INSURANCE CONSULTATION PAPER Proposed Prudential Risk-based Supervisory Framework for Insurers December 2010 CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 1 of 24
CONTENTS INTRODUCTION... 4 THE PRDENTIAL RISK-BASED SUPERVISORY FRAMEWORK FOR INSURERS... 5 THE SUPERVISORY CYCLE... 13 INTERVENTION GUIDE... 14 APPENDIX A: INHERENT RISK CATEGORIES... 15 Credit Risk... 15 Market Risk... 15 Insurance Risk... 15 Operational Risk... 16 Liquidity Risk... 16 Legal and Regulatory Risk... 16 Strategic Risk... 16 Appendix B: Risk Management Control Functions... 17 Operational Management... 17 Financial Analysis... 17 Compliance... 17 Internal Audit... 17 Risk Management... 17 Managing Executives... 18 Board of Directors... 18 APPENDIX C: INHERENT RISK RATINGS & QUALITY OF RISK MANAGEMENT CONTROL FUNCTION RATINGS... 19 Inherent Risk Ratings... 19 CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 2 of 24
Low inherent risk (L):... 19 Moderate inherent risk (M):... 19 Above average inherent risk (AA):... 19 High inherent risk (H):... 19 Quality of Risk Management Control Functions Ratings... 19 APPENDIX D RISK MATRIX... 20 APPENDIX E: INTERVENTION GUIDE... 21 CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 3 of 24
INTRODUCTION The mission of the Financial Services Board (FSB) is to promote - the fair treatment of consumers of financial services and products; the financial soundness of financial services companies; the systemic stability of the financial services industries; and the integrity of financial markets. To achieve its mission, the FSB must develop and maintain an appropriate and effective regulatory and supervisory framework. The regulatory framework involves the development and introduction of appropriate legislative measures to enable supervision. The supervisory framework involves implementing, monitoring, and enforcing the legislation. This paper focuses on a framework for the prudential supervision of insurers, the core objective of which is ensuring the financial soundness of insurers. This involves assessing whether an insurer s governance, risk management and internal controls are adequate, and whether the solvency and liquidity of the insurer are adequate to withstand unexpected shocks. As the financial system has evolved, so too has the supervisory framework. In its earlier forms, supervisory approaches tended to be compliance-based, aimed mainly at ensuring compliance with the rules laid down for financial soundness and the conduct of business. The risks associated with compliance-based approaches are that they may lead to excessive focus on observed non-compliance and to insufficient understanding of key business drivers and flaws in risk management practices of insurers. Further, a compliance-based approach tends to be retrospective and may fail to identify the major risks that insurers may face in the future. However an element of compliance monitoring is necessary in any supervisory approach to ensure that essential minimum standards are met and that the overall regulatory and supervisory regime has credibility. In 2005 the FSB initiated a new supervisory framework to facilitate proactive supervision in line with global trends, known as Risk-Based Supervision. This framework promotes the early identification and ongoing management of systemic and organisational risks allowing the FSB to focus its supervisory attention based on the risk profile of financial institutions. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 4 of 24
The Insurance Division of the FSB, building on the overall FSB Risk-Based Supervisory Framework, has developed an insurance focused prudential risk-based supervisory framework. The Insurance Division s PRSFI is based on international best practice 1 but adapted for South African specific circumstances. It is important to note that the proposed Prudential Risk-Based Supervisory Framework for Insurers does not include a focus on market conduct issues (although these issues can be considered when evaluating certain of the risk categories). The market conduct supervisory framework of the Insurance Division is being developed as part of the Treating Customers Fairly (TCF) Project. The Insurance Division has commenced with the implementation of the Prudential Risk-Based Supervisory Framework for Insurers, but prior to its comprehensive roll-out the FSB wishes to consult the insurance sector on the proposed framework. Comments on the proposed Prudential Risk-Based Supervisory Framework for Insurers may be submitted in writing on or before 31 January 2011 to: The Deputy Executive Officer: Insurance, c/o Suzette Vogelsang Financial Services Board, P.O Box 35655, Menlo Park, Pretoria, 0102; or per facsimile to (012) 347 0874 or email to ribsframework@fsb.co.ca. This consultation paper is also available on the FSB s website: www.fsb.co.za. THE PRUDENTIAL RISK-BASED SUPERVISORY FRAMEWORK FOR INSURERS The Prudential Risk-Based Supervisory Framework for Insurers (PRSFI) applies to all registered insurers and is an evolving supervisory framework that continuously updates the risk assessment of insurers. This risk assessment is performed throughout the supervisory cycle. A risk assessment is also performed on all applicants to become a new registered insurer during the registration process, based on the information provided in support of an application. 1 In particular, the framework is based on the prudential supervisory framework of the Canadian prudential regulator (the Office of the Superintendent of Financial Institutions, or OSFI). OSFI is providing training and technical assistance to the FSB s Insurance Division in the implementation of its risk-based supervisory framework. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 5 of 24
