The supervisor should initiate escalating measures to prevent a breach of regulatory requirements by an insurer, respond to a breach of regulatory requirements by an insurer, and enforce those measures to ensure that the insurer responds to the supervisor’s concerns. Preventive measures should be used to prevent a breach of regulatory requirements and corrective measures should be used to respond to a breach of regulatory requirements. Functionally, supervisors may take similar or identical actions as preventive or corrective measures. In addition, where a regulatory requirement has been violated, supervisors may use sanctions.

The supervisor should promptly and effectively deal with insurer non-compliance with regulatory requirements or supervisory measures that could put policyholders at risk, could pose a threat to financial stability, or could impinge on any other supervisory objectives. The more significant the threat to policyholders’ interests or to financial stability, then the quicker the supervisor will need to act and to require action from the insurer, and the more significant the measures that may be required. By mitigating certain risks, preventive and corrective measures that are primarily intended to protect policyholders may also contribute to financial stability, by decreasing the probability and magnitude of any negative systemic impact.

Circumstances may arise when preventive or corrective measures are insufficient to prevent an insurer from being no longer viable, or likely to become no longer viable, and therefore need to exit the market or be resolved (see ICP 12 Exit from the Market and Resolution).

As part of the supervisory framework (see ICP 9 Supervisory Review and Reporting), the supervisor should consider in advance how to use preventive and corrective measures, enforcement of those measures, and the imposition of sanctions. A supervisor’s framework should be documented to assist in the delivery of consistent supervision over time. It is crucial that the framework leaves room for the exercise of supervisory judgement and discretion, so flexibility should be allowed in the use of preventive measures, corrective measures and sanctions. In addition to general criteria, other parts of the framework on preventive measures, corrective measures and sanctions can also be released publicly, particularly where the supervisor feels that this additional transparency will lead to the market functioning more effectively. The decision-making processes that underpin the supervisory framework should function in a way that allows the supervisor to take immediate action when necessary.

In some instances, the supervisor will need to work with other authorities or bodies in order to take or enforce supervisory measures or sanctions against an insurer. For example, some measures or sanctions will require the approval of a judicial body.

There are different methods by which supervisory outcomes can be achieved. The method chosen may vary depending on the jurisdiction’s legal framework. In some jurisdictions, one method is to accept an enforceable written agreement to do, or not to do, some thing or things from the insurer in question. The potential advantages of achieving an outcome by this route are that it can be quicker and less costly. This option can be used to achieve outcomes related to preventive or corrective measures or to sanctions.

Measures or sanctions targeted at non-insurance legal entities within an insurance group may require the supervisor to work with other regulatory authorities.

The supervisor for an insurance legal entity within an insurance group should inform other involved supervisors when taking supervisory measures against or imposing sanctions on that insurance legal entity, where those sanctions are material or otherwise relevant to those supervisors.

The supervisor should have in place mechanisms to identify when unlicensed insurance activity is being carried out. Examples of such mechanisms include monitoring of media and advertising, review of consumer complaints or encouraging industry and other stakeholders to notify the supervisor of suspicious activity.

Where unlicensed activity is identified, the supervisor should act to address the issue. Examples include requiring the unlicensed entity to apply for a licence, seeking court orders to require the unlicensed entity to stop the activity, informing law enforcement authorities of criminal and/or civil concerns, imposing sanctions on the individual/entity or publicising the fact that the individual and/or entity is/are not licensed to conduct insurance activities.

Determining when an insurer seems likely to operate in a manner that is inconsistent with regulatory requirements will require a degree of discretion on the part of the supervisor. Nevertheless, concerns that necessitate preventive measures should be well founded based on the supervisor’s assessment.

If the insurer operates in a manner that is likely to impact its ability to protect policyholders’ interests or pose a threat to financial stability, the supervisor should act more urgently in requiring preventive measures.

The supervisor should communicate concerns to the insurer with a promptness that reflects the significance of the concern. Some concerns, such as relating to insurer solvency, policyholder protection, or financial stability, will be sufficiently significant to require immediate communication to the insurer. Other concerns, although significant, may not require such rapid communication, but should still be communicated appropriately. For example, it is unlikely to be appropriate for a supervisor to wait for the next on-site visit to an insurer before communicating a significant concern.

The supervisor should promptly bring significant concerns to the attention of the Board because it has ultimate responsibility for the insurer and that such concerns are resolved. In addition, the supervisor should also communicate with Senior Management and with Key Persons in Control Functions to bring significant concerns to their attention.

The supervisor should have available a range of preventive measures broad enough to address insurers of all sizes and complexities. Preventive measures should be chosen to address the severity of the insurer’s problems.

•  restrictions on business activities, such as:
  • prohibiting the insurer from issuing new policies or new types of product;
  • requiring the insurer to alter its sales practices or other business practices;
  • withholding approval for new business activities or acquisitions;
  • restricting the transfer of assets;
  • prohibiting the insurer from continuing a business relationship with an intermediary or othe outsourced provider, or requiring the terms of such a relationship to be varied;
  • ​restricting the ownership of subsidiaries; and
  • restricting activities of a subsidiary where, in its opinion, such activities jeopardise the financial situation of the insurer;
• directions to reinforce the insurer’s financial position, such as:
  • requiring measures that reduce or mitigate risks (for example, restricting exposures, through either hard or soft limits, to individual counterparties, sectors, or asset classes);
  • requiring an increase in capital;
  • restricting or suspending dividend or other payments to shareholders; and
  • restricting purchase of the insurer’s own shares; and
• other directions, including:
  • requiring the reinforcement of governance arrangements, internal controls or the risk management system;
  • requiring the insurer to prepare a report describing actions it intends to undertake to address specific activities the supervisor has identified, through macroprudential surveillance, as potentially posing a threat to financial stability (see ICP 24 Macroprudential Supervision);
  • facilitating the transfer of obligations under the policies from a failing insurer to another insurer that accepts this transfer;
  • suspending the licence of an insurer; and
  • barring individuals acting in key roles from such roles in future.

