Normas
CIRCULAR SUSEP NO. 521, OF 24/11/2015 (versão inglês/LegisMap)
Revogada por CIRCULAR SUSEP Nº 648, DE 12.11.2021
CIRCULAR SUSEP NO. 521, OF 24/11/2015 (*)
Amending Circular SUSEP No. 517, of 30 July 2015
THE SUPERINTENDENT OF THE SUPERINTENDENCE OF PRIVATE INSURANCE – SUSEP, acting according to line “b” of art. 36 of Decree-Law no. 73, of 21 November 1966; to sole paragraph of art. 3rd of Complementary Law no. 126, of 15 January 2007; to paragraph 2nd of art. 3rd of Decree-Law no. 261, of 28 February 1967, with the wording provided by Complementary Law no. 137 of 26 August 2010; and to art. 74 of Complementary Law no. 109, of 29 May 2001, and considering the contents of file Susep no. 15414.002437/2014-05,
Resolves:
Art. 1st – To amend article 1st of Circular Susep no. 517, of 30 July 2015 according to the following wording:
“Art. 1st – Establishing about technical provisions; liabilities adequacy test; assets relief; underwriting, credit, operations and market risks based capital; constitution of data base for operational losses; registry, custody and movement of assets, bonds and securities as guarantees for technical provisions; Risks Management Structure; Periodic Information Form – FIP/SUSEP; Accounting Norms and independent accounting audit at insurers, open pension funds entities, saving bonds societies and reinsurers; certification exam and continued professional education for independent accounting auditor and about Technical Opinions provided by the Brazilian Actuary Institute – IBA (Instituto Brasileiro de Atuária).”
Art. 2nd – To amend the subsection II of article 2nd of Circular Susep no. 517, of 30 July 2015, according to the following wording:
“II – the structure in the format contained in this subsection:
TITLE I: QUANTITATIVE ASPECTS
CHAPTER I: Technical Provisions
Section I: Insurers and Open Pension Funds Entities (EAPC)
Section II: Saving Bonds Societies
Section III: Local Reinsurers
Section IV: Insurers and Open Pension Funds Entities (EAPC), which do not have data sufficient for the utilization of their own methodology
CHAPTER II: Liabilities’ Adequacy Test (TAP)
Section I: Current Estimates for Cash Flow
Section II: Determination of the Liabilities’ Adequacy Test (TAP) Result
Section III: Actuarial Study Comprising Liabilities’ Adequacy Test (TAP)
CHAPTER III: Assets Affecting the Need for Technical Provisions Coverage
Section I: Creditory Rights
Section II: Reinsurance as Asset Relief and Retrocession as Asset Relief
Section III: Judicial Deposits as Asset Relief
Section IV: Reducing Deferred acquisition Costs
CHAPTER IV: Risk Capitals
Section I: Risk Capital Calculation – Risk Transfer and Restructuration of the Company
Section II: Operational Risk Capital – Data Base for Operational Losses
CHAPTER V: Solvency Regularization Plan
TITLE II: Qualitative Aspects
CHAPTER I: Registry, Custody and Assets Movement, Bonds and as Guarantees for Technical Provisions
Section I: Registry of Guarantee Assets for Technical Provisions and Funds
Section II: Access Authorization to the Investment Portfolio
CHAPTER II: Risks Management Structure
Section I: General Provisions of this Chapter
Section II: The Risks Officer
Section III: Policies
Section IV: Final and Transitory Provisions of this Chapter
TITLE III: RULES OF TRANSPARENCY AND DISSEMINATION
CHAPTER I: Periodic Information Form – FIP/SUSEP
CHAPTER II: Accounting Norms
Section I: Basic Norms
Section II: Announcements of the Accounting Announcements Committee - CPC
Section III: Technical Interpretation of the Accounting Announcements Committee
Section IV: Review of the documents issued by the Accounting Announcements Committee
Section V: Procedures for the Reinsurance Premiums Accounting Recording
CHAPTER III: Independent Accounting Audit
Section I: Certification Exam and Continued Professional Education for the Independent Accounting Auditor
Section II: Minimum procedures to be observed by a comprehensive report about the internal controls adequacy to the risks sustained by the supervised company at the time of its auditing
CHAPTER IV: Technical Announcements Prepared by the Brazilian Actuary Institute (IBA)
TITLE IV: FINAL PROVISIONS”
Art. 3rd – To include the Chapter II, “Risks Management Structure”, at Title II of Circular Susep no. 517, of 30 July 2015, with the following wording:
“CHAPTER II
The Risks Management Structure
Art. 108-A. The supervised companies should implement Risks Management Structures according to the minimum requirements established in this Chapter.
§1st – The Risks Management Structure should be proportional to the exposure of the supervised company to risks and compatible with the nature, scale and complexity of its operations.