The risk assessment results in a composite risk rating of either low, moderate, above average or high. An insurer s composite risk rating is determined by: identifying its significant activities; assessing the inherent risks of each significant activity; deriving the net risk for each significant activity by assessing the extent to which the identified inherent risks are mitigated by the quality of risk management; combining the individual net risks to arrive at the insurer s overall net risk; and adjusting the overall net risk by taking account of the available capital and earnings to determine the insurer s composite risk rating. The direction of the net risk is also determined per significant activity and overall. The risk assessment is documented using a risk matrix supported by a risk assessment summary (RAS) and various supporting documents. In performing the risk assessment in particular the evaluation of the quality of risk management the nature, size and complexity of the insurance business is taken into account. In addition to assessing the knowledge about the insurer itself, comparisons may also be made with peer companies in applying the proposed framework. OBJECTIVE, KEY ELEMENTS AND BENEFITS The objective of the PRSFI is to provide an effective process for the assessment of the soundness of insurers by evaluating the insurer s risk profile, its risk management processes and practices, its financial position and its compliance with legislation. The key elements of the PRSFI are that it - is risk focused; places reliance on oversight risk management control functions, including the work of internal audit; relies on the work done by third parties like the external auditors and statutory actuaries; CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 6 of 24
provides regulatory risk ratings for each insurer, based on the FSB s assessment of the inherent risks of an insurer s significant activities and the quality of its oversight risk management control functions; provides for the communication of findings and requests to insurers in a confidential, clear and timely manner; provides that the level and frequency of supervisory scrutiny will depend on the risk rating; well managed insurers will require less supervision; promotes appropriate regulatory action in line with the risk profile of an insurer; facilitates the development of benchmarks that will inform best industry practices for dealing with various risk levels. The key implications of the PRSFI for the FSB s supervisory resources and approach are that it - requires sound judgment in identifying and evaluating risks in an insurer; requires FSB staff that perform a risk assessment to have detailed knowledge of the insurer s structure, organisation and business; accordingly requires FSB staff that perform a risk assessment to be supported by specialists with detailed industry knowledge and expertise in particular types of risks or risk management functions. The key benefits of the PRSFI are that it - allows for the systematic assessment of insurers risks using a formalized framework at regular intervals; allows for the identification of insurers and areas within insurers where difficulties or challenges exist; encourages a strong risk management function in insurers; promotes the cost-effective use of regulatory resources; and allows for continuous monitoring, early warning indicators, prompt intervention and timely action. RISK ASSESSMENT Risk is the probability or threat of damage, injury, liability, loss or other negative occurrence, caused by external or internal vulnerabilities which may be neutralized through pre-meditated action. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 7 of 24
Inherent risk refers to the probability of loss arising out of circumstances in an environment. The environment is defined as circumstances, influences, stresses and competitive, cultural, demographic, economic, natural, political, regulatory, and technological factors that affect the survival of operations and growth of an insurer. Risk analysis consists of: Identification of possible negative external and internal conditions, events or situations; Determination of cause-and-effect (causal) relationships between probable happenings, their magnitude and likely outcomes; Evaluation of various outcomes under different assumptions, and under different probabilities that each outcome will take place; Application of qualitative and quantitative techniques to reduce uncertainty of the outcomes and associated costs, liabilities or losses; and Risk assessment, a component of risk analysis, involves the identification, evaluation, and estimation of the levels of risks involved in a situation, their comparison against benchmarks or standards, and the determination of an acceptable level of risk. Risk assessment in the PRSFI begins with the identification of an insurer s significant activities. The net risk of these significant activities is a function of the aggregate inherent risk offset by the aggregate quality of risk management. This evaluation is illustrated by the following relationship: INHERENT RISKS MITIGATED BY QUALITY OF RISK MANAGEMENT = NET RISK Identification of Significant Activities Significant activities may include any significant line of business, unit or process. They are identified from various sources including the insurer s organizational structure, strategic business plans, sources of earnings and internal and external financial reporting. Judgment is applied in determining the significance or materiality of any activity in which an insurer engages. The following are examples of quantitative and qualitative criteria that may be used to determine the materiality of an activity: CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 8 of 24
