PIN 2.3.3

An Insurer must develop, implement and maintain a risk management system to identify the operational risks faced by the Insurer, including but not limited to:

(a) technology risk (including processing risks);
(b) reputational risk;
(c) fraud and other fiduciary risks;
(d) compliance risk;
(e) outsourcing risk;
(f) business continuity planning risk;
(g) legal risk; and
(h) key person risk.