THE Insurance and Pensions Commission has issued a directive on governance and risk management for insurers, which outlines minimum expectations and requirements for shareholders, board and management control functions.The directive, which is also meant to ensure that underwriters are managed in a sound and prudent manner by having in place systems for identifying, assessing, monitoring, and mitigating the risks that affect their ability to meet their obligations to policyholders, is based on three lines of defence model, which is emerging as the best practice standard for the positioning of key control functions within an underwriter.
“The directive is meant to provide minimum guiding principles to ensure that insurers have effective systems of risk management including governance structures, internal controls and oversight functions,” IPEC said in a note to members.
“This directive is applicable to all insurers registered to underwrite insurance business in Zimbabwe. “This directive should be used in conjunction with all other legislation pertaining to insurance entities operating in Zimbabwe, including circulars issued by IPEC,” it added.
As the first line of defence, operational management entails ownership, responsibility, and accountability for running the affairs of the underwriter, including designing and implementing internal control measures, assessing, controlling, and mitigating the risks faced by an underwriter.
The second line of defence deals with the risk management function. It facilitates and monitors the implementation of effective risk management practices by operational management and assists the risk owners in the management of all material risks.
The actuarial function provides assurance to the board of directors and management regarding the accuracy of the calculations and the appropriateness of the assumptions underlying the premiums, insurance liabilities and the capital adequacy requirements. The third line of defence relates to the internal audit function through a risk-based approach.
It provides assurance to the underwriter’s board and senior management on how effective the underwriter assesses and manages its risks, including the manner in which the first and second lines of defence operate.
This assurance task covers all elements of an underwriter’s risk, compliance, and actuarial management framework from risk identification, risk assessment and response to communication of risk related information (throughout the underwriter and to senior management and the board.) IPEC has the right to amend this directive from time to time.