Assets generated by the activity in relation to total assets; Revenue generated by the activity in relation to total revenue; Net income before tax for the activity in relation to total net income before tax; Insurance underwriting exposure in relation to capital; Reserves held as a percentage of total reserves; Asset category in relation to total assets; Strategic importance; Impact on reputation; and Key enterprise wide processes. Inherent Risk Inherent risk is intrinsic to a business activity and arises from exposure to, and uncertainty from, potential future events. Inherent risk is evaluated by considering the degree of probability and the potential adverse impact on an insurer s capital or earnings. A thorough understanding of the environment in which an insurer operates and its various business activities are essential to effectively identify and assess the inherent risk in those activities. The PRSFI groups inherent risks in the following categories for risk assessment purposes: Credit risk; Market risk; Insurance risk; Operational risk; Liquidity risk; Legal and regulatory risk; and Strategic risk. See Appendix A for a detailed description of these inherent risk categories. After significant activities have been identified, the level of each inherent risk in those activities is assessed as either being low (L), moderate (M), above average (AA) or high (H). See Appendix C for the definitions of these assessment criteria. This assessment is made without considering the impact of risk mitigation through the insurer s risk management processes and controls. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 9 of 24
Quality of Risk Management The quality of risk management is evaluated for each significant activity. In addition to Operational Management (day to day management), the PRSFI identifies six possible risk management control functions (independent oversight functions) in an insurer. These are: Financial Analysis; Compliance; Internal Audit; Risk Management; Managing Executives; and Board Oversight. See Appendix B for a detailed description of these functions. The Board of Directors takes ultimate responsibility for risk management control functions. The implementation of these functions is generally delegated to the Managing Executives, who may in turn delegate the functions to specialists. Where insurers lack some or all of the independent risk management control functions referred to above, focus will be placed on the other functions, within or external to the insurer, that manage these responsibilities. Generally, if an insurer does not have an independent risk management control function (for example, financial analysis) the performance of the risk management function remains part of the Managing Executives function, and the Managing Executives will be assessed to evaluate whether they are properly fulfilling this function. The presence and nature of these functions will vary based on the nature, size and complexity of an insurer. In smaller insurers, for instance, it may not be feasible to have all the risk management control functions performed on an independent stand-alone basis in which case, as discussed above, such control functions remain part of the responsibilities of the Managing Executives and will be assessed as such. In small insurers, it is also sometimes the case that the Managing Executives perform operational management functions. In these cases, the challenge will be for the insurer to demonstrate that there are mechanisms in place to ensure proper independent oversight of these operational management functions. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 10 of 24
For each significant activity, the quality of an insurer s current risk management control functions is assessed. The quality of risk management is assessed as strong (S), acceptable (A), needs improvement (NI) or weak (W). See Appendix C for the definitions of these assessment criteria. Net Risk The net risk for each significant activity is a function of the aggregate level of inherent risk offset by the aggregate quality of risk management. For example, the net risk of a significant activity with an above average rated inherent risk may be rated as moderate due to mitigation by a strong aggregate quality of risk management resulting from strong operational management, strong internal audit, strong risk management, and strong Board oversight. Direction of Net Risk The risk assessment also includes a determination of the current direction of net risk. Direction of risk is assessed as decreasing (D), stable (S), or increasing (I). This assessment is done over an appropriate time horizon for an insurer, based on that insurer s circumstances and the assessment viewpoint of the assessor. RISK MATRIX Once the risk assessment has been concluded, the assessment is recorded in a Risk Matrix (see Appendix D). The risk matrix is then used to determine the overall rating of net risk; the overall assessment of the quality of each risk management control function; the composite risk rating; the direction of the composite risk rating; and the time interval before which the assessment must be reviewed. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 11 of 24
