ICP 9 Supervisory Review and Reporting

The supervisor uses off-site monitoring and on-site inspections to: examine the business of each insurer; evaluate its financial condition, conduct of business, corporate governance framework and overall risk profile; and assess its compliance with relevant legislation and supervisory requirements. The supervisor obtains the necessary information to conduct effective supervision of insurers and evaluate the insurance market.

[ + ] 9.0

Introductory Guidance


This ICP focuses on the general processes and procedures supervisors should have in place with respect to supervisory review and reporting. For the purpose of this ICP, off-site monitoring and on-site inspections are collectively referred to as “supervisory review”. Aspects of what supervisors may require or assess as part of supervisory review and reporting on specific areas (such as solvency, governance, conduct of business) are dealt with in other ICPs with respect to those ICPs’ specific areas of focus.

Supervision is a dynamic process that includes:
  • developing and implementing a framework for supervisory review and reporting;
  • developing and executing supervisory plans for insurers;
  • analysis of reported and other relevant information;
  • feedback and dialogue between the supervisor and insurers;
  • intervention, including any preventive/corrective measures or sanctions, where necessary;
  • follow-up (including updating the supervisory framework and/or adjusting the frequency and intensity of assessment under supervisory plans); and
  • cooperation and coordination with other relevant supervisors and authorities where necessary.
CF 9.0.a

The group-wide supervisor engages with the Head of the IAIG and, in cooperation with other involved supervisors, carries out a supervisory review to assess the IAIG’s compliance with relevant legislation and supervisory requirements applicable at the level of the Head of the IAIG.

CF 9.0.a.1

This supervisory review may be conducted within the supervisory college (see ComFrame material under ICP 25 Supervisory Cooperation and Coordination).

CF 9.0.a.2

Cooperation with other involved supervisors includes them providing relevant information concerning the insurance legal entities within the IAIG that they supervise. It is the responsibility of the group-wide supervisor to assess the IAIG’s compliance with the relevant legislation and supervisory requirements applicable at the level of the Head of the IAIG.

[ + ] 9.1

The supervisor has a documented framework which outlines its approach for supervisory review and reporting. The supervisor reviews periodically that this framework remains effective and adequate.


While the framework should encompass all insurers within a jurisdiction, it should be sufficiently flexible with varying supervisory review and reporting requirements that allow for taking a risk-based approach. For example, the supervisory processes and activities which are appropriate for a complex, internationally active insurer may be different than those for a small, local insurer.


The supervisor should have documented procedures and/or guidelines for consistent and regular supervisory review and reporting at an appropriate level of depth.


The supervisor should be able to process data in a timely and effective way and have processes and procedures to collect and store reported data securely in an electronic format. The framework should have the necessary protections for confidential information in the possession of the supervisor and for the sharing of information (see ICP 2 Supervisor and ICP 3 Information Sharing and Confidentiality Requirements).


The framework should enable the supervisor to coordinate on-site inspection and off-site monitoring activities. The supervisor should document the results of these activities in such a way that they are accessible and comprehensible to all involved staff.


The supervisor should establish both qualitative and quantitative methods for assessing insurers, in a consistent manner and on an ongoing basis. The supervisor should develop monitoring tools to identify potential risks within or affecting the insurer or its customers in a timely manner.

The framework should enable the supervisor to evaluate the insurer’s business, financial condition, conduct of business and corporate governance framework to determine the insurer’s overall risk profile. In order to achieve this objective, the supervisor should have an understanding of at least the insurer’s:
  • current and prospective solvency, including assets and liabilities and off-balance sheet commitments;
  • capital resources management;
  • technical operations (eg actuarial methods, underwriting policy, reinsurance policy);
  • treatment of customers and whether any activities being engaged in are not fair, lawful or proper;
  • corporate culture, business objectives and strategies and business models;
  • the systems of risk management and internal controls;
  • organisational structure; and
  • compliance with supervisory requirements.

The supervisor should assess the insurer’s enterprise risk management framework for the identification and quantification of risks, and evaluate whether business activities and/or internal practices/processes reflect the insurer’s risk assessment. The supervisor should compare the risk profile of the insurer with its risk-carrying capacity and seek to detect issues that may adversely affect its capacity to meet obligations towards policyholders. The framework should enable the supervisor to analyse trends and compare risk assessments including against any stress test outcomes.


