{"kind":"expression","expression":{"expr_id":"288","doc_id":"288","label":"SL 59 of 2015","is_as_enacted":"t","commenced_on":null,"superseded_on":null,"valid_from":null,"valid_to":null,"is_current":"t","incorporating":null,"akn_expr_iri":"\/akn\/ky\/act\/sl\/2015\/59\/eng@2015-01-01","akn_envelope":"{\"_canary\": {\"iri\": {\"work\": \"\/akn\/ky\/act\/sl\/2015\/59\", \"expression\": \"\/akn\/ky\/act\/sl\/2015\/59\/eng@2015-01-01\", \"manifestation\": \"\/akn\/ky\/act\/sl\/2015\/59\/eng@2015-01-01.pdf\"}, \"pdf\": {\"md5\": \"9d15255f9acacf5695e3628d58db2576\", \"path\": \"\/Users\/q\/kyleg-data\/working\/SUBORDINATE\/2015\/2015-0059\/2015-0059_SL 59 of 2015.pdf\", \"pages\": 6, \"filename\": \"2015-0059_SL 59 of 2015.pdf\"}, \"errors\": [], \"extraction\": {\"model\": null, \"stats\": {\"word_count\": 1340, \"paragraph_count\": 7, \"text_char_count\": 9347}, \"usage\": null, \"method\": \"pymupdf-text\", \"version\": \"kyleg-akn-1.0\", \"extracted_at\": \"2026-06-22\"}, \"classification\": \"text_layer\", \"validation_flags\": [], \"docai_processor_id\": null}, \"akomaNtoso\": {\"act\": {\"body\": [{\"eId\": \"sec_n1\", \"num\": null, \"text\": \"dated 30 March, 2015. MARCH 2015 _____________________________________________________________________________________________ Policy and Development Division Page 1 of 5 Rule Risk Management for Insurers\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_1\", \"num\": \"1.\", \"text\": \"Statement of Objectives 1.1. To set out the Cayman Islands Monetary Authority\u2019s (\u201cAuthority\u2019s\u201d) rule on Risk Management for insurance companies, (each of the sub-paragraphs of section 5 below referred to as a \u201cRule,\u201d and collectively, the \u201cRules\u201d), pursuant to the Monetary Authority Law (\u201cMAL\u201d), and in conformity with applicable international financial standards.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_2\", \"num\": \"2.\", \"text\": \"Statutory Authority 2.1. Section 34 of the MAL provides that the Authority may issue rules: (1) After private sector consultation and with the approval of the Governor, the Authority may \u2013 (a)  issue or amend rules or statements of principle or guidance concerning the conduct of licensees and their officers and employees; \u2026 2.2. This document establishes the Rule on Risk Management for insurance companies and should be read in conjunction with the Rule and Statement of Guidance on Internal Controls, the Statement of Guidance on Asset Management and Investment Strategy, the Statement of Guidance on Corporate Governance, and the Statement of Guidance on Reinsurance Arrangements.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_3\", \"num\": \"3.\", \"text\": \"Scope of Application 3.1. This rule applies to all insurers regulated by the Authority under the Insurance Law.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_4\", \"num\": \"4.\", \"text\": \"Definition 4.1. A risk management framework consists of structures, processes and people within the insurer that identify, assess, mitigate and monitor all internal and external sources of risk that could have a material impact on an insurer\u2019s operations. 4.2. In this Rule, the \u201cBoard\u201d refers to the Board of Directors of an insurer. MARCH 2015 _____________________________________________________________________________________________ Policy and Development Division Page 2 of 5\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_5\", \"num\": \"5.\", \"text\": \"Rules 5.1. The Risk Management Framework 5.1.1 An insurer must establish, implement, and maintain a documented risk management framework that is capable of promptly identifying, measuring, assessing, reporting, monitoring and controlling all sources of risks that could have a material impact on its operations in a timely manner. The risk management framework should document the probability, potential impact and duration of each risk. 5.1.2 The risk management framework must be appropriate having regards to the size and complexity of the insurer, and the nature of its risk exposures. 