Consultation on draft guideline on Enterprise Risk Management
On 8 May 2018 the Insurance Authority (IA) released a Draft Guideline on Enterprise Risk Management (Draft ERM Guideline) for consultation as part of the development of Hong Kong’s new Risk-based Capital Regime (RBC). Comments are sought on or before 6 July 2018. The proposals take account of industry focus group discussions and the recent consultation and review of Enterprise Risk Management (ERM) principles by the International Association of Insurance Supervisors.
The IA notes that key requirements of the Draft ERM Guideline include:
- Providing for an ERM framework supported by proper governance to ensure safe and sound operations. The Board is ultimately responsible for ensuring its business maintains an effective ERM framework.
- Defining a risk appetite statement based upon risk capacity and risk limits of material risks, and aligning business strategies and risk management with the Board stated risk appetite.
- Setting ERM policies and procedures describing how risks are being identified, measured, quantified, monitored, reported, and reviewed (where appropriate, mitigated or transferred).
- Providing for regular activities to support ERM, for example through stress or scenarios testing relevant to its business operations (and for long term insurers using the scenarios provided in specific guidance notes) and other analyses.
- Developing a robust framework review and improvement process.
- Undertaking an appropriate annual Own Risk Solvency Assessment (ORSA) to assess an insurer’s current and future risk profiles, adequacy of its risk management, and current and future solvency and liquidity positions.
The Draft ERM Guideline adopts a principle-based approach that recognises risks vary for different insurers, so the requirement for ERM framework and risk management policies should be proportionate to the nature, scale and complexity of the risks inherent in each insurer’s business.
The IA will implement a three-tiered approach to insurer supervision with a view to avoiding regulatory duplication for international groups with a non-Hong Kong group-wide supervisor. The tiers are: i. insurance groups based in Hong Kong supervised by the IA; ii. sub-group of organisations with a significant presence in Hong Kong; and iii. other insurers. Risk management is an integral part of good governance and best management practice, Guideline 10 (on Corporate Governance) will be updated when the Draft ERM Guideline commences to remove duplication.
The IA aims to finalise the Draft ERM Guideline as part of its main RBC milestones. Some important dates are:
- 1 January 2020 - ERM Guideline commences.
- 31 December 2020 onwards – Annual ORSA Reports (ORSA Reports) begin.
- 30 April 2021 onwards - ORSA Reports are due to be filed with the IA within four months after the end of each financial year.
Key action points
What insurers should do now:
- The Draft ERM Guideline should be considered in detail so that an implementation plan can be designed to achieve compliance.
- The Draft ERM Guideline runs to 43 pages. It details what the ERM framework should consist of, how it should be implemented with a focus on the insurers business activities, how it should be monitored and reviewed by the organisation and what reporting is required including certain types of intra-group transactions and event.
- The Board of Directors of an insurer must approve a well documented ERM framework for implementation by senior management supported by a dedicated risk management function.
- If achieving the IA’s published milestones is a concern, a dialogue should be had with the IA to agree upon appropriate implementation through a phased action plan that it is satisfied with.