ICP 7 Corporate Governance

The supervisor requires insurers to establish and implement a corporate governance framework which provides for sound and prudent management and oversight of the insurer’s business and adequately recognises and protects the interests of policyholders.

[ + ] 7.0

Introductory Guidance

The corporate governance framework of an insurer:
  • promotes the development, implementation and effective oversight of policies that clearly define and support the objectives of the insurer;
  • defines the roles and responsibilities of persons accountable for the management and oversight of an insurer by clarifying who possesses legal duties and powers to act on behalf of the insurer and under which circumstances;
  • sets requirements relating to how decisions and actions are taken including documentation of significant or material decisions, along with their rationale;
  • provides sound remuneration practices which promote the alignment of remuneration policies with the long term interests of insurers to avoid excessive risk taking;
  • provides for communicating with the supervisor, as appropriate, matters relating to the management and oversight of the insurer; and
  • provides for corrective actions to be taken for non-compliance or weak oversight, controls or management.

An effective corporate governance framework enables an insurer to be flexible and transparent; to be responsive to developments affecting its operations in making timely decisions and to ensure that powers are not unduly concentrated. The corporate governance framework supports and enhances the ability of the key players responsible for an insurer’s corporate governance; ie the Board, Senior Management and Key Persons in Control Functions to manage the insurer’s business soundly and prudently.

The insurer should establish a transparent organisational structure which supports the strategic objectives and operations of the insurer. The Board and Senior Management should know and understand the structure and the risks that it poses.
The ways in which an insurer chooses to organise and structure itself can vary depending on a number of factors such as:
  • jurisdictional corporate law, which may allow or require different Board structures (such as one-tier or two-tier Boards);
  • organisational structure such as stock companies, mutuals or co-operatives; and
  • group, branches, or solo legal entity operations.
These considerations can affect how an insurer establishes and implements its corporate governance framework and are explained in more detail below. It is important for supervisors to understand these different considerations in order to be able to adequately assess the effectiveness of an insurer’s corporate governance framework.
CF 7.0a

The group-wide supervisor requires the Head of the IAIG to document the legal and management structures of, and inter-relationships within, the IAIG to enable an understanding of its structure to help identify risks and how they are managed.

CF 7.0.a.1

The documentation should mainly support the IAIG Board and Senior Management in discharging their responsibilities, but can also be useful for the group-wide supervisor.

CF 7.0.a.2
The documentation covers legal entities within the IAIG and, where relevant, the wider group of which the IAIG is part, and includes items such as:
  • home jurisdiction of the Head of the IAIG;
  • the jurisdictions of legal entities within the IAIG, including branches;
  • off-balance sheet entities;
  • materiality of legal entities or business lines within the IAIG;
  • financial ties (such as commercial contracts) and non-financial ties (such as common directors); 
  • details of the shareholding structure and significant shareholdings, including controlling shareholders;
  • governance structure, including Boards and their committee structure and key responsibilities; and
  • management structure, including the division of authority and decision making between business line management, local management, and Board oversight.

The standards on corporate governance are designed with sufficient flexibility to apply to supervision of insurers regardless of any differences in the corporate structures and legal systems.


The term Board includes its management and oversight roles, regardless of Board structure.


Governance of insurers formed as mutuals or co-operatives is different from that of insurers formed as joint stock companies (ie, bodies corporate). These standards are nevertheless sufficiently flexible to be adapted to mutuals and co-operatives to promote the alignment of actions and interests of the Board and Senior Management with the broader interests of policyholders. Where there are references to shareholders or stakeholders, they should be generally treated as references to policyholders in mutuals, unless otherwise indicated.


Insurance groups should ensure that the corporate governance framework is appropriate to the structure, business and risks of the insurance group and its legal entities. The corporate governance framework should include policies, processes and controls which address risks across the insurance group and legal entities, and clear reporting lines between the head of the group and the legal entities within the group.


When setting up or monitoring their corporate governance framework, insurance groups should evaluate the specific challenges which may arise from the organisational model adopted by a group (e.g. more centralised or more decentralised model). The main factors underlying the challenges are:

  • the division of authorities and responsibilities between the key players at the insurance group and legal entity level;
  • effective group-wide direction and coordination;
  • proper consideration of the legal obligations, governance responsibilities and risks both at the insurance group and legal entity level; and
  • effective communication within the group and adequate information at all levels (see Issues Paper on Approaches to Group Corporate Governance; Impact on Control Functions).

The supervisor should take the organisational structure of the group into consideration in evaluating its governance. Particularly when the management structure differs from the legal entity structure, it is not sufficient to assess governance only at the legal entity level. In such a case, it is important that appropriate governance exists across the group and that the supervisor assesses it on a group-wide basis.

CF 7.0.b

The group-wide supervisor requires the Head of the IAIG to ensure that the group-wide corporate governance framework is appropriate to the structure, business and risks of the IAIG including its legal entities.

CF 7.0.c

The group-wide supervisor requires the Head of the IAIG to establish clear reporting lines between the legal entities within the IAIG and the Head of the IAIG.


If an insurer is a branch, these standards would generally apply to the legal entity in its home jurisdiction. However, the host supervisor may require designated oversight and/or management accountabilities and structures to be maintained at the branch, including in some cases a designated representative responsible for the management of the branch. In such cases, these standards should also apply, as appropriate, to the oversight and management roles maintained within the branch taking due account of the governance structures and arrangements as determined by the host supervisor.