The framework should include assessments of the risks to which insurers are exposed and the risks which insurers may pose to policyholders, the insurance sector and financial stability. These assessments should include risks which may lead to an insurer’s distress or disorderly failure or which may be transmitted through collective activities or exposures of a number of insurers and that may have a serious negative impact on financial stability (see ICP 24 Macroprudential Supervision).


The framework should include sufficiently comprehensive and regular communication between the supervisor and insurers. This communication should involve senior level representatives as well as specialised areas within both the supervisor and insurers, and for insurance groups, may include contact with non-regulated and parent entities. Additionally, there should be appropriate communication channels between the supervisor and the external auditors for the exchange of information relevant to carrying out their respective statutory responsibilities.


The framework should promote pro-active and early intervention by the supervisor, in order to enable the insurer to take appropriate action to mitigate risks and/or minimise current or future problems.


The supervisor’s review of its framework should pay due attention to the evolving risks which may be posed by insurers and to risks to which insurers may be exposed.


As part of the framework review, the supervisor should confer regularly internally as well as externally with other relevant authorities and stakeholders so that all relevant information is being appropriately assessed and analysed, and to facilitate the identification of potential new risks or emerging market trends that the framework may need to address. While the framework should be updated accordingly, the supervisor should be mindful that such updates are not done so frequently or in a manner that causes unnecessary disruption to the supervisory process and/or excessive costs to the supervisor and insurers.


The framework should be suitably flexible so that it may adapt easily and in a timely manner to domestic and global developments in, for example, legislation, the insurance and broader financial markets, or international standards.


The framework of the group-wide supervisor should take into account all entities identified within the scope of the insurance group (see ICP 23 Group-wide Supervision). While insurance groups may have different approaches to governance structures – either more centralised or more decentralised – the framework should include appropriate tools for supervisory review and reporting for all relevant entities (see Issues Paper on Approaches to Group Corporate Governance).


Although the group-wide supervisor may not have the power to conduct supervisory review and reporting of non-regulated entities, it should assess, at least, the potential adverse impact of such non-regulated entities on the group.


Similarly, where the group-wide supervisor does not have the power to conduct supervisory review and reporting of a group legal entity in another jurisdiction, it should communicate and coordinate with the other involved supervisor accordingly. For example, the group-wide supervisor could approach the other involved supervisor to propose a joint on-site inspection or recommend that the other involved supervisor undertake such an inspection, when deemed necessary.

[ + ] 9.2

As part of the supervisory framework, the supervisor develops supervisory plans which set priorities and determine the appropriate depth and level of off-site monitoring and on-site inspection activity.


A supervisory plan is a tool for supervisors to determine the frequency, scope and depth of supervisory review activities. It could be generic (eg addressing categories or groups of insurers) or specific (addressing individual insurers).

In establishing a supervisory plan, the supervisor should assess and determine the key areas of risk to which insurers are exposed or risks which insurers may pose, using its judgement and the information, methodologies and tools at its disposal.
The circular nature of the supervisory framework provides a variety of inputs to help develop and/or adjust supervisory plans. For example, market analyses, internal models, insurers' own risk and solvency assessments (ORSA), horizontal reviews, stress/scenario testing, previous risk and conduct assessments, work of external auditors and information gathered as a result of supervisory reporting requirements provide information the supervisor should use as input in determining the scope and frequency of off-site monitoring and on-site inspections.
CF 9.2.a

The group-wide supervisor’s supervisory plan for an IAIG includes a group-wide risk assessment that is conducted at least annually.

CF 9.2.a.1

The group-wide risk assessment of an IAIG should be conducted with inputs from the supervisory process.

CF 9.2.a.2

The group-wide supervisor should consider the results of the IAIG’s enterprise risk management framework including its ORSA assessment, as part of the group-wide risk assessment.

CF 9.2.a.3

The group-wide supervisor should use information gathered on legal entities within the IAIG from other involved supervisors as another basis for the assessment of group-wide risk. Where other involved supervisors identify risks that may be relevant to the supervision of the IAIG at the group level, they should share their individual risk assessment.

