Notice On The Leadership And Management Of Insurance Companies And Lateral Pension Funds

Original Language Title: Bekendtgørelse om ledelse og styring af forsikringsselskaber og tværgående pensionskasser

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
Table of Contents

Chapter 1 Scope of application

Chapter 2 Tasks and responsibilities of the Management Board

Chapter 3 Tasks and responsibilities of the Executive

Chapter 4 Organization and responsibility redistribution

Chapter 5 Administrative and accounting practices

Chapter 6 Businesses

Chapter 7 Risk management

Chapter 8 Penalty provisions

Chapter 9 Entry into force and transitional provisions

Appendix 1

Appendix 2

Appendix 3

Appendix 4

Appendix 5

Publication of management and management of insurance undertakings and transverse pension funds

In accordance with section 65 (2), 2, section 70 (4). 5, section 71, paragraph. 2 and Section 373 (3). 4, in the law of financial activities, cf. Law Order no. 1125 of 23. September 2010, as amended by law no. 579 of 1. June 2010 shall be determined :

Chapter 1

Scope of application

§ 1. This notice shall apply to the following establishments :

1) Insurance companies.

2) Transverse pension funds.

3) Filials in this country of insurance undertakings authorised in a country outside the European Union, which the Union has not concluded in the financial sphere, with the deviations required by the branch of the branch or which have been laid down ; in or under international agreement.

Paragraph 2. If the management board and management can demonstrate that the provisions of this notice are either not relevant to the undertaking as a whole or for the risk areas concerned, or that, in spite of a derogation, the undertaking may continue to be able to : operated safely, the undertaking may derogate from the provisions of the notice unless expressly stated otherwise. For example, deviation can happen as a result of

1) low or uncomplicated activity in one or more activity or risk areas ;

2) size of the establishment

3) the structure of the establishment,

4) the structure of any group in which the company is included.

Paragraph 3. In companies with extensive or very complex activities in one or more risk areas, the company management and management of the company must continuously assess whether it is necessary to supplement the requirements of the notice by further action.

Chapter 2

Tasks and responsibilities of the Management Board

§ 2. In the context of the management of the overall and strategic leadership of the undertaking, the Management Board shall :

1) decide on the company's business model,

2) assess the risk profile and policies of the company, cf. section 5, as well as the guidelines for the management, cf. sections 6 and 7 are defensily in relation to the business activities, organization and resources of the company, as well as the market conditions that the company's activities are driven under,

3) assess and take a position on the undertaking ' s budgets, capital, liquidity, significant arrangements, specific risks and their own overall insurance conditions ;

4) ensure that the Governing Board shall carry out its duties in a reassuring manner and in accordance with the established risk profile, the policies laid down, and the guidelines for the management ;

5) ensure that the management reporting and information of the Management Board are adequate to the work of the Management Board ;

6) ensure that the company has effective business management, and

7) when required and at least once a year take a decision on the individual solvency requirements of the establishment, cf. § 126, paragraph 1. 8, in the law of financial activities.

§ 3. The Management Board shall periodically assess whether its members combined possess the necessary knowledge and experience of the undertaking ' s risks to ensure the sound operation of the undertaking. This applies in particular to the company ' s commissioning of models for risk-based purposes, by the introduction of new products, cf. § 25, and other measures that may result in significantly increased risk to the company or to significantly affect the way in which risks are upheld and reported in the enterprise.

§ 4. The Management Board shall carry out an assessment of the undertaking ' s risks, cf. Section 5 of the notice of solvency and operation plans for insurance undertakings, where the company ' s relationship, market conditions or other relevant conditions are attributing to this, but at least once a year.

Paragraph 2. The assessment provided for in paragraph 1 1 shall also include a basis for the Management Board's assessment of the appropriate employee resources, as well as the number, adequate IT systems and support, including in the case of risk management, as well as on whether or not the establishment has a suitable basis for the risk management ; the firm has appropriate procedures for rapid and efficient communication across the enterprise.

§ 5. On the basis of the risk assessment, cf. Section 4 (4). 1, the Management Board shall adopt relevant policies and contingency plans, etc., including :

1) Insurance policy risks, cf. Annex 1.

2) Policy for the market, counterpart and credit risks (investment area), cf. Annex 2.

3) The policy of operational risks, cf. Annex 3.

4) IT security policy, cf. Annex 4, including an IT contingency plan.

5) Contingency plans for other serious operating disorders.

Paragraph 2. The content of the policies must be laid down, taking into account the nature, size, business model, business model, complexity of business activities, interaction between individual risk areas, the enterprise's overall risk-taking ; the capital conditions of the undertaking, the legislation and market conditions. The policies must include the overall strategic objectives of the company for the relevant risk area and its instructions on how to achieve these objectives in the form of indications of methods or means. Finally, the policies and so on must include provisions on how often and in which form the board of directors must be informed of non-compliance with the strategic objectives of individual policies and so on.

Paragraph 3. The policies and others adopted in accordance with paragraph 1. 1, no. 1-2 and 4, as a minimum, must include provisions on the company ' s risk profile and the desired level of risk in the individual area of risk, cf. Section 2 (2). 1, no. 2.

Paragraph 4. The management board shall adapt the adopted policies with a view to significant changes in the conditions laid down for them. However, the Administrative Board shall at least once annually assess and, where appropriate, update the adopted policies.

§ 6. On the basis of the risk assessment carried out in accordance with section 4 (4), 1, and the policies adopted pursuant to section 5, the Management Board shall provide the Governing Board of the Governing Board.

Paragraph 2. The guidelines referred to in paragraph 1. 1 shall indicate the terms governing the Governing Board in the context of its decision on which the decisions may be taken by the Governing Board, where appropriate, by the management board, and which arrangements require the Management Board ' s position.

Paragraph 3. The Management Board shall not be granted powers to the Governing Board, which are one of the executive duties of the Management Board or, by the way, of exceptional nature or of great importance for the business, cf. § 117, paragraph 1. 1, in the corporate law. This includes, inter alia :

1) Decision on outsourcing of major areas of activity.