[ + ] 7.1
The supervisor requires the insurer’s Board to:
  • ensure that the roles and responsibilities allocated to the Board, Senior Management and Key Persons in Control Functions are clearly defined so as to promote an appropriate separation of the oversight function from the management responsibilities; and
  • provide oversight of the Senior Management.

The Board should ensure that the insurer has a well-defined governance structure which provides for the effective separation between oversight and management functions. The Board is responsible for providing the overall strategy and direction for the insurer and overseeing its proper overall management, while leaving the day-to-day management of the insurer to Senior Management. The separation of the roles of the Chair of the Board and the Chief Executive Officer (CEO) reinforces a clear distinction between accountability for oversight and management.


The Board should also ensure that there is a clear allocation of roles and responsibilities to the Board as a whole, to committees of the Board where they exist, and to the Senior Management and Key Persons in Control Functions to ensure proper oversight and sound management of the insurer. The allocation of roles and responsibilities should clearly identify the individual and collective accountabilities for the discharge of the respective roles and responsibilities. The organisational structure of the insurer and the assignment of responsibilities should enable the Board and Senior Management to carry out their roles in an adequate and objective manner and should facilitate effective decision making.


The allocation of responsibilities to individual Board Members (for example the membership of Board committees such as the audit or remuneration committee) should take due account of whether the relevant member has the degree of independence and objectivity required to carry out the functions of the particular committee. The effective oversight of the executive functions should be performed by the non-executive members of the Board, because they are not involved in the day-to-day management of the insurer. Within a group the allocation and division of the oversight and management responsibilities at different levels should be transparent, appropriate for, and aligned with, the organisational model of the group. Where individuals undertake functions for more than one legal entity within a group, the group should have in place appropriate measures so that conflicts of interest between the different roles to be performed by such individuals are avoided, or where such conflicts cannot be avoided, they should be managed.

In order to provide effective oversight of the Senior Management, the Board should:
  • ensure that there are adequate policies and processes relating to the appointment, dismissal and succession of the Senior Management, and be actively involved in such processes;
  •  ensure that Senior Management’s knowledge and expertise remain appropriate given the nature of the business and the insurer's risk profile;
  • monitor whether the Senior Management is managing the affairs of the insurer in accordance with the strategies and policies set by the Board, and the insurer’s risk appetite, corporate values and corporate culture;
  • set appropriate performance and remuneration standards for Senior Management consistent with the long-term strategy and the financial soundness of the insurer and monitor whether the Senior Management is meeting the performance goals set by the Board;
  • regularly meet with the Senior Management to discuss and review critically the decisions made, information provided and any explanations given by the Senior Management relating to the business and operations of the insurer; and
  • have regular interaction with any committee it establishes as well as with other key functions, proactively request information from them and challenge that information when necessary.

As a part of its regular monitoring and review of the insurer’s operations, the Board should review whether the relevant policies and processes, as set by the Board, are being properly implemented by Senior Management and are operating as intended. Particular attention should be paid as to whether the responsibilities for managing and implementing the policies of the Board have been effectively discharged by those responsible. The Board should obtain reports at least annually for this purpose and such reports may include internal or external independent reports as appropriate.

CF 7.1.a

The group-wide supervisor requires the IAIG Board to establish a well-defined group-wide governance structure, which promotes effective oversight of the group-wide operations independent of day-to-day management.

[ + ] 7.2

The supervisor requires the insurer’s Board to set and oversee the implementation of the insurer’s corporate culture, business objectives and strategies for achieving those objectives, in line with the insurer’s long term interests and viability.


The Board should adopt a rigorous process for setting, approving, and overseeing the implementation of the insurer’s overall business objectives and strategies, taking into account the long term financial safety and soundness of the insurer as a whole, the interests of its policyholders and other stakeholders, and the fair treatment of customers. The Board ensures that the Senior Management has adequately documented and communicated these objectives and strategies to the Key Persons in Control Functions and all other relevant staff.


The effective implementation of objectives and strategies should be supported by the corporate culture and by clear and objective performance goals and measures, taking due account of, among other things, the insurer’s long term interests and viability and the interests of policyholders and other stakeholders. The Board should review the appropriateness of the goals and measures set.


A corporate culture reflects the fundamental corporate values and includes norms for responsible and ethical behaviour applicable to all employees of the insurer. The Board should take the lead in setting the appropriate tone at the top. This includes adherence to the corporate values by the Board and a strong risk culture avoiding excessive risk taking. The corporate values, norms and supporting policies should be communicated throughout the insurer. These are also reflected in the insurer’s business objectives and strategies, and supported by professional standards and codes of ethics that set out what the insurer considers to be acceptable and unacceptable conduct. In this regard, the Board should take account of the interests of policyholders and other relevant stakeholders. In setting the tone at the top the Board should ensure that employees are aware that appropriate disciplinary or other actions will follow unacceptable behaviours.


The Board should ensure that the corporate culture promotes timely and frank discussion and escalation of problems to Senior Management or itself. The Board should set and oversee the implementation of transparent policies and processes which promote and facilitate that employees can communicate concerns or information about illegal or unethical behaviour confidentially and without reprisal directly or indirectly to the Board (eg whistle blower policy). The Board should determine how and by whom legitimate concerns shall be investigated and addressed (Senior Management, Board or an external party).


The Board should define and oversee the implementation of norms for responsible and ethical behaviour. It should not allow behaviour that would be incompatible with the protection of policyholders and that could lead to reputational risks or improper or illegal activity, such as financial misreporting, fraud, money laundering, bribery and corruption. The norms for responsible and ethical behaviour should also make clear that employees are expected to conduct themselves ethically in addition to complying with laws, regulations and the insurer’s policies.


