues and recommendations with escalation to the Board of directors/trustees, as appropriate; and • adequacy of the processes related to talent development and succession planning for function key roles. Board of directors/trustees (and/or Board Committee) oversight The criteria include the: • adequacy of policies and practices for the Board of directors/trustees (and/or Board Committee) to approve the: − appointment, performance review, remuneration and succession plan of the head of the Compliance function; − function’s mandate, budget and resources (staffing and skill sets); and − function’s annual work plan, including any material changes to that plan; • extent to which the Board of directors/trustees (and/or Board Committee) receives periodic reporting on trends or pervasive risk impacting the NBFI; and • extent to which the Board of directors/trustees (and/or Board Committee) demonstrates an ability to act independently of Senior Management through practices such as regularly scheduled Board (and/or Board Committee) meetings that include sessions without Senior Management present. Relationship with other oversight functions The criterion includes the: • adequacy of the formal integration of the Compliance function’s role and defined responsibility with other oversight functions, as appropriate. 4.1.3 Compliance performance The Compliance function’s performance quality is illustrated by its effectiveness in the oversight of the management of the NBFI’s compliance with applicable laws, regulations, standards, and circulars and directives.
31 The assessment considers the effectiveness with which the function actively promotes compliance with applicable laws, regulations, standards, and circulars and directives of the NBFI, to ensure that any transgressions are identified and mitigated on a timely basis. NAMFISA will heed the indicators of effective performance to guide the determination and execution of its supervisory activities. These activities may include: • discussions with directors and management, including the Chief Compliance Officer/Manager; • a review of the practices to detect and dispose of breaches of compliance; and • a review of the reports of independent assessments of the function, the NBFI’s regulatory correspondence file, and suchlike. 4.1.4 Examples of indicators that the NBFI could use to guide its supervisory judgement These examples include the extent to which the Compliance function: a) develops, documents and actively communicates new and amended compliance policies or requirements to all impacted areas of the NBFI; b) proactively assists management in identifying, addressing and integrating significant legislative or regulatory compliance requirements into its business activities; c) actively monitors adherence to applicable laws, regulations, standards and guidelines throughout the NBFI; d) escalates significant breaches of compliance requirements to Senior Management and, as appropriate, the Board of directors/trustees; e) proactively follows up to ensure that significant issues are addressed on a timely basis; and f) periodically reviews compliance practices for continuing effectiveness.
32 4.2 Oversight: Risk Management Function Risk Management is an independent function that provides oversight of the management of risks inherent in the NBFI’s activities. Risk Management is responsible for the identification, assessment, monitoring and reporting of risks, independent of operational management. The key responsibilities include: • identifying and assessing entity-wide risks and ascertaining whether they are properly managed; • developing systems or models to measure risks; • assisting and monitoring the implementation of risk management procedures by operational management; • establishing policies and procedures to manage risks; • assisting and advising the Board of directors/trustees with regard to developing risk appetite statements, metrics, and tolerance limits; • assessing the risk positions and risk exposures, as well as the steps being taken to manage them; and • reporting the results of risk monitoring to Senior Management and the Board of directors/trustees. NAMFISA will assess certain key attributes of the NBFI’s current Risk Management function, which in turn could aid in the establishment of a suitable rating thereof. These key attributes include but are not limited to the aims and objectives of the Risk Management function, the organisational structure and resources (e.g. appropriately skilled and competent staff with opportunities for further development and training), risk management policies and practices, and oversight at various levels (i.e. Internal Audit, Senior Management, Board of directors/trustees). The quality of risk management is assessed as strong, acceptable, needs improvement, or weak. In general, the quality of the NBFI’s Risk Management function depends on how well the function is able to fulfil its responsibilities and the appropriateness of the means chosen to do so. 4.2.1 Definition of assessment ratings The performance of the Risk Management function is assessed as strong, acceptable, needs improvement, or weak. The overall rating of the function takes into account the appropriateness of its characteristics and the effectiveness of its performance in executing its mandate within the
33 framework of the nature, scope, complexity and risk profile of the NBFI. The characteristics of the performance indicators that guide the determination of an overall rating are as follows: Strong The Risk Management function’s characteristics meet or surpass the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function has constantly exhibited a highly effective performance. Acceptable The Risk Management function’s characteristics meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function’s performance has been effective. The function’s characteristics and/or performance meet supervisory expectations. Needs improvement The Risk Management function’s characteristics generally meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI; however, there are important areas that require improvement, as they could influence effectiveness in the future or during adverse conditions. The function’s performance has generally been effective, but there are key areas where improvement is needed. The areas that require improvement are not critical enough to cause prudential and market conduct concerns should they be addressed adequately and in a timely manner. Weak The Risk Management function’s characteristics are not, in a material way, what is considered necessary in respect of the nature, scope, complexity and risk profile of the NBFI, and may influence effectiveness in the future or during adverse conditions. The function’s performance has exhibited critical activities where effectiveness needs to be improved through immediate action. The function’s characteristics and/or performance often do not meet supervisory expectations. 4.2.2 Assessment criteria The following criteria describe the characteristics NAMFISA uses in assessing the quality of the Risk Management function’s oversight of the management of the NBFI’s activities and related risks, with due regard to the institution’s financial safety and soundness. The application and weighting of the individual criteria are dependent on the nature, scope, complexity and risk profile of the NBFI and will be collectively assessed with the function’s performance in rating its overall effectiveness.
34 Mandate The criteria include: • the extent to which the function’s Board-approved mandate (i.e. Charter or Terms of Reference) establishes: − clear objectives and entity-wide authority for its activities; − the authority to oversee effectiveness and consistency of the NBFI’s risk practices; − the authority to execute its mandate independently without undue interference; − the right of access to the NBFI’s records, information and personnel or any other information it deems necessary to execute its mandate; − the authority to report regularly on the effectiveness of the NBFI’s risk management processes and practices to Senior Management and the Board of directors/trustees; and − the authority to follow up on action taken by management in response to identified issues and related recommendations; and • the extent to which the function’s mandate is communicated within the NBFI. Organisational structure The criteria include the: • appropriateness of the authority of the function head (i.e. Chief Risk Officer) within the NBFI for the function to be effective in fulfilling its mandate; • extent to which the function head has direct access to the CEO, Senior Management and the Board of directors/trustees (or the Risk Sub-committee); • appropriateness of the function’s organisational structure based on the nature, scope, complexity and risk profile of the NBFI; and • extent to which the function is independent of the day-to-day management of risks and is not involved in the activities or the management or financial performance of a line of business or product line. Resources The criteria include the: • adequacy of the function’s processes to determine the required:
35 − level of resources necessary to carry out responsibilities in response to changes in the NBFI’s business activities and strategies, as well as its operating environment; − qualifications and competencies of staff; and − continuing professional development programmes to enhance staff competencies; • adequacy of the function’s resources and appropriateness of its collective qualifications and competencies for carrying out its mandate; and • sufficiency of staff development programmes. Methodology and practices The criteria include the: • adequacy of the processes to regularly review and update risk management policies, processes and limits to take into account changes in the industry and the risk appetite of the NBFI; • appropriateness of risk management policies and practices, given the NBFI’s activities and related risks; • extent to which risk management policies and practices are coordinated with strategic, capital and liquidity management policies and practices; • extent to which risk management policies and practices are documented, communicated and integrated with the NBFI’s day-to-day business activities; • adequacy of policies and practices to monitor positions against approved limits and for timely follow up on material variances; • adequacy of policies and practices to monitor trends and identify emerging risks, and to respond effectively to unexpected significant events; • adequacy of policies and practices to model and measure the NBFI’s risks; and • application of international risk management methodologies, standards or techniques (e.g. International Organisation of Securities Commissions [IOSCO], Committee of Sponsoring Organisations [COSO], International Organization for Standardization [ISO], Integrated Risk Management [IRM]).
36 Reporting The criteria include the: • adequacy of policies and practices to report identified issues along with recommendations to operational management and, where relevant, Senior Management and the Board of directors/trustees; • adequacy of policies and practices to monitor and follow up on the resolution of the identified issues; and • frequency and depth of reporting to Senior Management and the Board of directors/trustees on significant risk management issues. Senior Management and Board oversight The criteria include the: • extent to which the approval of Senior Management and the Board of directors/trustees (or a Board Committee) is required for the: − appointment and/or removal of the function head; − function’s mandate and resources; and − policies, practices and limits for managing significant risks and activities; • adequacy of policies and practices to report regularly to Senior Management and the Board of directors/trustees (or a Board Committee) on the effectiveness of the NBFI’s risk management processes, aggregate exposures and significant issues; and • adequacy of policies and practices to perform independent reviews of the function, including communicating results to Senior Management and the Board of directors/trustees (or a Board Committee). 4.2.3 Risk management performance The Risk Management function’s performance quality is illustrated by its effectiveness in the oversight of the identification and management of risks, with due regard to the NBFI’s financial safety and soundness. The assessment will consider the effectiveness with which the Risk Management function anticipates, identifies and measures risks in a dynamic operating environment and oversees management of these risks within the limits established by the Board of directors/trustees. NAMFISA will heed the indicators of effective Risk Management performance to guide the determination and execution of its supervisory activities.