2) Granting of exceptional or significant exposures, cf. however, paragraph 117 (1). ONE, FOUR. and 5. Act. in the company law, and exposures covered by Article 78 of the Act of Financial Company.

3) Hire management, Chief of Assurance, and Responding to Actuarial Actuarial.

4) Decisions on the principles of the assessment of risks, cf. Section 7 (2). 1, no. 4, including the use of internal models in the current risk management.

5) Recreation of the individual solvency requirements of the establishment, cf. § 126, paragraph 1. 8, in the law of financial activities.

§ 7. The guidelines according to section 6 (4). 1 and 2 shall :

1) be in accordance with the policies adopted by the Management Board and the risk profile in the individual risk areas ;

2) observe restrictions laid down in legislation,

3) contain verifiable limits for the size of the risks which the management is empowered to take on behalf of the undertaking,

4) establish the principles governing how to make use of the limits for each type of risk, including on how the risks arising from financial instruments and funds which, on behalf of the undertaking, are managed by external portfolio managers, are included in : the overall risk statement ;

5) adopt a position on which extent and, where appropriate, to whom the Governing Board may disclose the powers specified in the guidelines ;

6) determine how often and in which the board of directors wishes to receive reports pursuant to paragraph 1. 6 and

7) comply with the requirements of Annex 1-3.

Paragraph 2. The limits of the guidelines should unambiguously indicate the size of the limit set for risk, such as absolute figures or by the risk of being placed on the basis of the company ' s own or base capital.

Paragraph 3. The guidelines can only exceptionally allow the management of the board to dispose of the risks of a scale which is outside the established risk profile and the limits of the guidelines and, if the conditions laid down in this case, only if the conditions laid down in this Directive are apparent ; Guidelines. If these assumes are not established, prior powers to cross the limits of the guidelines should not be given to the management.

Paragraph 4. The Management Board shall ensure, when designing the guidelines for the Governing Board, that the Director or its members together have the necessary knowledge and experience to use the powers conferred on one for the undertaking, safe way.

Paragraph 5. If policies, etc. in accordance with section 5 and the guidelines pursuant to paragraph 1 shall be made. 1 contained in the same document shall state clearly the provisions relating to the policy in a risk area and which concern the guidelines for the Governing Board.

Paragraph 6. It must be stated in the guidelines that reporting to the Management Board shall be done in all areas where the board has set limits for the management, or where limits have been laid down in the legislation. The reporting must, as a result, be seen in the reporting, on the limits laid down in the legislation. The extent to which the limits for risks set by the governing board have been used by the Administrative Board must be stated on the basis of the current and over-time limits, including whether there have been cross-border crossing lines. Finally, the reporting, if applicable, shall include a basis for the management of the board's assessment of the reliability of the model used. The statement of the Management Board for the receipt shall be recorded in the minutes of the report.

Paragraph 7. The reporting pursuant to paragraph 1. 6, shall also include funds and risks arising from funds managed by external portfolio managers, as they are, cf. Section 2 (2). 2, last pkt;, in the notice of outsourcing of major areas of activity, the responsibility of the Management Board shall continue to be the responsibility of the management of the funds managed by external portfolio managers, and other means put together in the guidelines laid down by : the board and in accordance with the legislation.

Management of the Management Board of Work

§ 8. The Management Board shall organise its work in accordance with the law and in such a way as to ensure sound and appropriate management of the undertaking and shall, in a Rules of Procedure, adopt detailed rules for the performance of its duties, cf. further Annex 5.

Chapter 3

Tasks and responsibilities of the Executive

§ 9. The Executive Board shall be required to conduct the day-to-day management of the undertaking in accordance with the provisions of the law, the agreed policies of the Administrative Board, and so on, cf. section 5, guidelines of the Management Board, cf. section 6, and any other oral or written instructions from the Management Board.

Paragraph 2. The Executive Board shall ensure that the undertaking is complied with in accordance with the requirements of this notice.

Paragraph 3. The Executive Board shall ensure that the Management Board's agreed policies and guidelines are implemented in the day-to-day operations of the company.

Paragraph 4. The Executive Board shall be obliged to disclose all relevant information to the Management Board.

Paragraph 5. The Executive Board shall have a daily management responsibility for ensuring that the undertaking assumes risks that management and personnel can assess the impact of such operations.

Paragraph 6. The Executive Board shall approve the business operations of the business, cf. section 17, or designate one or more persons or organizational entities with the necessary professional knowledge to do so. If the approval of the company's business practices is carried out by several persons or organizational units, the management or assembly of the management or organizational unit shall be responsible for the fact that all major areas of activity are responsible for : described in business times, cf. § 17.

Paragraph 7. The Executive Board shall determine in writing of the actions to be taken in relation to the deduct of the key personnel.

Paragraph 8. The Executive Board shall approve the establishment ' s guidelines for the development and approval of services and new products which may lead to significant risks to the business, to parties or to customers, including changes in existing products, thereby ; the product risk profile is changed substantially, cf. § 25.

Chapter 4

Organization and responsibility redistribution

Tasks and Resources

§ 10. The company must be arranged in organizational units with clearly defined work tasks, including all employees need to have clear prerogatives, responsibilities, and reference lines.

Paragraph 2. Each organizational unit must be stafly stafquated with appropriate skills at an appropriate level. The number of employees must ensure, together with their competencies, that the unit shall be able to perform the task of carrying out the tasks to which it is incumricable.

Paragraph 3. If organizational units due to the size of the company or responsibility cannot have a sufficient number of employees to cover the task training in the event of ordinary or extraordinary absence, then the task can be performed by employees in other organizational units. It must, as far as possible, be shown in the business corridors, work descriptions, or similar for the organizational units involved, which employees, employees or groups of employees or any other organizational units which resolve which the tasks of the unit in question and under what conditions this is to be carried out.

Information on the management board and other management levels, etc.

§ 11. The company must be arranged in such a way as to ensure that all relevant information goes to board and management at other organisational levels within the timeframe and in a form that ensures that necessary measures can be put into effect without undue delay ; stay.

