1.Insurance and reinsurance undertakings shall fulfil all of the following requirements:
(a)establish, implement and maintain effective cooperation, internal reporting and communication of information at all relevant levels of the undertaking;
(b)establish, implement and maintain effective decision making procedures and an organisational structure which clearly specifies reporting lines, allocates functions and responsibilities, and takes into account the nature, scale and complexity of the risks inherent in that undertaking's business;
(c)ensure that the members of the administrative, management or supervisory body collectively possess the necessary qualifications, competency, skills and professional experience in the relevant areas of the business in order to effectively manage and oversee the undertaking in a professional manner;
(d)ensure that each individual member of the administrative, management or supervisory body has the necessary qualifications, competency, skills and professional experience to perform the tasks assigned;
(e)employ personnel with the skills, knowledge and expertise necessary to carry out the responsibilities allocated to them properly;
(f)ensure that all personnel are aware of the procedures for the proper carrying out of their responsibilities;
(g)ensure that the assignment of multiple tasks to individuals and organisational units does not or is not likely to prevent the persons concerned from carrying out any particular function in a sound, honest and objective manner;
(h)establish information systems which produce complete, reliable, clear, consistent, timely and relevant information concerning the business activities, the commitments assumed and the risks to which the undertaking is exposed;
(i)maintain adequate and orderly records of the undertaking's business and internal organisation;
(j)safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question;
(k)introduce clear reporting lines that ensure the prompt transfer of information to all persons who need it in a way that enables them to recognise its importance as regards their respective responsibilities;
(l)adopt a written remuneration policy.
2.Policies on risk management, internal control, internal audit and, where relevant, outsourcing, shall clearly set out the relevant responsibilities, objectives, processes and reporting procedures to be applied, all of which shall be consistent with the undertaking's overall business strategy.
3.Insurance and reinsurance undertakings shall establish, implement and maintain a business continuity policy aimed at ensuring, in the case of an interruption to their systems and procedures, the preservation of essential data and functions and the maintenance of insurance and reinsurance activities, or, where that is not possible, the timely recovery of such data and functions and the timely resumption of their insurance or reinsurance activities.
4.Insurance and reinsurance undertakings shall ensure that at least two persons effectively run the undertaking.
5.Insurance and reinsurance undertakings shall ensure that effective processes and procedures are in place to prevent conflicts of interest and that potential sources of conflicts of interest are identified and procedures are established in order to ensure that those involved in the implementation of the undertaking's strategies and policies understand where conflicts of interest could arise and how such conflicts are to be addressed.
6.Insurance and reinsurance undertakings shall monitor, and on a regular basis evaluate, the adequacy and effectiveness of their system of governance and take appropriate measures to address any deficiencies.
1.Insurance and reinsurance undertakings shall establish, implement and maintain a risk management system which includes the following:
(a)a clearly defined risk management strategy which is consistent with the undertaking's overall business strategy. The objectives and key principles of the strategy, the approved risk tolerance limits and the assignment of responsibilities across all the activities of the undertaking shall be documented;
(b)a clearly defined procedure on the decision-making process;
(c)written policies which effectively ensure the definition and categorisation of the material risks by type to which the undertaking is exposed, and the approved risk tolerance limits for each type of risk. Such policies shall implement the undertaking's risk strategy, facilitate control mechanisms and take into account the nature, scope and time periods of the business and the associated risks;
(d)reporting procedures and processes which ensure that information on the material risks faced by the undertaking and the effectiveness of the risk management system are actively monitored and analysed and that appropriate modifications to the system are made where necessary.
2.Insurance and reinsurance undertakings shall ensure that the persons who effectively run the undertaking or have other key functions take into account the information reported as part of the risk management system in their decision making process.
3.Insurance and reinsurance undertakings shall, where appropriate, include the performance of stress tests and scenario analysis with regard to all relevant risks faced by the undertaking, in their risk-management system.