37 These activities may include: • discussions with directors and management, including the Chief Risk Officer; • assessment of the Risk Management function’s oversight practices and how particular issues (e.g. breaches in approved limits) are dealt with; • a review of risk management reports and reports of independent assessments of the function; and • a review of the Board of directors/trustees or Risk Management Committee minutes, and suchlike. 4.2.4 Examples of indicators that the NBFI could use to guide its supervisory judgement These examples include the extent to which the Risk Management function: a) proactively updates its policies, practices and limits in response to changes in the NBFI’s strategy, business activities and risk limits, and in the industry and the operating environment; b) integrates its policies, practices and limits with day-to-day business and operational activities and with the NBFI’s strategic, capital and liquidity management policies; c) models and measures inherent risks and actively participates in the development of new initiatives to ensure processes are in place to appropriately identify and mitigate risks prior to implementation; d) monitors risk positions against approved limits and ensures that material breaches are addressed on a timely basis; e) provides timely, accurate and relevant reporting, which allows the Board of directors/trustees to understand the NBFI’s exposures relative to its risk appetite and limits and to understand the processes in place to identify, measure and monitor risks, and highlights the exceptions to existing risk policies; f) uses risk measurement and monitoring tools that are sensitive enough to provide early warning indicators of adverse trends and conditions, proactively analyses these trends and conditions, and follows up to ensure that they are addressed on a timely basis;
38 g) proactively assesses and provides objective challenges to the NBFI’s risk-taking activities, policies and practices; h) proactively and effectively addresses risk management issues identified as a result of internal or external events or by other control functions; and i) provides regular and comprehensive reports, independently of the business areas being reported upon, on the effectiveness of the NBFI’s risk management processes and ensures that significant issues are escalated to Senior Management and the Board of directors/trustees on a timely basis. 4.3 Oversight: Actuarial Function Actuarial is an independent control function, which is applicable only to NBFIs with insurance businesses that have responsibilities beyond the legal requirements of the appointed actuary. These responsibilities include: • offering Senior Management and the Board of directors/trustees a certain degree of quality assurance in a number of areas for actuarial calculations and underlying assumptions; • ensuring that these calculations and assumptions are actuarially sound, and that sufficient provision is made for deviations of actual experience from that which is expected; • ensuring that the pricing of insurance contracts is commensurate with the risk taken on, and that sufficient provisions are made for the NBFI’s liabilities; and • ensuring, in conjunction with the Risk Management function, that risk is sufficiently managed through means such as reinsurance, and that the capital held by the NBFI is in line with the regulatory requirements of the institution’s risk profile. 4.3.1 Definition of assessment ratings The performance of the Actuarial function is assessed as strong, acceptable, needs improvement, or weak. The overall rating of the function takes into account the appropriateness of its characteristics and the effectiveness of its performance in executing its mandate within the framework of the nature, scope, complexity and risk profile of the NBFI. The characteristics of the performance indicators that guide the determination of an overall rating are as follows:
39 Strong The Actuarial function’s characteristics meet or surpass the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function has constantly exhibited a highly effective performance. The function’s characteristics and/or performance are superior to supervisory expectations. Acceptable The Actuarial function’s characteristics meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function’s performance has been effective. The function’s characteristics and/or performance meet supervisory expectations. Needs improvement The Actuarial function’s characteristics generally meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI; however, there are important areas that require improvement, as they could influence effectiveness in the future or during adverse conditions. The function’s performance has generally been effective, but there are key areas where improvement is needed. The areas that require improvement are not critical enough to cause prudential and market conduct concerns should they be addressed adequately and in a timely manner. The function’s characteristics and/or performance do not consistently meet supervisory expectations. Weak The Actuarial function’s characteristics are not, in a material way, what is considered necessary in respect of the nature, scope, complexity and risk profile of the NBFI, and may influence effectiveness in the future or during adverse conditions. The function’s performance has exhibited critical activities where effectiveness needs to be improved through immediate action. The function’s characteristics and/or performance often do not meet supervisory expectations. 4.3.2 Assessment criteria The following criteria describe the characteristics NAMFISA uses in assessing the quality of the Actuarial function’s oversight of the management of the NBFI’s activities and related risks, with due regard to the institution’s financial safety and soundness. The application and weighting of the individual criteria are dependent on the nature, scope, complexity and risk profile of the NBFI and will be collectively assessed with the function’s performance in rating its overall effectiveness.
40 Mandate The criteria include: • the extent to which the function’s Board-approved mandate establishes: − clear objectives, responsibilities and authority for the function’s activities, especially for the Head of Actuarial Function (HAF) or equivalent (note: the mandate should be regularly reviewed and updated to reflect the changes in the operating environment); − the authority to oversee effectiveness and consistency of, among others, the NBFI’s risk management, modelling, pricing and provisioning practices; − the authority to independently express views regarding the effectiveness of the NBFI’s policies and practices; − the conditions under which professional judgement may be applied; − guidance on the interaction of the Actuarial function with other functions (i.e. Risk Management, Internal Audit); − guidance on the treatment of conflicts of interest; − the right of access to the NBFI’s records or any other information it deems necessary to execute its mandate; − the authority to report regularly on the effectiveness of the NBFI’s actuarial processes and practices, solvency position, and issues affecting solvency to Senior Management and the Board of directors/trustees; and − the authority to follow up on action taken by management in response to identified issues and related recommendations; and • the extent to which the function’s mandate is communicated within the NBFI. Organisational structure The criteria include the: • appropriateness of the authority of the HAF within the NBFI for the function to be effective in fulfilling its mandate; • awareness and adherence to the codes of conduct of the relevant Actuarial Board that is a full member to the International Actuarial Association (IAA), for example, the Institute and Faculty of Actuaries (IFoA) and the Actuarial Society of South Africa (ASSA), in respect of professional integrity, ethics and technical aptitude; • extent to which the Actuarial function’s completed work and recommendations are incorporated in the NBFI’s activities;
41 • extent to which the HAF has direct access to the CEO, Senior Management and the Board of directors/trustees; • appropriateness of the function’s organisational structure based on the nature, scope, complexity and risk profile of the NBFI; • extent to which the function interacts and collaborates with other functions; • extent to which the function’s activities are independent from the day-to-day operation of the NBFI and the impact on its financial performance; and • availability of checks and balances of the Actuarial function (i.e. review of work by independent and external equally or more qualified individuals). Resources The criteria include: • the adequacy of the function’s processes to determine the required: − level of resources necessary to carry out responsibilities in response to changes in the NBFI’s business activities and strategies, as well as its operating environment; − qualifications and competencies of staff; and − continuing professional development programmes to enhance staff competencies; • requirements of the relevant Actuarial Board in terms of Continued Professional Development (CPD); • the adequacy of the function’s resources and appropriateness of its collective qualifications and competencies for carrying out its mandate and sufficiency of staff development programmes; and • plans and strategies in place to ensure the continued availability of these skills in the medium to long term. Methodology and practices The criteria include the: • adequacy of the processes to regularly review and update actuarial policies and processes; • reliance on the guidance and practice notes issued by the Society of Actuaries in Namibia (SAN), NAMFISA or any other equivalent professional board in terms of provisioning and capital requirements;
42 • appropriateness of actuarial policies and practices given the NBFI’s activities and related risks; • extent to which risk management policies and practices are coordinated with strategic, capital, and liquidity management policies and practices; • adequacy of the allowance made for risk transfer and/or mitigation in actuarial policies; • extent to which actuarial policies and practices are documented, communicated and integrated with the NBFI’s day-to-day business activities; and • adequacy of policies and practices to monitor actual results against what was expected, and timely follow up on material variances. Reporting The criteria include the: • frequency of reporting in respect of the adequacy of the use of actuarial methods and their effect on the financial position of the NBFI; • adequacy of policies and practices to regularly review underwriting cycles and promptly report findings to Senior Management and the Board of directors/trustees; • adequacy of policies and practices to monitor and follow up on the resolution of the identified issues; and • frequency and depth of reporting to Senior Management and the Board of directors/trustees on significant actuarial issues. Senior Management and Board oversight The criteria include the: • extent of reporting to the Board of directors/trustees on the performance of the tasks of the Actuarial function and informing the Management Committee thereof; • consistency of reporting on the relevant technical documentation, including the detailed analyses and tests conducted on the basis of which it performs its tasks and formulates its opinions; • prompt reporting of relevant information: − at the time of the launch or change of a product that has an impact on the NBFI’s profitability; − when entering into a new reinsurance or risk transfer agreement;
