Insurance (prudential standard) determination No. 16 of 2008 Prudential Standard GPS 221 Risk Management: Level 2 Insurance Groups (Cth)
Insurance (prudential standard) determination No. 16 of 2008
Prudential Standard GPS 221 Risk Management: Level 2 Insurance Groups
Insurance Act 1973
I, John Roy Trowbridge, a Member and delegate of APRA, under subsection 32(1) of the Insurance Act 1973 (the Act), DETERMINE Prudential Standard GPS 221 Risk Management: Level 2 Insurance Groups in the form set out in the Schedule, which applies to each:
(a)general insurer;
(b)authorised NOHC; and
(c)subsidiary of a general insurer or authorised NOHC
that is parent entity of a Level 2 insurance group.
This instrument takes effect on 31 March 2009.
Dated 17 December 2008
[Signed]
John Trowbridge
Member
Interpretation
In this instrument:
APRA means the Australian Prudential Regulation Authority.
authorised NOHC has the meaning given in section 3 of the Act.
general insurer has the meaning given in section 11 of the Act.
Level 2 insurance group has the meaning given in the Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 14 of 2008.
parent entity has the meaning given in the Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 14 of 2008 (which is affected by paragraph 11 of that standard).
subsidiary has the meaning given in the Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 14 of 2008.
Schedule
Prudential Standard GPS 221 Risk Management: Level 2 Insurance Groups comprises the 8 pages commencing on the following page.
Prudential Standard GPS 221
Risk Management: Level 2 Insurance Groups
| Objective and key requirements of this Prudential Standard This Prudential Standard aims to ensure that a Level 2 insurance group has systems for identifying, assessing, mitigating and monitoring the risks that may affect the ability of APRA-authorised insurers within the group to meet their obligations to policyholders. Level 2 insurance groups must maintain a group-wide risk control framework that includes risk management (including capital management), reinsurance management, business continuity management and outsourcing for Level 2 insurance groups. To meet this Prudential Standard’s requirements, a Level 2 insurance group must: · have a risk management framework which includes a documented Risk Management Strategy, sound risk management policies and procedures, clearly defined managerial responsibilities and controls, a dedicated risk management function and a documented Business Plan; · annually review its Risk Management Strategy, and submit to APRA when any material changes are made; · submit a Risk Management Declaration to APRA on an annual basis; · submit a Financial Information Declaration to APRA on an annual basis; · have a Reinsurance Management Framework, which includes a documented Reinsurance Management Strategy, sound reinsurance management policies and procedures, clearly defined managerial responsibilities and controls; · annually review its Reinsurance Management Strategy, and submit to APRA, when any material changes are made; · submit a Reinsurance Arrangements Statement to APRA; · submit to APRA details of the effects of limited risk transfer arrangements entered into by foreign entities within the group; · ensure that each part of the group has in place Business Continuity Management appropriate to the nature and scale of its operations; and · ensure that any outsourcing arrangements involving material business activities entered into are subject to appropriate due diligence, approval and on-going monitoring. |
Authority
This Prudential Standard is made under paragraph 32 of the Insurance Act 1973 (the Act).
Application
This Prudential Standard applies[1] to each:
[1] Refer to sections 32 and 35 of the Insurance Act 1973 (the Act).
(a)general insurer (insurer);
(b)authorised NOHC; and
(c) subsidiary of an insurer or authorised NOHC
that is parent entity of a Level 2 insurance group.
Insurers and authorised NOHCs must, subject to paragraph 29, comply with this Prudential Standard from 31 March 2009 (effective date).
Unless otherwise specified in this Prudential Standard, the following prudential standards apply to a Level 2 insurance group as if references to “insurer” in those prudential standards were references to “Level 2 insurance group”:
(a)Prudential Standard GPS 220 Risk Management (GPS 220);
(b)Prudential Standard GPS 230 Reinsurance Management (GPS 230);
(c)Prudential Standard GPS 231 Outsourcing (GPS 231); and
(d)Prudential Standard GPS 222 Business Continuity Management (GPS 222).
In general, Level 2 insurance groups are subject to the same risk management requirements as Level 1 insurers. Where Level 2 insurance groups are subject to additional or alternative prudential requirements, these are specified in this Prudential Standard.