4.In addition to the requirements set out in Article 44(4a) of Directive 2009/138/EC for the purposes of the calculation of technical provisions and the Solvency Capital Requirement, internal risk management methodologies shall not rely solely or automatically on external credit assessments. Where the calculation of technical provisions or of the Solvency Capital Requirement is based on external credit assessments by an ECAI or based on the fact that an exposure is unrated, that shall not exempt insurance and reinsurance undertakings from additionally considering other relevant information.
1.The areas referred to in Article 44(2) of Directive 2009/138/EC shall include all of the following policies:
(a)Underwriting and reserving:
actions to be taken by the insurance or reinsurance undertaking to assess and manage the risk of loss or of adverse change in the values of insurance and reinsurance liabilities, resulting from inadequate pricing and provisioning assumptions;
the sufficiency and quality of relevant data to be considered in the underwriting and reserving processes, as set out in Article 19 of this Regulation, and their consistency with the standards of sufficiency and quality;
the adequacy of claims management procedures including the extent to which they cover the overall cycle of claims.
(b)Asset-liability management:
the structural mismatch between assets and liabilities and in particular the duration mismatch of those assets and liabilities;
any dependency between risks of different asset and liability classes;
any dependency between the risks of different insurance or reinsurance obligations;
any off-balance sheet exposures of the undertaking;
the effect of relevant risk-mitigating techniques on asset-liability management.
(c)Investment risk management:
actions to be taken by the insurance or reinsurance undertaking to ensure that the undertaking's investments complies with the prudent person principle set out in Article 132 of Directive 2009/138/EC;
actions to be taken by the insurance or reinsurance undertaking to ensure that the undertaking's investments take into account the nature of the undertaking's business, its approved risk tolerance limits, its solvency position and its long-term risk exposure;
the insurance or reinsurance undertakings' own internal assessment of the credit risk of investment counterparties, including where the counterparties are central governments;
where the insurance or reinsurance undertaking uses derivatives or any other financial instrument with similar characteristics or effects, the objectives of, and strategy underlying their use and the way in which they facilitate efficient portfolio management or contribute to a reduction of risks, as well as procedures to assess the risk of such instruments and the principles of risk management to be applied to them;
where appropriate in order to ensure effective risk-management, internal quantitative limits on assets and exposures, including off-balance sheet exposures.
(d)Liquidity risk management:
actions to be taken by the insurance or reinsurance undertaking to take into account both short term and long term liquidity risk;
the appropriateness of the composition of the assets in terms of their nature, duration and liquidity in order to meet the undertaking's obligations as they fall due;
a plan to deal with changes in expected cash in-flows and out-flows.
(e)Concentration risk management: actions to be taken by the insurance or reinsurance undertaking to identify relevant sources of concentration risk to ensure that risk concentrations remain within established limits and actions to analyse possible risks of contagion between concentrated exposures.
(f)Operational risk management: actions to be taken by the insurance or reinsurance undertaking to assign clear responsibilities to regularly identify, document and monitor relevant operational risk exposures.
(g)Reinsurance and other insurance risk mitigation techniques:
actions to be taken by the insurance or reinsurance undertaking to ensure the selection of suitable reinsurance and other risk mitigation techniques;
actions to be taken by the insurance or reinsurance undertaking to assess which types of risk mitigation techniques are appropriate according to the nature of the risks assumed and the capabilities of the undertaking to manage and control the risks associated with those techniques;
the insurance or reinsurance undertakings' own assessment of the credit risk of the risk mitigation techniques.
2.The expected profit included in future premiums shall be calculated as the difference between the technical provisions without a risk margin calculated in accordance with Article 77 of that Directive and a calculation of the technical provisions without a risk margin under the assumption that the premiums relating to existing insurance and reinsurance contracts that are expected to be received in the future are not received for any reason other than the insured event having occurred, regardless of the legal or contractual rights of the policyholder to discontinue the policy.