43 − when transferring portfolios of insurance, portfolios of reinsurance contracts, member benefits, or a block of assets; and − at the time of any other significant events that require intervention or validation by the Actuarial function; • extent to which approval from Senior Management and the Board of directors/trustees (or a Board Committee) is required for the: − appointment and/or removal of the HAF; − review of compensation and succession plans of the HAF; − function’s mandate and resources; and − policies and practices that govern the function’s operations; • extent of reporting to Senior Management or the Board on potential reputational damage to the NBFI due to errors in pricing, provisioning, or specific developments related to risk that have or could have a negative influence on the NBFI; and • adequacy of policies and practices to report regularly to Senior Management and the Board of directors/trustees (or a Board Committee) on the effectiveness of the NBFI’s actuarial processes. 4.3.3 Actuarial performance The quality of the Actuarial function’s performance is demonstrated by its effectiveness in evaluating the design, pricing and valuation of insurance risk offered by the NBFI, in assessing the adequacy of provisions set, in reviewing models used for the identification and assessment of risks and the need for risk transfer, and in using stress testing and other analytical tools to establish the adequacy of capital. The assessment considers the effectiveness with which the Actuarial function anticipates, identifies and measures deviations of actual results from those expected by the NBFI in a dynamic operating environment, and suggests remedial actions to Senior Management and the Board of directors/trustees. NAMFISA will heed the indicators of effective performance of the Actuarial function to guide the determination and execution of its supervisory activities. These activities may include: • discussions with directors, management (including the HAF or Chief Actuary), and actuarial associations;
44 • assessment of the Actuarial function’s oversight practices and how particular issues (e.g. inappropriate pricing or extreme variances in actual versus expected results) are dealt with; • a review of relevant policies (e.g. the Underwriting Policy); • assessment of Actuarial methodologies and practices; • independent reviews conducted by the function in conjunction with actuarial associations; and • a review of Actuarial valuation reports, own risk and solvency assessments (ORSA), and suchlike. 4.3.4 Examples of indicators that the NBFI could use to guide its supervisory judgement These examples include the extent to which the Actuarial function: a) evaluates the design, pricing and valuation of the insurance risk offered by the NBFI; b) assesses the reasonableness of provisions set for policy liabilities and the appropriateness of the process followed; c) reviews models used to determine exposures and the adequacy of risk transfer programmes to mitigate these exposures; d) analyses the stress testing results, and the process used, to establish the adequacy of capital and capital planning for the NBFI under adverse conditions; e) integrates its policies, practices and limits with day-to-day business and operational activities and with the NBFI’s strategic, capital and liquidity management policies; f) reports on the results of its work to Senior Management and the Board of directors/trustees in a timely and efficient manner; and g) evaluates how bonuses are declared for participating policies. 4.4 Oversight: Internal Audit Function The Internal Audit function provides independent oversight of the effectiveness of, and adherence to, the NBFI’s organisational and procedural controls. Internal Audit is an independent and objective assurance activity designed to add value and improve an NBFI’s operations by means of a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. It conducts assurance work to determine
45 whether an institution’s risk management, control and governance processes, as designed and represented by management, are appropriate and functioning in a manner to ensure that risks are appropriately identified and managed, and to ensure compliance with requirements such as policies, plans, procedures, and applicable laws, regulations and standards. The Internal Audit function, as the third line of defence, provides independent review and objective assurance of the effectiveness of the first5 and second6 lines of defence, the risk governance framework, strategic and business planning, compensation policies, and decision-making processes. The Internal Audit function has the highest level of independence, which is not available in the second line of defence. Internal auditors must be competent, appropriately trained and not involved in developing, implementing or operating the Risk Management function nor the Compliance function, or any other first or second line of defence functions. The Board of directors/trustees retains ultimate accountability for the oversight of the management and operations of the NBFI. The oversight responsibilities delegated to the Internal Audit function typically include: • assessing the effectiveness, efficiency and adherence to the NBFI’s internal controls, risk management, and governance systems and processes created by the business units at an entity-wide level to provide a holistic opinion on the overall effectiveness and adequacy of the NBFI’s control framework; • reviewing the objectives, strategies, events, initiatives and transactions for changes that could materially impact the NBFI to ensure that control practices remain appropriate and effective; • ensuring that the scope of the Internal Audit function’s activities adequately covers areas of high risk within the audit plan; • proactively following up and reporting on significant issues to ensure timely resolution by Senior Management; • periodically assessing the effectiveness of the control functions; 5 The ‘first line of defence’ refers to the management function responsible for maintaining effective internal controls (policies, procedures and personnel) and risk management processes to manage risks and contribute towards achieving the institution’s objectives on a day-to-day basis. 6 The ‘second line of defence’ refers to the independent, entity-wide oversight function responsible for helping to build and monitor the effectiveness of the first line’s managerial internal control and risk management processes.
46 • assessing the quality of risk reporting to Senior Management and the Board of directors/trustees; and • regular reporting on the results of its work to Senior Management and the Board of directors/trustees through the Audit Committee. 4.4.1 Definition of assessment ratings The overall rating of the Internal Audit function is given based on the appropriateness and effectiveness of the function’s performance according to its mandate while adhering to the risk appetite and profile of the NBFI. The performance of the Internal Audit function is assessed as strong, acceptable, needs improvement, or weak. The characteristics of the performance indicators that guide the determination of an overall rating are as follows: Strong The Internal Audit function exceeds supervisory expectations of what is considered appropriate and necessary in respect of the risk appetite and risk profile of the NBFI. The function’s performance is superior to supervisory expectations. Acceptable The Internal Audit function meets supervisory expectations of what is considered appropriate and necessary in respect of the risk appetite and risk profile of the NBFI. The function’s performance meets supervisory expectations. Needs improvement The Internal Audit function generally meets supervisory expectations of what is considered appropriate and necessary in respect of the risk appetite and risk profile of the NBFI; however, there are important areas that require improvement, as they could influence effectiveness in the future or during adverse conditions. The function’s performance has generally been effective, but there are key areas where improvement is needed. The areas that require improvement are not critical enough to cause prudential and market conduct concerns should they be addressed adequately and in a timely manner. The function’s performance does not consistently meet supervisory expectations. Weak The Internal Audit function does not meet supervisory expectations of what is considered appropriate and necessary in respect of the risk appetite and risk profile of the NBFI, and may
47 affect the effectiveness of the function in the future. The function’s performance often does not meet supervisory expectations. 4.4.2 Assessment criteria The assessment of the quality of the Internal Audit function depends heavily on the nature, scope, complexity and risk appetite and profile of the NBFI. These assessments are collectively taken into account, together with the performance of the Internal Audit function, when determining the overall quality of the function. The following criteria describe the characteristics NAMFISA uses to assess the quality of the function. Mandate The criteria include: • the extent to which the Board-approved Internal Audit Charter establishes: − clear objectives and responsibilities for the function and Chief Internal Auditor (CIA) or Chief Audit Executive (CAE) (note: the mandate should be periodically reviewed to ensure continued appropriateness and relevance); − the authority to audit internal controls, risk management and governance processes entity-wide and to independently express an opinion on their effectiveness; − the authority to carry out its responsibilities independently of management and the audited activities; − the right to access the NBFI’s records, information, personnel and any other information it deems necessary to carry out an audit or other reviews; and − the authority to follow up with management on actions taken in response to the audit findings and recommendations; and • the extent to which the function’s mandate is communicated within the NBFI. Organisational structure The criteria include the: • appropriateness of access and authority of the CIA or CAE within the NBFI to effectively, and without influence, carry out the function’s responsibilities (note: the organisational structure should allow for the CIA or CAE to have direct access to and to functionally report to the Board of directors/trustees through the Audit Committee and administratively to the CEO);
48 • head of the Internal Audit function should be high enough in the organisational structure to ensure that the function has the authority it needs to carry out its responsibilities; • organisational structure should enable the function to effectively discharge its mandate; and • extent to which the function is independent of the NBFI’s management and the activities it audits. Resources The criteria include: • the adequacy of the function’s processes to: − determine the level of resources necessary to carry out responsibilities in line with the NBFI’s size, complexity and risk profile; − ensure adequate qualifications, experience and skills of the staff; − offer professional development programmes to continually enhance staff competencies; and − determine the adequacy of resources needed to effectively fulfil the function’s mandate in response to changes in the NBFI and operating environment. Audit methodology and practices The criteria include the: • adequacy of policies and practices to establish a well-defined audit methodology that is risk-based and appropriate to the needs of the NBFI (note: the audit methodology should be responsive to changes in the NBFI and its operating environment); • adequacy of the function’s policies and practices to ensure that the audit methodologies conform to industry practices and current professional standards and guidelines in the Internal Audit profession (e.g. the standards and practices of the Institute of Internal Auditors); • extent to which the function’s audit methodology includes risk assessment, planning, audit programmes/tests, reporting, and practices to follow up on recommendations; and • periodic review of the appropriateness of the audit methodology and practices required to effectively fulfil the function’s mandate.
