PIN 2.2.2

The risk management systems maintained by an Insurer must include:

(a) a clearly defined risk appetite statement which outlines the risk tolerance of the Authorised Person and is approved by its board;
(b) a written risk management strategy approved by senior management, which in the opinion of senior management addresses all material risks to which the Insurer is likely to be exposed;
(c) risk management policies and procedures that in the opinion of senior management are adequate to identify, assess, mitigate, control, monitor and report on the material risks to which the Insurer is exposed;
(d) clearly defined risk limits, norms, pricing parameters which are consistent with the board approved risk appetite; and
(e) clearly identified managerial responsibilities and controls, designed to ensure that the policies and procedures established for risk management are adhered to at all times.