The Board should ensure that the insurer’s corporate governance framework and overall business objectives and strategies are reviewed at least annually to ensure that they have been properly implemented and that they remain appropriate in light of any material changes in the organisational structure, activities, strategy, and regulatory and other external factors. The Board should ensure more frequent reviews, for instance when an insurer embarks on a significant new business initiative (eg a merger or acquisition, or a material change in the direction with respect to the insurer’s product portfolio, risk or marketing strategies), upon the introduction of a new type or class of risk or product or a decision to market products to a new class or category of clients, or following the occurrence of significant external or internal events which may potentially have a material impact on the insurer (including its financial condition, objectives and strategies) or the interests of its policyholders or other stakeholders.

CF 7.2.a

The group-wide supervisor requires the IAIG Board to ensure that the group-wide business objectives, and strategies for achieving those objectives, take into account at least the following: 

  • applicable laws and regulations of, and the risks which may arise from doing business in, the jurisdictions in which the IAIG operates;
  • long term financial safety and soundness of the IAIG;
  • the interests of policyholders and other stakeholders;
  • fair treatment of customers; and
  • the interests and objectives of the insurance legal entities within the IAIG.
CF 7.2.a.1

The IAIG Board should establish processes for identifying and addressing risks to the proper implementation of the IAIG’s objectives and strategies for achieving those objectives, including any emerging risks.

CF 7.2.a.2

The group-wide supervisor should cooperate and coordinate with the other involved supervisors to compare the consistency of the interests and objectives of the IAIG with those of the insurance legal entities within the IAIG.

CF 7.2.b

The group-wide supervisor requires the Head of the IAIG to provide to the group-wide supervisor, at least annually, an explanation of the strategy that the IAIG Board has set for the IAIG.

CF 7.2.b.1

An explanation of the strategy provides the group-wide supervisor with information useful for understanding of the IAIG’s corporate governance framework. The explanation of the strategy should include matters such as:

  • the overall business model and its rationale;
  • material business lines and how they are likely to develop;
  • non-insurance business activities the IAIG is likely to pursue;
  • the geographic emphasis of the IAIG and any likely changes;
  • anticipated changes in market share(s);
  • the consequences (financial or otherwise) of achieving, or not achieving, the strategy; and
  • how the strategy ensures the IAIG will have the ability to fulfil its obligations to policyholders.
[ + ] 7.3
The supervisor requires the insurer’s Board to have, on an ongoing basis:
  • an appropriate number and mix of individuals to ensure that there is an overall adequate level of competence at the Board level commensurate with the governance structure;
  • appropriate internal governance practices and procedures to support the work of the Board in a manner that promotes the efficient, objective and independent judgment and decision making by the Board; and
  • adequate powers and resources to be able to discharge its duties fully and effectively.

The Board of an insurer should have a sufficient number of members who have relevant expertise among them as necessary to provide effective leadership, direction and oversight of the insurer’s business to ensure it is conducted in a sound and prudent manner. For this purpose, the Board should collectively and individually have, and continue to maintain, including through training, necessary skills, knowledge and understanding of the insurer’s business to be able to fulfil their roles. In particular, the Board should have, or have access to, knowledge and understanding of areas such as the lines of insurance underwritten by the insurer, actuarial and underwriting risks, finance, accounting, the role of control functions, investment analysis and portfolio management and obligations relating to fair treatment of customers. While certain areas of expertise may lie in some, but not all, members, the collective Board should have an adequate spread and level of relevant competencies and understanding as appropriate to the insurer's business.

CF 7.3.a
The group-wide supervisor requires that the collective competence of the IAIG Board includes an understanding of at least: 
  • the group-wide corporate governance framework and corporate structure; 
  • the activities of the legal entities within the IAIG, including associated risks; 
  • the supervisory regimes applicable to the IAIG;
  • the issues that arise from cross-border business and international transactions; and 
  • the risk management, compliance, audit, actuarial and related areas.
CF 7.3.a.1

The IAIG Board should be capable of understanding and describing the purpose, structure, strategy, material operations, and material risks of the IAIG, including those of legal entities in other financial sectors and unregulated legal entities that are part of the group.


Board Members should have the commitment necessary to fulfil their roles, demonstrated by, for example, a sufficient allocation of time to the affairs of the insurer and reasonable limits on the number of Board Memberships held within or outside the insurance group.


The Board should review, at least annually, its own performance to ascertain whether members collectively and individually remain effective in discharging the respective roles and responsibilities assigned to them and identify opportunities to improve the performance of the Board as a whole. The Board should implement appropriate measures to address any identified inadequacies, including any training programmes for Board Members. The Board may also consider the use of external expertise from time to time to undertake its performance assessment where appropriate in order to enhance the objectivity and integrity of that assessment process.


The Board should have appropriate practices and procedures for its own internal governance, and ensure that these are followed and periodically reviewed to assess their effectiveness and adequacy. These may be included in organisational rules or by-laws, and should set out how the Board will carry out its roles and responsibilities. They should also cover a formal and documented process for nomination, selection and removal of Board Members, and a specified term of office as appropriate to the roles and responsibilities of the Board member, particularly to ensure the objectivity of decision making and judgment. Appropriate succession planning should also form part of the Board’s internal governance practices.


