The Securities and Exchange Commission of Pakistan (SECP) will make it mandatory for insurance companies to establish Risk Management Function Departments to assess, quantify, monitor and control the risks to which the insurers may be exposed.
The draft of the SECP's Code of Corporate Governance for Insurers, 2015 issued here on Thursday revealed that the Board of the insurance company shall be responsible for ensuring that the risk management system is suitable, effective and proportionate for the business of that insurer and that it is implemented and monitored. This includes a regular review of the strategies and policies with regard to risk management. The risk management policy shall outline the way in which the insurer manages relevant categories of risk, both strategically and operationally, and includes the objectives, key principles and assignment of responsibilities across all of the activities of an insurer.
The risk management system shall address all reasonably foreseeable and relevant risks included in the calculation of any capital requirement(s) as well as the risks which are not, or not fully, included in that calculation. The system shall cover all relevant categories of risks - including as a minimum underwriting and provisioning risk, market risk, credit risk, operational risk and liquidity risk. In addition, the risk management system shall at least cover a complex instruments in particular derivatives and similar commitments; reinsurance and other risk mitigation techniques; business and reputation risk; group contagion risk (if relevant) and legal and strategic risk, it said.
The rules said that the insurer shall establish a dedicated risk management function/department, which shall implement the relevant Board's strategies and policies. The function/department shall assess, quantify, monitor and control the nature, significance and interdependencies of the risks (at individual level as well as at aggregate level) to which the insurer is or may be exposed and shall also manage them accordingly. The Board, through its Risk Management Committee, shall ensure that the insurer's risk management system is well integrated into their organisational structure, decision making processes and corporate culture and that there is a clear link to other functions/departments of the insurer.
The tasks of the risk management department shall include design, implement, test/validate and document the internal model of an insurer. An internal model helps the insurer to obtain a comprehensive and quantitative view of risks and make specific calculations on solvency and related matters. Other tasks of the risk management department also included assistance to the Board, through the risk management committee, in the effective operation of the risk management system by performing specialist analyses and quality reviews. The function shall inform the Board (or the risk management committee) about the performance of the internal model, thereby suggesting limitations of the risk management framework and the potential impact in practice of these limitations on risk management and to update them on the status of efforts to improve the previously identified weaknesses; maintain a group-wide and aggregated view on the risk profile of the insurer in addition to the solo and individual risk view and report to the Board, through the risk management committee, details on the risk exposures and the actions that have been taken (or should be taken) to manage the exposures.
The task of the department is to advise the Board, through the risk management committee, with regard to risk management decisions in relation to strategic and operational matters such as corporate strategy, investments and other major activities of an insurer. It would regularly prepare contingency plans (or business continuity plans) for risks to which the insurer is (or may be) exposed, and to communicate the same to the relevant staff and ensure that proper training to that staff is provided for it to curb the insurer's inability to continue business operations in the presence of those risks, it added.