The Central Bank of Ireland (the "Central Bank") published its programme of themed inspections (the "Programme") on 3 February 2016, indicating its supervisory priorities for 2016 which reflect the full implementation of the Solvency II regime. The purpose of the inspections is to highlight to the Central Bank the areas where Solvency II firms might need to improve their levels of compliance.
We understand that the Central Bank has recently contacted a number of Solvency II firms in order to conduct a supervisory review and to seek information as part of the themed review of Corporate Governance and Operational Risk. We have set out below the typical information sought by the Central Bank in advance of such reviews.
In conducting its supervisory review of Solvency II firms, the Central Bank requires the following information be provided in advance of the review and the meeting with the CEO:
- A copy of the last two sets of Board Packs and minutes;
- A copy of the last two sets of sub-committee meeting minutes for both the Audit Committee and Risk Committee;
- A copy of the risk register and risk appetite statement;
- Own Risk and Solvency Assessment ("ORSA") for 2015;
- Appointed Actuary Report for 2015;
- A copy of the annual assessment of the board's performance in line with Corporate Governance Code requirements;
- A copy of the latest board and management succession plan;
- Compliance plan for 2015 and 2016, including a summary of significant findings and the compliance manual;
- Internal Audit plan for both 2015 and 2016, including copies of reports completed in the past twelve months;
- A group chart structure;
- A local organisation chart with details of reporting lines; and
- A presentation to support the CEO meeting, to include a summary of the business plan, 2015 financial performance and key risks facing the company.
Themed Review of Corporate Governance and Operational Risk
In addition, where the Central Bank is undertaking targeted risk assessments under the areas of Corporate Governance and Operational Risk it requires Solvency II firms to provide the following information:
- Terms of Reference for the Board and sub-committees of the Board;
- Biographies for Board members and members of the Executive Management team;
- Executive Management team meeting minutes (last three sets) and organisation chart;
- Details of any internal/external reviews of systems of governance and operational risk;
- Corporate Governance Compliance Statement;
- Corporate Governance Code checklist;
- Copies of any culture reviews / assessments completed in past 12 months;
- Copies of remuneration committee minutes and packs (where applicable);
- Solvency and Financial Conditions Report;
- Regular Supervisory Report;
- Operational risk register;
- Operational risk policy;
- Operational risk reporting pack (most recent three sets);
- Outsourcing policy;
- Outsourcing Service Level Agreements;
- Outsourcing Key Performance Indicators;
- Details on the reporting between the Outsourcing party and the Firm (annual report and most recent quarterly report);
- Business Continuity and Disaster Recovery Policy;
- Reporting on emerging risks;
- Near Miss and Loss Events Log;
- Details of any Control Self-Assessment reports in the areas of operational risk and corporate governance;
- Data management (including data loss) policy;
- Data retention policy;
- End-user computer policy;
- AML policy; and
- Details of AML reporting and monitoring.
We would advise Solvency II firms to bear the above in mind when designing both their compliance and internal audit plans and updating internal policies and procedures.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.