In arriving at the overall rating of net risk, the relative significance or materiality of each activity is considered. Overall net risk is rated low (L), moderate (M), above average (AA) or high (H). This assessment ensures that an activity with low materiality but high net risk does not skew the composite risk rating. Supervisory efforts will primarily be focused on material high-risk significant activities. However, the other activities will also be looked at due to the impact these other activities may have on the overall risk rating of an insurer. The composite risk rating includes a review of the capital and earnings of the insurer, taking into account the quality, quantity, and availability of externally and internally generated capital and funds. An appropriate time frame for reviewing or updating the composite risk rating and the direction of the composite risk rating is also included. The Risk Matrix is supported by documented analysis and the rationale for the conclusions. The Insurance Division has established an internal review panel to further enhance the quality of risk assessments and to ensure consistency in arriving at risk ratings. This internal review panel consists of senior staff members within the Insurance Division and the Actuarial Insurance Team. The purpose of the internal review panel is to review and validate risk assessments undertaken by the supervisory teams prior to any findings or recommendations being communicated to insurers. As the PRSFI is still being refined and being fully implemented, the Insurance Division is currently not in a position to provide feedback on individual insurer s risk ratings. Once the supervisory framework has been finalized and a full benchmarking and peer comparison of individual company risk ratings has been completed, risk ratings will be disclosed and discussed with individual insurers on a confidential basis. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 12 of 24
THE SUPERVISORY CYCLE The main steps of the supervisory process are illustrated below. Follow-up Analysis Reporting Planning Documentation Gathering Information Inormation Although the steps appear sequential, updating of the risk assessment is a dynamic process requiring frequent reassessments at various stages of the supervisory process which includes the following: STEPS ACTIVITIES Analysis Planning Action Documentation Reporting Follow-up Understanding the insurer and developing a risk profile Scheduling and planning activities for the supervisory period Conducting off-site and onsite reviews and on-going monitoring Preparing and filing information to support findings Reporting of findings and recommendations to the insurer Following-up on the implementation of findings and recommendations CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 13 of 24
Responsibility for coordinating the various steps of the supervisory cycle for an insurer is assigned to a Relationship Manager. Each registered insurer is allocated to a supervisory team (specializing in either long- or short-term insurance) within the Insurance Prudential Department. Each team consists of a Team Manager and a number of analysts. The Team Manager is responsible for the managing of the work of the team. Each analyst within a team will be a Relationship Manager for the insurers allocated to him or her. The Relationship Manager is the co-ordinator of the supervision of allocated insurers and the FSB s primary contact with those insurers. INTERVENTION GUIDE Depending on the FSB s rating of an insurer s composite risk, there may be cause for supervisory intervention, An Intervention Guide is included as Appendix E, which outlines the supervisory interventions that may typically be expected depending on the composite risk rating. The objective of the Intervention Guide is to promote awareness and enhance transparency of the framework for supervisory intervention in the business of regulated insurers. The Guide outlines the types of involvement that an insurer can normally expect from the FSB by summarizing the circumstances under which certain intervention measures may be expected. The Guide may be updated in the future to reflect any changes to the intervention process. The intervention process is not a rigid regime and every situation cannot necessarily be addressed with a predetermined set of actions. Circumstances may vary significantly from case to case and the Guide should not be interpreted as limiting the scope of action that may be taken by the FSB in dealing with specific problems or companies. The Guide aims to communicate at which level an action/intervention would typically occur. However, interventions described at one level may also be used at later level and, in some situations; certain interventions may also take place at an earlier level than is set out in the Guide. Additionally, the FSB may choose to implement their powers at different times and/or levels in different circumstances. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 14 of 24