5.1.3 The risk management framework by an insurer must include: a) a written risk management strategy approved by the Board, which in the opinion of the Board addresses all material risks to which the Insurer is likely to be exposed based on its business activities (including outsourced business); b) risk management policies and procedures that in the opinion of senior management are adequate to identify, assess, mitigate, control, monitor and report on the material risks to which the Insurer is exposed; and c) clearly identified managerial responsibilities and controls, designed to ensure that the policies and procedures established for risk management are adhered to at all times. 5.1.4 The risk management framework must address the measurement, monitoring and control of all material risks.  These risks may include, but are not limited to: a) credit risk; b) insurance underwriting and reinsurance risks; c) investment risk (including use of derivatives); d) market risk (including liquidity risk); e) strategic and tactical risks arising from the business plan; f) concentration risk; g) compliance risk; h) money laundering, terrorist financing and fraud risk; and i) operational risk (including outsourcing and business continuity management). MARCH 2015 _____________________________________________________________________________________________ Policy and Development Division Page 3 of 5 5.1.5 The insurer must document the approach and key assumptions made when measuring risks.  Such documentation must describe and explain the risks covered. 5.1.6 The risk management framework must include an appropriate tolerance level or risk limit for material sources of risk. This risk tolerance and risk appetite must be defined by the Board.  The tolerance level should take into account the relationships between sources of risk. 5.2. Business Objectives and Risk Management 5.2.1 The Board must adopt a written process for setting, approving and overseeing the implementation of the insurer\u2019s overall business objectives and risk strategies of the insurer, taking into account the long term financial safety and soundness of the insurer as a whole, and the legitimate interests of its stakeholders, including fair treatment of customers. 5.2.2 The business objectives and risk strategies developed by the insurer must coincide with the approved risk appetite and tolerance levels of the insurer. 5.3. Review of the Risk Management Framework 5.3.1 An insurer must regularly review the market environment in which it operates, draw appropriate conclusions as to the risks posed and take appropriate actions to manage adverse impacts of the environment on the insurer\u2019s business. 5.3.2 As appropriate, an insurer must conduct quantitative and qualitative analyses namely stress tests and scenario analysis having regard to the size and complexity of the insurer, and the nature of its risk exposures. 5.3.3 The insurer must implement and communicate to relevant staff an escalation process for reporting on risk issues within established reporting cycles and outside of them for matters of particular urgency. 5.3.4 The risk management framework must include a \\\"feedback loop\\\" which allows the Board and Senior Management to take necessary action in response to changes in the risk profile of an insurer.  The feedback loop will also ensure that decisions made by the Board and Senior Management are implemented and their effects monitored to determine whether they are in fact appropriate. MARCH 2015 _____________________________________________________________________________________________ Policy and Development Division Page 4 of 5 5.4. Role of the Board of Directors 5.4.1 An insurer\u2019s Board of directors must: a) approve the risk management framework; b) provide oversight of the risk management framework to ensure that policies and processes are implemented effectively; and c) periodically review the risk management framework. 5.5. Insurance Groups 5.5.1 Insurers that are a part of a group structure must ensure that appropriate governance, internal controls and risk management procedures are in place on a group wide basis as well as at the legal entity level. 