While the Board as a whole remains collectively responsible for the stewardship of the insurer, the Chair of the Board has the pivotal role of providing leadership to the Board for its proper and effective functioning. The role of the Chair of the Board should generally encompass responsibilities such as setting the Board’s agenda, ensuring that there is adequate time allocated for the discussion of agenda items, especially if they involve strategic or policy decisions of significant importance, and promoting a culture of openness and debate by facilitating effective participation of non-executive and executive members and communication between them and also with the Senior Management and Key Persons in Control Functions. To promote checks and balances, it is good practice for the Chair of the Board to be a non-executive Board member and not serve as chair of any Board committee. In jurisdictions where the Chair of the Board is permitted to assume executive duties, the insurer should have measures in place to mitigate any adverse impact on the insurer's checks and balances.


To support the effective discharge of the responsibilities of the Board, the Board should assess whether the establishment of committees of the Board is appropriate. Committees that a Board may commonly establish include audit, remuneration, ethics/compliance, nominations and risk management committees. Where committees are appointed, they should have clearly defined mandates and working procedures (including reporting to the Board), authority to carry out their respective functions, and a degree of independence and objectivity as appropriate to the role of the committee. The Board should consider occasional rotation of members and of the chairs of committees, or tenure limits to serve on a committee, as this can help to avoid undue concentration of power and promote fresh perspectives. If the functions of any committees are combined, the Board should ensure such a combination does not compromise the integrity and/or effectiveness of the functions combined. In all cases, the Board remains


To promote objectivity in decision making by the Board, the formal and perceived independence of Board Members should be ensured. To that end, Board Members should avoid personal ties or financial or business interests which conflict with that of the insurer. Where it is not reasonably possible to avoid conflicts of interests, such conflicts should be managed. Documented procedures and policies should be in place to identify and address conflicts of interests which could include disclosure of potential conflicts of interests, requirements for arm’s length transactions, abstention of voting and, where appropriate, prior approval by the Board or shareholders of professional positions or transactions.


Besides policies on conflicts of interests, the insurer should ensure objectivity in decision making by establishing clear and objective independence criteria which should be met by an adequate number of members of the Board (ie non-executive Board Members). For this purpose, the independence criteria should also take account of group structures and other applicable factors. Meeting such criteria is particularly important for those Board Members undertaking specific roles (such as members of the remuneration and audit committees) in which conflicts of interests are more likely to arise.


Objectivity in decision making is also promoted by independence of mind of the individual Board Members. This means that a Board member should act without favour; provide constructive and robust challenge of proposals and decisions; ask for information when the member judges it necessary in the light of the issues; and avoid “group-think”.


Board Members should also bear in mind the duties of good faith and loyalty applicable to them at the individual level, as set out in Standard 7.4.

CF 7.3.b

The group-wide supervisor requires the IAIG Board to ensure that the group-wide corporate governance framework includes policies and processes to identify and avoid, or manage, conflicts of interest that may adversely affect the IAIG as a whole or any of its legal entities.

CF 7.3.b.1
Conflicts of interest within an IAIG could arise:
  • at the level of the Board, Senior Management and Key Persons in Control Functions of the Head of the IAIG and of its legal entities; and
  • among the interests of the legal entities, or between the group-wide interests and those of any legal entity. For example, when the IAIG may be harmed by actions of insurance legal entities within the IAIG, or when an insurance legal entity within the IAIG may be harmed by the actions of the IAIG.
CF 7.3.b.2

Where conflicts of interest involving individuals or legal entities cannot be avoided, the relevant individuals or legal entities should inform the relevant Board or the IAIG Board of the conflict and take measures to mitigate its adverse impact.


To be able to discharge its role and responsibilities properly, the Board should have well-defined powers, which are clearly set out either in legislation and/or as part of the constituent documents of the insurer (such as the constitution, articles of incorporation, by-laws or internal/organisational rules). These should, at least, include the power to obtain timely and comprehensive information relating to the management of the insurer, including direct access to relevant persons within the organisation for obtaining information, such as Senior Management and Key Persons in Control Functions.


Adequate resources, such as sufficient funding, staff and facilities, should be allocated to the Board to enable the Board Members to carry out their respective roles and responsibilities efficiently and effectively. The Board should have access to services of external consultants or specialists where necessary or appropriate, subject to criteria (such as independence) and due procedures for appointment and dismissal of such consultants or specialists.


The Board may delegate some of the activities or tasks associated with its own roles and responsibilities. (Delegations in this context are distinguished from outsourcing of business activities by the insurer, which is dealt with in ICP 8 Risk Management and Internal Controls.) Notwithstanding such delegations, the Board as a whole retains the ultimate responsibility for the activities or tasks delegated, and the decisions made in reliance on any advice or recommendations made by the persons or committees to whom the tasks were delegated.

Where the Board makes any delegations, it should ensure that:
  • the delegation is appropriate. Any delegation that results in the Board not being able to discharge its own roles and responsibilities effectively would be an undue or inappropriate delegation. For example, the duty to oversee the Senior Management should not be delegated to a Board committee comprised mostly or solely of executive members of the Board who are involved in the day-to-day management of the insurer;
  • the delegation is made under a clear mandate with well-defined terms such as those relating to the powers, accountabilities and procedures relating to the delegation, and is supported by adequate resources to effectively carry out the delegated functions;
  • there is no undue concentration of powers giving any one person or group of individuals an unfettered and inappropriate level of powers capable of influencing the insurer’s business or management decisions;
  • it has the ability to monitor and require reports on whether the delegated tasks are properly carried out; and
  • it retains the ability to withdraw the delegation if it is not discharged properly and for due purposes by the delegate, and, for this purpose, have appropriate contingency arrangements in place.
[ + ] 7.4
The supervisor requires that an individual member of the Board:
  • act in good faith, honestly and reasonably;
  • exercise due care and diligence;
  • act in the best interests of the insurer and policyholders, putting those interests ahead of his/her own interests;
  • exercise independent judgment and objectivity in his/her decision making, taking due account of the interests of the insurer and policyholders; and
  • not use his/her position to gain undue personal advantage or cause any detriment to the insurer.