3.The calculation of the expected profit included in future premiums shall be carried out separately for the homogeneous risk groups used in the calculation of the technical provisions, provided that the insurance and reinsurance obligations are also homogeneous in relation to the expected profit included in future premiums.
4.Loss-making policies may only be offset against profit-making policies within a homogeneous risk group.
1.Where insurance and reinsurance undertakings engage in the activity of providing loans, they shall have written policies to ensure all of the following:
(a)that credit-granting is based on sound and well-defined criteria and that the process for approving, amending, renewing and refinancing credits is clearly established;
(b)that undertakings have internal methodologies that enable them to assess the credit risk of exposures to individual obligors and at the portfolio level;
(c)that the ongoing administration and monitoring of the loan portfolios, including for identifying and managing problematic credits, and for making adequate value adjustments, is operated through effective systems;
(d)that the diversification of the loan portfolios is adequate given the target markets and overall investment strategy of the undertaking.
2.Where insurance and reinsurance undertakings engage in mortgage insurance or reinsurance, they shall base their underwriting on sound and well-defined criteria and comply with the requirements set out in points (b), (c) and (d) of paragraph 1 with regard to the mortgage loans underlying their insurance and reinsurance obligations.
1.The assessment of an insurance or reinsurance undertaking's overall solvency needs, referred to in Article 45(1)(a) of Directive 2009/138/EC shall be forward-looking and include all of the following elements:
(a)risks the undertaking is or could be exposed to, taking into account potential future changes in its risk profile due to the undertaking's business strategy or the economic and financial environment, including operational risks;
(b)the nature and quality of own fund items or other resources appropriate to cover the risks identified in point (a) of this paragraph.
2.The elements referred to paragraph 1 shall take the following into account:
(a)the time periods that are relevant for taking into account the risks the undertaking faces in the long-term;
(b)valuation and recognition bases that are appropriate for the undertaking's business and risk profile;
(c)the undertaking's internal control and risk-management systems and approved risk tolerance limits.
Where alternative valuation methods in accordance with Article 10(5) are used, insurance and reinsurance undertakings shall:
identify the assets and liabilities to which that valuation approach applies;
justify the use of that valuation approach for the assets and liabilities referred to in point (a);
document the assumptions underlying that valuation approach;
assess the valuation uncertainty of the assets and liabilities referred to in point (a);
regularly compare the adequacy of the valuation of the assets and liabilities referred to in point (a) against experience.
1.Insurance and reinsurance undertakings shall validate the calculation of technical provisions, in particular by comparison against experience as referred to in Article 83 of Directive 2009/138/EC, at least once a year and where there are indications that the data, assumptions or methods used in the calculation or the level of the technical provisions are no longer appropriate. The validation shall cover the following:
(a)the appropriateness, completeness and accuracy of data used in the calculation of technical provisions as set out in Article 19 of this Regulation;
(b)the appropriateness of any grouping of policies in accordance with Article 34 of this Regulation;
(c)the remedies to limitations of the data referred to in Article 20 of this Regulation;
(d)the appropriateness of approximations referred to in Article 21 of this Regulation for the purposes of calculating the best estimate;
(e)the adequacy and realism of assumptions used in the calculation of technical provisions for the purposes of meeting the requirements in Articles 22 to 26 of this Regulation;
(f)the adequacy, applicability and relevance of the actuarial and statistical methods applied in the calculation of technical provisions;
(g)the appropriateness of the level of the technical provisions as referred to in Article 84 of Directive 2009/138/EC necessary to comply with Article 76 of that Directive.
2.For the purposes of point (d) of paragraph 1, insurance and reinsurance undertakings shall assess the impact of changes in the assumptions on future management actions on the valuation of the technical provisions. Where changes in an assumption on future management action have a significant impact on the technical provisions, insurance and reinsurance undertakings shall be able to explain the reasons for this impact and how the impact is taken into account in their decision-making process.