Where a requirement is expressed to be imposed on a Level 2 insurance group in this Prudential Standard, the parent entity of the group must ensure that the group meets the requirement.
GPS 220 and GPS 230 allow an insurer which is part of an insurance group to meet certain requirements of GPS 220 and GPS 230 on a group basis. Where:
(a)a requirement of GPS 220 or GPS 230 is met on a group basis;
(b)APRA has not required one or more Level 1 insurers within the Level 2 insurance group to comply with the requirement on an individual basis; and
(c)APRA has not required the Level 1 insurer to comply with the requirement in respect of a different insurance group within the wider corporate group
the Level 2 insurance group is not required to comply with the corresponding requirement of this Prudential Standard separately.[2]
[2] In cases where APRA is of the view that compliance on a group basis is inadequate for proper prudential supervision of any individual insurer within the group, APRA has power under Prudential Standard GPS 220 Risk Management (GPS 220) and Prudential Standard GPS 230 Reinsurance Management (GPS 230) to require separate compliance by that insurer.
For the purposes of applying the prudential standards referred to in paragraph 4 to a Level 2 insurance group, references to an Appointed Auditor in those prudential standards shall be taken to be references to a Group Auditor[3] of the group.
[3] As defined in Prudential Standard GPS 311 Audit and Actuarial Reporting and Valuation for Level 2 Insurance Groups (GPS 311).
For the purposes of applying the prudential standards referred to in paragraph 4 to a Level 2 insurance group, references to an Appointed Actuary in those prudential standards shall be taken to be references to a Group Actuary[4] in the context of the group.
[4] As defined in GPS 311.
Interpretation
Unless otherwise defined in this Prudential Standard, expressions in bold are defined in Prudential Standards GPS 001 Definitions (GPS 001).
The role of the Board and senior management
The Board of directors (Board) of the parent entity of the Level 2 insurance group is responsible for meeting all of the requirements specified in this Prudential Standard for the Level 2 insurance group.
The Board must take a whole-of-business approach in ensuring compliance with this Prudential Standard, including taking into account the Australian business and international business of the group.
For the avoidance of doubt, compliance by a Level 2 insurance group with the requirements of this Prudential Standard does not relieve the Board of a Level 1 insurer within the group from the need to comply with any prudential requirements that are specific to the Level 1 insurer.
Risk management framework and risk management strategy (RMS)
In addition to the requirements relating to the risk management framework and RMS applicable to a Level 2 insurance group under GPS 220 read with this Prudential Standard, a Level 2 insurance group must ensure that its risk management framework and RMS cover its international business.
Risk management function
Where a Level 2 insurance group complies with the requirement to have a risk management function (or role) within the group under GPS 220 read with this Prudential Standard, a Level 1 insurer within the group does not need to have its own risk management function unless otherwise required to by APRA.
Business Plan
Where:
(a)a Level 2 insurance group complies with the requirement to maintain a Business Plan under GPS 220 read with this Prudential Standard; and
(b)the Business Plan includes adequate detail about Level 1 insurers within the group
the Level 1 insurers within the group are not required to maintain separate Business Plans under GPS 220.
A Level 2 insurance group must assess the adequacy of capital levels of non-consolidated subsidiaries. Details of this assessment must be included in the group's business plan.
Risk management declaration and financial information declaration
In addition to the requirements relating to the risk management declaration and financial information declaration applicable to a Level 2 insurance group under GPS 220 read with this Prudential Standard, a Level 2 insurance group must:
(a)ensure that its risk management declaration and financial information declaration cover its international business; and
(b)make an attestation, in its risk management declaration, as to the compliance of any entity in the group carrying on insurance business in a foreign jurisdiction with the applicable minimum capital requirements, if any, in that jurisdiction. Any instances where an entity of the group does not satisfy the local minimum capital requirements in a foreign jurisdiction must be noted in the attestation. Reasons for not complying with any relevant capital requirements must also be provided.
Reinsurance Management Strategy
In addition to the requirements relating to REMS applicable to a Level 2 insurance group under GPS 230 read with this Prudential Standard, a Level 2 insurance group must ensure that its REMS covers its international business.
