Short-Term Insurance Act, 1998 (Act No. 53 of 1998)Board NoticesNotice on Governance and Risk Management Framework for Insurers, 2014Part 4 : Risk Management System10. Risk management system |
(1) | An insurer must establish and maintain an effective risk management system, comprising the totality of strategies, policies and procedures for identifying, assessing, monitoring, managing, and reporting of all reasonably foreseeable current and emerging material risks to which the insurer may be exposed. |
(2) | The risk management system must— |
(a) | adequately support the board of directors in meeting its responsibilities with respect to the furtherance of the safe and sound operation of the insurer and the protection of policyholders, taking into account the nature, scale and complexity of the insurer's business and risks; |
(b) | address risks on an enterprise-wide and individual business unit basis; and |
(c) | be embedded within the organisation, in particular in the key operations and structures of the insurer. |
(3) | The risk management system must, at least, include— |
(a) | a clearly defined and well documented risk management strategy which takes into account the insurer's overall business strategy (as approved by the board of directors) and its business activities (including any business activities which have been outsourced); |
(b) | documented procedures which clearly define the decision-making processes within the framework of the risk management system; |
(c) | an adequate written overall risk management policy and component policies consistent with the risk management strategy referred to in paragraph (a) and the requirements of sections 11 to 21; |
(d) | appropriate processes, procedures and tools (including, where appropriate, models) for identifying, assessing, monitoring, managing, and reporting (including communication and escalation mechanisms) on each material risk; |
(e) | reports (regular and ad hoc) to inform the managing executives and the board of directors on the risk profile of the insurer, including each material risk faced by the insurer and on the effectiveness of the risk management system itself; and |
(f) | processes for ensuring adequate contingency planning, business continuity and crisis management. |
(4)
(a) | The risk management system must be reviewed regularly by the internal audit function or an objective external reviewer of the insurer to ensure that the system is effective and that necessary modifications are identified and made in a timely manner. |
(b) | The risk management system and any modifications must be documented and approved by the board of directors. |