3.The validation shall be carried out separately for homogeneous risk groups. It shall be carried out separately for the best estimate, the risk margin and technical provisions calculated according to the market value of financial instruments which reliably replicate future cash flows in accordance with Article 40 of this Regulation. It shall be carried out separately for technical provisions where the matching adjustment referred to in Article 77b of Directive 2009/138/EC is applied. In relation to the best estimate, it shall be carried out separately for the gross best estimate and amounts recoverable from reinsurance contracts and special purpose vehicles. In relation to non-life insurance obligations, it shall be carried out separately for premium provisions and provisions for claims outstanding.
1.Insurance and reinsurance undertakings shall document the following processes:
(a)the collection of data and analysis of its quality and other information that relates to the calculation of technical provisions;
(b)the choice of assumptions used in the calculation of technical provisions, in particular the choice of relevant assumptions about the allocation of expenses;
(c)the selection and application of actuarial and statistical methods for the calculation of technical provisions;
(d)the validation of technical provisions.
2.For the purposes of point (a) of paragraph 1, the documentation shall include:
(a)a directory of the data used in the calculation of the technical provisions, specifying their source, characteristics and usage;
(b)the specification for the collection, processing and application of data referred to in Article 19(3)(e);
(c)where data are not used consistently over time in the calculation of technical provisions, a description of the inconsistent use and its justification.
3.For the purposes of point (b) of paragraph 1, the documentation shall include:
(a)a directory of all the relevant assumptions that the calculation of technical provisions are based upon; this shall include assumptions on future management actions;
(b)a justification for the choice of the assumption in accordance with Subsection 1 of Section 3 of Chapter III;
(c)a description of the inputs on which the choice is based;
(d)the objectives of the choice and the criteria used for determining the appropriateness of this choice;
(e)any material limitations in the choice made;
(f)a description of the processes in place to review the choice of assumptions;
(g)a justification for the changes of assumptions from one period to another and an estimation of the impact of material changes;
(h)the relevant deviations referred to in Article 23(2).
The internal control system shall ensure the insurance and reinsurance undertaking's compliance with applicable laws, regulations and administrative provisions and the effectiveness and the efficiency of the undertaking's operations in light of its objectives as well as ensure the availability and reliability of financial and non-financial information.
1.Insurance and reinsurance undertakings shall have effective systems and controls to ensure that valuation estimates of their assets and liabilities are reliable and appropriate to ensure compliance with Article 75 of Directive 2009/138/EC and shall have a process for regularly verifying that market prices or valuation model inputs are appropriate and reliable.
2.Insurance and reinsurance undertakings shall establish, implement, maintain and document clearly defined policies and procedures for the process of valuation, including the description and definition of roles and responsibilities of the personnel involved with the valuation, the relevant models, and the sources of information to be used.
3.At the request of the supervisory authorities, insurance and reinsurance undertakings shall undertake an external, independent valuation or verification of the value of material assets and liabilities.
4.Insurance and reinsurance undertakings shall fulfil all of the following requirements:
(a)provide sufficient resources, both in terms of quality and quantity, to develop, calibrate, approve and review valuation approaches used for solvency purposes;
(b)establish internal control processes which include all of the following:
an independent review and verification on a regular basis of the information, data, and assumptions which are used in the valuation approach, its results, and the suitability of the valuation approach with respect to valuation of the items referred to in point (a) of Article 263;
oversight by the persons who effectively run the undertaking of the internal processes for approval of those valuations and the process in place to take account of any external, independent valuation or verification of the value of material assets or liabilities.
1.Insurance and reinsurance undertakings shall incorporate the functions and the associated reporting lines into the organisational structure in a way which ensures that each function is free from influences that may compromise the function's ability to undertake its duties in an objective, fair and independent manner. Each function shall operate under the ultimate responsibility of, and report to the administrative, management or supervisory body and shall, where appropriate, cooperate with the other functions in carrying out their roles.