The specific duties identified above are designed to address conflicts of interests that arise between the interests of the individual members of the Board and those of the insurer and policyholders. The insurer should include these duties as part of the terms of engagement of the individual Board Members.


The supervisor should be satisfied that individual Board Members understand the nature and scope of their duties and how they impact on the way in which the member discharges his/her respective roles and responsibilities. A Board member should consider his/her ability to discharge the roles and responsibilities in a manner as would be expected of a reasonably prudent person placed in a similar position. He/she should act on a fully informed basis, and for this purpose continually seek and acquire information as necessary.


Where a member of the Board of an insurer has common membership on the Board of any other entity within or outside the insurer’s group, there should be clear and well defined procedures regarding the member’s duty of loyalty to the insurer. These may include appropriate disclosure and in some instances shareholder approval of such overlapping roles. In the event of a material conflict with the interests of the insurer, the member should disclose such conflicts promptly to the Board of the insurer and its stakeholders as appropriate, and be required to decline to vote or take any decisions in any matters in which he/she has an interest.  

[ + ] 7.5

The supervisor requires the insurer’s Board to provide oversight in respect of the design and implementation of risk management and internal controls.


It is the Board’s responsibility to ensure that the insurer has appropriate systems and functions for risk management and internal controls and to provide oversight to ensure that these systems and the functions that oversee them are operating effectively and as intended. The responsibilities of the Board are described further in ICP 8 (Risk Management and Internal Controls).

[ + ] 7.6
The supervisor requires the insurer’s Board to:
  • adopt and oversee the effective implementation of a written remuneration policy for the insurer, which does not induce excessive or inappropriate risk taking, is in line with the corporate culture, objectives, strategies, identified risk appetite, and long term interests of the insurer, and has proper regard to the interests of its policyholders and other stakeholders; and
  • ensure that such a remuneration policy, at least, covers those individuals who are members of the Board, Senior Management, Key Persons in Control Functions and other employees whose actions may have a material impact on the risk exposure of the insurer (major risk–taking staff).

Sound remuneration policy and practices are part of the corporate governance framework of an insurer. This standard and guidance are neither intended to unduly restrict nor reduce an insurer’s ability to attract and retain skilled talent by prescribing any particular form or level of individual remuneration. Rather, they aim to promote the alignment of remuneration policies with the long term interests of insurers to avoid excessive risk taking, thereby promoting sound overall governance of insurers and fair treatment of customers.


As a part of effective risk management, an insurer should adopt and implement a prudent and effective remuneration policy. Such a policy should not encourage individuals, particularly members of the Board and Senior Management, Key Persons in Control Functions and major risk-taking staff, to take inappropriate or excessive risks, especially where performance-based variable remuneration is used.


The Board, particularly members of the remuneration committee where one exists, should collectively have the requisite competencies to make informed and independent judgments on the suitability of an insurer’s remuneration policy. Such competencies include skills, such as a sufficient understanding of the relationship between risk and remuneration practices. The remuneration committee, where established, should have an adequate representation of non-executive members to promote objectivity in decision-making.

In order to satisfy itself about the effectiveness of the remuneration policy and practices, the Board should consider at least:
  • the components of the overall remuneration policy, particularly the use and balance of fixed and variable components;
  • the performance criteria and their application for the purposes of determining remuneration payments;
  • the remuneration of the members of the Board, Senior Management and major risk-taking staff; and
  • any reports or disclosures on the insurer’s remuneration practices provided to the supervisor or the public.

The Board should ensure that in structuring, implementing and reviewing the insurer’s remuneration policy, the decision-making process identifies and manages conflicts of interests and is properly documented. Members of the Board should not be placed in a position of actual or perceived conflicts of interests in respect of remuneration decisions.


The Board should also ensure that the relevant Key Persons in Control Functions are involved in the remuneration policy-setting and monitoring process to ensure that remuneration practices do not create incentives for excessive or inappropriate risk taking, are carried out consistently with established policies and promote alignment of risks and rewards across the organisation. Similarly, the remuneration and risk management committees of the Board, if such committees exist, should interact closely with each other and provide input to the Board on the incentives created by the remuneration system and their effect on risk-taking behaviour.

The potential for conflicts of interests that may compromise the integrity and objectivity of the staff involved in control functions should be managed. This can be achieved by a variety of means, such as making their remuneration:
  • predominantly based on the effective achievement of the objectives appropriate to such control functions. Performance measures for staff in control functions should represent the right balance between objective assessments of the control environment (eg the conduct of the relationship between the control functions and executive management) and outputs delivered by the control functions, including their impact, quality and efficiency in supporting the oversight of risks. Such output measures may include recommendations made and implemented to reduce risks, reduction in number of compliance breaches and measures adopted to promptly rectify identified breaches, results of external quality reviews and losses recovered or avoided through audits of high risk areas;
  • not linked to the performance of any business units which are subject to their control or oversight. For example, where risk and compliance functions are embedded in a business unit, a clear distinction should be drawn between the remuneration policy applicable to staff undertaking control functions and other staff in the business unit, such as through the separation of the pools from which remuneration is paid to the two groups of staff; and
  • adequate as an overall package to attract and retain staff with the requisite skills, knowledge and expertise to discharge those control functions effectively and to increase their competence and performance.

