Acts Online
GT Shield

Insurance Act, 2017 (Act No. 18 of 2017)

Chapter 5 : Governance

Part 1 : Insurers and insurance groups

30. Governance framework

 

(1) An insurer and a controlling company must adopt, implement and document an effective governance framework that provides for the prudent management and oversight of—
(a) in the case of an insurer, its insurance business, and which adequately protects the interests of its policyholders; or
(b) in the case of a controlling company, the insurance group’s business (including the business of all persons that are part of the insurance group), and  which adequately protects the interests of policyholders of the insurers that are  part of the insurance group.

 

(2) The governance framework must—
(a) be proportionate to the nature, scale and complexity of the insurance business and the risks of the insurer, or the business and risks of the insurance group, as the case may be;
(b) include effective systems of corporate governance, risk management and  internal controls; and
(c) address, and provide for, the matters prescribed.

 

(3)
(a) The board of directors of an insurer (other than a branch of a foreign reinsurer, a Lloyd’s underwriter or Lloyd’s) is responsible for meeting the requirements imposed on an insurer under this Act, irrespective of the delegation or outsourcing of any responsibilities.
(b) The board of directors of a controlling company is responsible for meeting the requirements imposed on a controlling company under this Act, irrespective of the delegation or outsourcing of any responsibilities.
(c) The representative of a branch of a foreign reinsurer is responsible for meeting the requirements imposed on it and a branch of a foreign reinsurer under this Act, irrespective of the delegation or outsourcing of any responsibilities.
(d) The representative of Lloyd’s is responsible for meeting the requirements imposed on it, Lloyd’s underwriters and Lloyd’s under this Act, irrespective of the delegation or outsourcing of any responsibilities.

 

(4) The Prudential Authority may prescribe governance principles and requirements relating to—
(a) in the case of an insurer, the achievement and maintenance of the stated commitments in the plan referred to in section 22(1)(c)(iii) and Item 6 of Schedule 3;
(b) in the case of an insurer (other than a branch of a foreign reinsurer or Lloyd’s) and a controlling company—
(i) the composition and governance of the board of directors, including requirements relating to independence;
(ii) the roles and responsibilities of the board of directors (in addition to those provided for in the Companies Act);
(iii) the duties of directors; and
(iv) the structure of the board of directors, including the committees that must be established;
(c) risk management, including in respect of—
(i) a risk management system;
(ii) a risk management strategy;
(iii) a risk management policy; and
(iv) own risk and solvency assessments;
(d) internal control, including in respect of an internal control system;
(e) control functions, including in respect of—
(i) required control functions;
(ii) requirements for control functions; and
(iii) roles, responsibilities and functions of control functions and heads of control functions; and
(f) outsourcing by an insurer or a controlling company, including in respect of—
(i) an outsourcing policy, and the matters that must be included and addressed in that policy;
(ii) the principles and requirements with which any outsourcing, and remuneration paid in respect of outsourcing, must comply;
(iii) the requirements with which an insurer or a controlling company, and any person that will perform an outsourced function or activity, must comply;
(iv) the matters that must be included or addressed, or may not be included in an outsourcing contract;
(v) the functions or activities that may not be outsourced, or may only be outsourced after the Prudential Authority has been notified of the proposed outsourcing, and the information that must accompany that notification;
(vii) matters relating to any outsourcing of which the Prudential Authority must be informed; and
(viii) limitations on or requirements for sub-outsourcing.