2.The persons performing a function shall be able to communicate at their own initiative with any staff member and shall have the necessary authority, resources and expertise as well as unrestricted access to all relevant information necessary to carry out their responsibilities.
3.The persons performing a function shall promptly report any major problem in their area of responsibility to the administrative, management or supervisory body.
1.The risk management function shall include all of the following tasks:
(a)assisting the administrative, management or supervisory body and other functions in the effective operation of the risk management system;
(b)monitoring the risk management system;
(c)monitoring the general risk profile of the undertaking as a whole;
(d)detailed reporting on risk exposures and advising the administrative, management or supervisory body on risk management matters, including in relation to strategic affairs such as corporate strategy, mergers and acquisitions and major projects and investments;
(e)identifying and assessing emerging risks.
2.The risk management function shall fulfil all of the following requirements:
(a)fulfil the requirements set out in Article 44(5) of Directive 2009/138/EC;
(b)liaise closely with the users of the outputs of the internal model;
(c)co-operate closely with the actuarial function.
1.The compliance function of insurance and reinsurance undertakings shall establish a compliance policy and a compliance plan. The compliance policy shall define the responsibilities, competencies and reporting duties of the compliance function. The compliance plan shall set out the planned activities of the compliance function which take into account all relevant areas of the activities of insurance and reinsurance undertakings and their exposure to compliance risk.
2.The duties of the compliance function shall include assessing the adequacy of the measures adopted by the insurance or reinsurance undertaking to prevent non-compliance.
1.The persons carrying out the internal audit function shall not assume any responsibility for any other function.
2.Notwithstanding paragraph 1, and in particular by respecting the principle of proportionality laid down in paragraphs 3 and 4 of Article 29 of Directive 2009/138/EC, the persons carrying out the internal audit function may also carry out other key functions, where all of the following conditions are met:
(a)this is appropriate with respect to the nature, scale and complexity of the risks inherent in the undertaking's business;
(b)no conflict of interest arises for the persons carrying out the internal audit function;
(c)the costs of maintaining persons for the internal audit function that do not carry out other key functions would impose costs on the undertaking that would be disproportionate with respect to the total administrative expenses.
3.The internal audit function shall include all of the following tasks:
(a)establish, implement and maintain an audit plan setting out the audit work to be undertaken in the upcoming years, taking into account all activities and the complete system of governance of the insurance or reinsurance undertaking;
(b)take a risk-based approach in deciding its priorities;
(c)report the audit plan to the administrative, management or supervisory body;
(d)issue recommendations based on the result of work carried out in accordance with point (a) and submit a written report on its findings and recommendations to the administrative, management or supervisory body on at least an annual basis;
(e)verifying compliance with the decisions taken by the administrative, management or supervisory body on the basis of those recommendations referred to in point (d).
Where necessary, the internal audit function may carry out audits which are not included in the audit plan.
1.In coordinating the calculation of the technical provisions, the actuarial function shall include all of the following tasks:
(a)apply methodologies and procedures to assess the sufficiency of technical provisions and to ensure that their calculation is consistent with the requirements set out in Articles 75 to 86 of Directive 2009/138/EC;
(b)assess the uncertainty associated with the estimates made in the calculation of technical provisions;
(c)ensure that any limitations of data used to calculate technical provisions are properly dealt with;
(d)ensure that the most appropriate approximations for the purposes of calculating the best estimate are used in cases referred to in Article 82 of Directive 2009/138/EC;
(e)ensure that homogeneous risk groups of insurance and reinsurance obligations are identified for an appropriate assessment of the underlying risks;
(f)consider relevant information provided by financial markets and generally available data on underwriting risks and ensure that it is integrated into the assessment of technical provisions;
(g)compare and justify any material differences in the calculation of technical provisions from year to year;
(h)ensure that an appropriate assessment is provided of options and guarantees included in insurance and reinsurance contracts.
