Professional Documents
Culture Documents
I. Background:
1. The role of any insurance regulator is to promote and maintain efficient, fair,
safe and stable insurance markets for the benefit and protection of
policyholders. To create such an environment, it is important that the regulator
puts in place a mechanism where an insurer will take timely preventive and
corrective measures, wherever required.
Page 1 of 14
f. To take action where such standards are inadequate or ineffectively
enforced; and
g. To bring about optimum amount of self-regulation in day-to-day working
of the industry consistent with the requirements of prudential
regulation
3. In the current scenario, in order to meet its objectives, the Authority is primarily
focusing on compliance based approach for supervision and hence the role of
the supervision is to ensure that insurers comply with the given set of rules,
regulations and Act provisions.
6. To this end, the Authority has initiated steps to move towards Risk Based
Supervision which will facilitate meeting its objectives cast upon and also enable
Page 2 of 14
to achieve effective allocation of resources corresponding to the risk profile of
the regulated entities.
1. In the recent Financial Sector Assessment Program report of 2017, the IMF and
World Bank have recommended the Authority to move towards a risk based
supervisory approach. Insurance Core Principles of IAIS requires Supervisors to
Page 3 of 14
adopt ‘risk based approach’ to supervision that uses both off-site monitoring
and onsite inspections to examine the business of each insurer, evaluate its
condition, risk profile, the quality and effectiveness of corporate governance.
2. In the recent times, the international financial spectrum has witnessed trends
towards globalization and consolidation. The stability of financial system has
become a challenge for the regulators globally. Domestically, the insurance
sector had also reached a stage of development over the past two decades to
require a risk based supervisory approach.
3. In this backdrop, the Authority has also examined the need to move towards
the Risk based supervision. IRDAI is in the process of adopting ‘Risk Based
Supervisory Framework’ (hereinafter referred to as RBS or RBSF) for holistic
supervision of insurance sector in India. The Authority would be developing an
overall plan for moving towards ‘RBS’ and prepare an appropriate framework
for holistic supervision, duly incorporating risk assessment mechanism into
insurance supervision.
4. The RBS approach would also aid in eliminating the unintended overlaps and
gaps in current framework wherein each department functions in silos. The RBS
integrates the onsite and offsite functions and enables each of these functions
to interact and complement each other. This would enable holistic approach to
supervision of regulated entities.
Page 4 of 14
revisits the policies as felt appropriate. Thus, a healthy interaction of the
regulation and supervision functions would be established.
6. The RBS framework also envisages designating ‘Supervisory Managers’ who will
act as single point of contact for a regulated entity. The Supervisory Manager
will be the nodal official who will facilitate all the regulatory and supervisory
activities in respect of an entity. This brings an integrated approach in all
dealings with a given regulated entity.
1. The RBS Framework would consider various risks, the insurers pose to
themselves and to the financial system at large. The regulator determines the
supervisory action plan every year comprising the activities of off-site
monitoring, onsite inspections and structured meetings with the entities in
conjunction with specific Supervisory Action Plan.
Page 5 of 14
b. Identification of the Significant Activity:
Page 6 of 14
5. Net income before tax from an activity vis-a-vis the total
net income before tax; or
6. Risk weighted assets generated from an activity vis-a-vis
the total risk weighted assets; or
7. Internal allocation of capital for the activity vis-a-vis the
total internal allocation of capital; or
8. Reserves held for an activity vis-a-vis the total reserves
held; or
9. Strategic importance of the activity vis-a-vis other
activities or
10. Important Business units or processes
v. The identified significant activities should be those that are
important to achieve the business objectives and strategies of
the insurer. Where required, these significant activities can
further be grouped or sub-divided for appropriate assessment.
Significant activity could be a product, a distribution strategy, a
Line of business, a portfolio, investment activity etc.
c. Assessment of inherent risk in significant activity:
i. Each of the identified significant activities may expose the
insurance company to different kinds of risks. For example, High
sum assured term insurance amongst other risk products may
expose the insurer to high mortality risk, huge guarantee in non-
linked products may expose the insurance company to huge
market risks amongst other risks, motor third party liability
exposure may lead to huge legal risk amongst other risks.
ii. Various kinds of inherent risks the insurance company is exposed
to due to a significant activity needs to be assessed. Insurance
Risk, Market Risk, Operational Risk, Strategic Risk, Credit Risk are
the risks to be considered generally. The risks may further be
Page 7 of 14
divided to assess the risk effectively and efficiently. For example,
Insurance Risk may further be divided into Product Design Risk,
Pricing Risk, Liability Risk etc.
iii. The risks so assessed at this stage do not consider the size of the
activity or the control mechanisms the insurance companies have
built to manage the risks i.e. the risks are to be assessed ignoring
the risk mitigation measures the insurer has put in place (for
example governance framework, compliance framework, policy
framework etc.) and also the size of the activity.
iv. Accordingly, the level of risk is assigned to each activity. From the
assessment of risks within each significant activity, the supervisor
would evaluate the type of control mechanism that is put in
place by the insurance company to enable it to manage the risks
at an acceptable level. This process requires the supervisor to
evaluate the quality and effectiveness of the control mechanism
with regard to the risks inherent in the activities.
d. Risk Mitigation and Risk Control Mechanism:
Page 8 of 14
experience with appropriate levels of authorization, appropriate
levels of reporting requirements to effectively address the risks
inherent within a significant activity. For example, Board
approved underwriting policy, Board approved claims policy,
Board approved investment policy, standard operating
procedures for each function, appropriate IT systems etc are the
different kinds of policy frameworks put in place by an insurance
company for controlling the risk.
iii. Companies with higher inherent risks and greater control may
fare better than companies with moderate inherent risks but
low/no controls. Controls essentially eliminate or mitigate the
‘risk of failure’. The assessment of controls therefore becomes
critical for the supervisor to understand the robustness of risk
mitigation practices, the effectiveness of corporate governance
and the competence of the operational management. The
greater the control, the better the entity, in terms of net risk.
iv. In assessing the operational management, the supervisor is
required to primarily examine the capabilities of operational
management in terms of identifying and having in place the
mitigating tools for any potential loss that the activity may face.