Where any control function is outsourced, the remuneration terms under the agreement with the service provider should be consistent with the objectives and approved parameters of the insurer’s remuneration policy.


Variable remuneration should be performance-based using measures of individual, unit or group performance that do not create incentives for inappropriate risk taking.

To better align performance-based incentives with the long term value creation and the time horizon of risks to which the insurer may be exposed, due consideration should be given to the following:
  • There should be an appropriate mix of fixed and variable components, with adequate parameters set for allocating cash versus other forms of remuneration, such as shares. A variable component linked to performance that is too high relative to the fixed component may make it difficult for an insurer to reduce or eliminate variable remuneration in a poor financial year;
  • The reward for performance should include an adjustment for the material current and future risks associated with performance. Since the time horizon of performance and associated risks can vary, the measurement of performance should, where practicable, be set in a multi-year framework to ensure that the measurement process is based on longer term performance;
  • If the variable component of remuneration is significant, the major part of it should be deferred for an appropriate specified period. The deferral period should take account of the time frame within which risks associated with the relevant performance (such as the cost of capital required to support risks taken and associated uncertainties in the timing and the likelihood of future revenues and expenses) may materialise. The deferral period applied may vary depending on the level of seniority or responsibility of the relevant individuals and the nature of risks to which the insurer is exposed;
  • The award of variable remuneration should contain provisions that enable the insurer, under certain circumstances, to apply malus or claw back arrangements in the case of subdued or negative financial performance of the insurer which is attributed to the excessive risk taking of the staff concerned and when risks of such performance have manifested after the award of variable remuneration; and
  • Guaranteed variable remuneration should generally not be offered, as they are not consistent with sound risk management and performance-based rewards.

The variable component should be subject to prudent limits set under the  remuneration policy that are consistent with the insurer’s capital
management strategy and its ability to maintain a sound capital base taking account of the internal capital targets or regulatory capital
requirements of the insurer.

The performance criteria applicable to the variable components of remuneration should promote a complete assessment of risk-adjusted
performance. For this purpose, due consideration should be given to the need for performance criteria to:
  • be clearly defined and be objectively measurable;
  • be based not only on financial but also on non-financial criteria as appropriate (such as compliance with regulation andinternal rules, achievement of risk management goals, adequate and timely follow up of internal audit recommendations as well as compliance with market conduct standards and fair treatment of customers;
  • take account of not only the individual’s performance, but also the performance of the business unit concerned where relevant and the overall results of the insurer and the group; and
  • not treat growth or volume as a criterion in isolation from other performance criteria.
Where share-based components of variable remuneration (such as shares, share options or similar instruments) are used, appropriate safeguards should be implemented to align incentives and the longer-term interests of the insurer. Such safeguards may include that:
  • shares do not vest for a minimum specified period after their award (“vesting restrictions”);
  • share options or other similar rights are not exercisable for a minimum specified period after their award (“holding restrictions”); and
  • individuals are required to retain an appropriate proportion of the shares awarded until the end of their employment or other specified period beyond their employment (“retention restrictions”).

Subject to any applicable legal restrictions, it is appropriate that future vesting and holding restrictions for share-based remuneration remain operative even upon cessation of employment (ie there should be no undue acceleration of the vesting of share-based payments or curtailing of any holding restrictions).


Where an insurer provides discretionary pay-outs on termination of employment (“severance payments”, sometimes also referred to as “golden parachutes”), such payment should be subject to appropriate governance controls and limits. In any case, such pay-outs should be aligned with the insurer’s overall financial condition and performance over an appropriate time horizon. Severance payments should be related to performance over time; should not reward failure and should not be payable in the case of failure or threatened failure of the insurer, particularly to an individual whose actions have contributed to the failure or potential failure of the insurer.

[ + ] 7.7

The supervisor requires the insurer’s Board to ensure there is a reliable financial reporting process for both public and supervisory purposes that is supported by clearly defined roles and responsibilities of the Board, Senior Management and the external auditor.

The Board is responsible for overseeing the insurer’s systems and controls to ensure that the financial reports of the insurer present a balanced and accurate assessment of the insurer’s business and its general financial condition and viability.
The Board carries out functions including:
  •  overseeing the financial statements, financial reporting and disclosure processes;
  •  monitoring whether accounting policies and practices of the insurer are operating as intended;
  •  overseeing the internal audit process (reviews by internal audit of the insurer’s financial reporting controls) and reviewing the internal auditor’s plans and material findings; and
  • reporting to the supervisor on significant issues concerning the financial reporting process, including actions taken to address or mitigate identified financial reporting risks.

The Board should ensure that significant findings and observations regarding weaknesses in the financial reporting process are promptly rectified. This should be supported by a formal process for reviewing and monitoring the implementation of recommendations by the external auditor.

[ + ] 7.8

The supervisor requires the insurer's Board to ensure that there is adequate governance and oversight of the external audit process.

