1. The senior management of an Insurer remain responsible for its regulatory compliance, including in any areas that are delegated or outsourced to other Group members.
2. The overall governance, high-level controls and reporting lines within the Group should be clear so far as they affect the Insurer. An Insurer should not, for example, be subject to material control or influence from other Group members that is exercised through informal or undocumented channels.
3. Reliance upon functions performed at a Group level (for example, Group risk management, capital planning, liquidity and compliance) should be subject to approval and monitoring by senior management of the Insurer.
4. Where an Insurer relies upon functions that are performed at a Group level the protocols for the performance of those functions should be clear.
5. Senior management should establish and maintain systems and controls to identify and monitor the effect on the Insurer of its relationship with other members of the Group and the activities of other members of its Group. These systems and controls should include procedures to monitor the following matters:
a. changes in relationships between Group members;
b. changes in the activities of Group members;
c. conflicts of interest arising within the Group; and
d. events in the Group, particularly those that may affect the Insurer's own regulatory compliance (for example, failures of control or compliance in other Group members).
6. The Insurer should have in place procedures to insulate the Insurer, so far as practicable, from potentially adverse effects of Group activities (for example, transfer pricing or fronting) or Group events that may expose the Insurer to risk. Such procedures could include requirements for transactions with Group members to be at arm's length, and for maintenance of 'Chinese walls', and development of contingency plans.
7. Senior management should take reasonable steps to ensure that:
a. relevant Group members are aware of the Insurer's Group risk management and reporting obligations;
b. Group capital and Group risk reporting requirements are complied with; and
c. information in respect of the Group provided to the Regulator is of appropriate quality.