Segregation of Functionality

§ 12. The company must be amended in such a way as to have procedures in place to deal with and prevent conflicts of interest.

§ 13. The company must be so fixed as to be reassuring separation of duties.

Paragraph 2. There must be a separation of duties in the area of insurance risks. This means that employees who are involved in the acceptance of insurance should not be allowed to :

1) perform or perform damage to the ER ;

2) perform or carry out technical payments ; or

3) be responsible for the preparation of reporting.

Paragraph 3. The investment range in the area of investment shall mean that employees involved in the procurement and risk-taking must not be allowed ;

1) perform, or perform, the running of the handlers ;

2) perform internal controls ;

3) have a responsibility for valuation and statement of results and risks ; or

4) be responsible for the preparation of reporting,

§ 14. In establishments where there is no separation of duties in accordance with section 13, cf. Section 1 (1). In the event of a second, reassuring compensatory measures shall be introduced to ensure that unnecessary risks or losses are not incurred.

Chapter 5

Administrative and accounting practices

Administrative practices

§ 15. The company must be designed to enable the individual entities and employees to have business procedures, work descriptions, emergency plans, systems and other tools that are necessary for the performance of their tasks, cf. § 18.

Paragraph 2. It has to be clear.

1) the tasks to be performed ;

2) how to perform the tasks ;

3) the extent to which completed tasks are to be documented ;

4) in which form the documentation must be carried out ;

5) where the documentation must be kept,

6) for how long the documentation must be retained,

7) to whom the documentation must be disclosed ; and

8) where previously produced documentation can be found.

Paragraph 3. The work of the individual unit must be planned in such a way as to ensure that deadlines are met, whether they are internal or as a result of the regulation in force for the establishment.

Accounting practices

§ 16. The company must have good accounting practice. This involves, among other things, that the company

1) can document that published years and share reports, including all single entries and notes, have been drawn up in accordance with the rules set for the report in question and

2) collect the necessary information for the preparation of annual reports and partial reports, including all relevant information for the identification of accounting records based on accountancy estimates.

Chapter 6


§ 17. The company must have business practices or work descriptions, etc., which, in all major areas of activity, have been approved in accordance with section 9 (4). 6. Activities that concern the company in its financial activities are considered as the basis for essential.

§ 18. Business Descriptions, Work Descriptions, etc., as a minimum

1) be readily accessible and manageable,

2) provide an adequate description of the activities to be carried out, including ensuring that the law and other relevant regulation, and policies and guidelines, determined by the management of the establishment, are complied with and observed ;

3) specify the organizational entity, people, or groups of people to perform the individual tasks or submissions ;

4) where applicable, within which time frames, tasks must be performed ;

5) contain provisions concerning the conditions to be reported and to whom :

6) include provisions on the way in which employees should relate in cases where an employee may pay attention to the risks linked to the working task of the person concerned or other areas of activity,

7) contain provisions on how employees are to be dealt with in the event of a disruption of service, including system breakdowns,

8) refer to appropriate manuals or more detailed work descriptions,

9) specify who is responsible for the preparation and updating of the business corridor,

10) is updated continuously when changes to internal conditions or in appropriate regulation ;

11) were dated, and

12) comply with the requirements of Annex 1-3.

Paragraph 2. The business corridors shall reflect the agreed policies of the Management Board, cf. Section 5 (5). 1.

Paragraph 3. Whatever the construction of the business corridors, it is necessary to ensure that all relevant conditions are described, and that it is clear who is responsible for performing the individual tasks correctly. Thus, a business process may relate to the tasks of a single organizational unit, cover all tasks related to one or more products or related horizontal work tasks requiring additional organisational units.

Paragraph 4. The secret service passageways may be available electronically. If this is the case, it must be ensured that employees have access to adequate information and business procedures, including in the form of contingency plans, to carry out necessary tasks in cases where electronic business practices were not required ; be available.

Chapter 7

Risk management

Handling of risks

§ 19. The company must have methods and procedures that ensure that significant present and future risks are identified, quantified, handled, monitored and checked, and included in appropriate reporting.

20. The company must have methods and procedures appropriate to detect and reduce the risk of imposing sanctions, suffer loss of reputation, or that the company or customers suffer significant financial losses as a result of non-compliance with the current legislation, market standards or internal regulatory framework (compliance with the rules of compliance). The company may be able to achieve 1. Act. take account of the nature, extent and composition of the undertaking ' s activities.

Forgiveness of powers

§ 21. If the Governing Board is in accordance with the guidelines of the management board, cf. Section 6, the powers conferred on it shall be provided in writing or in electronic means.

Paragraph 2. If the powers granted are granted the possibility, the recipient of the powers from the Governing Board may also, in writing, or electronically disclose such powers in full or in part.

Paragraph 3. The transfer of powers can only be made to employees who have the knowledge, insight and experience to be able to use the powers received in a reassuring manner.

Paragraph 4. Where the powers of electronic media are used, shall give and receive, the time and the extent of submission and the receipt of powers could be substantiated. The procedure for this must be stated in the business corridors.

Paragraph 5. Communication on the disclosure of powers shall at least indicate,

1) the nature and size of the powers or powers conferred on it,

2) the principles of making use of the powers to be used,

3) the products or actions of the competence,

4) any additional limits on risk and the principles of the fulfilment of such powers conforming to the requirements of section 7 (3). 1, no. 3 and 4, and

5) the question of how often and by which person or organizational unit reporting must be carried out to the power of the power and any other.

Paragraph 6. No one can pass on powers beyond the powers that have been received by the person concerned. The sum of the powers granted to groups of employees shall also not exceed the powers provided for in the Management Board's guidelines for the management.

Paragraph 7. Where additional risk eels are established for the purpose of disclosed powers, the competent authority shall ensure that the use of the additional risks is carried out in a manner that ensures that no excess is exceeded ; granted powers.


§ 22. The company must carry out checks on all essential risk-holding tasks, including :

1) Compliance with all limits established by the Management Board pursuant to section 7 (3). 1, no. 3, in the Guidelines for the Governing Board and Frontiers of the law.

2) Compliance with the power of the further powers.

