Topic Governance Governance

The second pillar of Solvency II lays down the qualitative requirements for the governance systems of primary insurers and reinsurers subject to Solvency II. Each undertaking concerned must fulfil the requirements of Articles 41 to 49 of the Solvency II Directive (Framework Directive 2009/138/EC of 25 November 2009 (the S II Framework Directive), in the version of the Omnibus II Directive). The S II Framework Directive was transposed into German law on 1 January 2016.

The governance system of insurers is regulated by the provisions of sections 23 to 32 of the German Insurance Supervision Act (Versicherungsaufsichtsgesetz – VAG) of 1 April 2015. These provisions encompass both the general requirements under section 23 of the VAG (Article 41 of the S II Framework Directive) and other requirements laid down in sections 24, 26, 27, 29 to 32 of the VAG (Articles 42, 44 to 49 of the S II Framework Directive).

The Insurance Supervision Act lays down the following requirements for the governance system of insurers:

  • Section 23 of the VAG (Article 41 of the S II Framework Directive) requires, for instance, an adequate transparent organisational structure with a clear allocation and appropriate segregation of responsibilities and an effective system for ensuring the transmission of information. The governance system must be effective and adequate and is to be subject to regular review. Undertakings must have written policies in place, including in relation to risk management. There are also requirements relating to the steps undertakings must take in order to ensure continuity and regularity in the performance of their activities.
  • Section 24 of the VAG (Article 42 of the S II Framework Directive) stipulates the fit and proper requirements for persons who effectively run the undertaking or have other key tasks. The qualification requirements apply to members of the management board (or other persons appointed to represent the undertaking), members of the supervisory board and persons who are responsible for other key tasks such as, in particular, the four mandatory key functions. This includes not only the person who exercises the key function but also the staff who deal with the respective tasks.
  • Section 26 of the VAG (Article 44 of the S II Framework Directive) governs the requirements for risk management systems and the independent risk management function. The risk management system includes, among other things, strategies, processes and reporting procedures. The independent risk management function is designed to facilitate the implementation of the risk management system and has additional tasks in undertakings using an internal model.
  • Section 27 of the VAG (Article 45 of the S II Framework Directive) relates to the own risk and solvency assessment (ORSA), which is used, for example, to assess an undertaking's overall solvency needs, taking into account its specific risk profile.
  • Section 29 of the VAG (Article 46 of the S II Framework Directive) stipulates requirements for an internal control system and the compliance function. The internal control system must at least include administrative and accounting procedures, an internal control framework, appropriate internal reporting arrangements at all levels of the undertaking and a compliance function, which monitors compliance with the requirements. It advises the management board (or other persons appointed to represent the undertaking) on compliance issues, assesses the effects of any changes in the legal environment on the undertaking and identifies and assesses the risks associated with failure to comply with the legal requirements (compliance risk).
  • Section 30 of the VAG (Article 47 of the S II Framework Directive) relates to the internal audit function. The internal audit function includes, for instance, an evaluation of the adequacy and effectiveness of the internal control system and other elements of the system of governance.
  • Section 31 of the VAG (Article 48 of the S II Framework Directive) provides for an actuarial function, which, among other things, coordinates the calculation of technical provisions.
  • In the event of outsourcing, undertakings always remain responsible for complying with the requirements, even in cases where the outsourced functions or activities are not important. Section 32 of the VAG (Article 49 of the S II Framework Directive) lays down special requirements for outsourcing important functions or insurance activities.

The European Commission adopted the Delegated Regulation (EU) 2015/35 to further specify the requirements set forth in the aforementioned articles of the Solvency II Framework Directive (Article 50 of the S II Framework Directive as amended by the Omnibus II Directive). The Delegated Regulation is directly applicable in all Member States. Furthermore, EIOPA publishes guidelines which define the requirements of the S II Framework Directive and the Delegated Regulation in greater detail.

BaFin revokes Circular 3/2009 on the Minimum Requirements for Risk Management in Insurance Undertakings (Mindestanforderungen an das Risikomanagement VAMaRisk VA) effective as of 1 January 2016.

When the new Insurance Supervision Act, which transposes the Solvency II Directive into German law, entered into force on 1 January 2016, the legal basis of the MaRisk VA ceased to exist. This does not mean, however, that the requirements for the risk management of undertakings will be reduced, since most of the existing requirements are also based on the provisions of Solvency II. In addition, there are new requirements for risk management and other parts of the governance system.

Starting on 1 January 2016, BaFin will continue its pronouncements on governance and forward-looking own risk assessment, published in preparation for the Solvency II regime, in the form of interpretative decisions, which will be constantly updated.

Although the interpretative decisions only apply to undertakings subject to Solvency II, BaFin also expects all undertakings outside the scope of this regime to at least comply with the existing requirements. Based on the experience gained in 2016, BaFin will examine if specific guidance is needed for undertakings that are not subject to Solvency II. It should be noted that the provisions on governance systems apply in part also to small insurers, death benefit funds, Pensionskassen and Pensionsfonds (see sections 23 ff. of the VAG).

updated on: 01.01.2016

Additional information

Did you find this article helpful?

We appreciate your feedback

* Mandatory field

Publications on this topic

Prod­uct Gov­er­nance

The responsible handling of financial products in manufacturing and distribution is designed to protect clients.

BaFin pub­lish­es Cir­cu­lar on Min­i­mum Re­quire­ments on the Sys­tem of Gov­er­nance of In­sur­ance Un­der­tak­ings

The circular on Minimum Requirements under Supervisory Law on the System of Governance of Insurance Undertakings (Aufsichtsrechtliche Mindestanforderungen an die Geschäftsorganisation von Versicherungsunternehmen – MaGo) is now available in English.

Au­tho­ri­sa­tion pro­ce­dure: BaFin pub­lish­es guid­ance no­tice on bank­ing busi­ness

What are the requirements that credit institutions have to meet if they wish to apply for authorisation to conduct banking business pursuant to sections 32 and 33 of the German Banking Act (Kreditwesengesetz – KWG) in conjunction with section 14 of the German Reports Regulation (Anzeigenverordnung – AnzV)? To answer this question, BaFin has now published a guidance notice, in particular in view of …


Risk cul­ture: Re­quire­ments of re­spon­si­ble cor­po­rate gov­er­nance

The development and promotion of an appropriate risk culture is a primary task of the management of any company.

Bank­ing Act (Kred­itwe­sen­ge­setz - KWG)

Translated by the Deutsche Bundesbank. This translation is not official; the only authentic text is the German one as published in the Federal Law Gazette (Bundesgesetzblatt).

All documents