The Insurance (Risk Management and Control Functions) Guidelines, 2022
Official PDF Document Download
Read full text
LAWS OF KENYA THE INSURANCE (RISK MANAGEMENT AND CONTROL FUNCTIONS) GUIDELINES, 2022 NO. 3643 OF 2022 Revised and published by the National Council for Law Reporting with the authority of the Attorney-General as gazetted by the Government Printer www.kenyalaw.org published by the National Council for Law Reporting with the authority of the Attorney-General as gazetted by the Government Printer www.kenyalaw.org Kenya Insurance Act The Insurance (Risk Management and Control Functions) Guidelines, 2022 Gazette Notice 3643 of 2022 Legislation as at 29 March 2022 By Kenya Law and Laws.Africa. Share widely and freely. www.kenyalaw.org | [email protected] FRBR URI: /akn/ke/act/gn/2022/3643/eng@2022-03-29 There is no copyright on the legislative content of this document. This PDF copy is licensed under a Creative Commons Attribution NonCommercial ShareAlike 4.0 License (CC BY-NC- SA 4.0). This license enables reusers to distribute, remix, adapt, and build upon the material in any medium or format for noncommercial purposes only, and only so long as attribution is given to the creator. If you remix, adapt, or build upon the material, you must license the modified material under identical terms. CC BY-NC-SA includes the following elements: • BY: credit must be given to the creator. • NC: Only noncommercial uses of the work are permitted. • SA: Adaptations must be shared under the same terms. Share widely and freely. the creator. • NC: Only noncommercial uses of the work are permitted. • SA: Adaptations must be shared under the same terms. Share widely and freely. The Insurance (Risk Management and Control Functions) Guidelines, 2022 (Gazette Notice 3643 of 2022) Contents STATEMENT OF INTENT .................................................................................................................................................................................... 1 1. Citation ................................................................................................................................................................................................................ 1 2. Interpretation .................................................................................................................................................................................................... 1 3. Application ......................................................................................................................................................................................................... 1 4. Purpose ................................................................................................................................................................................................................ 1 5. ................................................................................................................................................. 1 5. General Principles ........................................................................................................................................................................................... 1 6. Responsibility of the Board of Directors ................................................................................................................................................ 2 7. Responsibility of Management ................................................................................................................................................................... 2 8. Risk Management Framework .................................................................................................................................................................... 2 9. Key Control Functions ................................................................................................................................................................................... 3 10. Risk Management Functions .................................................................................................................................................................... 4 11. ................................................................................................................................................ 4 11. Compliance Function ................................................................................................................................................................................... 4 12. Internal Audit Function .............................................................................................................................................................................. 4 13. Actuarial Function ........................................................................................................................................................................................ 5 14. Reporting Requirements ............................................................................................................................................................................ 5 15. Enforcement .................................................................................................................................................................................................... 5 .................................................................................................................................................... 5 The Insurance (Risk Management and Control Functions) Guidelines, 2022 (Gazette Notice 3643 of 2022) Kenya INSURANCE ACT THE INSURANCE (RISK MANAGEMENT AND CONTROL FUNCTIONS) GUIDELINES, 2022 GAZETTE NOTICE 3643 OF 2022 Published in Kenya Gazette Vol. CXXIV—No. 56 on 29 March 2022 Commenced on 29 March 2022 STATEMENT OF INTENT THE Insurance (Risk Management and Control Functions) Guidelines are made by the Insurance Regulatory Authority pursuant to section 3A(1)(g) of the Insurance Act and are intended to ensure that insurers are managed in a prudent manner by having in place systems for identifying, assessing, monitoring and mitigating the risks that affect their ability to achieve their objectives. 1. Citation These Guidelines may be cited as the Insurance (Risk Management and Control Functions) Guidelines, 2022. 2. y to achieve their objectives. 1. Citation These Guidelines may be cited as the Insurance (Risk Management and Control Functions) Guidelines, 2022. 2. Interpretation In these Guidelines, unless the context otherwise requires— “Act” means the Insurance Act; “control function” means a function that is independent and provides the insurer’s board of directors and the management with an independent assessment of the quality and effectiveness of an insurers’ internal control systems; “head of control function” means a person qualified to head an insurer’s control function; and “insurer” means any insurer registered under the Act and includes insurance groups; 3. Application These Guidelines shall apply to all insurers. 