3) Dispositions in which the enterprise is acting under the power of power from customers or parties, and where the firm has undertaken to comply with limits for risk, including location boundaries.

4) Other tasks which may cause significant financial arrangements or other essential risks to the establishment, including the disposal of the undertaking ' s accounts and tasks in connection with the procurement or preparation of the establishment of the premises ; the accounts and determination of the individual solvency requirements of the undertaking.

Paragraph 2. The check must be performed by a different device other than the one that completed the task, cf. § 12. However, paragraph 12 does not apply to checks that have the nature of the vote, monitoring of business practices, debug or similar. Such checks may therefore be carried out by persons in the same organisational unit, unless this is not reassuring in the specific case.

Paragraph 3. Check the scope of paragraph 1. 1 and 2 must be carried out at appropriate intervals depending on the size of the establishment, the individual materiality and size of the company ' s business model, areas of activity, the complexity of the risks involved ; and the capital of the undertaking. The checks shall be carried out in respect of limits on a continuous basis, in accordance with the limits of intra-day boundaries. Intra-day controls can be carried out on a random basis.

Paragraph 4. The company must have adequate monitoring that administrative tasks are performed in a reassuring and uniform manner, and that business procedures, work descriptions etc. are complied with.


-23. There must be continuous written reporting on all relevant management levels of compliance and utilization of all risk-taking limits contained in the guidelines in accordance with section 6 or in the power of the Member State concerned. There must also be a report on compliance with the limits of risk laid down in legislation in the areas in which this is relevant to the company concerned, including the limits laid down in the Act of financial activities § § 159-167. The reporting shall also include risks that are controlled on behalf of the company by Portfolio Careers.

Paragraph 2. The reporting shall be carried out in the foreseeable form and shall provide the Management Board, management and other personnel who have been granted powers, cf. Section 21, information on the current utilization of the prescribed limits, as in the case of utilization over time.

Paragraph 3. If internal models are used to account the risks, then the reporting must include relevant back-tests to documentation of the model's reliability.

Paragraph 4. Reporting to the board shall be provided with the ranges specified in the guidelines. In addition, any overshoot shall be reported at each board meeting, as must be reported if the conditions for determining the individual limits of risk are substantially changed, for example as a result of : market suro, exceptional losses and changed capital conditions.

Paragraph 5. Reporting of further powers, including the overrun of these, shall be made to the person who has given the power, at intervals reflecting the involvement of the cast in the daily dissertation, and as specified in the power. The transcripting must usually be reported no later than the day after the overrun of the overwriting.

§ 24. There must be reports on other essential matters that may not be subject to the powers laid down in the guidelines or in the power of the further powers, in accordance with the provisions of the guidelines. paragraph For example, reporting on poll errors, irregularities, losses as a result of operational conditions, errors in financial statements or budgets and the severance of the key people.

Paragraph 2. The company ' s business practices must, as far as possible, contain instructions on the conditions to or should be reported and to whom, in particular, whether reporting in specific cases may or may be carried out to anyone other than that ; the daily leader of the person or his leader.

New products

§ 25. The Directorate-approved guidelines for the development and approval of new services and products, including modifications to existing services and products, which change the risk profile of services and products, cf. Section 9 (1). 8, as a minimum

1) the limit of when it is a new product or service to the extent possible ;

2) specify the organizational units, committees or ad hoc committees responsible for the development process, possibly broken down by one. risk area ;

3) include guidelines on which, at any rate, the development process must be included in the development process so as to ensure that all relevant conditions are exposed ;

4) include guidelines for the overall conditions to be analyzed and documented, including the nature, size and balance of the business impact, impact on company costs and profits, the company's opportunities to act in new markets, the impact of the solvency and accounting procedures of the establishment,

5) contain requirements for the analysis to prove that the company has sufficient expertise, systems, capital and resources to deal with the new product or service on reassuring and appropriate services ;

6) include the provision of guidelines for new products and services which may lead to significant new risks to the company or to customers, to be submitted to the Administrative Board, in order to take up its position on the application of the new ; the product gives rise to a change in the policies adopted pursuant to Article 5, or in accordance with section 6 and 7, given guidelines, including the setting of specific principles for the inventory of the risks associated with the product.

Chapter 8

Penalty provisions

SECTION 26. Inherit of § § 2-8, section 9 (4). 3, 4 and 6 8, section 10, section Paragraph 1 and 2, and paragraph 1. THREE, TWO. pkt., sections 12-16, § 17, 1. pkt., section 18 (2). 1 and 2 (2). THREE, ONE. pkt., and paragraph. FOUR, TWO. pkt., section 19, section 20, 1. pkt., section 21, paragraph. One and 3-7, section 22, paragraph 22. Paragraph 1 (1). TWO, ONE. pkt., paragraph THREE, ONE. and 2. Act. and paragraph 4, section 23, section 24, paragraph 24. ONE, ONE. pkt., and paragraph. 2, and § 25 is punished by fine.

Paragraph 2. Companies can be imposed on companies. (legal persons) punishable by the rules of Chapter 5 of the penal code.

Chapter 9

Entry into force and transitional provisions

§ 27. The announcement shall enter into force 1. January, 2011, cf. however, paragraph 1 2.

Paragraph 2. Section 5 (5). 1, no. 3, and Annex 3 shall enter into force 1. July, 2011. The financial supervision may provide undertakings covered by the notice until 1. July, 2011, to present evidence that the requirements of the notice are met.

Financial supervision, the 15th. December 2010

Ulrik Nutgaard

/ Per Plougmand Bfermentation

Appendix 1

Insurance risks

The responsibilities and responsibilities of the Management Board on the insurance risk area ;

Insurance policy

1) The management of a financial undertaking undertaking an insurance undertaking shall draw up a policy on the insurance risks undertaking the undertaking, cf. Section 5 (5). 1.