2.The actuarial function shall assess whether the methodologies and assumptions used in the calculation of the technical provisions are appropriate for the specific lines of business of the undertaking and for the way the business is managed, having regard to the available data.
3.The actuarial function shall assess whether the information technology systems used in the calculation of technical provisions sufficiently support the actuarial and statistical procedures.
4.The actuarial function shall, when comparing best estimates against experience, review the quality of past best estimates and use the insights gained from this assessment to improve the quality of current calculations. The comparison of best estimates against experience shall include comparisons between observed values and the estimates underlying the calculation of the best estimate, in order to draw conclusions on the appropriateness, accuracy and completeness of the data and assumptions used as well as on the methodologies applied in their calculation.
5.Information submitted to the administrative, management or supervisory body on the calculation of the technical provisions shall include at least a reasoned analysis on the reliability and adequacy of their calculation and on the sources and the degree of uncertainty of the estimate of the technical provisions. That reasoned analysis shall be supported by a sensitivity analysis that includes an investigation of the sensitivity of the technical provisions to each of the major risks underlying the obligations which are covered in the technical provisions. The actuarial function shall clearly estate and explain any concerns it may have concerning the adequacy of technical provisions.
6.Regarding the underwriting policy, the opinion to be expressed by the actuarial function in accordance with Article 48(1)(g) of Directive 2009/138/EC shall at least include conclusions regarding the following considerations:
(a)sufficiency of the premiums to be earned to cover future claims and expenses, notably taking into consideration the underlying risks (including underwriting risks), and the impact of options and guarantees included in insurance and reinsurance contracts on the sufficiency of premiums;
(b)the effect of inflation, legal risk, change in the composition of the undertaking's portfolio, and of systems which adjust the premiums policy-holders pay upwards or downwards depending on their claims history (bonus-malus systems) or similar systems, implemented in specific homogeneous risk groups;
(c)the progressive tendency of a portfolio of insurance contracts to attract or retain insured persons with a higher risk profile (anti-selection).
7.Regarding the overall reinsurance arrangements, the opinion to be expressed by the actuarial function in accordance with Article 48(1)(h) of Directive 2009/138/EC shall include analysis on the adequacy of the following:
(a)the undertaking's risk profile and underwriting policy;
(b)reinsurance providers taking into account their credit standing;
(c)the expected cover under stress scenarios in relation to the underwriting policy;
(d)the calculation of the amounts recoverable from reinsurance contracts and special purpose vehicles.
8.The actuarial function shall produce a written report to be submitted to the administrative, management or supervisory body, at least annually. The report shall document all tasks that have been undertaken by the actuarial function and their results, and shall clearly identify any deficiencies and give recommendations as to how such deficiencies should be remedied.
1.Insurance and reinsurance undertakings shall establish, implement and maintain documented policies and adequate procedures to ensure that all persons who effectively run the undertaking or have other key functions are at all times fit and proper within the meaning of Article 42 of Directive 2009/138/EC.
2.The assessment of whether a person is fit shall include an assessment of the person's professional and formal qualifications, knowledge and relevant experience within the insurance sector, other financial sectors or other businesses and shall take into account the respective duties allocated to that person and, where relevant, the insurance, financial, accounting, actuarial and management skills of the person.
3.The assessment of whether members of the administrative, management or supervisory body are fit shall take account of the respective duties allocated to individual members to ensure appropriate diversity of qualifications, knowledge and relevant experience to ensure that the undertaking is managed and overseen in a professional manner.
4.The assessment of whether a person is proper shall include an assessment of that person's honesty and financial soundness based on evidence regarding their character, personal behaviour and business conduct including any criminal, financial and supervisory aspects relevant for the purposes of the assessment.