CF 9.2.a.4

The group-wide supervisor should consider inputs from other relevant supervisors not involved in the direct supervision of the IAIG such as macro-prudential analysis, anti-money laundering or combatting the financing of terrorism.

CF 9.2.a.5

To the extent practicable and where useful, the group-wide supervisor should conduct an analysis of the IAIG’s peers as part of the group-wide risk assessment, in cooperation with group-wide supervisors of other IAIGs. Information in the public domain should be used for the purposes of the peer-group analysis. The group-wide supervisor may also use non-public information provided by other supervisors. If sharing non-public information for the purpose of the peer-group analysis, the group-wide supervisor should be conscious of the risk of sharing information that in certain situations could compromise the competitive advantage of the IAIG’s peers. The group-wide supervisor should consider whether it is appropriate to anonymise information shared.

CF 9.2.a.6
In conducting peer group analysis, the group-wide supervisor should consider issues such as:
  • the similarity of business models and geographical scope of IAIGs;
  • the size, type and structure of IAIGs; and
  • internal IAIG practices and governance, including risk management.
CF 9.2.a.7

It is the group-wide supervisor’s responsibility to decide to what extent the outcomes of peer-group analysis are shared with other involved supervisors. Peer-group analysis is subject to confidentiality requirements (see ICP 3 Information Sharing and Confidentiality Requirements).

CF 9.2.b
The group-wide supervisor includes in its group-wide risk assessment of an IAIG, at least, an evaluation of the following:
  • the complexity of the IAIG’s group structure and the resulting risks to effective group-wide supervision;
  • the capital adequacy and the availability of capital to meet group-wide capital requirements taking into account the regulatory capital requirements for each insurance legal entity within the IAIG; and
  • the impact of the complexity of the IAIG’s group structure on the effectiveness of its group-wide corporate governance framework.
CF 9.2.b.1
In conducting the group-wide risk assessment, the group-wide supervisor should consider:
  • the alignment between the IAIG's competitive position, business plans and strategy, risk appetite, and risk-carrying capacity;
  • the IAIG’s approach to its legal and regulatory obligations, its product distribution model and its proposals for dealing with specific areas of risk;
  • non-regulated and non-financial legal entities within the IAIG;
  • the adequacy and outcomes of the IAIG’s stress testing and scenario analysis (see ICP 16 Enterprise Risk Management for Solvency Purposes);
  • the IAIG's ability to meet policyholder obligations in both the near and long-term within the context of the risks arising from the macro environment in which the IAIG's operates; and
  • the potential impact that the IAIG’s distress or disorderly failure would have on policyholders, the insurance sector, and financial stability, as well as the impact from the IAIG’s contribution to collective activities or exposures that may have a serious negative impact on financial stability.
CF 9.2.b.2
In conducting the group-wide risk assessment, the group-wide supervisor should consider:
  • aggregated risk exposures that the IAIG has towards external counterparties, which can arise from direct and indirect exposures, on-balance and off-balance sheet items, regulated and non-regulated legal entities within the IAIG, the same or different financial sectors across the IAIG, or a combination or interaction of such exposures. The group-wide supervisor should evaluate if the Head of the IAIG has adequate oversight and has implemented an adequate risk management system to assess its aggregated credit, market, insurance and liquidity risk concentrations. Such risk concentrations should be viewed in the context of single or closely related drivers of risk that may have material impact on the IAIG;
  • increased operational risk where the IAIG relies on significant cross-border services or support. Such cross-border activity may also increase the complexity of recovery and resolution planning. The group-wide supervisor should evaluate the effectiveness of the IAIG’s policies, processes and systems, and assess whether the IAIG has adequate business continuity plan arrangements to mitigate such cross-border operational risk; and
  • significant intra-group transactions which can give rise to contagion effects within the IAIG, or result in a circumvention of sectoral regulatory requirements. The group-wide supervisor should evaluate whether the Head of the IAIG has adequate oversight over all material intra-group transactions.
CF 9.2.b.3

In conducting the group-wide risk assessment, the group-wide supervisor should assess the adequacy of an IAIG’s capital position against group capital standards applicable at the level of the Head of the IAIG. The role of the group-wide supervisor in conducting and coordinating this assessment is particularly important in cases where the IAIG has a mixture of insurance, banking and securities sector operations.