• temporarily delaying or suspending, in whole or in part, the payments of the redemption values on insurance liabilities or payments of advances on contracts;
• lowering the maximum rate of guarantees for new business or introducing additional reserving requirements; or
• incentivising the use of a system-wide lending facility, when available, for market-wide liquidity issues extending to insurers.

The supervisor should take steps to address problems arising from Board Members, Senior Management, Key Persons in Control Functions, significant owners, external auditors and any other person who plays a significant role within the insurer. For example, the supervisor should require the insurer to replace or restrict the power and role of those involved (listed above) in the governance processes if the supervisor has material concerns with management or governance.

The supervisor should reject, rescind and/or request a court to revoke the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to, or does not adhere to, established professional standards.

• the auditor does not have adequate insurance industry knowledge and competence;
• there is an identified issue with auditor objectivity and independence;
• the auditor does not disclose to the supervisor matters that it is required to disclose;
• clear audit quality concerns are identified, such as if the auditor fails to test internal control systems sufficiently, the auditor is not appropriately sceptical, or does not appropriately challenge the insurer’s management regarding the major accounting figures; or
• the auditor’s system of internal quality control appears ineffective.

The Guidance under Standard 10.2 is equally applicable when considering corrective measures.

In addition to the supervisory tools set out in 10.2.6, when considering corrective measures the supervisor may find it necessary, in cases of serious breach of regulatory requirements, to revoke the licence of an insurer. The supervisor should be able to enforce this decision.

If the insurer does not prepare an acceptable plan in a specified timeframe to respond to the supervisor’s concerns, the supervisor should impose such a plan on the insurer.

The supervisor should require the insurer to prepare a plan to resolve the concerns within an acceptable timeframe. The plan should include actions proposed by the insurer or preventive or corrective measures required by the supervisor. What is acceptable as a timeframe will depend on the circumstances of the concerns raised.

The supervisor should review the results of the actions that the insurer has taken. The supervisor should review both whether the actions have been taken and, if so, the effectiveness of the actions.

The supervisor may require assurance from an independent reviewer regarding adequate resolution of significant concerns. In such cases the supervisor may also require that such an independent reviewer be appointed at the expense of the insurer.

Supervisory measures should escalate in line with the supervisor’s concerns about the insurer. If the insurer’s inaction leads to an increased risk to policyholders, then the supervisor should respond by requiring stronger measures to mitigate this risk.

The supervisor should require further measures if its concerns with the insurer become worse, including if the insurer fails to take the actions in a plan.

Enforcement of preventive or corrective measures could involve the supervisor issuing a formal direction to an insurer to take particular actions or to cease conducting particular activities. It could also involve the supervisor seeking the assistance of other authorities, or the courts, to enforce a measure.

The supervisor should be able to impose a range of sanctions, which could be administrative, civil or criminal in nature. These can include the ability to impose fines, the ability to bar individuals acting in key roles from holding similar roles in future, and the ability to require remediation (such as requiring compensation of policyholders in cases of mis-selling). It is recognised that supervisors will not always be able to take a full range of legally binding actions themselves and may need to act in conjunction with, or refer matters to, other authorities, in particular, in the case of criminal penalties.

In some cases it may be appropriate to apply sanctions against insurers or individuals when justified by their actions, or inactions.

• fail to provide information to the supervisor in a timely fashion;
• withhold information from the supervisor;
• provide information that is intended to mislead the supervisor;
• deliberately misreport to the supervisor; or
• do not act in accordance with orders or directions imposed on the insurer.

The sanctions imposed by the supervisor should be commensurate with the nature and severity of the insurer’s non-compliance with regulatory requirements. Administrative or procedural breaches will generally attract less severe sanctions than breaches arising from an insurer’s intentional disregard of regulatory requirements. The sanction imposed should be sufficiently dissuasive so that the insurer, or other insurers, do not commit a similar breach in the future.

The supervisor should impose more severe sanctions relative to the gravity of the breach where an insurer’s history demonstrates a pattern of non-compliance with regulatory requirements.

The supervisor may impose sanctions on insurers or individuals in addition to supervisory measures or in the absence of supervisory measures.

The imposition of sanctions against an insurer or an individual typically should not delay either supervisory measures or insurer action taken in response to supervisory measures. However, in some instances, the nature of the sanctions may delay supervisory measures. For example, where a supervisor sanctions an insurer by requiring a number of Senior Managers to be replaced with new individuals, supervisory measures intended to improve the governance of the insurer may not be practical until after the new individuals are appointed.

The supervisor, or another responsible authority in the jurisdiction, should take action to enforce sanctions that have been imposed.

The supervisor should sanction insurers and individuals within a consistent framework, so that similar violations and weaknesses attract similar sanctions. Supervisors should consider how proposed sanctions relate to previous cases. The supervisor should identify precedents where the supervisor has sanctioned an insurer or individual for similar actions/inactions. Where the supervisor has sanctioned an insurer or individual for similar actions/inactions, then the supervisor should consider carefully whether a comparable sanction is appropriate. If the supervisor concludes that a very different sanction is appropriate, the supervisor should be prepared to explain why it reached this conclusion.

In order for sanctions to have a deterrent effect on other insurers, the fact of the sanction, and sufficient details of the breach, should in general be published. However, the supervisor should retain the discretion to take a different course of action (for example, not to publish, or to delay publication) where this would further the achievement of supervisory objectives or it is otherwise in the public interest to do so.