49 Planning The criteria include the: • extent to which the annual audit planning is adequately supported by robust risk assessments to determine the scope and frequency of audit work; • time period given to provide appropriate coverage by the function; • adequacy of policies and practices to regularly review audit cycles and risk assessments in order to allow for proactive responses; and • extent to which annual audit planning identifies objectives, the scope of upcoming audits, and the resources needed to execute the audit work. (Note: audit plans should be reviewed and approved by Senior Management and the Board of directors/trustees and should be continually updated to accommodate changes that may arise in the NBFI and the operating environment.) Reporting The criteria include the: • adequacy of policies and practices to: − report audit findings and recommendations to Senior Management, to allow for proactive and timely responses, and to the Board of directors/trustees through the Audit Committee; − report to the operational management responsible for the activity or business unit on matters such as audit objectives, scope, auditing findings, and recommendations for management remedial action; and − follow up with management regarding the actions taken in response to the audit findings and recommendations. Relationship with second line of defence oversight functions The criteria include the: • extent to which the function assesses the NBFI’s second line of defence oversight functions based on the appropriateness and effectiveness of their processes; and • extent to which the function shares information with second line of defence oversight functions to ensure the integration of methodologies in an attempt to minimise duplication of work.
50 Senior Management oversight (in support of the Board of directors/trustees) The Internal Audit function reports functionally to the Board of directors/trustees through the Audit Committee and administratively to the CEO to ensure it maintains its independence and objectivity in the execution of its mandate. The criteria include: • the adequacy of policies and practices to: − appoint and/or remove the function head, and review the performance of and the compensation and succession plan of the function head; − align the function’s mandate, budget and allocated resources; − set out the function’s annual work plan and any changes to this plan; − assess the effective performance of the function, especially its reporting to Senior Management; and − continually develop talent and succession planning for function key roles. Board of directors/trustees (and Audit Committee) oversight The criteria include the: • adequacy of policies and practices to appoint and/or remove the function head, and review the performance of and the compensation and succession plan of the function head; • adequacy of policies and practices to align the function’s mandate, budget and allocated resources; • adequacy of policies and practices to set out the function’s annual work plan and any changes to this plan; • adequacy of policies and practices to assess the effective performance of the function, especially its reporting to Senior Management; • extent to which the Board of directors/trustees is able to act independently of Senior Management; and • extent to which the Board of directors/trustees, through the Audit Committee, receives the relevant periodic reports from the function, extensively discusses matters contained therein, and makes decisions where required.
51 4.4.3 Internal Audit performance The Internal Audit function’s performance quality is illustrated by its overall effectiveness in providing independent assurance to Senior Management and the Board of directors/trustees regarding the effectiveness of and adherence to the NBFI’s internal control, risk management and governance processes. NAMFISA will heed the indicators of effective performance for the determination and execution of its supervisory activities. These activities may include: • discussions with directors, management (including the CIA/CAE and heads of other oversight functions), and external auditors; • a review of how significant audit findings and management’s responses are addressed by the Board of directors/trustees through the Audit Committee; • an assessment of Internal Audit methodologies and practices; and • a review of audit plans, working paper files, reports, and suchlike. 4.4.4 Examples of indicators that could be used to guide supervisory judgement These examples include: a) for the perceptions of Senior Management and the Board of directors/trustees: the extent to which the Internal Audit function is viewed by the Audit Committee and Senior Management as being effective in executing its mandate; b) for interaction with the Audit Committee: the extent to which the Internal Audit function regularly engages the Audit Committee on the continued appropriateness of the Internal Audit budget, resources (staffing and skill sets), and plan; c) for the proactive escalation of significant or pervasive issues: the extent to which the Internal Audit function proactively communicates to the Audit Committee significant and persistent findings and management’s action in relation to them; d) for the critical review of objectives, strategies and initiatives: the extent to which the Internal Audit function actively reviews objectives, strategies, events, initiatives, and transactions for changes that could materially impact the NBFI in order to ensure that
52 internal control, risk management and governance processes continue to be appropriate and effective; e) for the pursuit of information: the extent to which the Internal Audit function actively seeks information from the Compliance function, Risk Management function, internal or external auditors or actuaries, regulators, or other relevant sources at any level within the entity (i.e. entity-wide) to corroborate or enhance its risk assessment and to ensure that areas of weakness are appropriately considered in its audit plan; f) for the follow up of issues: the extent to which the Internal Audit function proactively follows up and reports on significant internal control, risk management and governance issues to ensure timely resolution and escalation to Senior Management and the Board of directors/trustees, as necessary; g) the extent to which the Internal Audit function demonstrates its ability to cause necessary changes in the operations of the NBFI in response to identified material weaknesses; h) for the critical evaluation of findings: the extent to which the Internal Audit function appropriately considers the pervasiveness and significance of its findings, both at the individual activity level as well as in aggregate throughout the NBFI; and i) for the presentation of findings: the extent to which the Internal Audit function can appropriately differentiate between audit findings that affect safety and soundness from those that affect operating efficiency, and the manner in which these are communicated, monitored and followed up. 4.5 Oversight: Senior Management Function Senior Management is responsible for planning, directing and controlling the strategic direction and general operations of the NBFI, in compliance with applicable laws and regulations. The Board of directors/trustees should clearly define the functions that are considered pertinent, reserve these functions at the Board of directors/trustees level, and delegate other matters to Senior Management. The key responsibilities of Senior Management include: • developing business strategies, models, plans, policies, and organisational structures and controls for Board approval;
53 • developing and carrying out the day-to-day operations of the NBFI effectively and in accordance with the institution’s Board-approved culture, business objectives and strategies to achieve these objectives in line with the NBFI’s long-term interests and viability; • establishing sound management structures; • developing sound business practices as well as a sound business culture and ethics; • overseeing operational management and ensuring that operations are in line with the Board-approved policies and procedures; • promoting sound risk management, compliance, and the fair treatment of members and/or policyholders; • promoting strong risk management and internal controls, and communicating to all employees their responsibilities in these areas; • ensuring that all employees understand the risks and controls within the NBFI to enable the management of risks on a daily basis; • providing the Board of directors/trustees with comprehensive, adequate and timely information to enable the Board to focus on risks and make timely decisions; • maintaining adequate and orderly records of the NBFI; • ensuring that membership records, contributions, and benefit payments are administered in accordance with the rules; • ensuring that the assets are invested in accordance with the investment policy established by the Board of directors/Trustees, which is appropriate to the nature and financial circumstances of the fund and which the Board implements and regularly reviews after taking expert advice; • ensuring that adequate and appropriate information is communicated to all members of the fund, employers, and sponsors pursuant to a communication strategy consistent with the standards issued by NAMFISA; and • taking all the necessary steps to ensure the timely payment of contributions to the fund. NAMFISA expects Senior Management to implement the appropriate systems and controls in accordance with the Board-approved risk appetite and values that are consistent with internal policies and procedures. The systems and controls must provide for organisational decisionmaking in a clear and transparent manner that promotes effective management of the NBFI. Adequate procedures should be in place for assessing the effectiveness of Senior Management
54 performance against the performance objectives as set out by the Board of directors/trustees. Any identified inadequacies or gaps in performance by Senior Management must be addressed promptly and reported to the Board of directors/trustees. 4.5.1 Definition of assessment ratings An assessment of the quality of the Senior Management function’s oversight of the NBFI’s activities and related risks, with due regard to the institution’s financial safety and soundness, is conducted. As such, the performance of the function is assessed as strong, acceptable, needs improvement, or weak. The overall rating of the function takes into account the appropriateness of its characteristics and the effectiveness of its performance in executing its mandate within the framework of the nature, scope, complexity and risk profile of the NBFI. The characteristics of the performance indicators that guide the determination of an overall rating are as follows: Strong The Senior Management function’s characteristics surpass the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function’s characteristics and/or performance are superior to supervisory expectations. Acceptable The Senior Management function’s characteristics meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function’s performance has been effective. The function’s characteristics and/or performance meet supervisory expectations. Needs improvement The Senior Management function’s characteristics generally meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI; however, there are important areas that require improvement, as they could influence effectiveness in the future or during adverse conditions. The function’s performance has generally been effective, but there are key areas where improvement is needed. The areas that require improvement are not critical enough to cause prudential and market conduct concerns should they be addressed adequately and in a timely manner. The function’s characteristics and/or performance do not consistently meet supervisory expectations.