CF 9.2.b.4

In conducting the group-wide risk assessment, the group-wide supervisor should identify situations that may give rise to double or multiple gearing. Such situations may occur within IAIGs which are not fully consolidated and when one legal entity holds regulatory capital issued by another entity within the IAIG, where the issuer is permitted to include the capital in meeting its own regulatory requirements. These situations can result in an overstatement of group capital. The group-wide supervisor should require that the capital adequacy assessments of the IAIG exclude intra-group holdings of regulatory capital if not performed on a fully consolidated basis.

CF 9.2.b.5

In conducting the group-wide risk assessment, the group-wide supervisor, in cooperation with other involved supervisors, should assess the fungibility of capital (its ability to absorb losses arising anywhere in the IAIG as needed). The group-wide supervisor should take into account regulatory, legal and other requirements that may affect the IAIG’s ability to transfer capital between entities, sectors and jurisdictions, both in normal circumstances and in a crisis.

CF 9.2.b.6
In conducting the group-wide risk assessment, the group-wide supervisor should consider the activities undertaken by non-regulated legal entities within the IAIG by assessing issues such as:
  • the potential contagion risks arising from the activities of non-regulated legal entities due to interdependencies or exposures between the insurance legal entities and the non-regulated legal entities within the IAIG;
  • the competence of the IAIG Board and Senior Management in understanding and managing the risks arising from the non-regulated legal entities, particularly if these entities are significant to the group;
  • the strength of the group capital adequacy to support the insurance legal entities. Non-regulated legal entities’ contribution to the group capital adequacy could be assessed by calculation of a proxy capital requirement as if the legal entity were regulated or through deduction of the group’s interest in the non-regulated legal entity; and
  • where risk has been transferred from regulated to non-regulated legal entities within the IAIG, the group-wide supervisor in cooperation with supervisors of the regulated entities should look through to the overall quantum and quality of assets in the non-regulated entities. The risk assessment should address third party participations and minority interests.
CF 9.2.b.7

In conducting the group-wide risk assessment, the group-wide supervisor should evaluate the results of group-wide stress tests that the IAIG performed.

CF 9.2.b.8

In conducting the group-wide risk assessment, the group-wide supervisor, with input from other involved supervisors, should consider the current and forecasted business and the macroeconomic environment in the material jurisdictions in which the IAIG operates. The group-wide supervisor should assess the cumulative potential impact from this on the operations of the IAIG as well as the impact of the IAIG’s distress, disorderly failure, or its contribution to collective activities or exposures, on financial stability. This analysis by the group-wide supervisor should also be incorporated into forward-looking stress testing to identify possible events or changes in market conditions.

[ + ] 9.3

The supervisor reviews outsourced material activities or functions to the same level as non-outsourced material activities or functions.


The supervisor should review outsourced material activities or functions through the insurer itself, but should also obtain information from, and conduct on-site inspections of, entities engaged in providing outsourced activities or functions for the insurer, where necessary.


The supervisory review process for outsourced material activities or functions may differ from the process used for non-outsourced activities or functions, provided that the supervisory outcomes are met.


Agreements between the insurer and entities providing the outsourced material activities or functions should be drawn up in such a way that the supervisor’s ability to conduct its review is not restricted.

[ + ] 9.4
The Supervisor:
  • establishes documented requirements for the regular reporting of qualitative and quantitative information from all insurers licensed in its jurisdiction;
  • defines the scope, content and frequency of the information to be reported;
  • sets out the relevant accounting and auditing standards to be used;
  • requires that an external audit opinion is provided on annual financial statements;
  • requires insurers to report on any material changes or incidents that could affect their condition or customers;
  • requires insurers to correct inaccurate reporting as soon as possible; and
  • requires more frequent reporting and/or additional information from insurers as needed.

Supervisory reporting requirements should apply to all insurers licensed in a jurisdiction, and form the general basis for off-site monitoring. Supervisory reporting requirements are a reflection of the supervisor’s needs and will thus vary by jurisdiction according to overall market structure and conditions and by insurer according to its nature, scale and complexity.