5.5.2 The Board and senior management of legal entities within an insurance group must ensure material information is disseminated in a timely manner at the legal entity level and group-wide as appropriate. 5.6. Training 5.6.1 An insurer must ensure risk policies and procedures are communicated to senior management and key personnel.   An insurer must ensure relevant staff is trained on the risk policies of the insurer on a regular basis. 5.7. Independent Functions 5.7.1 An insurer must ensure that its risk management framework is subject to effective and comprehensive review by an independent function that may include, as applicable, the internal audit, external audit, insurance manager, actuarial and compliance functions. Persons in such functions must have access to and report to the Board. 5.8. Outsourcing 5.8.1 An insurer that outsources functions either externally to third parties or internally to affiliate entities must have oversight and clear accountability for all externally outsourced functions as if these functions were performed internally and subject to the normal standards of internal controls and periodic reviews. 5.8.2 An insurer\u2019s outsourcing provider(s) must be approved by the Board or Senior Management. MARCH 2015 _____________________________________________________________________________________________ Policy and Development Division Page 5 of 5 5.9. Capital 5.9.1 An insurer's risk management policy should describe how its risk management links with its management of capital (regulatory capital requirement and economic capital1). 5.10. Captives 5.10.1 The Authority recognizes that some captive structures exist where the captive insurer is an integral part of their parent company\u2019s risk management function. In these cases, the Authority does not expect them to duplicate functions that are already carried out by the parent. The Board should consider and document a risk management function that is appropriate to the nature, scale and complexity of the business.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_6\", \"num\": \"6.\", \"text\": \"Enforcement 6.1. Whenever there has been a breach of the Rules, the Authority\u2019s policies and procedures as contained in its Enforcement Manual will apply, in addition to any other powers provided in the Insurance Law and the MAL. 1 \u201cEconomic capital\u201d is defined as the capital which results from an economic assessment of the insurer's risks given the insurer\u2019s risk tolerance and business plans.\", \"element\": \"section\", \"heading\": null}], \"meta\": {\"notes\": null, \"workflow\": null, \"lifecycle\": {\"source\": \"#cilegis\", \"eventRef\": [{\"eId\": \"e_commence_2015_01_01\", \"date\": \"2015-01-01\", \"type\": \"generation\", \"source\": \"#cilegis\"}]}, \"references\": {\"source\": \"#canary\", \"TLCRole\": [], \"TLCEvent\": [{\"eId\": \"ev_commencement\", \"href\": \"\/akn\/ontology\/canary\/event\/commencement\", \"showAs\": \"commencement\"}], \"TLCPerson\": [], \"TLCConcept\": [{\"eId\": \"inForce\", \"href\": \"\/akn\/ontology\/canary\/concept\/temporal\/in-force\", \"showAs\": \"in force\"}], \"TLCProcess\": [], \"TLCLocation\": [], \"TLCOrganization\": [{\"eId\": \"cilegis\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\", \"showAs\": \"Cayman Islands legislation mirror (kyleg)\"}]}, \"temporalData\": {\"source\": \"#cilegis\", \"temporalGroup\": [{\"eId\": \"tg_inforce_2015_01_01\", \"timeInterval\": [{\"end\": null, \"start\": \"#e_commence_2015_01_01\", \"duration\": null, \"refersTo\": \"#inForce\"}]}]}, \"classification\": null, \"identification\": {\"source\": \"#cilegis\", \"FRBRWork\": {\"FRBRuri\": \"\/akn\/ky\/act\/sl\/2015\/59\", \"FRBRdate\": [{\"date\": \"2015-01-01\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/sl\/2015\/59\/!main\", \"FRBRalias\": [{\"name\": \"cmsId\", \"value\": \"2015-0059\"}], \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRnumber\": \"59 of 