1.Any insurance or reinsurance undertaking which outsources or proposes to outsource functions or insurance or reinsurance activities to a service provider shall establish a written outsourcing policy which takes into account the impact of outsourcing on its business and the reporting and monitoring arrangements to be implemented in cases of outsourcing. The undertaking shall ensure that the terms and conditions of the outsourcing agreement are consistent with the undertaking's obligations as provided for in Article 49 of Directive 2009/138/EC.
2.Where the insurance or reinsurance undertaking and the service provider are members of the same group, the undertaking shall, when outsourcing critical or important operational functions or activities take into account the extent to which the undertaking controls the service provider or has the ability to influence its actions.
3.When choosing the service provider referred to in paragraph 1 for any critical or important operational functions or activities, the administrative, management or supervisory body shall ensure that:
(a)a detailed examination is performed to ensure that the potential service provider has the ability, the capacity and any authorisation required by law to deliver the required functions or activities satisfactorily, taking into account the undertaking's objectives and needs;
(b)the service provider has adopted all means to ensure that no explicit or potential conflict of interests jeopardize the fulfilment of the needs of the outsourcing undertaking;
(c)a written agreement is entered into between the insurance or reinsurance undertaking and the service provider which clearly defines the respective rights and obligations of the undertaking and the service provider;
(d)the general terms and conditions of the outsourcing agreement are clearly explained to the undertaking's administrative, management or supervisory body and authorised by them;
(e)the outsourcing does not entail the breaching of any law in particular with regard to rules on data protection;
(f)the service provider is subject to the same provisions on the safety and confidentiality of information relating to the insurance or reinsurance undertaking or to its policyholders or beneficiaries that are applicable to the insurance or reinsurance undertaking.
4.The written agreement referred to in paragraph 3 (c) to be concluded between the insurance or reinsurance undertaking and the service provider shall in particular clearly state all of the following requirements:
(a)the duties and responsibilities of both parties involved;
(b)the service provider's commitment to comply with all applicable laws, regulatory requirements and guidelines as well as policies approved by the insurance or reinsurance undertaking and to cooperate with the undertaking's supervisory authority with regard to the outsourced function or activity;
(c)the service provider's obligation to disclose any development which may have a material impact on its ability to carry out the outsourced functions and activities effectively and in compliance with applicable laws and regulatory requirements;
(d)a notice period for the termination of the contract by the service provider which is long enough to enable the insurance or reinsurance undertaking to find an alternative solution;
(e)that the insurance or reinsurance undertaking is able to terminate the arrangement for outsourcing where necessary without detriment to the continuity and quality of its provision of services to policyholders;
(f)that the insurance or reinsurance undertaking reserves the right to be informed about the outsourced functions and activities and their performance by the services provider as well as a right to issue general guidelines and individual instructions at the address of the service provider, as to what has to be taken into account when performing the outsourced functions or activities;
(g)that the service provider shall protect any confidential information relating to the insurance or reinsurance undertaking and its policyholders, beneficiaries, employees, contracting parties and all other persons;
(h)that the insurance or reinsurance undertaking, its external auditor and the supervisory authority have effective access to all information relating to the outsourced functions and activities including carrying out on-site inspections of the business premises of the service provider;
(i)that, where appropriate and necessary for the purposes of supervision, the supervisory authority may address questions directly to the service provider to which the service provider shall reply;
(j)that the insurance or reinsurance undertaking may obtain information about the outsourced activities and may issue instructions concerning the outsourced activities and functions;
(k)the terms and conditions, where applicable, under which the service provider may sub-outsource any of the outsourced functions and activities;
(l)that the service provider's duties and responsibilities deriving from its agreement with the insurance or reinsurance undertaking shall remain unaffected by any sub-outsourcing taking place according to point (k).