55 Weak The Senior Management function’s characteristics are not, in a material way, what is considered necessary in respect of the nature, scope, complexity and risk profile of the NBFI, and may influence effectiveness in the future or during adverse conditions. The function’s performance has exhibited critical activities where effectiveness needs to be improved through immediate action. The function’s characteristics and/or performance often do not meet supervisory expectations. 4.5.2 Assessment criteria The following criteria describe the characteristics NAMFISA will use in assessing the quality of the Senior Management function’s oversight of the NBFI’s activities and related risks, with due regard to the institution’s safety and soundness and market conduct practices. The application and weighting of the individual criteria are dependent on the nature, scope, complexity and risk profile of the NBFI and will be collectively assessed with the function’s performance in rating its overall effectiveness. Mandate The criteria include: • the extent to which the Board of directors/trustees delegates to the CEO responsibility for developing and implementing policies and practices for the effective management of the NBFI’s operations, which may include but is not limited to: − strategic management; − risk management; − liquidity and capital management; − internal controls; − market conduct; and − ethical business conduct; • the adequacy of policies or practices to delegate responsibilities from the CEO to other members of Senior Management and to regularly review the appropriateness of the delegation; • the appropriateness of the mandates for Senior Management positions and the extent to which they clearly define lines of authority, responsibility and accountability, as well as the extent to which these mandates are communicated throughout the NBFI; • with regard to the oversight functions on which it relies (i.e. Compliance, Risk Management, Internal Audit), the extent to which Senior Management:
56 − recommends approval by the Board of directors/trustees for the appointment, performance reviews, and succession plans of the function heads; − ensures that they have adequate authority, independence and resources to carry out their mandates; − provides appointees with unfettered access to Senior Management and the Board of directors/trustees; and − monitors the effectiveness of the oversight functions. Organisational structure The criteria include the: • adequacy of policies and practices to regularly review the NBFI’s organisational structure; and • appropriateness of the NBFI’s organisational structure, given the nature, scope and complexity of the NBFI. Committees The criteria include the: • extent to which Senior Management committees are used to oversee the management of significant activities and related risks; and • extent to which Senior Management committee mandates are clearly defined and communicated throughout the NBFI. Expertise The criteria include the: • adequacy of policies or practices to regularly review the range of qualifications, knowledge, skills and experience required to fulfil Senior Management responsibilities; • appropriateness of the range of qualifications, knowledge, skills and experience available to fulfil Senior Management responsibilities; • adequacy of policies or practices for the selection, appointment and succession of Senior Management; and • extent to which management development programmes are available to Senior Management.
57 Policies and practices The criteria include the: • adequacy of policies or practices to establish business objectives, strategies and plans, as well as to monitor the NBFI’s performance against them; • adequacy of policies or practices to regularly review the adequacy and effectiveness of the NBFI’s liquidity and capital management; • extent to which risk management policies and practices are: − institution-wide; − linked to strategic, capital and liquidity management; − prudent in the context of the risk profile of the NBFI and aligned with the NBFI’s Risk Appetite Framework and remuneration policy; − reviewed regularly for appropriateness; and − communicated to the appropriate individuals throughout the NBFI; • adequacy of processes, techniques and criteria used to consistently identify, measure, monitor, control and report significant risks, and to ensure that approved risk management policies and practices are adhered to; • adequacy of policies and practices to ensure regular review of the organisational and procedural control environment; • adequacy of policies and practices to ensure compliance with applicable laws, regulations, standards and guidelines; • extent to which human resource policies and practices give priority to attracting, developing and retaining high-calibre staff and promoting good morale within the NBFI; • extent to which remuneration programmes promote prudent risk taking and are aligned with the long-term strategic objectives and risk appetite of the NBFI; • adequacy of procedures in place for assessing the effectiveness of Senior Management performance against the objectives set by the Board of directors/trustees; • adequacy of policies and practices for communication and disclosure to stakeholders; and • extent to which management policies and practices promote sound corporate governance and ethical business conduct.
58 Board of directors/trustees oversight The criteria include the: • extent to which Senior Management seeks Board approval for: − the NBFI’s short- and long-term business plan, strategy, and significant strategic initiatives; − its Risk Appetite Framework, Internal Control Framework, codes of ethics and conduct, and the significant policies and plans related to the management of capital and liquidity; − the appointment, performance review, remuneration and succession of key members of Senior Management; − the mandate, resources and budgets for the oversight functions; and − both internal and external audit plans; • extent to which Senior Management seeks Board advice and counsel for: − significant operational, business, risk and crisis management policies and their effectiveness; and − business performance and the effectiveness of risk management; • extent to which there is full, open and timely disclosure to and discussion with the Board of directors/trustees (or its committees) on all significant issues; and • extent to which effective policies or practices are in place for the escalation of key issues to the Board of directors/trustees. 4.5.3 Senior Management performance The quality of the Senior Management function’s performance is demonstrated by its effectiveness in overseeing the execution of approved strategies and effective management of the NBFI’s operations, with due regard to the institution’s safety and soundness and market conduct practices. NAMFISA’s assessment will consider the ability of Senior Management to achieve the NBFI’s business objectives effectively while maintaining an appropriate governance and control culture. NAMFISA will heed the indicators of effective Senior Management performance to guide the determination and execution of its supervisory activities. These activities may include: • discussions with directors and management; • an assessment of Senior Management oversight practices and how issues are dealt with;
59 • an assessment of business plans and review of management information and audit reports; and • a review of Senior Management committee minutes, and suchlike. 4.5.4 Examples of indicators that could be used to guide supervisory judgement These examples include the extent to which the Senior Management function: a) develops strategies and plans for the attainment of business objectives that are appropriate, prudent and aligned with the fair treatment of customers, in the context of the regulatory, competitive and economic environment, and regularly monitors the execution of approved plans to ensure that objectives are achieved or that strategies are appropriately adjusted to deal with changes in business or economic conditions; b) actively monitors adherence to approved policies, organisational controls, procedural controls and compliance requirements; ensures that appropriate and timely action is taken to remedy any deficiencies that may arise, including issues brought by other oversight functions and regulators; and ensures that management information systems provide timely and relevant information to support its oversight responsibilities; c) is successful in attracting, developing and retaining high-calibre staff and in maintaining good morale, and in holding the staff accountable for the execution of their duties; d) sets an appropriate ‘tone from the top’, promoting a risk culture that focuses on the fair treatment of customers and stresses integrity and effective risk management and the performance of duties in an ethical manner; e) keeps the Board of directors/trustees and its committees fully appraised, on a timely basis, of market conditions, strategic opportunities and concerns, operating performance, and issues that could significantly affect the well-being of the NBFI, which includes providing quality information and sound advice to the Board of directors/trustees, enabling them to make informed decisions in a timely manner; and f) escalates key issues to the Board of directors/trustees in a timely manner.