In setting supervisory reporting requirements, the supervisor may make a distinction for foreign insurers who are allowed to conduct insurance activities within the jurisdiction by way of a local branch or subsidiary or on a cross-border provision of services basis.

The supervisor should require insurers to report both quantitative and qualitative information, including at least:
financial reports, which include at least a balance sheet and income statement as well as a statement of comprehensive income if appropriate;
  • an external audit opinion on annual financial statements;
  • off-balance sheet exposures;
  • material outsourced functions and activities;
  • a description of the insurer’s organisational structure, corporate governance framework and risk management and internal control systems; and
  • information on complaints, claims, surrenders and lapses.

The supervisor should require insurers to utilise a consistent and clear set of instructions and definitions for any element in required reports that is not self-evident, in order to maximise comparability.


The supervisor may require that certain reports and information, such as solvency ratios or technical provisions, are subject to independent (internal or external) review, including audit and/or actuarial review.


While the supervisor sets out the relevant accounting and auditing standards to be used for supervisory reporting, the actual standards are generally established by a party other than the supervisor. To help accounting and auditing standards reflect the nature of insurance business, the supervisor could provide guidance and practices to be used for areas such as fair value estimations and technical provisions.


The external audit of the annual financial statements should be conducted in accordance with auditing standards that are generally accepted internationally.


The supervisor should consider using the work of external auditors in order to support the supervisory review process. For example, the supervisor may utilize the external audits to identify: internal control weaknesses and possible audit material risks; issues resulting from regulatory and accounting changes; changes in insurance and financial risks; and issues encountered in applying the audit approach.


The supervisor should require the external auditor to report matters that are likely to be of material significance without delay. Such matters would include (indication of) material fraud and regulatory breaches or other significant findings identified in the course of the audit. Such information should be provided to the supervisor without the need for prior consent of the insurer and the external auditor should be duly protected from liability for any information disclosed to the supervisor in good faith.


Depending on the nature, scale and complexity of the insurer, more frequent reporting and/or additional information may be requested from specific insurers on a case-by-case basis.


The supervisor should require that information on changes that could materially impact the insurer’s risk profile, financial position, organisational structure, governance or treatment of its customers is provided by the insurer in a timely manner.


The supervisor periodically reviews its reporting requirements to ascertain that they still serve their intended objectives and to identify any gaps which need to be filled. Assessing the results of off-site monitoring and on-site inspections may help inform such a review.


The supervisor should require an insurance legal entity which is part of an insurance group to describe its group reporting structure, and to provide timely notification of any material changes to that structure and significant changes or incidents that could affect the soundness of the insurance group. The description of the reporting structure should include information on the relationships between entities within the insurance group, and on the nature and volume of material intra-group transactions. The supervisor may require information on the impact on the insurance legal entity of being part of an insurance group.


The supervisor may request and obtain relevant information about any entity within an insurance group, subject to applicable legal provisions and coordination with the supervisors of affected jurisdictions.


The group-wide supervisor should establish its supervisory reporting requirements on a group-wide basis in coordination with the other involved supervisors. Such coordination may help the group-wide supervisor understand what information is being reported and avoid any gaps as well as facilitate the submission of information on group entities in other jurisdictions.


In order to better understand the group and its risks, the group-wide supervisor should require the group to submit information on the group structure, business operation and financial position of material entities within the insurance group and relationship among entities within the insurance group, including participation in other group entities and material intra-group transactions.

CF 9.4.a

The group-wide supervisor requires the Head of the IAIG to report the reference ICS and, at the option of the group-wide supervisor, any additional reporting related to the ICS.

CF 9.4.a.1

Reporting to the group-wide supervisor should be on a confidential basis for the purpose of discussion in the supervisory college.

[ + ] 9.5

The supervisor monitors insurers on an ongoing basis, based on communication with the insurer and analysis of information obtained through supervisory reporting as well as market and other relevant information.


The supervisor should be proactive and forward-looking in conducting effective off-site monitoring, and not rely only on historical data. The supervisor should analyse information obtained in a timely manner.


The results of off-site monitoring should influence the supervisory plan and help determine the content, nature, timing and frequency of on-site inspections. Off-site monitoring may also enable the early detection of problems so that prompt and appropriate supervisory responses can be taken before such problems become more serious.


