The Indonesian Financial Services Authority (OJK) has issued OJK Regulation No. 44 of 2020 on Risk Management for Non-Bank Financial Institutions. Non-bank financial institutions under this regulation include insurance companies, pension funds and financing companies. This regulation replaces OJK Regulation No. 1 of 2015 on the same subject matter. This regulation has already come into effect.
In this publication, we focus on the impact of the regulation on insurance companies and insurance intermediary companies. For the purpose of this publication, ‘insurance companies’ also refers to insurance intermediary companies.
The following are the key provisions in the regulation:
- Insurance companies must set up a risk committee. The risk committee must comprise: (a) 50% of the members of the company’s board of directors who oversee or manage the company’s risk management function, and (b) the company’s relevant management personnel overseeing or managing the company’s risk management function. This requirement is new.
The risk committee’s main task is creating the company’s risk management strategy and policy. The risk committee provides recommendations on the risk management strategy and policy to the company’s president director.
- In addition to the risk committee, insurance companies must also set up a separate risk management team/unit, which is a different body from risk committee. This requirement is new. This is also in addition to an existing requirement for the board of commissioners of the insurance company to establish a risk supervisory committee.
The risk management team must be separated from the company’s business process and operational teams, and accordingly the personnel of this risk management team must not be part of the business process and operational teams. The company’s business process and operational teams are obliged to inform the risk management team about their relevant risk exposure. These requirements are new.
- Reputation risk is now part of insurance companies’ risk management strategy and policy. Reputation risk is defined broadly under this regulation as “any risk that arises from negative news reports, and/or rumors with respect to the company, and ineffective communication strategy”. This provision is new.
- Insurance companies’ boards of directors are obliged to set up internal thresholds on matters requiring board of directors’ approval. This requirement is new.
- Insurance companies’ boards of commissioners are obliged to set up internal thresholds on matters requiring board of commissioners’ approvals. This requirement is new.
This requirement also indicates that in practice the board of directors and board of commissioners must work together to set up appropriate internal thresholds in order to avoid any overlapping approval requirements.
This requirement also applies to the company’s sharia supervisory board.
- Under the regulation, insurance companies’ boards of directors are strictly prohibited from instructing the company’s employees to carry out activities that are not related to the company’s insurance business using the company’s facilities or at the company’s expense. This requirement is new.
- If an insurance company is also subject to the integrated risk management framework implemented by the insurance company’s parent company, the insurance company’s risk management team (and their activities) can be combined with the parent company’s risk management team. It is possible to only have one integrated risk management team for the entire financial institutions group.
This provision does not apply to the insurance company’s obligation to set up the risk committee. An insurance company that is also subject to the integrated risk management framework still needs to set up a risk committee.
- Insurance companies that: (a) obtained an insurance license before 2 September 2020, and (b) fail to comply with this regulation before 2 September 2021, are not subject to administrative sanctions. These insurance companies will be subject to administrative sanctions if there is still a breach of this regulation after 2 September 2021. This means existing insurance companies have one year to comply with this regulation