2.1.1. Risk management function

An Insurer must establish and maintain an effective risk management function capable of assisting the Insurer to identify, assess, monitor, mitigate and report on its key risks in a timely way; and to promote and sustain a sound risk culture. Guidance: additional requirements in GEN An Insurer is also subject to obligations in respect of operational risk, legal risk and fraud risk pursuant to GEN 5.8 (Management of risks).

2.1.2. Actuarial function

An Insurer must establish and maintain an effective actuarial function capable of evaluating and providing advice regarding, at a minimum, technical provisions, premium and pricing activities, capital adequacy, reinsurance and compliance with related statutory and regulatory requirements.

2.2.1. Designation of roles as Controlled Functions

The following functions are prescribed as Controlled Functions within the meaning of section 20 of the FSFR:

• (a) Insurance Risk Manager;
• (b) Insurance Internal Audit Manager; and
• (c) Approved Actuary.

2.2.2. Mandatory appointments

(1) An Insurer must make the following appointments and ensure that they are held by one or more Approved Individuals at all times:

• (a) Insurance Risk Manager; and
• (b) Insurance Internal Audit Manager.

(2) An Insurer must also appoint an Approved Actuary and ensure that such role is held at all times by an Approved Individual if:

• (a) it conducts Long-Term Insurance Business; or
• (b) it conducts General Insurance Business and;
• (i) more than 15% of its gross outstanding liabilities are attributable to Contracts of Insurance for General Insurance Business in General Insurance Categories 1 (Accident) or 2 (Sickness); or
• (ii) more than 20% of its gross outstanding liabilities are attributable to Contracts of Insurance for General Insurance Business in General Insurance Categories 10 (Motor vehicle liability), 11 (Aircraft liability), 12 (Liability of ships), 13 (General liability), 14 (Credit) or 15 (Suretyship).

2.2.3. Insurance Risk Manager

The Insurance Risk Manager is an individual who has responsibility for the Insurer’s risk management function.

2.2.4. Insurance Internal Audit Manager

The Insurance Internal Audit Manager is an individual who has responsibility:

• (a) for the Insurer’s internal audit policies, procedures and controls; and
• (b) for taking appropriate steps to ensure the implementation of and compliance with those policies, procedures and controls.

2.2.5. Approved Actuary

(1) The Approved Actuary is an individual who has responsibility:

• (a) for the Insurer’s actuarial policies, procedures and controls; and
• (b) for taking appropriate steps to ensure the implementation of and compliance with those policies, procedures and controls.

(2) The Approved Actuary must not be an individual who:

• (a) exercises the Senior Executive Function for the Insurer or a related body corporate (except a related body corporate that is a subsidiary of the Insurer); or
• (b) is an Employee or Director of an auditor for the Insurer.

2.3.1. Outsourcing of risk management function (PINS 2.1.1)

An Insurer may only outsource its risk management function to an Insurance Manager, subject to the rules relating to outsourcing in GEN 5.2 (Outsourcing).

2.3.2. Outsourcing of actuarial function (PINS 2.1.2)

An Insurer may only outsource its actuarial function to an Insurance Manager, subject to the rules relating to outsourcing in GEN 5.2 (Outsourcing).

2.3.3. Outsourcing of Controlled Functions (PINS 2.2 and GEN 2.2)

An Insurer may appoint an Employee of an Insurance Manager to perform the Controlled Function of Insurance Risk Manager, Insurance Internal Audit Manager, Approved Actuary, Finance Officer and/or Compliance Officer, provided that such Employee is an Approved Individual.