Appendices APPENDIX A: INHERENT RISK CATEGORIES The descriptions of inherent risks should be read within the context of the following definition of inherent risk. Inherent risk refers to the probability of loss arising out of circumstances in an environment. The environment is defined as circumstances, influences, stresses and competitive, cultural, demographic, economic, natural, political, regulatory, and technological factors that affect the survival of operations and growth of an insurance company. CREDIT RISK Credit risk arises from a counterparty s inability or unwillingness to fully meet its on- and/or off-balance sheet contractual obligations. Exposure to this risk results from financial transactions with a counterparty including issuer, debtor, borrower, broker, policyholder, reinsurer or guarantor. MARKET RISK Market risk arises from changes in market rates or prices. Exposure to this risk can result from marketmaking, dealing, and position-taking activities in markets such as interest rate, foreign exchange, equity, commodity and real estate. Interest rate risk and foreign exchange risk are described further below: INTEREST RATE RISK Interest rate risk arises from movements in interest rates. Exposure to this risk primarily results from timing differences in the reprising of assets and liabilities, both on- and off-balance sheet, as they either mature (fixed-rate instruments) or are contractually reprised (floating-rate instruments). FOREIGN EXCHANGE RISK Foreign exchange risk arises from movements in foreign exchange rates. Exposure to this risk mainly occurs during a period in which the insurer has an open position, both on- and off balance sheet, and/or in spot and forward markets. INSURANCE RISK PRODUCT DESIGN AND PRICING RISK Product design and pricing risk arises from the exposure to financial loss from transacting insurance business where the costs and liabilities assumed in respect of a product line, exceed the expectation in pricing the product. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 15 of 24
UNDERWRITING AND LIABILITY RISK Underwriting and liability risk is the exposure to financial loss resulting from the selection and approval of risks to be insured, the reduction, retention and transfer of risk, the reserving and adjudication of claims, and the management of contractual and non-contractual product options. OPERATIONAL RISK Operational risk arises from problems in the performance of business functions or processes. Exposure to this risk can result from deficiencies or breakdowns in internal controls or processes, technology failures, human errors or dishonesty and natural catastrophes. LIQUIDITY RISK Liquidity risk arises from an insurer s inability to purchase or otherwise obtain the necessary funds, either by increasing liabilities or converting assets, to meet its on- and off-balance sheet obligations as they come due, without incurring unacceptable losses. LEGAL AND REGULATORY RISK Legal and regulatory risk arises from an insurance company s or related party s non-compliance, or potential non-compliance, with legislation, and includes reputational risk. STRATEGIC RISK Strategic risk arises from an insurer s inability to implement appropriate business plans, strategies, decision-making, resource allocation and its inability to adapt to changes in its business environment. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 16 of 24
APPENDIX B: RISK MANAGEMENT CONTROL FUNCTIONS OPERATIONAL MANAGEMENT Operational management is the planning, directing and controlling of the day-to-day operations of an insurer s business activities. FINANCIAL ANALYSIS Financial analysis is the function that performs in-depth analyses of the operational results of an insurer and reports them to management. Effective reporting is key to this function, as the operational results affect strategic and business decisions made by management and the Board. This function is generally only found as a separate unit in larger insurers. COMPLIANCE Compliance is an independent function within an insurer that: Sets the policies and procedures for adherence to regulatory requirements; Monitors the insurance company s compliance with these policies and procedures; and Reports on compliance matters to the managing executives and the Board. INTERNAL AUDIT Internal audit is an independent function within an insurer that assesses adherence to and effectiveness of operational and organizational controls. In addition, internal audit may also assess adherence to and effectiveness of compliance and risk management policies and procedures. RISK MANAGEMENT Risk management is an independent function responsible for planning, directing and controlling the impact on the insurer of risks arising from its operations. The function is generally only found as a separate unit in the larger insurers, and may address the following: Identification of risks; Development of measurement systems for risks; Establishment of policies and procedures to manage risks; Development of risk tolerance limits; Monitoring of positions against approved risk tolerance limits; and Reporting of results of risk monitoring to managing executives and the Board. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 17 of 24
MANAGING EXECUTIVES The managing executives are those senior management within the insurer that are responsible for planning, directing and controlling the strategic direction and general operations of the insurer. Their key responsibilities include to: Ensure organizational and procedural controls are effective; Ensure compliance with approved policies and procedures; Develop strategies and plans to achieve approved strategic and business objectives; and Develop sound business practices, culture and ethics. BOARD OF DIRECTORS The Board of Directors is responsible for providing stewardship and management oversight for the insurer. Its key responsibilities include to: Ensure management is qualified and competent; Review and approve organizational and procedural controls; Ensure principal risks are identified and appropriately managed; Review and approve policies and procedures for the insurer s major activities; Review and approve strategic and business plans; and Provide for an independent assessment of management controls. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 18 of 24