§2nd - The Risks Management Structure of the supervised company should be aligned with its Internal Controls System, independently of the manner by which both are implemented at the organizational structure.
§3rd The supervised companies which, at any time, fall within the situations listed below, could require to Susep the total or partial exemption of compliance with the provisions of this Chapter, by means of the presentation of a report indicating the items deemed as not applicable having in mind its operations risks, which should be signed by the Executive Board and the Board of Directors, if the latter exists:
I – Insurers operating exclusively in the Compulsory Personal Injury caused by Motor Vehicles insurance branch (DPVAT), provided that they are not in charge of the pools management;
II – Supervised companies, which, except for a possible participation in the Compulsory Personal Injury caused by Motor Vehicles insurance branch (DPVAT), have only branches/plans in run-off.
Art. 108-B. - For the effects of this Chapter, the following definitions apply:
I – Risks management: coordinated activities aiming at identifying, evaluating, measuring, treating and monitoring the risks of an organization, based on an adequate understanding of the types of risk, of their characteristics and interdependency, of the risks sources and their potential business impact;
II – Treatment of a risk: action adopted by an organization facing a risk, having the purpose of avoiding, mitigating, sharing or even accepting such risk in a conscientious manner, among other possible alternatives;
III – Risks Management Structure: set of components which provide for the fundamentals and the organizational arrangements aimed at the conception, implementation, monitoring, critical analysis and continued improvement of the risks management through the whole organization;
IV – Risk Profile: description of the set of risks to which an organization is exposed, according to the processes and methodologies employed to the risks identification;
V – Risk Level: a risk magnitude, expressed in terms of the combination between its probability and its impact;
VI – Business Continuity Plan: a document containing the procedures and information needed to maintaining the critical activities of the organization facing situations which affect its usual functioning; and
VII – Risk Appetite: description of the risks that an organization is ready to accept, as a way of achieving its strategic objectives.
Section I
General Provisions
Art. 108-C. – It is the Executive Board and Board of Directors’ responsibility, if the latter exists, to ensure the adequacy of the Risks Management Structure of the supervised company.
§1st – The Executive Board should periodically monitor the exposures of the supervised company to risks and assess the efficacy of the Risks Management Structure at least once a year and every time there is a significant change in the Risk Profile, reporting the results of such analysis as well as the respective proposed actions to the Board of Directors, if this exists.
§2nd – The Executive Board and the Board of Directors could constitute, at their discretion, executive committees or commissions to help them in performing the duties defined in this article, as well as to use the assessments made by the Risks Officer, by the Internal Audit, by other persons or sectors and by outside services providers.
Art. 108-D – The Risks Management Structure should establish:
I – Clear definition of roles and responsibilities concerning the risks management at the different organizational levels, which should be compatible with the qualification and assignments of each position;
II – Processes, methodologies and tools to identify, assess, measure, treat and monitor all exposures to current and emerging risks at their individual and aggregate levels, deemed as material or priority by the supervised company, either originated from an internal or external source, or caused by its own operation or by other companies in the same group to which it belongs, including, at least:
a) Preparation and maintenance of a Risk Profile which describes each identified risk, indicates its category and its causes and allows for the assignment of responsibilities concerning its management;
b) Definition of qualitative and/or quantitative methodologies to mensuration risks and, if this is the case, their respective data sources;
c) Risk Level Assessment, based on the methodologies required by line “b”, for each of the identified risks;
d) Adoption of treatments and controls compatible with each Risk Level and with the priorities established by the supervised company, with a view to maintain the exposure to risks within the limits defined by its policies and procedures, as well as mechanisms to assess the effectiveness of such measures;
e) Definition of indicators or variables for monitoring the levels of exposure to the main risks; and
f) Implementation of adequate communication tools to enable the development of the activities mentioned in the previous lines, facilitate the effective reporting of exposure to risks and, in case of potential deviations in relation to the established limits, allow for the timely adoption of the applicable measures.
III – Validation of the processes, methodologies and tools mentioned in the previous subsection, by person, sector or appropriate entity which has not taken active part in the definition or preparation of such processes, methodologies and tools, nor directly involved in its execution;
IV – Adoption of mechanisms which aim at to incentive behaviors oriented to the observance of the Risk Appetite, Risks Management policies and procedures as defined by the supervised company, as well as to restrain actions which are incompatible with such Appetite, policies and procedures; and
V – Previous analysis about changes, which have the potential to significantly affect the supervised company’s Risk Profile.
§1st– The risks categories, described at line “a” of the subsection II of the head of this article for the preparation of the Risk Profile are:
I – Compulsory categories - Underwriting Risk, Market Risk, Credit Risk and Operational Risk, whose definitions follow the concepts established in the norms for risk capital calculations.