Insurance companies are required to have capable Board of
Directors and Senior Management to conduct the business. In
insurance companies, Board of Directors are considered to have
the ultimate accountability for the management and oversight of
an insurance company. The Board is also expected to delegate
appropriate responsibilities to the senior management of an
insurance company. The functions that are considered for
assessing the quality of oversight include Board, Senior
Page 9 of 14
Management, Risk Management, External Audit, Internal Audit,
Compliance, Actuarial and Financial.
v. For each of the significant activity, the supervisor requires to
assess the quality of operational management and the quality of
relevant oversight functions. These assessments are compared to
the requirements that are expected from the quality of risk
management while assessing the levels of inherent risks. A risk
matrix is developed taking into account the inherent risks and
the assessed quality of risk management. The direction of quality
of risk management is also assessed as increasing, stable or
decreasing.
e. Net Risk: For each of the significant activities, the supervisor considers
all the risks inherent and the corresponding control mechanisms in
terms of quality of risk management for that activity and arrives at the
net risk. Hence, the net risk is an assessment of inherent risk after
considering the quality of the risk management.
f. Overall Net Risk: Each significant activity and the risk inherent to it can
have different levels of impact on the operations of the insurance
company. Hence, the contribution of each significant activity on the
overall operations of the insurance company needs to be assessed and
appropriate levels of importance needs to be placed on such significant
activities while assessing the overall net risk. This is similar to assigning
weights. By identifying a significant activity’s importance, the potential
adverse impact of any significant activity can be appropriately
considered in the overall net risk. The overall net risk is arrived at by
combining the net risk of the significant activities after assigning the
relative importance. The overall net risk is rated as very low, low,
medium, high and very high and the direction of the overall net risk is
assessed as decreasing, stable or increasing.
Page 10 of 14
g. Additional Support: The insurance company may have additional
support which can be utilised to absorb the losses arising from overall
net risks if any. The additional support that can be considered are
Earnings, Capital and Liquidity. Earnings, Capital and Liquidity are
assessed separately to understand the additional support they provide
to the safety and soundness of an insurance company and therefore are
considered in arriving at the risk to viability. Earnings, Capital and
Liquidity are rated as strong, above average, acceptable, needs
improvement or weak.
h. Assessment of Risk to Viability:
i. Assessment of risk to viability primarily considers the safety and
soundness of the institution considering the Earnings, Capital and
Liquidity. The risk to viability is assessed as low, moderate,
material, imminent or critical. It also assesses the direction of
insurance company’s ‘risk to viability’ as decreasing, stable or
increasing. The risk to viability is associated with a timeframe.
The timeframe indicates the period for which the particular risk
rating is applicable.
ii. The timeframe indicates the possible volatility in the risk rating
i.e. a longer timeframe is expected for an insurance company
with a stable risk to viability profile whereas shorter time frames
may be assigned for insurance companies with a volatile risk to
viability profile
i. Intervention Mechanism: Risk Based Supervisory Framework is
‘outcome focussed’ and enables the supervisor to rate the insurance
company. Assessing the risk to viability of an insurance company is
followed up by setting up an intervention system. The intervention
system is expected to trigger appropriate supervisory actions depending
Page 11 of 14
on the ‘risk to viability’ profile of an insurance company. The oversight
mechanism can be divided into the following:
i. lower oversight,
ii. normal oversight,
iii. enhanced oversight,
iv. intensive oversight or
v. warrant restructure.
V. Benefits of RBS:
Page 12 of 14
a. The regulator and the regulated entities should have well defined
standards of Governance and well documented policies, procedures and
practices in place to outline the responsibilities and accountability, more
clearly;
b. To revisit the organizational structure to align with the requirements of
RBS;
c. Review of risk management culture;
d. Adopting risk based internal audit for the entities;
e. Improved IT and MIS to capture and report various elements required
for risk assessment;
f. Building ‘Compliance Units’ to take prompt corrective actions suggested
by the Regulator from time to time as part of Supervisory Action Plans;
g. Review of skill sets, extensive training and redeployment of staff, talent
retention; etc. as may be necessary to move towards risk assessments in
place of mere compliance.
2. It is intended to roll out the RBS process in a phased manner starting with
insurers and then intermediaries, after running a pilot project on select entities
to test the efficacy and efficiency of the implementation and to identify possible
gaps, if any. In the process, there would be consultation with the industry
players, on an ongoing basis, at different stages of development and
implementation process.
3. Given this backdrop, the insurers and intermediaries are expected toinitiate
steps to lay greater focus on risk of each activity they undertake and to build
framework that enables internal assessment of such risks and corresponding
control mechanism to mitigate such risks within their organization culture.
Page 13 of 14
4. Within IRDAI, an implementation committee has been formed to suggest the
implementation approach for RBSand Organization Restructuring and to achieve
smooth transition, in consultation with Senior Management.
Page 14 of 14