4. Purpose The purpose of these Guidelines is to ensure that an insurer is managed in a prudent manner by putting in place systems for identifying, assessing, monitoring and mitigating the risks that affect achievement of its objectives. 5. General Principles (1) An insurer shall have, as part of its overall corporate governance framework, effective systems of risk management and internal controls, including effective functions for risk management, compliance, actuarial and internal audit. fective systems of risk management and internal controls, including effective functions for risk management, compliance, actuarial and internal audit. (2) The control functions shall be properly authorized and resourced to carry out specific activities and be commensurate to the nature, scale and complexity of the insurer’s business. 1 roperly authorized and resourced to carry out specific activities and be commensurate to the nature, scale and complexity of the insurer’s business. 1 The Insurance (Risk Management and Control Functions) Guidelines, 2022 (Gazette Notice 3643 of 2022) Kenya (3) Insurers who are part of a group shall undertake risk management on a legal entity basis as well as on a group-wide basis. 6. 3643 of 2022) Kenya (3) Insurers who are part of a group shall undertake risk management on a legal entity basis as well as on a group-wide basis. 6. Responsibility of the Board of Directors The roles and responsibilities of the insurer’s board of directors with regard to risk management and control functions shall be— (a) to oversee the development of a risk management strategy and framework, approve the same and ensure it is implemented; (b) to define the insurer’s risk appetite; (c) to review and approve the risk management policies and procedures; (d) to review the framework and risk appetite at least annually; (e) to ensure that the risk management framework is audited at least once every two years by appropriately trained and competent personnel that are operationally independent of the risk management activities; (f) to ensure that there is an appropriate organizational structure, with an appropriate level of independence between staff responsible for risk management and control functions and those responsible for operations; (g) to set authority levels and responsibilities of each control function and determine the content and frequency of reporting; (h) where applicable, to put in place an outsourcing policy and retain the ultimate responsibility in respect of the outsourced material activities or functions; (i) to ensure that the insurer complies with all applicable laws, regulations, supervisory directives and internal policies; and (j) to ensure that the insurer conducts its business ethically and responsibly. e laws, regulations, supervisory directives and internal policies; and (j) to ensure that the insurer conducts its business ethically and responsibly. 7. Responsibility of Management The roles and responsibilities of an insurer’s management with regard to the risk management and control functions shall include— (a) implementation of the risk management strategy and framework approved by the board; (b) translating the risk appetite set by the board into a system of risk management strategies and controls; and (c) implement the approved policies and procedures. 8. Risk Management Framework (1) An insurer shall develop and submit to the Authority a risk management framework which shall be reviewed at least every two (2) years. (2) The risk management framework shall, at a minimum, include the following — (a) documented risk management policies, strategy, procedures and controls and its review process; (b) well-resourced risk management and control functions; (c) Updated Risk Register; and (d) well defined risk governance and responsibilities. 2 ess; (b) well-resourced risk management and control functions; (c) Updated Risk Register; and (d) well defined risk governance and responsibilities. 2 The Insurance (Risk Management and Control Functions) Guidelines, 2022 (Gazette Notice 3643 of 2022) Kenya (3) The risk management framework shall address all material risks and shall at a minimum cover the following risks— (a) strategic - this is the risk associated with a company’s business model and how a company intends to position itself in the market. llowing risks— (a) strategic - this is the risk associated with a company’s business model and how a company intends to position itself in the market. It arises from inability of an insurer to implement appropriate business plans, strategies, decision making, resource allocation and inability to adapt to changes in the business environment; (b) insurance - this is the risk of inadequate or inappropriate underwriting, pricing, reserving, claims management, product design and reinsurance arrangements that will expose a company to financial loss and the consequent inability to meet liabilities as and when they arise; (c) operational - this is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events; (d) market and balance sheet - the risk of loss resulting from adverse investment returns caused by market price volatility, interest rate and credit spread changes and adverse foreign currency rate movements; (e) credit - this relates to the risk of default by borrowers and transactional counterparties leading economic loss to the insurer; (f) liquidity - this arises from an insurer’s inability to discharge its obligations when they fall due without incurring unacceptable costs or inability to transform its assets into cash or cash equivalent in a timely manner at a reasonable price; (g) legal and regulatory - this arises from a company’s non-conformance with laws, rules, regulations or prescribed practices; (h) conduct of business risk - means any action by a regulated entity that is detrimental to consumers of insurance services and products or may lead to instability of the insurance industry in a way that does not ensure fair treatment of customers; and (i) financial crime - this is the risk that products and services of the insurer can be used by criminals for money laundering and terrorist financing. i) financial crime - this is the risk that products and services of the insurer can be used by criminals for money laundering and terrorist financing. 