2) The policy must, to the extent that it is relevant and taking into account the company ' s risk profile in the field, the size of the undertaking, the overall risk profile and the complexity of undertaking insurance activities, include the following conditions for the following conditions :

a) Sale channels, including what service and advice, your company will provide your customers with the sales situation.

b) This is a new drawing, including the enterprise, basing its drawing of insurance on profitability, growth, special customer segments, or similar areas, if any. the risks which the undertaking will not draw when drawing up the approval and possible geographical constraints of the Executive Board.

c) Reassurance coverage, including which risk inimant measures the company wants to use in relation to capital loading, setting the self-contained in relation to the company's capital strength, the selection of reassessment, including assessment of the credit risk of these and the maximum risk that may be placed in the individual reassurer ' s.

d) The damage treatment, including whether the company is using its own or any foreign indebtees, which service the company will provide its customers in the damage situation and how the damage administration will have to deal with cases of doubt.

(e) New risks, including how the establishment before drawing of new risks must analyse these, including assessing risks related to the risk management system and the capital of the undertaking.

(f) Foreign risks and great risks, including whether to apply special new policy to these customers (e.g. acceptance of greater claims rate, special payment terms or special dams).

g) The credit risk, including the establishment, will derogate from the insurance principle of the pre-payment of the premium and how the credit rating changes should affect the use of reassurer holdings.

(h) Principles of the allocation of insurance risk-related activities between several companies in a group.

i) Cumul, if the company runs damage insurance, including how the company ensures not calculated cumulate risk.

Management of the Management Board for the Governing Board of the Insurance Risk Area

3) In the insurance risk area, the guidelines shall comply with the general requirements laid down in sections 6 and 7. In addition, they must, depending on the risk profile of the company, the size and complexity of the technical activities, the following provisions shall include the following provisions for risk-taking :

a) Which types of assurances can be drawn.

b) Accepted rules and tarif for these.

c) Provisions applicable to the maximum amount of insurance per head. risk and per. event.

d) Principles of the ongoing account of technical provisions, including methods for the day-to day provisions and collectively translations.

4) The guidelines must also include provisions on reassurance, including if :

a) the size and determination of the reassurance tyre in relation to the company ' s capital strength,

b) the choice of reassurfing operators ;

c) credit risk limits on reassurfing operators ;

d) limits for maximum credit exposure to the individual reassurer, and

(e) requirements for the security and principles of the value of security.

5) Furthermore, the guidelines should include provisions on information and communication to customers, including to what extent customers are to be briefed on, among other things, the farmer's outlook.


6) The general requirements laid down in section 17 to 18 for the insurance shall comply with the general requirements laid down in section 17, and to the extent appropriate to the following :

a) Acceptance and drawing of assurances.

b) Procedure for the notification of technical bases, etc. for life-assurance business.

c) Health assessment at drawing of assurances.

d) Handling of the in and out payments.

(e) Treatment of cases of repurchase and withdrawal.

(f) Damage treatment.

g) Notification of claims to reassurers.

(h) Control of payments from reassured surfing ears.

i) Principles and methods for the assessment of technical provisions.

j) Procedures for registering, valuation, reconciliation and individualisation of the registered assets.

c) Handling any outsourced activities.

Risk management and reporting in the insurance area

7) The company shall, in the area of the insurance, appoint periodic written reports to board, management and other senior staff, in accordance with the powers of the Board. The reporting must be carried out on the risk-taking limits which they have delegated in the organisation. The reports may, for example, relate to :

a) Acceptance of assurances.

b) Big risks.

c) Scopes of rebuy.

d) Damage development.

(e) Expiration result of technical provisions.

(f) Necessary changes in the technical basis of life assurance business.

g) Results of reassurance coverage.

Appendix 2

Investment area


1) This Annex concerns

a) risks as a result of the trends in prices, courses, etc. on interest, currency, stock and commodity markets (market risks) ; and

b) the risks to undertakings or groups of undertakings (credit and counterparty risks) as a result of the undertaking ' s investment and the location of funds, cf. Act on financial activities § 164.

2) Market risks are understood to be interest-, currency, stock, stock and raw materials, including related risks associated with derivative financial instruments, such as risk-taking risks. Renterisici shall include, inter alia, interest-rate proficients on all balance sheets and not balance sheets, including those on fixed and lending, fixed-up. The Renterisici also includes interest-rate structural risks.

Tasks and responsibilities of the Management Board

Investment policy

3) The Management Board shall adopt a policy on investment in which the company ' s risk profile in the area is determined taking into account the limitations and instructions of the Act of financial activity § § 158-167.

4) The policy on investment must, in addition to the general requirements, contained in section 5 (5). 2, contain appropriate general instructions for the following conditions :

a) What are the risks that the undertaking will take to the investment sector?

b) The desired or acceptable risk-taking together and for the individual types of market, credit and counterparty risks within the limits and directions laid down in the Act of financial activities § § § 158-167.

c) Under what circumstances, such as war, natural disasters and unrest on the financial markets, the Management Board shall ensure the management of the management board to maintain the selected risk levels and the procedure for that.

d) Principles of the organisational distribution of responsibilities in investment, including risk-taking, risk management, control and reporting.

(e) Objectives and comparisons (e.g. in the form of benchmarks) for the assessment of results obtained, including return on the results.

(f) Any special types of hazards that the company specifically does not want to undertake, such as equity risks arising from unlisted shares and certain markets, from commodities risks, risks of buckle or hazards arising from certain structured products.

g) Parent Employee skills requirements in the investment area.

(h) The procedure for information to the board of the policy on investment in the field of investment, cf. Section 5 (5). Two, last point.

The Board of Directors of the Governing Board of the Investment Bank

5) In the area of investment, the guidelines must meet the general requirements laid down in section 7 and the extent to which it is relevant to the establishment, indicate :

a) limits to the interest rate, currency and stock and on-line risk, where relevant, as well as assets to cover the technical provisions, as for other assets,

b) the manner in which the individual risks are calculated and the manner in which each instrument is included in the inventory if the internal balance of risks is to be applied more stringent principles than those arising from the law of financial activities and rules issued in : under the law,

c) limits to specific risks associated with complex or exceptional products, including the risks associated with structured products, or to the undertaking ' s activities in the field of investment, such as recovery, interest-rate risks, and voldrisici,

d) to the purpose of securities, currencies and derivative financial instruments, such as risk-taking or active risk-taking,

(e) the currencies or groups of currencies which may be traded or taken into account, and for which action must be taken, respectively,

(f) the types of derivative financial instruments which may be traded and, where appropriate, taken into account,

g) the other types of products, including structured products, which may be traded and, where appropriate, taken into account ;

(h) on which markets or trading places, as well as in which countries or groups of countries may be traded.