II – Additional categories – To be freely defined by the supervised company in the cases of risks not comprised by the categories above.
§2nd – In case the supervised company utilizes quantitative methodologies for measuring risks, as mentioned at line “b” of the subsection II of the head of this article, these should, as much as possible, quantify the impacts of the risks at market value.
§3rd – Risks that could cause total interruption or significant reduction in the activities of the supervised company, resulting in a Risk Level considered unacceptable by the institution or in violation to the guidelines established for the business continuity, should be mitigated through a Business Continuity Plan containing, as a minimum:
I – specific roles and responsibilities concerning business continuity;
II – minimum level of operation and maximum deadline for the return to normal functioning;
III – procedures of communication with internal and outside interested parties; and
IV – periodical tests.
§4th – When dealing with the request of previous authorization for change in geographical area of operation, change of corporate objective, transfer of shareholding control, portfolio transfer, divisions, mergers or incorporations, the interested party should provide a declaration, signed by at least one director of the supervised company, attesting that the analysis required by subsection V of the head of this article was performed, or, alternatively, justifying the reason for considering that the Risk Profile impact was not significant.
Section II
The Risks Officer
Art. 108-E – The supervised company should name a Risks Officer, holding sufficient qualification and experience, which will be in charge of continuously supervising its risks management, being obliged, at least to:
I – Monitor the Risk Profile and the exposure levels of the supervised company, checking its alignment with the Risk Appetite;
II- Assess processes, methodologies and tools utilized in the risks management, as well as the sufficiency and adequacy of the human and material resources involved with this activity along the different areas of the supervised company;
III – Participate in the changes analysis, mentioned at subsection V of the head of article 108-D, helping with its risks assessment and indicating potential needs of change in its Structure of Risks Management;
IV – Determine if the metrics defined by the Executive Board and/or Board of Directors for the performance appraisal of the managers and other key employees performance, especially those that influence the remuneration of that personnel may compromise the risks management of the supervised company;
V – Follow-up the implementation of the action plans or corrective measures which aim at to clear deficiencies of the Risks Management Structure;
VI – Report, periodically and as long as it is considered necessary, to the Executive Board of the supervised company or to its Board of Directors, when this is the case the results of the analysis mentioned at subsections I to IV, as well as any inadequacy found in the Risks Structures Management;
VII – Propose actions in favor of improving consciousness among the employees of the supervised company in relation to the risks of its operations, aiming at the reinforcement of behavior and attitudes in favor of the management of those risks; and
VIII – Steer the strategies and alternatives for the risks management, as long as this does not compromise its independency.
§1st – The Risks Officer is not obliged to perform the assignment mentioned at subsection IV of the head of this article in case the supervised company, or the group to which it belongs, has a committee in charge of assessing the guidelines of remuneration taking into consideration its effects on the risks management, as long as this committee reports directly to the Boards mentioned at that subsection
§2nd – The nomination of one single Risks Officer for two or more of supervised companies that belong to the same group is allowed, provided that such Risks Officer belongs to:
I – The controller of those supervised companies, whose exclusive purpose is the participation in supervised companies; or
II – One of the supervised companies served by such Risks Officer.
Art. 108-F – Alternatively to the nomination of the Risks Officer mentioned in article 108-E, and subject to previous requirement from the supervised company, the supervisory authority Susep could authorize that the functions of the Risks Officer are performed by:
I – Outsourced company, in the case of supervised companies which are able to demonstrate that the hiring of its own Risks Officer represents a relevant impact in its human resources and in its personnel expenses, that its operational procedures and information systems are of low complexity, and that its traded products possesses low diversity in terms of coverages provided.
II – An area specialized in risks management located at a foreign head office, in the case of local reinsurers which are able to demonstrate that the hiring an own Risks Officer represents a relevant impact in its human resources and in its personnel expenses, that its flexibility to implement operational procedures and information systems distinct from the ones globally adopted by the head office is low, that its risks acceptance is submitted to a rigorous control by the head office, and that its management is separate from the other supervised companies belonging to the same group.
§1st – If the authorization mentioned in the head of this article is granted, the director in charge of internal controls will be responsible for providing clarifications about risks management when required by Susep, as well as to receive and forward notifications about deficiencies and to supervise their correction.
§2nd – The requirements established in articles 108-H and 108-I apply to the outsourced company and to the specialized area in risks management located in a foreign head office.
Art. 108-G – The fact that the Risks Officer be outsourced by the supervised company, under the terms of the article 108-F or the §2nd of the article 108-E, does not exempt its Executive Board and its Board of Directors, when the latter exists, from the responsibilities mentioned in article 108-C.