9. Key Control Functions (1) An insurer shall have in place effective key control functions consisting of— (a) risk management; (b) compliance; (c) actuarial; and (d) internal audit. (2) The control functions shall be headed by management staff with relevant qualifications and experience as provided for under section 31(h) of the Act. (3) The control functions shall be well positioned, resourced and empowered. (4) The control functions shall be independent and have access to the board of directors and management. (5) Where a control function is outsourced, the insurer shall seek prior approval from the Authority of the outsourcing arrangement. 3 and management. (5) Where a control function is outsourced, the insurer shall seek prior approval from the Authority of the outsourcing arrangement. 3 The Insurance (Risk Management and Control Functions) Guidelines, 2022 (Gazette Notice 3643 of 2022) Kenya 10. Risk Management Functions (1) The risk management function shall ensure that all of the insurer’s significant risks are detected, measured, managed and duly reported. (2) The risk management function shall be actively involved in mapping out the insurer’s risk strategy as well as in all management decisions that have a significant influence on the risks. (3) The risk management function shall at a minimum— (a) design and implement an effective enterprise risk management framework; (b) assist the board of directors, management and the other functions in the effective operation of the enterprise risk management system; (c) monitor the enterprise risk management system; (d) monitor the general risk profile of the insurer as a whole; (e) report in detail on risk exposures and advise the board of directors and management on risk management matters; and (f) identify and assess emerging risks. 11. Compliance Function (1) The compliance function shall ensure that the insurer complies with all rules, legal and regulatory requirements governing insurer’s operations. n (1) The compliance function shall ensure that the insurer complies with all rules, legal and regulatory requirements governing insurer’s operations. (2) The compliance function shall at a minimum— (a) assist the board of directors, management and the other functions of the insurer to ensure compliance with the relevant rules, laws and regulations; (b) monitor compliance by the insurer, directors, management, staff and authorized persons with rules, laws and regulations; (c) monitor compliance with internal policies and procedures; and (d) report on compliance and advise the board of directors and management on compliance matters. 12. Internal Audit Function (1) The internal audit function shall conduct an independent assessment, and give assurance to the board and management, of the quality and effectiveness of the insurer’s internal controls, risk management and governance system. ive assurance to the board and management, of the quality and effectiveness of the insurer’s internal controls, risk management and governance system. (2) The internal audit function shall at a minimum— (a) establish, implement, and maintain an audit plan setting out the audit work to be undertaken, taking into consideration the nature, scale and complexity of the insurer; (b) submit the audit plan to the board for approval; (c) report on the internal audit findings and recommendations to the board of directors; and (d) monitor implementation of decisions made by the board of directors to management with regard to the internal audit recommendation. 4 irectors; and (d) monitor implementation of decisions made by the board of directors to management with regard to the internal audit recommendation. 4 The Insurance (Risk Management and Control Functions) Guidelines, 2022 (Gazette Notice 3643 of 2022) Kenya 13. The Insurance (Risk Management and Control Functions) Guidelines, 2022 (Gazette Notice 3643 of 2022) Kenya 13. Actuarial Function The actuarial function shall at a minimum— (a) advise on the design and pricing of products and adequacy of reinsurance arrangements; (b) calculate technical provisions; (c) ensure that the methodologies, underlying models and assumptions used for the calculation of the technical provisions are suitable; (d) assess the sufficiency and quality of the data used in the calculation of technical provisions; (e) compare best estimates against experience; (f) assess the insurer’s current and prospective capital adequacy; (g) evaluate and advise on the insurer’s investment policies and the valuation of assets; (h) advise on the distribution of surplus; (i) conduct scenario and sensitivity testing; (j) report to the board of directors and management on any circumstances that may have a material effect on the insurer from an actuarial perspective; (k) report to the board of directors and management on the reliability and adequacy of the calculation of technical provisions, premium rates and capital adequacy; (l) ensure the adequacy of the technical provisions adopted for statutory and financial reporting; and (m) advise on risk modelling and use of internal models where applicable. the technical provisions adopted for statutory and financial reporting; and (m) advise on risk modelling and use of internal models where applicable. 14. Reporting Requirements (1) An insurer shall, on a quarterly basis, submit to the Authority the following reports signed off by the Principal Officer and the respective heads of control function— (a) risk management report; (b) compliance report; (c) internal audit report; and (d) actuarial report on capital adequacy and valuation of technical provisions. (2) The heads of control functions are required to report to the Authority directly where an insurer or its directors may have contravened the Act or any other law and the contravention may prejudice the interests of the policyholders, insurance beneficiaries and claimants. 15. Enforcement Where the Authority determines non-compliance with the provisions of these Guidelines, it may take any intervention prescribed in the Act including— (a) disqualifying or revoking the appointment of an individual in a position as board member, management or key person in a control function; (b) prohibiting the insurer from declaring or paying dividends; (c) imposing additional reporting requirements; (d) withdrawing or imposing conditions on the business license as provided for under the Act; 5 dends; (c) imposing additional reporting requirements; (d) withdrawing or imposing conditions on the business license as provided for under the Act; 5 The Insurance (Risk Management and Control Functions) Guidelines, 2022 (Gazette Notice 3643 of 2022) Kenya (e) reporting misconduct by any person in a position as director, management staff or key person in a control function to the relevant professional body; (f) imposing monetary penalties as provided for under the Act; and (g) taking any other action as may be deemed necessary. 6
Have questions about this law?
Ask Ubutabera AI for instant, cited answers — free with an account. Save laws and download official PDFs too.
Create a free account