..:: SOME KEY CHANGES IN CIRCULAR NO. 70/2022/TT-BTC REGARDING RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT OF INSURANCE COMPANIES ::..

SOME KEY CHANGES IN CIRCULAR NO. 70/2022/TT-BTC REGARDING RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT OF INSURANCE COMPANIES

News

On 16 November 2022, the Ministry of Finance has issued Circular No. 70/2022/TT-BTC regarding risk management, internal control and internal audit of insurance companies, reinsurance companies, branches of foreign non-life insurance companies and branches of foreign reinsurance companies (“Circular 70”). Circular 70 contains some following key points regarding the operation of an insurance company (the “Company”):

1. Risk management

a. Operation of Risk management

The Company shall organize their risk management operation by using 03 separate lines of defence as follow:
- The first line of defence: the technical departments that directly identify, receive, assess, control, report and monitor business risks;
- The second line of defence: the risk management department, the compliance control department and other departments that have the risk management function in respect of the operation of the first line of defence.
- The third line of defence: the internal audit department.

The risk management operation must meet the following criterias:
- Being able to identify, measure, monitor and manage the risks timely, accurately;
- Conducting tolerance test regarding the capital and the solvency annually;
- Building the risk management culture by issuing and complying with the codes of professional ethics; internal regulations on risk management; reward and discipline regulations.

b. Tasks of Risk management department

The risk management department, which belongs in the second line of defence, must ensure to perform the following tasks:
- Providing counsels to the General Director on issuing the internal risk management procedure;
- Co-operating with the technical departments in the first line of defence to identify and monitor the incurred material risks;
- Building and using the risk assessment and measurement model to warn, identify the risks and the possibilities of violating the risks’ levels early, recommending the measures of managing, preventing and minimizing the incurred risks (if any);
- Constructing the scenarios to test the tolerance of the Company regarding the risks;
- Submitting quarterly, annually and ad-hoc reports to the General Director regarding the risk management situation of the Company; reporting to the Member Council in a timely manner in case of detecting the risks which may materially affect financial safety and operational effectiveness. Each quarterly report shall be submitted no later than 30 days following the last day of the quarter in question while each annual report shall be submitted no later than 90 days following the last day of the year in question.

2. Internal control

a. Operation of Internal control

The operation of Internal control must comply with the following rules:
- The internal control shall be applied to all technical activities and procedures and to the departments of the Company.
- The compliance control department shall be separated from technical departments.
- An employee of the Company must not be allowed to hold positions or be assigned tasks concurrently if the aims or interests resulting from these positions or tasks conflict or overlap.
- The employees are not allowed to use the Company’s information for personal purposes or cover up violations in respect to the laws and internal regulations of the Company.
- During the implementation of technical procedures, cross examination or supervision shall be required.
- Financial information systems needed for internal controls shall be decent, rational, complete, accurate and timely.

b. Tasks of Compliance control department

The tasks of Compliance control departments include:
- Providing counsel to the General Director or a relevant competent authority on issuing internal control procedures.
- Carrying out the annual or irregular examination and assessment of compliance with the provisions of law, internal regulations and procedures and professional ethical standards of employees and technical departments.
- Supporting relevant departments building and reviewing internal regulations to ensure compliance with the laws; recommending and completing the internal procedures and regulations.
- Preparing quarterly, annual and ad-hoc reports for submission to the General Director on the compliance with the laws, internal regulations and procedures and professional ethical standards of individuals and technical departments, including proposals for modifications of technical procedures (if necessary). Each quarterly report shall be submitted no later than 30 days following the last day of the quarter in question while each annual report shall be submitted no later than 90 days following the last day of the year in question.
- Reporting to the Member Council in a timely manner when detecting violations related to compliance with the laws of the Company.

3. Internal audit

a. Operation of Internal audit

The Internal audit department shall build and execute the annual internal audit plans. The departments, functions which are at high risk levels, according to the Company, shall be put on the annual internal audit plans. The Internal audit department must spare its time for the irregular audit engagements upon request.
The Internal audit department shall submit the internal audit report to the Member Council no later than 90 days following the last day of each audit engagement.
The internal audit reports must clearly express the following contents: Content and scope of each audit engagement; assessments and conclusions about audited matters and basis for these opinions; issues, violations and explanatory opinions concerning the audited subject; recommendations of correction or remedy actions and disciplinary actions; measures aimed at improving technical procedures, completing risk management policies and organizational structure of the Company.
The Company must issue the internal audit regulations and procedures which meet the standards under applicable provisions of laws.

b. Tasks of Internal audit department

- Conducting audits regarding the compliance of laws, internal regulations and procedures of the Company.
- Conducting audits regarding the safety, effectiveness in managing and using capitals, assets and resources of the Company.
- Conducting audits regarding the accuracy, integrity, effectiveness in the procedure of controlling financial information and the preparation of financial reports.
- Conducting audits regarding the completeness, accuracy and safety of information technology systems and professional software in use.
- Conducting audits regarding other matters as requested by the Member Council.

All news