60 4.6 Oversight: Board of directors/trustees Function The Board of directors/trustees function is ultimately responsible for providing stewardship and overall oversight to the management of an NBFI and its business operations. Senior Management keeps the Board well informed, through comprehensive reports and information, on the business activities of the NBFI. NAMFISA places the role of oversight and governance with the Board of directors/trustees of NBFIs, where relevant. It is the Board of directors/trustees’ responsibility to ensure that the business activities of the financial institution are conducted in a safe and sound manner with the required professionalism in respect of their market conduct practices and general business conduct. The Board of directors/trustees’ key responsibilities include: • guiding, reviewing and approving the business model and associated objectives, strategies and plans developed by Senior Management; • ensuring that Senior Management is qualified and competent; • the governance of risk (i.e. guiding, reviewing and approving risk management policies); • reviewing and approving organisational and procedural controls; • implementing a culture of the fair treatment of policyholders and/or members; • providing for the independent assessment of management controls; and • employing structures and processes to ensure the integrity of its financial reporting. 4.6.1 Definition of assessment ratings An assessment of the quality of the Board of directors/trustees function’s fulfilment of its overall responsibilities of governance and oversight of the management and operations of the NBFI, with due regard to the institution’s financial safety and soundness, is conducted. The overall rating of the function takes into account the appropriateness of its characteristics and the effectiveness of its performance in executing its mandate within the framework of the nature, scope, complexity and risk profile of the NBFI. The characteristics of the performance indicators that guide the determination of an overall rating are as follows:
61 Strong The characteristics of the Board of directors/trustees function surpass the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function has constantly exhibited a highly effective performance. The function’s characteristics and/or performance are superior to supervisory expectations. Acceptable The characteristics of the Board of directors/trustees function meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI. The function’s performance has been effective. The function’s characteristics and/or performance meet supervisory expectations Needs improvement The characteristics of the Board of directors/trustees function generally meet the requirements in respect of the nature, scope, complexity and risk profile of the NBFI; however, there are important areas that require improvement, as they could influence effectiveness in the future or during adverse conditions. The function’s performance has generally been effective, but there are key areas where improvement is needed. The areas that require improvement are not critical enough to cause prudential and market conduct concerns should they be addressed adequately and in a timely manner. The function’s characteristics and/or performance do not consistently meet supervisory expectations. Weak The characteristics of the Board of directors/trustees function are not, in a material way, what is considered necessary in respect of the nature, scope, complexity and risk profile of the NBFI, and may influence effectiveness in the future or during adverse conditions. The function’s performance has exhibited critical activities where effectiveness needs to be improved through immediate action. The function’s characteristics and/or performance often do not meet supervisory expectations. 4.6.2 Assessment criteria The following criteria describe the characteristics NAMFISA uses to assess the quality of the Board of directors/trustees’ function’s stewardship and oversight of the NBFI. The application and weighting of the individual criteria are dependent on the nature, scope, complexity, and risk profile
62 of the NBFI and will be collectively assessed with the function’s performance in rating its overall effectiveness. Board composition, structure and powers The criteria include: • compliance with the provisions of the legislation; • the clear separation of powers between the Board of directors/trustees and Senior Management to enable the Board to exercise oversight over Senior Management; • an approved Board Charter (Terms of Reference) with well-defined powers and responsibilities of the Board, and the appropriateness of these powers and responsibilities; • the adequacy of policies or practices to regularly determine the Board size and the required range of directors’ qualifications, knowledge, skills, experience and level of commitment to fulfil responsibilities; • the appropriateness of the Board size and the available range of directors’ qualifications, knowledge, skills, experience and level of commitment to fulfil responsibilities; • the adequacy of policies or practices to recommend the selection, approval, renewal, and succession of directors; • the adequacy of policies or practices to ensure that there is sufficient non-executive representation on the Board; • the appropriateness of the independent directors’ representation and diversity on the Board; and • Board and Board Committee Chairs are independent and non-executive (as defined in the Standards). Roles and Responsibilities of the Board of directors/trustees The criteria include: • approving and overseeing the: − short- and long-term business plans, strategies and significant strategic initiatives of the NBFI; − financial resources of the NBFI, to ensure they are sufficient for the discharge of the institution’s obligations;
63 − establishment of procedures for identifying and dealing with conflicts or potential conflicts of interest and for identifying and vetting related party transactions, with a view to avoiding those that are prohibited by legislation; − establishment of procedures for outsourcing functions in accordance with legislation; − establishment of investment and lending policies, standards and procedures in accordance with legislation; − significant policies, plans and strategic initiatives of the NBFI; − compliance with legislation, ethics and conduct; − appointment and dismissal of senior officers, and the establishment of the level of remuneration for officers of the NBFI based on criteria that promote the interests of the financial institution and do not encourage imprudent behaviour; − succession plans with respect to the Board of directors/trustees, CEO and other key members of Senior Management, including the heads of the oversight functions; − establishment of risk management strategies and policies for the identification, measurement, monitoring and controlling of significant risks on an ongoing basis; − monitoring of referred procedures, strategies and policies to ensure that they are being adhered to by the NBFI and that they are modified from time to time to accommodate changing circumstances; − establishment of an Audit Committee to perform the duties referred to in the FIM Act; − establishment of procedures with respect to the fair treatment of consumers and clients, including the disclosure of information to them, the protection of their personal information, the prompt assessment and payment of legitimate claims of such consumers and clients, and the handling of consumer and client complaints; and − preparation of the NBFI’s annual financial statements. Board committees The criteria include the: • adequacy of policies or practices to regularly review the structure and composition of Board committees to ensure that they provide sufficient oversight and that they are aligned with legislation, where applicable; • existence of an Audit Committee with sufficient mandate, authority and composition, as stipulated in the legislation;
64 • clearly defined Board committee mandates or terms of reference regarding the powers and responsibilities approved by the Board of directors/trustees; • adequacy of the Board committees’ structures, given the nature, scope and risk profile of the NBFI; • adequacy of policies or practices to establish and regularly review Board committee mandates; • adequacy and frequency of Board committees reporting to the Board of directors/trustees; • adequacy of policies or practices to ensure that there is sufficient authority, diversity, independence, relevant expertise, resources and access to all relevant employees and information to perform their functions; and • nature and extent to which Board committee mandates promote independent and comprehensive oversight, with timely and regular reporting to the Board of directors/trustees. Policies and practices The criteria include the: • adequacy of policies or practices to induct new directors and to periodically update existing directors on their responsibilities and on the NBFI’s businesses and related risks; • adequacy of policies or practices on the appointment of directors through formal processes; • adequacy of policies or practices to promote independent, effective and timely decision-making, including practices related to the role of non-executive directors; • adequacy of policies or practices to establish and monitor work plans for fulfilling Board goals and responsibilities; • adequacy of policies or practices to set Board agendas and priorities, arrange and conduct meetings and record deliberations and decisions, as well as the extent to which these practices promote transparency in Board accountabilities; • adequacy of policies or practices to ensure that directors receive timely, relevant, accurate and complete information (including access to independent advice), enabling them to: − determine that the responsibilities delegated to Board committees and Senior Management are being discharged effectively; and
65 − make informed and sound decisions; • extent to which the directors’ compensation promotes prudent decision-making while taking into account the objectives of the NBFI; • with respect to the oversight functions on which the Board of directors/trustees relies (i.e. Compliance, Risk Management, Internal Audit), extent to which it: − approves the appointment, dismissal, and succession plans for the heads of the oversight functions; − ensures that the heads of the oversight functions have adequate authority, independence and resources to carry out their mandates; − provides appointees with unrestricted access to the Board of directors/trustees or its committees; and − provides challenges, advice and guidance on the effectiveness of oversight functions; • adequacy of the Board’s assessment of its practices and those of the Board committees; and • appropriateness of strategies to enhance the Board’s effectiveness. 4.6.3 Board of directors/trustees performance NAMFISA’s assessment places emphasis on the Board’s effectiveness and considers potential Board characteristics that may affect effectiveness in the future or within adverse environments. NAMFISA focuses on the corporate governance outcomes that arise from the Board’s stewardship and oversight of the management and operations of the NBFI. These outcomes include: • clear, aligned and consistent direction regarding the NBFI’s strategy, risk appetite and controls; • open Board discussions and well-managed information flows; • an accountable and effective Senior Management; • independent and effective oversight functions with demonstrated stature and authority; and • an independent and capable Board of directors/trustees that operates within an effective governance structure.
66 4.6.4 Examples of indicators that could be used to guide supervisory judgement These examples include the extent to which the Board of directors/trustees’ function: a) performs a regular, in-depth review and evaluation of the NBFI’s business objectives and strategies, as well as events and transactions that could pose significant risks to the NBFI, with a view to balancing business objectives with appropriate controls and governance; b) is actively involved in the selection and performance review of the CEO and Senior Management, including heads of oversight functions, as appropriate; c) promotes a risk culture that stresses integrity and effective risk management and the performance of duties in an ethical manner throughout the NBFI; d) oversees, on a regular basis, the appropriateness of the overall risk appetite, major business activities and risks of the NBFI; e) establishes thresholds for the type and significance of issues to be brought to its attention (including adverse results, deficiencies in or breaches of limits, controls or policies, and changes in the external environment); f) proactively follows up on issues identified by management, internal or external audit, risk management, actuaries, or other regulators in order to satisfy itself that appropriate action has been taken or resolution achieved; g) defines and periodically assesses for continued relevance, the type, comprehensiveness and frequency of information and reporting it needs to monitor and act on in a timely manner, and ensures that any required changes to information and reporting are made; h) actively engages in the review of information presented by Senior Management for information purposes or for Board approval, appropriately weighing salient issues and alternatives, engaging in discussions, challenging Senior Management’s underlying assumptions, and requesting additional information or explanation; i) ensures its meetings provide a balanced focus on key issues and ongoing governance requirements within the NBFI;
67 j) ensures there is sufficient opportunity for non-executive directors to meet in private, and carefully considers the output of these meetings; k) ensures that the NBFIs’ policies and procedures are aligned with the interests of policyholders and other stakeholders and the fair treatment of customers; l) proactively engages in reviewing the mandates, resources, scope of work and effectiveness of the oversight functions upon which it relies for risk management, control and compliance assurances, and ensures that Senior Management supports these functions appropriately; m) regularly assesses its practices, and those of the Board committees, and pursues strategies to enhance its overall effectiveness; and n) analyses the results of annual Board performance evaluations regarding its effectiveness in discharging its roles and responsibilities and in identifying opportunities to improve its performance. 5. Effective Date The RBS Framework is effective from the date of its approval by the NAMFISA Board. 6. Revision The RBS Framework will be reviewed every five years, and/or when NAMFISA deems it appropriate. 7. Approval Approved by the NAMFISA Board on ……………. 2023. Signed: ………………………………. …………………………….. Chairperson of the Board Board Secretary Ms Hettie Garbers-Kirsten Mr Bryan Kandjiriomuini
68 Appendix A: Risk Matrix Tool
69 Appendix B: Inherent Risk Categories and Definitions Insurance Risk Insurance risk occurs when pricing is not adequate enough to cover future claims for insurance and annuity contracts. Exposure to this risk normally arises from wrong judgements in the underwriting process (i.e. the selection and approval of risks to be insured) and product design. Operational Risk Operational risk is defined as the potential loss that may arise from inadequate or failed internal processes, systems and people skills, or adverse external events. Operational risk exposure results from normal day-to-day operations such as deficiencies or breakdowns in respect of transaction processing, fraud, physical security, data/information security, human error, and unanticipated events such as natural disasters. Credit Risk Credit risk is the risk of default that arises from counterparties’ failure, inability or unwillingness to fully or partly meet both on- and off-balance sheet contractual obligations. Exposure to this risk results from financial transactions with counterparties such as, amongst others, reinsurers, intermediaries, policyholders, and financial institutions. NBFIs are exposed to credit risk from diverse financial instruments such as financial futures, swaps, bonds, options, commitments and guarantees. Market Risk Market risk is the risk of adverse changes in the value of financial assets due to the volatility of market rates. Exposure to this risk results from trading, investment, and other business activities that create on- and off-balance sheet positions. Market risk includes, amongst others, equity price risk, foreign currency risk, interest rate risk, commodity price risk, and properties risk. Legal and Regulatory Risk Legal and regulatory risk arises from the NBFI’s non-conformance with laws, rules, regulations, prescribed practices, or ethical standards in any jurisdiction in which the institution operates. This definition excludes market conduct risk, which is separately defined below.