Analysis by the supervisor may provide a deeper understanding of developing trends affecting an insurer and its customers. Analysis by business lines, customer grouping and/or distribution channels may provide insights into the insurer’s overall risk profile.


The supervisor should establish and follow documented procedures for the analysis and monitoring of the supervisory reporting that it receives. These may be conducted by individual supervisory staff using monitoring tools and/or specialised resources, as appropriate.


Examples of ways in which this Standard and its corresponding guidance can be pursued include the following [see text in Annex].

[ + ] 9.6

The supervisor sets the objective, scope and timing for on-site inspections of insurers, develops corresponding work programmes and conducts such inspections.


On-site inspections help the supervisor to identify strengths and weaknesses within an insurer, and to assess and analyse the risks to which an insurer and its customers are exposed.


On-site inspections may supplement the analysis from off-site monitoring and provide the supervisor with the opportunity to verify information it has received. On-site inspection may also help detect problems that may not be apparent through off-site monitoring. It is important that on-site inspections are coordinated with off-site monitoring to increase efficiency and avoid duplication of work.


On-site inspections should be tailored to the particular insurer and its risks. However, an on-site inspection work programme should remain flexible since new priorities might arise.


The on-site inspection work programme should take account of the insurer’s distribution model, the nature, size and profile of its customer base and its relative importance in the market. On-site inspections should be more frequent and more in- depth for insurers which are in a difficult financial position or where there is concern that their business practices pose a high risk of negative customer outcomes.


The supervisor may use independent experts (see ICP 2 Supervisor) to conduct part of an on-site inspection, for instance when additional resources or specific expertise is needed.


The supervisor can conduct on-site inspections on either a broad or targeted basis. The purpose of a broad on-site inspection is to assess the overall condition, activities and risk-profile of the insurer. A targeted on-site inspection is focused on a specific area or areas of an insurer, such as a particular key activity or process. Targeted on-site inspections can also be carried out across a number of insurers based on a specific theme, activity or risk (sometimes called "thematic reviews"). Targeted on-site inspections can be very effective in focusing supervisory resources quickly on those areas requiring immediate attention. If a targeted on-site inspection leads to other areas of supervisory concern, the supervisor may determine that a broad on-site inspection is necessary.


Advance notice is normally given to the insurer before the supervisor conducts an on-site inspection so that both parties may plan accordingly. However, the supervisor may decide not to provide advance notice in certain circumstances.


Examples of ways in which this Standard and its corresponding guidance can be pursued include the following [see text in Annex].

CF 9.6.a

The group-wide supervisor performs on-site inspections at the level of the Head of the IAIG.

CF 9.6.a.1

The group-wide supervisor’s on-site inspections should consider group-wide activities and major risks that impact legal entities within the IAIG.

CF 9.6.a.2

During on-site inspections, the group-wide supervisor should have access to the IAIG Board, Senior Management and Key Persons in Control Functions responsible for the group-wide functions wherever these functions are performed. Where the group-wide functions are performed by an insurance legal entity within the IAIG, which is outside the jurisdiction of the group-wide supervisor, the group-wide supervisor should inform the relevant other involved supervisor prior to approaching this insurance legal entity as part of the on-site inspection carried out at the level of the Head of the IAIG.

CF 9.6.a.3

Other involved supervisors should inform the group-wide supervisor of significant planned on-site inspections and communicate the main findings to the supervisory college where they are material to the IAIG or to another insurance legal entity within the IAIG.

CF 9.6.b

Where appropriate, the group-wide supervisor, or other involved supervisors with reasonable supervisory interest, join on-site inspections of an insurance legal entity in another jurisdiction, coordinated by the relevant involved supervisor, with prior consent from that supervisor.

CF 9.6.b.1

Relevant involved supervisors should consider organising a joint on-site inspection to address issues that are material to the IAIG or to another insurance legal entity within the IAIG. The relevant involved supervisor should share the main outcomes of a joint on-site inspection within the supervisory college.

[ + ] 9.7

The supervisor discusses with the insurer as soon as practical any relevant findings of the supervisory review and the need for any preventive or corrective measures.