APPENDIX C: INHERENT RISK RATINGS & QUALITY OF RISK MANAGEMENT CONTROL FUNCTION RATINGS INHERENT RISK RATINGS LOW INHERENT RISK (L): Low inherent risk exists when there is a lower than average probability of an adverse impact on an insurer s capital or earnings due to exposure and uncertainty from potential future events. MODERATE INHERENT RISK (M): Moderate inherent risk exists when there is an average probability of an adverse impact on an insurer s capital or earnings due to exposure and uncertainty from potential future events. ABOVE AVERAGE INHERENT RISK (AA): Above Average inherent risk exists when there is an above average probability of an adverse impact on an insurer s capital and earnings due to exposure and uncertainty from potential future events. HIGH INHERENT RISK (H): High inherent risk exists when there is a high probability of an adverse impact on an insurer s capital or earnings due to exposure and uncertainty from potential future events. QUALITY OF RISK MANAGEMENT CONTROL FUNCTIONS RATINGS Strong (S): Strong means the function consistently demonstrates high effective performance. The characteristics and performance of the functions are superior to generally accepted industry practices. Acceptable (A): Acceptable means the function demonstrates effective performance and meets generally accepted industry practices. Needs improvement (NI): Needs Improvement means the function may demonstrate effective performance, but there may be some areas where effectiveness can be improved (but not sufficiently serious to cause financial soundness concerns). Weak (W): Weak means that the function has demonstrated serious instances where effectiveness needs to be improved through immediate action; characteristics and performance do not meet generally accepted industry practices and standards. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 19 of 24
APPENDIX D RISK MATRIX INSTITUTTION NAME RISK MATRIX AS AT (DATE) Significant Activities Inherent Risks Quality of Risk Management Net Risk Direction Risk Significant Activity (1) Significant Activity (2) Materiality Credit Market Liquidity Insurance Operational Legal & Regulatory Strategic Operational Management Financial Analysis Compliance Internal Audit Risk Management Senior Management Board Oversight Significant Activity (3) Overall Rating Capital Earnings Composite Rating Direction of Risk Time Frame CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Version 1 - July 2010) Page 20 of 24
APPENDIX E: INTERVENTION GUIDE LOW TO MODERATE COMPOSITE RISK RATING: NO SIGNIFICANT PROBLEMS/NORMAL ACTIVITIES If the FSB determines that an insurer s financial condition, policies and procedures are sufficient and that practices, conditions and circumstances do not indicate significant problems or control deficiencies, then the insurer will typically receive a low to moderate composite risk rating. The combination of the insurer s overall net risk, capital and earnings makes the insurer resilient to most normal adverse business and economic conditions. The insurer s performance has been satisfactory to good, with most key indicators comparable or in excess of industry norms. The insurer may have access to additional capital and is able to address supervisory concerns that might arise. FSB S ACTIVITIES/RESPONSIBILITIES MAY INVOLVE: Assessing the financial condition and operating performance of the insurer. Reviewing information obtained from statutory returns both quarterly and annually. Conducting meetings with the insurer. Conducting regular risk-based supervisory reviews of the insurer. Providing the insurer with a management letter following any on-site visits, which will advise the insurer of any corrective measures that they will be requested to take. Monitoring any corrective measures, which may include, requesting additional information and/or conducting follow-up supervisory reviews. MODERATE TO ABOVE AVERAGE COMPOSITE RISK RATING: EARLY WARNING If the FSB has identified any deficiencies or concerns around an insurer s financial condition, policies or procedures or the existence of other practices, conditions and circumstances that could lead to the development of problems, then the insurer will typically receive a moderate to above average composite risk rating if the deficiencies or concerns are not promptly addressed. The combination of the insurer s overall net risk and its capital and earnings compromises the insurer s resilience. The insurer might also have issues in its risk management or control deficiencies, although not serious enough to present a threat to financial viability or solvency that could deteriorate into more serious problems if not addressed. CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Version 1 - July 2010) Page 21 of 24