Reinsurance Arrangements Statement
APRA may vary the requirements of paragraph 28 of GPS 230 in relation to a Level 2 insurance group's Reinsurance Arrangements Statement. A Level 2 insurance group's application for this variation must be made by the parent entity and set out how the proposed content of the Reinsurance Arrangements Statement (as varied) will provide substantiation of the group’s Reinsurance Management Strategy. In deciding whether to vary the requirements of paragraph 28 of GPS 230, APRA must have regard to the matters stated in the application and any other relevant considerations.
The requirement for documentation of reinsurance arrangements in paragraphs 29 to 32 of GPS 230 does not apply to the international business of the Level 2 insurance group.
Reinsurance Declaration
A Level 2 insurance group does not need to complete a reinsurance declaration.
Limited Risk Transfer Arrangements
Under GPS 230, all Level 1 insurers within a Level 2 insurance group must submit to APRA details of all proposed Limited Risk Transfer Arrangements for approval prior to entering into such arrangements. A Level 2 insurance group is not required to submit to APRA, for approval, any Limited Risk Transfer Arrangement proposed to be entered into by any entity in the group that is not a Level 1 insurer. However, a Level 2 insurance group must provide details to APRA of the effect of any Limited Risk Transfer Arrangements entered into by any entities that are not Level 1 insurers.
Business Continuity Management (BCM)
For each operational segment identified, a Level 2 insurance group must ensure that each segment's BCM meets the requirements in GPS 222. In addition to the requirements applicable to Level 2 insurance groups under GPS 222, a Level 2 insurance group must:
(a) ensure that each part of the group has in place BCM appropriate to the nature and scale of its operations consistent with the Level 2 insurance group’s RMS;
(b) consistently apply BCM for each part of the group;
(c) apply BCM to risk assessments and risk processes at a functional level in the group, where appropriate;
(d) ensure that the Business Continuity Plan (BCP) required under GPS 222 read with this Prudential Standard is reviewed at least annually by responsible senior management of the parent entity of the group; and
(e) ensure that the BCP is periodically reviewed by the group internal audit function or an external expert.
The Board may delegate operational responsibility for the BCM to a responsible committee and/or senior management of the parent entity of the group. The operational responsibility must be clearly expressed in the charter of the committee and/or in the performance objective of the responsible senior management.
Outsourcing
In addition to the requirements on outsourcing under GPS 231 read with this Prudential Standard, a Level 2 insurance group must develop an outsourcing policy that includes a group approach to outsourcing of material business activities for both Australian and international business.
For the purposes of GPS 231 read with this Prudential Standard, the international business of a Level 2 insurance group does not constitute offshoring as defined in GPS 231. The requirements relating to offshoring under GPS 231 read with this Prudential Standard do not apply to the international business of a Level 2 insurance group. However, a Level 2 insurance group must comply with any requirement relating to offshoring in respect of any other activity falling within the meaning of offshoring under GPS 231 read with this Prudential Standard.
Other notification requirements
Where a Level 2 insurance group carries on insurance business outside Australia, it must notify APRA, in writing, if it becomes aware that:
(a)its right to conduct business in any foreign jurisdiction has ceased; or
(b)its right to conduct insurance business has been limited by a law of the jurisdiction in which the business is being conducted; or
(c)its right to conduct insurance business has been otherwise materially affected under a law of the jurisdiction in which the business is being conducted; or
(d)its right to conduct insurance business has otherwise been withdrawn.
The group must provide written notification to APRA within one month of the event occurring.
Transition, adjustments and exclusions
APRA may grant a period of transition to a Level 2 insurance group by determining a later effective date for this Prudential Standard for the group where the parent entity has applied for such transitional relief. The effective date determined by APRA will be no later than 31 December 2009.
Where a Level 2 insurance group contains an entity that meets the controlled entity definition over which the parent entity cannot exercise operational or financial control, APRA may adjust or exclude a specific prudential requirement in this Prudential Standard that would otherwise apply in relation to that specific entity within the Level 2 insurance group. The parent entity must apply for such a determination. The application must demonstrate that the Level 2 insurance group does not control the internal operations of an entity and also indicate how it has addressed this situation in its risk management framework.
On the application of a Level 2 insurance group, APRA may by notice in writing to the parent entity of the Level 2 insurance group adjust or exclude a specific prudential requirement in this Prudential Standard in relation to that Level 2 insurance group.
0
0
0