The Board should ensure that the insurer:
  • applies robust processes for approving, or recommending for approval, the appointment, reappointment, removal and remuneration of the external auditor;
  • applies robust processes for monitoring and assessing the independence of the external auditor and to ensure that the appointed external auditor has the necessary knowledge, skills, expertise, integrity and resources to conduct the audit and meet any additional regulatory requirements;
  • monitors and assesses the effectiveness of the external audit process throughout the audit cycle;
  • investigates circumstances relating to the resignation or removal of an external auditor, and ensuring prompt actions are taken to mitigate any identified risks to the integrity of the financial reporting process, and
  • reports to the supervisor on circumstances relating to the resignation or removal of the external auditor.
The Board should oversee the external audit process and safeguard and promote an effective relationship with the external auditor. For this purpose the Board should ensure that:
  •  the terms of engagement of the external auditor are clear and appropriate to the scope of the audit and resources required to conduct the audit and specify the level of audit fees to be paid;
  • the auditor undertakes a specific responsibility under the terms of engagement to perform the audit in accordance with relevant local and international audit standards;
  • the external auditor complies with internationally accepted ethical and professional standards and, where applicable, the more stringent requirements applicable to audits of listed entities and public interest entities;
  • there are adequate policies and a process to ensure the independence of the external auditor, including:
    • restrictions and conditions for the provision of non-audit services which are subject to approval by the Board;
    • periodic rotation of members of the audit team and/or audit firm as appropriate; and
    • safeguards to eliminate or reduce to an acceptable level identified threats to the independence of the external auditor.
  • there is adequate dialogue with the external auditor on the scope and timing of the audit to understand the issues of risk, information on the insurer’s operating environment which is relevant to the audit, and any areas in which the Board may request for specific procedures to be carried out by the external auditor, whether as a part or an extension of the audit engagement; and
  •  there is unrestricted access by the external auditor to information and persons within the insurer as necessary to conduct the audit.
In order to establish the degree of assurance that the Board can draw from the external auditor’s report, the Board should also understand the external auditor’s approach to the audit. This includes the assessment of the external auditor’s ability to:
  • identify and assess the risks of material misstatement in the insurer’s financial statements, taking into consideration the complexities of insurance activities and the need for insurers to have a strong control environment;
  • respond appropriately to the risks of material misstatement in the insurer’s financial statements; and
  • develop appropriate relationships with the internal audit function and the actuarial function.

The Board should take appropriate actions where doubts arise as to the reliability of the external audit process.

In order to enable the Board to carry out its oversight responsibilities and to enhance the quality of the audit, the Board should have an effective communication with the external auditor. This should include:
  • regular meetings between the Board and the external auditor during the audit cycle, including meetings without management present; and
  • prompt communication of any information regarding internal control weaknesses or deficiencies of which the external auditor becomes aware.
The Board should require the external auditor to report to it on all relevant matters.

The supervisor and the external auditor should have an effective relationship that includes appropriate communication channels for the exchange of information relevant to carrying out their respective statutory responsibilities.


Reports prepared by the external auditor for the insurer (eg management letters) should be made available to the supervisor by the insurer or the external auditor.


The supervisor should require the external auditor to report matters that are likely to be of material significance. This would include material fraud, suspicion of material fraud and regulatory breaches or other significant audit findings identified in the course of the audit. Such information should be provided to the supervisor without the need for prior consent of the insurer and the external auditor should be duly protected from liability for any information disclosed to the supervisor in good faith.


The supervisor should require a further audit by a different external auditor where necessary.

[ + ] 7.9

The supervisor requires the insurer’s Board to have systems and controls to ensure appropriate, timely and effective communications with the supervisor on the governance of the insurer.


Communications with the supervisor should promote effective engagement of the supervisor on the governance of the insurer to enable informed judgments about the effectiveness of the Board and Senior Management in governing the insurer.

Subject to any reasonable commercial sensitivities and applicable privacy or confidentiality obligations, the insurer’s communication policies and strategies should include providing to the insurer’s stakeholders information such as the following:
  • the insurer’s overall strategic objectives, covering existing or prospective lines of business and how they are being or will be achieved;
  • the insurer’s governance structures, such as allocation of oversight and management responsibilities between the Board and the Senior Management, and organisational structures, including reporting lines;
  • members of the Board and any Board committees, including their respective expertise, qualifications, track-record, other positions held by such members, and whether such members are regarded as independent;
  • processes in place for the Board to evaluate its own performance and any measures taken to improve the Board’s performance;
  •  the general design, implementation and operation of the remuneration policy;
  • major ownership and group structures, and any significant affiliations and alliances; and
  • material related-party transactions.

In addition to information publicly available, the supervisor may require more detailed and additional information relating to the insurer’s corporate governance framework for supervisory purposes, which may include commercially sensitive information, such as assessments by the Board of the effectiveness of the insurer’s governance system, internal audit reports and more detailed information on the remuneration structures adopted by the insurer for the Board, Senior Management, Key Persons in Control Functions and major risk-taking staff. The insurer’s communication policies and strategies should enable such information to be provided to the supervisor in a timely and efficient manner. Supervisors should safeguard such information having due regard to the confidentiality of commercially sensitive information and applicable laws.

CF 7.9.a

The group-wide supervisor requires the IAIG Board to ensure that the Head of the IAIG reports to the group-wide supervisor, through regularly scheduled or ad hoc reporting, material changes related to at least the following:

  • location of legal entities;
  • legal structures;
  • management structures;
  • governance structure and processes of the IAIG Board;
  • affiliations with other groups;
  • strategy;
  • risk appetite; and
  • business activities.
CF 7.9.a.1

The group-wide systems and controls for communications should give the Head of the IAIG the ability to inform the group-wide supervisor of governance issues concerning the IAIG.