6) The guidelines must, at last, contain provisions concerning the registration of the register in respect of financial activities § 167, to be rectified and taken, including taking a position on :

a) who shall be responsible for the construction of the register,

b) who is responsible for the control of the register,

c) ensure that the assets recorded at variations in the value of the assets may cover the technical provisions, where appropriate, by laying down a requirement for a minimum overlay of the minimum ; and

d) how to build the register, for example, as a single extract from Navision, printout from bank depot or spreadsheet with input from relevant systems / transcripts.

7) The limits of the guidelines shall be determined in such a way as to ensure that the provisions concerning the placing of the funds in the Act on financial activities § § 158-167 are fulfilled by the conclusion of the business.

8) Furthermore, the guidelines must take a position on whether the location of the funds and the conclusion of business that leads to market or counterparty risks should be set narrower limits than those resulting from sections 158 to 167 in the law on financial services ; Company.

Tasks and responsibilities of the Executive

Organization and distribution of responsibilities in the field of investment

9) Action Separation, cf. Section 13 (1). 3, in the field of investment, staff involved in the granting of exposures to counterparties or persons covered by the Act of Financial Company Section 78 shall not be permitted ;

a) have a responsibility for valuation and statement of results and risks ;

b) have responsibility for the execution of internal controls ; and

c) be responsible for the preparation of reporting.

Accounting practices

10) If the company itself calculates risk and profit / loss, as well as values of financial instruments and other items with market risks, the management must ensure that the company has reassuring methods for that purpose, including that it is possible to check that it is carried out ; Correct.

11) If the undertaking is to collect risk-making and loss / loss and the values of financial instruments and other items with market risks from external parties, the undertaking must ensure that the persons concerned carry out the task on a reassuring show. In addition, the company must continuously evaluate whether the external parties received and used courses, parameters, etc. are correct and thus ensure a true image of the risks of the undertaking, as well as the correct accounting spoils.

Investment Space Business Times

12) In addition to the general requirements laid down in sections 17 and 18, the guidelines in the area of investment should be included in the general requirements.

a) the procedures for the conclusion, control, registration, accounting and conduct of trade in securities, currency, derivative financial instruments and other market risk-related activities ;

b) procedures for the introduction and use of the register referred to in section 167 of the financial undertaking,

c) the procedures for the current statement and the monitoring of risks, gains / loss and values ;

d) procedures for observance of the limits on the placing on the market of funds and for risk-taking as provided for in the legislation and in internal guidelines, powers, etc.,

(e) the drawing up of management reporting in the field of investment,

(f) procedures for the introduction of business activities in new financial instruments and other products with market risks ;

g) the acceptance of the consent of the Management Board on the award of exposures to parties or persons covered by the Act of Financial Company Section 78,

(h) procedures to ensure that exposures subject to the Act of Financial Business Section 78 are concluded on market-based conditions, and

i) procedures and guidelines for the intake of economic or other relevant information relating to persons to whom exposures are covered by the Act of Financial Company Section 78.

Replacement of risks in the field of competence

13) It must be possible for the disponers to determine whether the terms they intend to carry out are within their remit. The same applies to collective powers, where more employees can have a joint power of disposal.

Investment area checks

14) In the area of investment, internal controls shall be established which meet the requirements of section 22 and which, depending on the extent and complexity of the company ' s activities in the investment area, control the following :

a) Subject to the rule of law, compliance with all the limits of all persons who have powers must be monitored. Intra-day checks shall be carried out at a minimum on a random basis.

b) Whether the limits of the law on financial activities § § § 158-167 and the limits on the placement of funds and restrictions on risks to individual enterprises or groups of undertakings are respected.

c) The reporting and reporting of positions and risks is carried out correctly.

d) If deals are made at correct rates and prices.

(e) In the case of winnings / losses on market risk-stapled arrangements, they shall be correctly raised.

(f) The reconciliation of stock securities, financial instruments and accounts.

g) The appropriate and appropriate courses, etc. from external parties, are correct and thus ensure a true image of the undertaking ' s risks.

15) It must, cf. Section 22 (2). 3, supervised by trade, registration, bookkeeping and running deals shall be carried out in accordance with the business corridors, as well as the establishment of company securities, financial instruments and accounts.

Appendix 3

Operational risks


1) For operational risk, the risk of loss as a result of inappropriate or defective internal procedures, human error and systemic errors, or as a result of external events, including legal risks, are taken. Risk and strategic risks shall not be regarded as operational risk in this notice, but shall be treated in accordance with the same lines as operational risks as appropriate.

Tasks and responsibilities of the Management Board

Operational Risk Policy

2) The policy of operational risks must, in addition to the general requirements, contained in section 5 (5). 2, to the extent that it is relevant shall include the following conditions :

a) The position of which types of incidents to be considered as falling within operational events, including as far as possible, boundaries in relation to other risk areas, such as credit risk, market risk, strategic risk and risk risk.

b) The score to which methods should be used to gather information on incidents that may be considered as falling within the operational risk area, and to which extent such incidents are to be recorded and reported.

c) The position taken to the size of the losses to be recorded and reporting on.

d) The position taken to the principles of reporting to the board itself, with a view to the collection of data and for the management reporting, by the way.

3) The Management Board shall take a position on how the losses must be handled both for incidents that are expected to perform high probability, but with small losses, and incidents that are expected to enter with low probability, but with great loss.

4) In the assessment of the operational risks of the undertaking, the following conditions may be included in the evaluation :

a) Special operational risks associated with the company's business model and activities.

b) The integration, stability and fitness of the undertaking ' s IT systems.

c) Manual routines, for example, in connection with the control and running of trades, controls, and not integrated IT systems.

d) Dependency on external relations, including subcontractors.