70 Market Conduct Risk Market conduct risk is the risk of financial loss of consumers and counterparties caused by the undesirable market conduct practices of an NBFI and/or its representatives. This includes the NBFI’s inability or unwillingness to comply with the requisite market and business conduct requirements. Strategic Risk Strategic risk arises from an NBFI’s potential inability to implement appropriate business plans and strategies, make decisions, allocate resources, or adapt to changes in its business environment.
71 Appendix C: Inherent Risk Assessment Ratings, Overall Ratings for Quality of Risk Mitigation Control Functions and Overall Net Risk Ratings
72 Acceptable The characteristics (i.e. mandate, organisational structure, resources, methodologies, practices) of the function meet what is considered necessary in respect of the nature, scope, complexity and risk profile of the NBFI. The function’s performance has been effective. The function’s characteristics and performance meet sound industry practices. Needs improvement The characteristics (i.e. mandate, organisational structure, resources, methodologies, practices) of the function generally meet what is considered necessary in respect of the nature, scope, complexity and risk profile of the NBFI; however, there are important areas where improvement is needed. The function’s performance has generally been effective, but there are key areas where effectiveness needs to be improved. The areas that need improvement are not critical enough to cause prudential concerns if addressed in a timely manner. The function’s characteristics and/or performance do not consistently meet sound industry practices. Weak The characteristics (i.e. mandate, organisational structure, resources, methodologies, practices) of the function are not, in a material way, what is considered necessary in respect of the nature, scope, complexity and risk profile of the NBFI. The function’s performance has demonstrated serious instances where effectiveness needs to be improved through immediate action. The function’s characteristics and/or performance often do not meet sound industry practices. 3) Overall Net Risk Ratings Low The NBFI has risk management controls that substantially mitigate risks inherent in its significant activities down to levels that collectively have a lower-than-average probability of a material adverse impact on its capital, earnings, liquidity, and the fair treatment of consumers in the foreseeable future. Normally, an NBFI in this category will have a predominance of significant activities rated as low net risk. Other combinations may be possible depending on the circumstances of the NBFI.
73 Moderate The NBFI has risk management controls that sufficiently mitigate risks inherent in its significant activities down to levels that collectively have an average probability of a material adverse impact on its capital, earnings, liquidity, and the fair treatment of consumers. Normally, an NBFI in this category will have a significant number of activities rated as moderate net risk, or a few significant activities rated as high net risk, and others rated as low net risk. Other combinations may be possible depending on the circumstances of the NBFI. Above average The NBFI has weaknesses in its risk management controls that, although not serious enough to present an immediate threat, give rise to a high net risk in a number of its significant activities. As a result, net risks in its significant activities collectively have an above-average probability of a material adverse impact on the NBFI’s capital, earnings, liquidity, and the fair treatment of consumers. Normally, an NBFI in this category will have a number of significant activities rated as high net risk, and others rated mainly as moderate net risk. Other combinations may be possible depending on the circumstances of the NBFI. High The NBFI has weaknesses in its risk management controls that may pose a serious threat to its financial viability or solvency and give rise to a high net risk in a number of its significant activities. As a result, net risks in its significant activities collectively have a high probability of a material adverse impact on the NBFI’s capital, earnings, liquidity, and the fair treatment of consumers. Normally, an NBFI in this category will have a predominance of significant activities rated as high net risk or one or more significant activities rated as high net risk, which will have a pervasive impact on its operations. Other combinations may be possible depending on the circumstances of the NBFI. The weaknesses in risk management controls may lead to considerable doubt about the NBFI’s capability and/or willingness to apply prompt and effective corrective measures to sufficiently mitigate net risks in a significant activity.
74 Appendix D: Assessment of Risk Mitigation Controls
75 • establishing policies and procedures to manage risks; • reporting the results of risk monitoring to Senior Management and the Board of directors/trustees; • assisting and advising the Board of directors/trustees with regard to developing risk appetite statements, metrics and tolerance limits; and • assessing the risk positions and risk exposures, as well as the steps being taken to manage them. Actuarial Function Actuarial is an independent control function, which is applicable only to NBFIs with insurance businesses that have responsibilities beyond the legal requirements of the appointed actuary. The key responsibilities include: • offering Senior Management and the Board of directors/trustees a certain degree of quality assurance in a number of areas for actuarial calculations and underlying assumptions; • ensuring that these calculations and assumptions are actuarially sound, and that sufficient provision is made for deviations of actual experience from that which is expected; • ensuring that the pricing of insurance contracts is commensurate with the risk taken on, and that sufficient provisions are made for the NBFI’s liabilities; and • ensuring, in conjunction with the Risk Management function, that risk is sufficiently managed through means such as reinsurance, and that the capital held by the NBFI is in line with the regulatory requirements of the institution’s risk profile. Internal Audit Function Internal Audit is an independent function within the NBFI, which provides independent assurance with regard to the quality and effectiveness of the internal controls. The Internal Audit function is entirely independent from operational management and Senior Management in the execution of its mandate. The oversight responsibilities delegated to the Internal Audit function typically include: • assessing the effectiveness, efficiency and adherence to the NBFI’s internal controls, risk management, and governance systems and processes created by the business units at
76 an entity-wide level to provide a holistic opinion on the overall effectiveness and adequacy of the NBFI’s control framework; • reviewing the objectives, strategies, events, initiatives and transactions for changes that could materially impact the NBFI to ensure that control practices remain appropriate and effective; • ensuring that the scope of the Internal Audit function’s activities adequately covers areas of high risk within the audit plan; • proactively following up and reporting on significant issues to ensure timely resolution by Senior Management; • periodically assessing the effectiveness of the control functions; • assessing the quality of risk reporting to Senior Management and the Board of directors/trustees; and • regular reporting on the results of its work to Senior Management and the Board of directors/trustees through the Audit Committee. Senior Management Function Senior Management is responsible for planning, directing and overseeing the strategic direction and effective management of the general operations of the NBFI, in compliance with applicable laws and regulations. The function supports the Board of directors/trustees’ oversight by providing relevant, accurate and timely information. The key responsibilities include: • developing business strategies, models, plans, policies, and organisational structures and controls for Board approval; • developing and carrying out the day-to-day operations of the NBFI effectively and in accordance with the institution’s Board-approved culture, business objectives and strategies to achieve these objectives in line with the NBFI’s long-term interests and viability; • establishing sound management structures; • developing sound business practices as well as a sound business culture and ethics; • overseeing operational management and ensuring that operations are in line with the Board-approved policies and procedures;
77 • promoting sound risk management, compliance, and the fair treatment of members and/or policyholders; • promoting strong risk management and internal controls, and communicating to all employees their responsibilities in these areas; • ensuring that all employees understand the risks and controls within the NBFI to enable the management of risks on a daily basis; • providing the Board of directors/trustees with comprehensive, adequate and timely information to enable the Board to focus on risks and make timely decisions; • maintaining adequate and orderly records of the NBFI; • ensuring that membership records, contributions, and benefit payments are administered in accordance with the rules; • ensuring that the assets are invested in accordance with the investment policy established by the Board of directors/trustees/Trustees, which is appropriate to the nature and financial circumstances of the fund and which the Board implements and regularly reviews after taking expert advice; • ensuring that adequate and appropriate information is communicated to all members of the fund, employers, and sponsors pursuant to a communication strategy consistent with the standards issued by NAMFISA; and • taking all the necessary steps to ensure the timely payment of contributions to the fund. Board of directors/trustees Function The Board of directors/trustees is ultimately responsible for providing stewardship and overall oversight to the management of the NBFI and its business operations. Senior Management keeps the Board of directors/trustees well informed, through comprehensive reports and information, on the business activities of the NBFI. NAMFISA places the role of oversight and governance with the Board of directors/trustees of NBFIs, where relevant. It is the Board of directors/trustees’ responsibility to ensure that the business activities of the financial institution are conducted in a safe and sound manner with the required professionalism in respect of their market conduct practices and general business conduct. The Board of directors/trustees may delegate some of its oversight responsibilities to Senior Management but retains ultimate accountability for oversight. The key responsibilities include:
78 • guiding, reviewing and approving the business model and associated objectives, strategies and plans developed by Senior Management; • ensuring that Senior Management is qualified and competent; • the governance of risk (e.g. guiding, reviewing and approving risk management policies); • reviewing and approving organisational and procedural controls; • implementing a culture of the fair treatment of policyholders and/or members; • providing for the independent assessment of management controls; and • employing structures and processes to ensure the integrity of its financial reporting.