The supervisor should provide appropriate feedback in a timely manner to the insurer during the ongoing supervisory review process. The supervisor should issue in writing the findings of the review and the actions required. In many circumstances, the supervisor’s initial action will be to discuss the issue with the insurer, which may resolve the issue and require no further action. However some issues may require preventive or corrective measures, and in some cases imposing sanctions (see ICP 10 Preventive Measures, Corrective Measures and Sanctions).


Whether and how the insurer has subsequently addressed issues identified by the supervisor should be considered in the evaluation of the insurer and should be factored into the ongoing supervisory plan.

CF 9.7.a

The group-wide supervisor communicates the results of the group-wide supervisory review of the IAIG, including the group-wide risk assessment, to the supervisory college and, as appropriate, to the Head of the IAIG.

Examples of ways in which Standards 9.5 and 9.6 and their corresponding guidance can be pursued include the following:
A) The evaluation of the effectiveness of the insurer’s corporate governance framework, including its risk management and internal control systems, can be done through:
  • reviewing and analysing the minutes of the Board and its committees;
  • examining communications provided by the auditors to the Board and/or the Audit Committee, such as the auditors’ reports;
  • analysing information obtained from and/or received through direct engagement with the external auditor on substantial insights into the insurer’s corporate governance framework, control environment, and financial reporting;
  • evaluating the suitability of significant owners by analysing the ownership structure and sources of finance/funding;
  • evaluating the independence of the Board Members, the suitability of the Board Members, Senior Management and Key Persons in Control Functions, their effectiveness, and their ability to acknowledge improvement needs and correct mistakes (especially after such needs or mistakes have been identified by the insurer, its auditors, or the supervisor and after changes of management and in the Board);
  • testing the insurer's internal policies, processes and controls in order to assess compliance with regulations and/or adequacy of these in light of the insurer's risk profile;
  • testing the accounting procedures in order to assess accuracy of the financial and statistical information periodically sent to the supervisor and its compliance with the regulations; and
  • evaluating the organisational structure and the management of the insurer.
B) Analyses of the nature of the insurer’s activities can be done through:
  • analysing business lines, the type of products offered, policyholders and location of business;
  • analysing the distribution model(s) used;
  • meeting with the management to get information and a deeper understanding about current and future business plans;
  • analysing material contracts;
  • analysing the sales and marketing policies of the insurer, in particular, policy conditions and remuneration paid to the intermediaries; and
  • evaluating the reinsurance cover and its security. In particular, the reinsurance cover should be appropriate with regard to the financial means of the insurer and the risks it covers.
C) Analyses of the relationships with external entities can be done through:
  • analysing organisational charts, the group structures and the intragroup links;
  • analysing the relationships with major investors and among branches and subsidiaries;
  • analysing intragroup transactions, fees and other arrangements, including identifying instances of cross-subsidisation of businesses within a group or non-arm's length fees and charges;
  • analysing agreements with external service providers;
  • identifying financial problems originating from an entity in the group to which the insurer belongs; and
  • identifying of conflicts of interest arising from intra-group relationships or relationships with external entities.
D) Evaluation of the insurer's financial condition can be done through:
  • analysing audited financial statements and off-balance sheet commitments;
  • analysing the settlement of claims and the calculation of technical provisions according to current regulations;
  • analysing the operations and financial results by line of business;
  • analysing the investment policy (including derivatives policy) and the assets held to cover the technical provisions;
  • valuation of the insurer’s investments;
  • assessing litigation in which the insurer is a party; and
  • analysing the forecasted balance sheets and profit
E) Assessment of the insurer's fair treatment of customers can be done through:
  • assessing the culture of the insurer in relation to customer treatment, including the extent to which the insurer’s leadership, governance, performance management and recruitment, complaints handling policies and remuneration practices demonstrate a culture of fair treatment to customers;
  • assessing how conflicts of interests with customers are identified, managed and mitigated;
  • reviewing how products are designed and distributed to ensure they fulfil the customers’ demands and needs;
  • checking the adequacy, appropriateness and timeliness of the information and advice given to customers;
  • reviewing the handling and timing of claims and other payments;
  • reviewing the handling, frequency and nature of customer complaints, disputes and litigation; and
  • reviewing any customer experience reports used by the insurer or from other sources, such as an ombudsman.