(e) Employee skills in relation to the complexity of the tasks.

(f) The quality of business and so on

g) Organization, including the extent of internal controls and possible failure to create office access.

(h) Physical security.

The Board of Directors of the Board of Directors in the Operational Risk Area

5) The Management Board shall include in its guidelines the Governing Board ' s provisions as required by the Administrative Board to ensure compliance with the operational risk of the Management Board. The Management Board may include :

a) concrete requirements for the establishment and operation of the undertaking or parts of it ;

b) principles of how operational risks are to be collected and collected and who is to do so ;

c) any amount limits for losses to be collected and recorded,

d) guidelines for and, where appropriate, the extent to which incidents that may have been known and which could have caused losses but not to do so shall be recorded and assessed, and

(e) guidelines for reporting operational risks to the management board, including limits and time limits for when operational risks and losses (including any incidents which might have triggered significant losses) from operational risks must be reported ; to the board.

Tasks and responsibilities of the Executive

6) The Executive Board shall make the establishment in such a way that operational risks are limited as much as possible within the framework of the Management Board ' s policy and strategy and ensure that all relevant employees are aware of : company policy for operational risks.

7) The Governing Board shall be responsible for ensuring that :

a) events are collected and recorded in accordance with the Management Board ' s policy on operational risks and / or the guidelines,

b) there are effective systems and methods for communicating and storing information on operational risks ;

c) IT systems support day-to-day operations to a sufficient extent ;

d) all employees have sufficient knowledge of operational risks to resolve their tasks in the area ;

(e) there are business procedures for the ongoing identification of areas, systems and products that can lead to significant operational risks, and that :

(f) there are business-collection procedures, inventory, and loss-reporting, and, where appropriate, risk of loss.

8) The Executive Board shall assess in advance whether and the extent to which decisions may lead to operational risks, which are contrary to the policy and strategy of the Management Board in this area. This is true both in terms of principle and in terms of business, including the provision of new services or trade in new financial instruments, which are essential decisions concerning the operation and the establishment of the establishment. This may require the management of the Executive Board to include any operational risk or, in particular case, external advisers.

9) The Executive Board shall regularly assess whether there are areas in which the operational risks are to be minimised and, where appropriate, to establish an action plan for this.

10) The assessment that the management board shall make in accordance with section 4 (4). 1, include one of the management ' s account of operational risks which are sufficient for the management board to monitor the size and development of its operational risks and make any changes to policies ; and Guidelines. The decision shall include an assessment of the likelihood of the occurrence of a given type of event and the loss of direct or indirect damage to the case at worst. The risk of events taking place and the risk of loss of a certain amount may be indicated in the form of categorizations such as 'very high', 'tall', 'medium', 'low' and 'very low'. The deposition shall at least be :

a) provide an assessment of the current operational risks, based on a review of the company's relationship and the loss-making events of the undertaking ;

b) contain an account of events leading to significant losses for the undertaking or-as far as is possible-which could have caused significant losses ;

c) change the intended changes in the company's business model, systems, products, etc., relevant in relation to operational risks ;

d) trade trends in relevant conditions in the establishment ' s surroundings ; and

(e) refer to any areas in which the management has laid down an action plan in accordance with the meaning of the plan. 9.

Appendix 4

IT security

Scope of application

1) This Annex contains provisions concerning the circumstances referred to in the notice relating specifically to the IT area, including the IT security management.

Tasks and responsibilities of the Management Board

2) The Management Board shall adopt an IT security policy for the company.

3) The IT security policy must, depending on the desired risk profile of the financial undertaking in the IT area, the size and complexity of the company's IT application, must include the following conditions :

a) Organization of the IT work, including the separation of duties between

-WHAT? system development / maintenance ;

-WHAT? IT operations and

-WHAT? business performance.

b) Regular risk assessment.

c) The protection of systems, data, machinery and communication paths.

d) Systems engineering and maintenance of systems.

(e) Operations-processing.

(f) Backup and backup.

g) Contingency plans containing objectives and plans for the restoration of normal operation in the event of errors, breakdown, loss of data or systems, as well as whole or partial destruction of buildings, machinery and communication routes.

(h) Quality assurance.

i) Principles for the implementation of policy in detailed guidelines, business procedures and instructions.

j) Precaterms in the event of a breach of IT security policy and safety rules.

c) Compliance with relevant legislation.

I) Reporting, monitoring, and follow-up.

m) Any derogations from the IT security policy.

4) The Administrative Board shall periodically and at least once a year assess the IT security policy, including whether the IT security policy is sufficient to ensure that the risks to which it is carried out and are expected to carry out in the future are on a regular basis ; acceptable level for the company.

5) The IT security policy must be as far as possible to be independent of the technology used.

Tasks and responsibilities of the Executive

6) The Executive Board shall ensure that its IT security policy is complied with. The rection must deepen the IT security policy in procedures, etc., which support that

a) responsibilities, including ownership, for IT processes and resources are located ;

b) The function warning is being monitored ;

c) control of the desired IT security level and the handling of any weaknesses ;

d) systems and data are classified and prioritised,

(e) systems (both the base and user systems) and configuration (hardware) as well as changes to this document,

(f) backup systems and data, including storage of the backups, are backed up ;

g) are provided with sufficient IT resources,

(h) system development, configuration and maintenance, and testing of new and changing systems shall be reassuring ;

i) tests are carried out and other quality assurance,

j) change management and problem management are carried out ;

c) the access control to systems and data is done ; and

I) there is sufficient physical security, including physical access control.

7) In addition, the Governing Board shall ensure that an IT contingency plan to be approved by the Management Board shall be drawn up. The plan shall, depending on the company ' s relationship, be :

a) a description of the establishment of a contingency organisation ; and

b) event plans in case of serious system failure, errors and disturbances in the IT use.

8) The Disaster Recovery Plan shall be tested on a regular basis, and the company must have rules on reporting the results of a contingency test.

Appendix 5

Organisation of the Board of Directors

Rules of procedure of the Management Board

1) The Management Board shall, at a time of procedure, take detailed rules for the performance of its duties, cf. § 65, in the Act of Financial Company.