79 Appendix E: Assessment Ratings: Composite Risk, Capital, Funding, Earnings and Liquidity
80 present an immediate threat to financial viability or solvency, could deteriorate into critical problems if not addressed promptly. Normally, an NBFI in this category will have an aboveaverage overall net risk, which is not sufficiently mitigated by capital, funding, earnings and liquidity, or a moderate overall net risk coupled with capital, funding, earnings and liquidity that need improvement. Other combinations may be possible depending on the circumstances of the NBFI. High The NBFI has serious safety and soundness concerns. One or both of the following conditions are present: (1) the combination of its overall net risk and its capital, funding, earnings and liquidity is such that the NBFI is vulnerable to most adverse business and economic conditions, posing a serious threat to its financial viability or solvency unless effective corrective action is implemented promptly, and/or (2) its performance is poor, with most key indicators below industry norms, seriously impairing its ability to access additional capital. Normally, an NBFI in this category will have a high overall net risk, which is not sufficiently mitigated by capital, funding, earnings and liquidity, or an above-average overall net risk coupled with capital, funding, earnings and liquidity that need improvement. Other combinations may be possible depending on the circumstances of the NBFI. 2) Capital Assessment Ratings: Insurance Institutions, Financial Market Infrastructures and Capital Markets Intermediaries Strong Capital adequacy is strong and commensurate with the overall net risk of the NBFI and exceeds the regulatory capital requirements. The trend in capital adequacy over the next 12 months is expected to remain positive. Capital management policies and practices are superior to generally accepted industry practices. Acceptable Capital adequacy is commensurate with the overall net risk of the NBFI and meets the regulatory capital requirements. The trend in capital adequacy over the next 12 months is expected to remain positive. Capital management policies and practices meet supervisory expectations.
81 Needs improvement Capital adequacy is not sufficiently commensurate with the overall net risk of the NBFI. Although the NBFI marginally meets the minimum regulatory capital requirements, this cannot be assured over the next 12 months. The trend in capital adequacy over the next 12 months is expected to remain uncertain. Capital management policies and practices may not meet generally accepted industry practices. Weak Capital adequacy is not commensurate with the overall net risk of the NBFI and does not meet, or marginally meets, the minimum regulatory requirements. The trend in capital adequacy over the next 12 months is expected to remain negative. Capital management policies and practices do not meet generally accepted industry practices. 3) Funding Assessment Ratings: Pension Funds Strong Funding adequacy is rated as strong when contributions are habitually paid on time and at the set contribution rates. The required minimum information in respect of the payment of contributions is furnished on time. Robust recoverability strategies exist, complemented by a healthy financial position of the employer. Acceptable Funding adequacy is rated as acceptable when contributions are habitually paid on time and at the set contribution rates. Recoverability strategies exist, complemented by a healthy financial position of the employer. However, a delay in the required minimum information in respect of the payment of contributions exists. Needs improvement Funding adequacy is rated as needs improvement when late payments of contributions have been noted. A delay in furnishing the required minimum information in respect of the payment of contributions exists. Recoverability strategies exist; however, the financial position of the employer is declining.
82 Weak Funding adequacy is rated as weak when non-payments of contributions have been noted. A delay in furnishing the required minimum information in respect of the payment of contributions exists, complemented by the non-existence of a recoverability strategy and deteriorating financial position of the employer. 4) Earnings Assessment Ratings Strong The NBFI has a consistent earnings performance, generating income, investment returns that significantly contribute to its long-term viability. There is no undue reliance on non-recurring sources of income to enhance earnings. The earnings outlook for the next 12 months continues to be positive. Acceptable The NBFI has a satisfactory earnings performance, generating income, investment returns needed to ensure its long-term viability. There is no undue reliance on non-recurring sources of income to enhance earnings. Although there is some exposure to earnings volatility, the outlook for the next 12 months remains positive. Needs improvement The NBFI has an inconsistent earnings performance, with returns that may, at times, be inadequate to ensure its long-term viability. It may occasionally depend on non-recurring sources of income to show a profit. The earnings outlook for the next 12 months is uncertain. Weak The NBFI has consistently recorded operating losses or earnings that are insufficient to ensure its long-term viability. It may be heavily dependent on non-recurring sources of income to show a profit. The earnings outlook for the next 12 months is expected to remain negative.
83 5) Liquidity Assessment Ratings Strong Liquidity adequacy is strong in relation to meeting the short-term obligations of the NBFI, and meets or exceeds the recommended prudential requirements and expectations. Sources of liquidity funding are strong in relation to meeting the short-term obligations of the NBFI. The trend in liquidity adequacy over the next 12 months is expected to remain positive. Liquidity management policies and practices are superior to generally accepted industry practices. Acceptable Liquidity adequacy is sufficient in relation to meeting the short-term obligations of the NBFI and meets the recommended prudential requirements and expectations. Sources of liquidity funding are sufficient in relation to meeting the short-term obligations of the NBFI. The trend in liquidity adequacy over the next 12 months is expected to remain positive. Liquidity management policies and practices meet generally accepted industry practices. Needs improvement Liquidity adequacy is not sufficient in relation to meeting the short-term obligations of the NBFI. Although the recommended prudential requirements and expectations are being met, this cannot be assured for the next 12 months. Sources of liquidity funding are not sufficient in relation to meeting the short-term obligations of the NBFI. The trend in liquidity adequacy over the next 12 months is expected to remain uncertain. Liquidity management policies and practices may not meet generally accepted industry practices. Weak Liquidity adequacy is not sufficient in relation to meeting the short-term obligations of the NBFI, and does not meet, or marginally meets, the recommended prudential requirements and expectations. Sources of liquidity funding are not sufficient in relation to meeting the short-term obligations of the NBFI. The trend in liquidity adequacy over the next 12 months is expected to remain negative. Liquidity management policies and practices do not meet generally accepted industry practices.
84 Appendix F: Assessment Criteria: Capital, Funding, Earnings and Liquidity
85 Management and the Board) 4.2 Proof of receipt of adequate and timely reporting for the purposes of evaluation and making informed decisions by Senior Management and the Board. 4.3 Extent to which independent reviews are performed by Senior Management and the Board on the insurance institution’s capital management of the institution. 2) Capital Assessment Criteria: Financial Market Infrastructures Elements Criteria
86 3.5 Appropriateness of the process for developing capital management policies and practices. 4. Capital oversight (Senior Management and the Board) 4.1 Involvement in the approval and oversight of capital management processes by Senior Management and the Board. 4.2 Proof of receipt of adequate and timely reporting for the purposes of evaluation and making informed decisions by Senior Management and the Board. 4.3 Extent to which independent reviews are performed by Senior Management and the Board on the FMIs’ capital management. 3) Capital Assessment Criteria: Capital Markets Intermediaries Elements Criteria
87 3.4 Extent to which the capital planning process is integrated with the NBFI’s strategic and business plans and provides for regular monitoring to ensure it will continue to maintain sufficient capital. 3.5 Appropriateness of the process for developing capital management policies and practices. 4. Capital oversight (Senior Management and the Board) 4.1 Involvement in the approval and oversight of capital management processes by Senior Management and the Board. 4.2 Proof of receipt of adequate and timely reporting for the purposes of evaluation and making informed decisions by Senior Management and the Board. 4.3 Extent to which independent reviews are performed by Senior Management and the Board on the capital markets intermediaries’ capital management. 4) Funding Assessment Criteria: Pension Funds Elements Criteria
88 3. Interest rate on late payments 3.1 Review of the late payment of contributions in consideration of the interest rate on late payments as prescribed by the Minister of Finance. This late payment is payable by the member, employer or any other person(s) responsible for the payment of contributions to the fund, as set out in the FIM Act. 4. Contribution holiday 4.1 Assessment of whether the ‘going-concern excess principle’ has been considered before the approval of a contribution holiday. 5. Recoverability of outstanding contributions 5.1 Assessment of the strategies that Senior Management and the Board of directors/trustees/Trustees have adopted to recover outstanding contributions, or of the provisions made to cover a funding shortfall in defined benefit funds. 5) Earnings Assessment Criteria Elements Criteria
89 6) Liquidity Assessment Criteria Elements Criteria
90 7) Liquidity Assessment Criteria: Financial Market Infrastructures Elements Criteria