2015\", \"FRBRcountry\": \"ky\", \"FRBRsubtype\": \"subordinate\"}, \"FRBRExpression\": {\"FRBRuri\": \"\/akn\/ky\/act\/sl\/2015\/59\/eng@2015-01-01\", \"FRBRdate\": [{\"date\": \"2015-01-01\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/sl\/2015\/59\/eng@2015-01-01\/!main\", \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRlanguage\": \"eng\"}, \"FRBRManifestation\": {\"FRBRuri\": \"\/akn\/ky\/act\/sl\/2015\/59\/eng@2015-01-01.xml\", \"FRBRdate\": [{\"date\": \"2026-06-22\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/sl\/2015\/59\/eng@2015-01-01.xml\", \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRformat\": \"application\/xml\"}}}, \"name\": \"act\", \"header\": {\"title\": \"Rule \u2013 Risk Management for Insurers\", \"actNumber\": \"59 of 2015\", \"longTitle\": null}}, \"doc\": null, \"bill\": null, \"judgment\": null}}","akn_full_text":"CAYMAN ISLANDS\n\nSupplement No. 3 published with Gazette No. 7\ndated 30 March, 2015.\n\nRULE \u2013 RISK MANAGEMENT FOR INSURERS\n\nMARCH 2015\n_____________________________________________________________________________________________\n\nPolicy and Development Division\n                         Page 1 of 5\n\nRule\nRisk Management for Insurers\n\n1. Statement of Objectives\n\n1.1. To set out the Cayman Islands Monetary Authority\u2019s (\u201cAuthority\u2019s\u201d) rule on Risk\nManagement for insurance companies, (each of the sub-paragraphs of section 5\nbelow referred to as a \u201cRule,\u201d and collectively, the \u201cRules\u201d), pursuant to the\nMonetary Authority Law (\u201cMAL\u201d), and in conformity with applicable international\nfinancial standards.\n\n2. Statutory Authority\n\n2.1. Section 34 of the MAL provides that the Authority may issue rules:\n\n(1) After private sector consultation and with the approval of the Governor,\nthe Authority may \u2013\n\n(a)  issue or amend rules or statements of principle or guidance concerning\nthe conduct of licensees and their officers and employees;\n\u2026\n2.2. This document establishes the Rule on Risk Management for insurance companies\nand should be read in conjunction with the Rule and Statement of Guidance on\nInternal Controls, the Statement of Guidance on Asset Management and\nInvestment Strategy, the Statement of Guidance on Corporate Governance, and\nthe Statement of Guidance on Reinsurance Arrangements.\n\n3. Scope of Application\n\n3.1. This rule applies to all insurers regulated by the Authority under the Insurance\nLaw.\n\n4. Definition\n\n4.1. A risk management framework consists of structures, processes and people within\nthe insurer that identify, assess, mitigate and monitor all internal and external\nsources of risk that could have a material impact on an insurer\u2019s operations.\n\n4.2. In this Rule, the \u201cBoard\u201d refers to the Board of Directors of an insurer.\n\nMARCH 2015\n_____________________________________________________________________________________________\n\nPolicy and Development Division\n                         Page 2 of 5\n\n5. Rules\n\n5.1. The Risk Management Framework\n\n5.1.1 An insurer must establish, implement, and maintain a documented risk\nmanagement\nframework\nthat\nis\ncapable\nof\npromptly\nidentifying,\nmeasuring, assessing, reporting, monitoring and controlling all sources of\nrisks that could have a material impact on its operations in a timely\nmanner.\nThe\nrisk\nmanagement\nframework\nshould\ndocument\nthe\nprobability, potential impact and duration of each risk.\n\n5.1.2 The risk management framework must be appropriate having regards to\nthe size and complexity of the insurer, and the nature of its risk\nexposures.\n\n5.1.3 The risk management framework by an insurer must include:\na) a written risk management strategy approved by the Board, which in the\nopinion of the Board addresses all material risks to which the Insurer is\nlikely to be exposed based on its business activities (including\noutsourced business);\nb) risk management policies and procedures that in the opinion of senior\nmanagement are adequate to identify, assess, mitigate, control, monitor\nand report on the material risks to which the Insurer is exposed; and\nc) clearly identified managerial responsibilities and controls, designed to\nensure that the policies and procedures established for risk management\nare adhered to at all times.