FSB S ACTIVITIES/RESPONSIBILITIES MAY INVOLVE: Formally notifying management, board of directors, statutory actuary and external auditors of the insurer by way of a management letter that the insurer is required to take measures to mitigate or rectify the identified deficiencies. Meeting with management, board of directors (or a committee of the board), statutory actuary and/or the external auditors of the insurer to outline concerns and discuss remedial actions. Monitoring the insurer on an escalating basis by increasing the frequency of reporting requirements and/or expanding the level of detail of information that the insurer is required to submit. Conducting enhanced or more frequent supervisory reviews that focus on particular areas of concern such as asset valuations or policy liability valuations, which could include the appointment of an independent person as prescribed in sections 35 and 36 of the STIA and the LTIA respectively. Requiring an insurer to increase its capital. Imposing conditions on the insurer in appropriate circumstances and/or issuing a directive of compliance in appropriate circumstances. ABOVE AVERAGE TO HIGH COMPOSITE RISK RATING: RISK TO FINANCIAL VIABILITY OR SOLVENCY An above average to high composite risk rating means that the FSB is of the view that the insurer poses material safety and soundness concerns and is vulnerable to adverse business and economic conditions. Problems have been identified that could deteriorate into a serious situation if not addressed promptly, although the problems are not serious enough to present an immediate threat to financial viability or solvency. The combination of an insurer s overall net risk and its capital and earnings makes it vulnerable to adverse business and economic conditions, which may pose a serious threat to its financial viability or solvency unless effective corrective action is implemented. The insurer may also have issues in its management that, although not serious enough to present an immediate threat to financial viability or solvency, could deteriorate into more serious problems if not addressed promptly. 22
FSB S ACTIVITIES/RESPONSIBILITIES MAY INVOLVE: Enhanced monitoring of remedial measures through imposing more frequent reporting requirements. Conducting follow-up supervisory reviews more frequently and/or enlarging their scope. Requiring the insurer o submit a business plan which incorporates appropriate remedial measures aimed at rectifying problems within a specified time frame. Requiring the insurer s external auditor to enlarge the scope of the review of the financial statements and/or to perform other procedures and prepare a report thereon (refer to sections 35 and 36 of the STIA and LTIA respectively). Requiring the insurer to conduct a special audit to be performed by an auditor other than the company s external auditor (refer to sections 35 and 36 of the STIA and LTIA respectively). Requiring the statutory actuary to provide policy liabilities calculated using alternate assumptions or methods. Requiring an external actuary to perform a special review of the insurer s actuarial reserves (refer to sections 35 and 36 of the STIA and LTIA respectively). HIGH COMPOSITE RISK RATING: FUTURE FINANCIAL VIABILITY IN SERIOUS DOUBT This stage describes the situation where an insurer is categorised as having a high composite risk rating and the FSB has identified that it has failed to remedy problems that were identified and that the situation is worsening. The insurer has severe safety and soundness concerns and is experiencing problems that pose a material threat to its future financial viability or solvency unless effectively corrective measures are promptly undertaken. The combination of the insurer s overall net risk and its capital and earnings makes it vulnerable to adverse business and economic conditions, which poses a serious threat to its financial viability or solvency unless effective corrective actions is promptly undertaken. Alternatively the insurer has serious issues in risk management or control deficiencies, which present a serious threat to its financial viability or soundness unless effective correction action is promptly undertaken. FSB S ACTIVITIES/RESPONSIBILITIES MAY INVOLVE: Directing external specialists or professionals to assess certain areas such as quality of assets, liquidity, sufficiency of reserves, sufficiency of policy liabilities, reliability of reinsurance arrangements, etc. (refer to sections 35 and 36 of the STIA and LTIA respectively). Enhancing the scope of registration conditions that have already been imposed on the insurer (refer sections 34 and 35 of the STIA and LTIA respectively). 23
Expanding the level of detail of information that the company is required to submit to FSB (refer section 4(1) of the STIA and LTIA respectively). HIGH COMPOSITE RISK RATING WITH AN INCREASING TREND: NON-VIABILITY /SOLVENCY IMMINENT This stage refers to cases where the FSB has determined that the insurer financial difficulties and has deteriorated to such an extent that: is experiencing severe the insurer has failed to meet regulatory capital and surplus requirements in conjunction with an inability to rectify the situation on an immediate basis; the insurer has failed to develop and implement an acceptable business plan, resulting in the preceding circumstances becoming inevitable within a short period of time FSB S ACTIVITIES/RESPONSIBILITIES MAY INVOLVE: Issuing of a notice in terms of section 12 of the STIA and LTIA respectively advising the intention of the Registrar to prohibit the insurer from conducting new business; Applying for Curatorship in terms of section 6 of the Financial Institutions Act; Applying for liquidation in terms of sections 41 and 42 of the STIA and LTIA. 24