2) In the design of the Rules of Procedure, after point. 1, the Management Board shall be based on its statutory obligations as well as the complexity and business and activities of the establishment. However, the business order must always contain :

a) provisions on the institution of the Management Board including the use of alternates and quorum requirements, as well as at intervals to be held,

b) provisions on written and electronic board meetings, cf. the furtive of this Annex. 16,

c) procedures for establishing the division of labour between the management board and the management, including authorisations, liability for business and professional secrecy ;

d) procedures for the supervision of the Management Board ' s management of the management of the undertaking and any subsidiaries, including the assessment of the management tasks, carry out its tasks properly and in accordance with the established risk profile, the established ; policies and the management guidelines for the management, cf. Section 2 (2). 1, no. 4,

(e) procedures for creating and keeping books, inventories and records of company law ;

(f) procedures for the management of the Management Board to the company ' s business model, risk-profile, organisation and resources ;

g) procedures for how the Administrative Board shall obtain the information required to carry out its duties, including the obligations imposed by the management board under the Law of Financial Company, the Act of Preventive Measures against the laundering of dividenment and terrorist financing and other relevant legislation, as well as section 5 of the notice of solvency and operation plans for insurance undertakings,

(h) the rules on the management of the Management Board to the Management Board ' s reporting to the Management Board, including the opinion of the individual solvency requirements of the financial undertaking, budgets, financial reports, liquidity and capital requirements, essential ; conceptions, specific risks and overall insurance conditions,

i) procedures for the decision-taking of the Management Board to and signing the audit protocol ; and

j) procedures for how the Board shall ensure the presence of the necessary basis for review, including, if applicable, of whether there is a need for an internal audit.

3) The Management Board shall continuously and at least once a year review the Rules of Procedure with a view to ensuring that this reflects the company ' s business and activity areas.

4) The Management Board shall ensure that all members of the Board of Directors are aware of the Rules of Procedure. The Rules of Procedure must therefore be signed by all board members. This can be done by means of the signing of the current Rules of Procedure by new members of the Board of Directors.

Board meetings and negotiation of the Management Board

5) The management board must, cf. Section 74 (4). 1, in the law of financial activities, shall meet when deciding on matters which are not subject to the powers given to the Governing Board, see it in accordance with the Board of Governing Board. § 70. The Management Board may, for example, legally delegate its decision-making competence to a business committee.

6) Point 5 shall not apply to the treatment of standardized cases which, in accordance with statutes or other, must be dealt with by the Administrative Board. Such cases may be subject to the treatment and decision of a committee on the management board, provided that the overall management guidelines are laid down in advance by the Board of Directors. These guidelines and the committee's handling of the dossiers concerned shall be subject to regular evaluation by the total board of directors. The delegation does not include the management of the board's responsibility for the treatment of the people and of the decisions taken.

7) The Management Board may decide that employees in the company, as well as members of the Board of Directors and employees of other companies in the group, may participate in a management board meeting, where appropriate in individual items on the agenda, if applicable.

8) The Management Board may also, in an individual case, decide that there may be other persons other than those in point. 7 mentioned, for example, shareholders or advisers, present at one or more points on the order of business.

9) Whatever it is. 7 shall not be insensitive to persons present at a board meeting or at a meeting of the board meeting agenda, where confidential information is treated which is not legally disclosed in accordance with the rules on the disclosure of confidentiality ; information in the law of financial activities.

10) The action protocol pursuant to the Act on Financial Action, Section 74 (2). 3, reflect the actions that have been held at the meetings, including essential risk assessments and decisions taken, as well as the prerequisites for those listed. The members that have been present at a meeting must show that. If any person other than members of the Board of Directors have been present, this must also be stated.

11) The protocol must be put in such a way that the risk of subsequent additions, corrections or omissions is at least possible. If the Protocol is conducted as a solution system, this may be done by initialling each side by the chairman or another member of the board. Each page of the negotiation protocol must be consecutive numbered.

12) It must be explicitly stated in the negotiating protocol when exposures are dealt with in Article 78 (3). In the case of financial operations, in the case of financial operations, it must be stated that the members of the board and managers of the Board shall not be present at the time of the proceedings.

13) The determination in furtive. 12 shall not preclude a member of a trustee or a director who also participates in the management of a parent company that owns the entire capital of the undertaking, or in a 100%-owned or subsidiary party, participant in the processing of questions ; on or exposures to this company.

14) The provisions of the Act of Financial Business Section 78 (3). In addition, 1 and 4 shall not preclude the appropriation of exposures to the members of the governing board of the members of the financial establishment in question, as employees in the financial establishment concerned. The provision of the provisions of Article 78 (1) of the Act of Financial Business. 3, does not apply to fully insured exposures or exposures of completely insignificant proportions.

15) The Administrative Board shall review at least once a year through the exposures to persons and companies referred to in Section 78 (3). 1 and 4, in the case of the financial undertaking, for example, in the case of the annual stock review. It must be stated in the negotiation protocol that the review has been carried out, as well as the conclusions of this.

Written and Electronic Administrative Board meetings

16) The Management Board may conduct written and electronic board meetings in accordance with company law rules on this.

17) The Administrative Board shall consider carefully which issues are suitable for processing in a written or electronic board meeting. This will primarily be an uncomplicated and routine matter, which does not require a new principle of principle from the management board, or to impose significant risks or urgent cases which cannot be exposed to the company without any adverse effects.

18) The decisions of the Management Board on the issues suitable for the written and electronic treatment respectively shall be subject to the Rules of Procedure.

(19) In the case of written board meetings, it shall be stated on the board of the board's negotiating protocol when the meeting was concluded.

20) Point 16-19 shall also apply to written authorization procedures.

21) To the extent a governing board decision is taken in writing or by electronic means, an actual indication is required from the individual board members, cf. Company Law § 124, cf. Act on financial activities § § § 114 (mutual companies) and 116 (transverse pension funds). Such expressions shall be recorded in the minutes. An omission of responding to transmitted material is not sufficient indication.