\n\n5.1.4 The risk management framework must address the measurement,\nmonitoring and control of all material risks.  These risks may include, but\nare not limited to:\na) credit risk;\nb) insurance underwriting and reinsurance risks;\nc) investment risk (including use of derivatives);\nd) market risk (including liquidity risk);\ne) strategic and tactical risks arising from the business plan;\nf) concentration risk;\ng) compliance risk;\nh) money laundering, terrorist financing and fraud risk; and\ni) operational\nrisk\n(including\noutsourcing\nand\nbusiness\ncontinuity\nmanagement).\n\nMARCH 2015\n_____________________________________________________________________________________________\n\nPolicy and Development Division\n                         Page 3 of 5\n\n5.1.5 The insurer must document the approach and key assumptions made\nwhen measuring risks.  Such documentation must describe and explain the\nrisks covered.\n\n5.1.6 The risk management framework must include an appropriate tolerance\nlevel or risk limit for material sources of risk. This risk tolerance and risk\nappetite must be defined by the Board.  The tolerance level should take\ninto account the relationships between sources of risk.\n\n5.2. Business Objectives and Risk Management\n\n5.2.1 The Board must adopt a written process for setting, approving and\noverseeing the implementation of the insurer\u2019s overall business objectives\nand risk strategies of the insurer, taking into account the long term\nfinancial safety and soundness of the insurer as a whole, and the\nlegitimate interests of its stakeholders, including fair treatment of\ncustomers.\n\n5.2.2 The business objectives and risk strategies developed by the insurer must\ncoincide with the approved risk appetite and tolerance levels of the\ninsurer.\n\n5.3. Review of the Risk Management Framework\n\n5.3.1 An insurer must regularly review the market environment in which it\noperates, draw appropriate conclusions as to the risks posed and take\nappropriate actions to manage adverse impacts of the environment on the\ninsurer\u2019s business.\n\n5.3.2 As appropriate, an insurer must conduct quantitative and qualitative\nanalyses namely stress tests and scenario analysis having regard to the\nsize and complexity of the insurer, and the nature of its risk exposures.\n\n5.3.3 The insurer must implement and communicate to relevant staff an\nescalation process for reporting on risk issues within established reporting\ncycles and outside of them for matters of particular urgency.\n\n5.3.4 The risk management framework must include a \"feedback loop\" which\nallows the Board and Senior Management to take necessary action in\nresponse to changes in the risk profile of an insurer.  The feedback loop\nwill also ensure that decisions made by the Board and Senior Management\nare implemented and their effects monitored to determine whether they\nare in fact appropriate.\n\nMARCH 2015\n_____________________________________________________________________________________________\n\nPolicy and Development Division\n                         Page 4 of 5\n\n5.4. Role of the Board of Directors\n\n5.4.1 An insurer\u2019s Board of directors must:\na) approve the risk management framework;\nb) provide oversight of the risk management framework to ensure that\npolicies and processes are implemented effectively; and\nc) periodically review the risk management framework.\n\n5.5. Insurance Groups\n\n5.5.1 Insurers that are a part of a group structure must ensure that appropriate\ngovernance, internal controls and risk management procedures are in\nplace on a group wide basis as well as at the legal entity level.\n\n5.5.2 The Board and senior management of legal entities within an insurance\ngroup must ensure material information is disseminated in a timely\nmanner at the legal entity level and group-wide as appropriate.\n\n5.6. Training\n\n5.6.1 An insurer must ensure risk policies and procedures are communicated to\nsenior management and key personnel.   An insurer must ensure relevant\nstaff is trained on the risk policies of the insurer on a regular basis.