5.The insurance or reinsurance undertaking that is outsourcing critical or important operational functions or activities shall fulfil all of the following requirements:
(a)ensure that relevant aspects of the service provider's risk management and internal control systems are adequate to ensure compliance with Article 49(2)(a) and (b) of Directive 2009/138/EC;
(b)adequately take account of the outsourced activities in its risk management and internal control systems to ensure compliance with Article 49(2)(a) and (b) of Directive 2009/138/EC;
(c)verify that the service provider has the necessary financial resources to perform the additional tasks in a proper and reliable way, and that all staff of the service provider who will be involved in providing the outsourced functions or activities are sufficiently qualified and reliable;
(d)ensure that the service provider has adequate contingency plans in place to deal with emergency situations or business disruptions and periodically tests backup facilities where necessary, taking into account the outsourced functions and activities.
1.When establishing and applying the remuneration policy referred to in Article 258(1) (l), insurance and reinsurance undertakings shall comply with all of the following principles:
(a)the remuneration policy and remuneration practices shall be established, implemented and maintained in line with the undertaking's business and risk management strategy, its risk profile, objectives, risk management practices and the long-term interests and performance of the undertaking as a whole and shall incorporate measures aimed at avoiding conflicts of interest;
(b)the remuneration policy promotes sound and effective risk management and shall not encourage risk-taking that exceeds the risk tolerance limits of the undertaking;
(c)the remuneration policy applies to the undertaking as a whole, and contains specific arrangements that take into account the tasks and performance of the administrative, management or supervisory body, persons who effectively run the undertaking or have other key functions and other categories of staff whose professional activities have a material impact on the undertaking's risk profile;
(d)the administrative, management or supervisory body of the undertaking which establishes the general principles of the remuneration policy for those categories of staff whose professional activities have a material impact on the undertaking's risk profile is responsible for the oversight of its implementation;
(e)there shall be clear, transparent and effective governance with regard to remuneration, including the oversight of the remuneration policy;
(f)an independent remuneration committee shall be created, if appropriate in relation to the significance of the insurance or reinsurance undertakings in terms of size and internal organisation, in order to periodically support the administrative, management or supervisory body in overseeing the design of the remuneration policy and remuneration practices, their implementation and operation;
(g)the remuneration policy shall be disclosed to each member of the undertaking's staff.
2.The specific arrangements referred to in point (c) of paragraph 1c shall comply with all of the following principles:
(a)where remuneration schemes include both fixed and variable components, such components shall be balanced so that the fixed or guaranteed component represents a sufficiently high proportion of the total remuneration to avoid employees being overly dependent on the variable components and to allow the undertaking to operate a fully flexible bonus policy, including the possibility of paying no variable component;
(b)where variable remuneration is performance-related, the total amount of the variable remuneration is based on a combination of the assessment of the performance of the individual and of the business unit concerned and of the overall result of the undertaking or the group to which the undertakings belongs;
(c)the payment of a substantial portion of the variable remuneration component, irrespective of the form in which it is to be paid, shall contain a flexible, deferred component that takes account of the nature and time horizon of the undertaking's business: that deferral period shall not be less than three years and the period shall be correctly aligned with the nature of the business, its risks, and the activities of the employees in question;
(d)financial and also non-financial criteria shall be taken into account when assessing an individual's performance;
(e)the measurement of performance, as a basis for variable remuneration, shall include a downwards adjustment for exposure to current and future risks, taking into account the undertaking's risk profile and the cost of capital;
(f)termination payments shall be related to performance achieved over the whole period of activity and be designed in a way that does not reward failure;
(g)persons subject to the remuneration policy shall commit to not using any personal hedging strategies or remuneration and liability-related insurance which would undermine the risk alignment effects embedded in their remuneration arrangement.
(h)The variable part of remuneration of the staff engaged in the functions referred to in Articles 269 to 272 shall be independent from the performance of the operational units and areas that are submitted to their control;
3.The remuneration policy shall be design in such a way as to take into account the internal organization of the insurance or reinsurance undertaking, and the nature, scale and complexity of the risks inherent in its business.