Disclosure of information on remuneration should be sufficient to enable stakeholders to evaluate how the remuneration system relates to risk and whether it is operating as intended. Relevant information may include:
  • the operation of risk adjustments, including examples of how the policy results in adjustments to remuneration for employees at different levels;
  • how remuneration is related to performance (both financial and personal business conduct) over time; and
  • valuation principles in respect of remuneration instruments.
Appropriate quantitative information should also be made available to enable supervisors to evaluate the financial impact of the remuneration policy. Such information may include:
  • the total cost of remuneration awarded in the period, analysed according to the main components such as basic salary, variable remuneration and long-term awards;
  • the total amount set aside in respect of deferred variable remuneration;
  • adjustment to net income for the period in respect of variable remuneration awarded in previous periods;
  • the total costs of all sign-on payments in the period and number of individuals to whom these relate; and
  • the total costs of all severance payments in the period and number of individuals to whom these relate.

These amounts should be analysed by type of instrument (eg cash, shares, share options etc.) as applicable, and in a manner consistent with the key elements of the remuneration policy.


Disclosure of information on governance should be made on a regular (for instance, at least annually) and timely basis.

[ + ] 7.10
The supervisor requires the insurer to ensure that Senior Management:
  • carries out the day-to-day operations of the insurer effectively and in accordance with the insurer’s corporate culture, business objectives and strategies for achieving those objectives in line with the Insurer's long term interests and viability;
  • promotes sound risk management, compliance and fair treatment of customers;
  • provides the Board adequate and timely information to enable the Board to carry out its duties and functions including the monitoring and review of the performance and risk exposures of the insurer, and the performance of Senior Management; and
  • maintains adequate and orderly records of the internal organisation.

Senior Management should implement appropriate systems and controls, in accordance with the established risk appetite and corporate values and consistent with internal policies and processes.

Such systems and controls should provide for organisation and decision-making in a clear and transparent manner that promotes effective management of the insurer. Senior Management’s systems and controls should encompass:
  • processes for engaging persons with appropriate competencies and integrity to discharge the functions under Senior Management, which include succession planning, ongoing training and procedures for termination;
  • clear lines of accountability and channels of communication between persons in Senior Management and Key Persons in Control Functions;
  • proper procedures for the delegation of Senior Management functions and monitoring whether delegated functions are carried out effectively and properly, in accordance with the same principles that apply to delegations by the Board (see Guidance 7.3.13 and 7.3.14);
  • standards of conduct and codes of ethics for the Senior Management and other staff to promote a sound corporate culture, and the effective implementation on an ongoing basis of standards and codes (see ICP 8 Risk Management and Internal Controls for conflicts of interest provisions);
  • proper channels of communications, including clear lines of reporting, as between the individuals performing the functions of the Senior Management and the Board, including provisions dealing with whistleblower protection, and their effective implementation; and
  • effective communication strategies with supervisors and stakeholders that include the identification of matters that should be disclosed, and to whom such disclosure should be made.

Adequate procedures should be in place for assessing the effectiveness of Senior Management’s performance against the performance objectives set by the Board. For this purpose, annual assessments of their performance against set goals should be carried out at least annually, preferably by an independent party, a control function, or the Board itself. Any identified inadequacies or gaps should be addressed promptly and reported to the Board.


Senior Management should also promote strong risk management and internal controls through personal conduct and transparent policies. Senior Management should communicate throughout the insurer the responsibility of all employees in this respect. It should not interfere with the activities that control functions carry out in the rightful exercise of their responsibilities, including that of providing an independent view of governance, risk, compliance and control related matters.

[ + ] 7.11

The supervisor requires the insurer to demonstrate the adequacy and effectiveness of its corporate governance framework.


The supervisor plays an important role by requiring the Board and Senior Management of the insurer to demonstrate that they are meeting the applicable corporate governance requirements, consistent with these standards, on an ongoing basis. The onus for demonstrating, to the satisfaction of the supervisor, that the corporate governance framework is effective and operates as intended rests with the insurer.


The Supervisor should assess through its supervisory review and reporting processes whether the insurer’s overall corporate governance framework is effectively implemented and remains adequate (see ICP 9 Supervisory Review and Reporting).


To help facilitate the supervisory review and reporting processes, the supervisor should establish effective channels of communication with the insurer, and have access to relevant information concerning the governance of the insurer. This may be obtained through periodic reports to the supervisor and any information obtained on an ad hoc basis (see also Standard 7.7). Communication may also be facilitated by the supervisor having regular interaction with the Board, Senior Management and Key Persons in Control Functions.


The supervisor should assess the governance effectiveness of the Board and Senior Management and determine the extent to which their actions and behaviours contribute to good governance. This includes the extent to which the Board and Senior Management contribute to setting and following the “tone at the top”; how the corporate culture of the insurer is communicated and put into practice; how information flows to and from the Board and Senior Management; and how potential material problems are identified and addressed throughout the insurer.  

To ascertain the ongoing effectiveness of the Board and Senior Management, the supervisor may also consider the use of measures such as the following, where appropriate:
  • ongoing mandatory training that is commensurate with their respective duties, roles and responsibilities of the Board and Senior Management within the insurer;
  • a review of the periodic self-evaluation undertaken by the Board as referred to in Guidance 7.3.3 and 7.11.1;
  • meetings and/or interviews with the Board and Senior Management, both collectively and individually as appropriate, particularly to reinforce expectations relating to their performance and to get a sense of how informed and proactive they are; and
  • attending and observing Board proceedings.

Where remuneration policies of an insurer contain more high risk elements, closer supervisory scrutiny of those policy and practices may also be warranted, including requests for additional information as appropriate to assess whether those practices are having an adverse impact on the ongoing viability of the insurer or commissioning an independent assessment of the insurer’s remuneration policy and practices.