\n\n5.7. Independent Functions\n\n5.7.1 An insurer must ensure that its risk management framework is subject to\neffective and comprehensive review by an independent function that may\ninclude, as applicable, the internal audit, external audit, insurance\nmanager, actuarial and compliance functions. Persons in such functions\nmust have access to and report to the Board.\n\n5.8. Outsourcing\n\n5.8.1 An insurer that outsources functions either externally to third parties or\ninternally to affiliate entities must have oversight and clear accountability\nfor all externally outsourced functions as if these functions were performed\ninternally and subject to the normal standards of internal controls and\nperiodic reviews.\n5.8.2 An insurer\u2019s outsourcing provider(s) must be approved by the Board or\nSenior Management.\n\nMARCH 2015\n_____________________________________________________________________________________________\n\nPolicy and Development Division\n                         Page 5 of 5\n\n5.9. Capital\n\n5.9.1 An insurer's risk management policy should describe how its risk\nmanagement links with its management of capital (regulatory capital\nrequirement and economic capital1).\n\n5.10. Captives\n\n5.10.1 The Authority recognizes that some captive structures exist where the\ncaptive insurer is an integral part of their parent company\u2019s risk\nmanagement function. In these cases, the Authority does not expect them\nto duplicate functions that are already carried out by the parent. The\nBoard should consider and document a risk management function that is\nappropriate to the nature, scale and complexity of the business.\n\n6. Enforcement\n\n6.1. Whenever there has been a breach of the Rules, the Authority\u2019s policies and\nprocedures as contained in its Enforcement Manual will apply, in addition to any\nother powers provided in the Insurance Law and the MAL.\n\n1 \u201cEconomic capital\u201d is defined as the capital which results from an economic assessment of the\ninsurer's risks given the insurer\u2019s risk tolerance and business plans.","akn_extracted_at":"2026-06-22 15:40:05.950591+00","cms_id":"2015-0059","law_type":"subordinate","year":"2015","number":"59","title":"Rule \u2013 Risk Management for Insurers","status":"in_force"},"provenance":{"files":[{"file_id":"5183","expr_id":"288","kind":"akn_xml","filename":"2015-0059_SL 59 of 2015.akn.xml","source_url":null,"storage_path":"\/Users\/q\/kyleg-data\/working\/SUBORDINATE\/2015\/2015-0059\/2015-0059_SL 59 of 2015.akn.xml","content_md5":"ac956277595b0a2675ede27d642e2491","byte_size":"12402","http_last_modified":null,"fetched_at":"2026-06-22 15:40:06.014409+00"},{"file_id":"575","expr_id":"288","kind":"pristine_pdf","filename":"2015-0059_SL 59 of 2015.pdf","source_url":"\/cms\/images\/LEGISLATION\/SUBORDINATE\/2015\/2015-0059\/2015-0059_SL 59 of 2015.pdf","storage_path":"\/Users\/q\/kyleg-data\/pristine\/SUBORDINATE\/2015\/2015-0059\/2015-0059_SL 59 of 2015.pdf","content_md5":"9d15255f9acacf5695e3628d58db2576","byte_size":"259666","http_last_modified":null,"fetched_at":"2026-06-21 23:09:36.323737+00"},{"file_id":"576","expr_id":"288","kind":"working_pdf","filename":"2015-0059_SL 59 of 2015.pdf","source_url":"\/cms\/images\/LEGISLATION\/SUBORDINATE\/2015\/2015-0059\/2015-0059_SL 59 of 2015.pdf","storage_path":"\/Users\/q\/kyleg-data\/working\/SUBORDINATE\/2015\/2015-0059\/2015-0059_SL 59 of 2015.pdf","content_md5":"9d15255f9acacf5695e3628d58db2576","byte_size":"259666","http_last_modified":null,"fetched_at":"2026-06-21 23:09:36.323737+00"}],"paragraph_count":7,"latest_history":null},"quality":{"expr_id":"288","doc_id":"288","quality_state":"needs_review","quality_score":"85","needs_human_review":"t","deterministic_categories":"{page_header_footer_noise}","llm_categories":"{truncated_text,other}","repair_actions":"{manual_review,reextract_full_text,strip_page_furniture}","finding_severity_counts":"{\"low\": 1, \"medium\": 1}","finding_summary":"Sample shows minor truncation at end of Section 5 and possible OCR artifact; otherwise formatting and metadata align with expectations.","assessed_at":"2026-06-22 15:29:46.099062+00","updated_at":"2026-06-22 15:29:46.099062+00"}}