Art. 108-H – It should be granted to the Risks Officer for the adequate performance of their duties:
I – The necessary own or outsourced material and human resources;
II – Sufficient authority and independency; and
III – Unrestricted and timely access to the information necessary to the performance of its analysis.
Single paragraph – In case the supervised company has a Board of Directors, the Risks Officer should have the prerogative of meeting with such Board without the presence of the Executive Board, as long as such Officer considers it necessary.
Art. 108-I – The Risks Officer should not be primarily responsible for decisions that lead the supervised company to accept risks.
§1st – In case the Risks Officer reports hierarchically to an area or person in charge of decisions, which lead the supervised company to accept risks, the supervised company should implement additional control procedures aiming at the mitigation of potential conflicts of interest.
§2nd – The Risks Officer cannot accumulate responsibility for the Internal Audit.
Section III
Policies
Art. 108-J – The Board of Directors or, in case this does not exist, the Executive Board of the supervised company should formalize the company’s Risk Appetite, describing:
I – From the qualitative standpoint, the risks it expects that the supervised company accepts, or even avoid, with a view to attaining its strategic objectives; and
II – From the quantitative standpoint, at least at a global level, the financial loss or the value of the loss which is considered acceptable in comparison with the accepted risks and the financial capacity of the supervised company.
Sole paragraph – The Risk Appetite should be aligned with the business plan of the supervised company and should be reassessed when the business plan is reviewed.
Art. 108-L – The supervised company should have a Risks Management Policy that formally describes its Risks Management Structure and explain in general terms how such Structure integrates its operations and its Internal Controls System.
§1st – The Risks Management Policy should define strategies and guidelines for the management of the most relevant or priority risks, associated to the main workflows of the supervised company and among them there should be at least:
I – For the insurance operations:
a) Underwriting risks and policies issuance;
b) Claims adjustment and settlement;
c) Redemption of amounts and portability
d) Reinsurance contracting.
II – For the pension funds operations:
a) Plans underwriting and certifications issuance;
b) Benefits concession; and
c) Redemption of amounts and portability.
III – For the saving bonds operations:
a) Saving bonds underwriting;
b) Drawings and respective payments; and
c) Bonds redemption.
IV – For the reinsurance operations:
a) Risks underwriting;
b) Claims adjustment and settlement; and
c) Retrocession contracting.
V – For all operations:
a) Investments;
b) Assets and liabilities integrated cash-flow management (Asset-Liability Management);
c) Products development and pricing;
d) Technical provisions calculation and Liability Adequacy Test (TAP)
e) Follow-up of the judicial proceedings and their value estimates;
f) Information Technology management; and
g) Business continuity management.
§2nd – The Risks Management Policy can omit the risks referring to redemption and portability in case the supervised company does not have products involving such features, or those products are irrelevant for its operations.
§3rd – At the supervised company’s discretion, the Risks Management strategies and guidelines may be contained by other policies, which specifically treat certain activities, processes or risks, to which the Risks Management Policy should refer.
§4th – The Executive Board or the Board of Directors, in case the latter exists, should approve the Risks Management Policy, as well as any other policies based on the alternative mentioned in §3rd, above.
§5th – The supervised companies that belong to groups may follow the policies defined within such groups, provided that their Executive Board and Board of Directors, if the latter exists, confirm that such policies cover the specificities of their operations.
Section IV
Final and transitory provisions
Art. 108-M – The supervised companies should have their Risks Management Structures fully implemented until 31 December 2017.
§1st – The supervised company should define a chronogram establishing, at its discretion, the stages of implementation, being compulsory that the nomination of the Risks Officer occur up to 31 December 2016.
§2nd – In the cases of supervised companies which still do not operate on the date of the effectiveness of this Chapter, the deadlines mentioned in the head of this article will be automatically transferred to the date of beginning of operations, in case this occurs at a time later than such deadlines.
Art. 108-N – The supervised companies that on the date of effectiveness of this Chapter are in one of the situations mentioned in §3rd of article 108-A and wish to exert the alternative mentioned in such paragraph, should forward the report mentioned therein up to 30 June 2016.
Sole paragraph – In case the supervisory authority Susep decides for the rejection of the requirement, or for the need of partial observance of the provisions of this Chapter, the deadlines for the nomination of the Risks Officer and for the full implementation of its Risks Management Structure will be of respectively 12 (twelve) and 24 (twenty-four) months, as of the date of communication of such decision to the supervised company.
Art. 108-O – The supervised company’s Internal Audit should assess the observance of the provisions of this Chapter at least once a year.
§1st – The use of a continuous change of focus methodology is allowed if and when the audit program ensures that the entire area or process relevant to the Risks Management Structure is audited at least once every 3 (three) years.
§2nd – During the Risks Management Structure’s implementation period the Internal Audit report should also make specific mention to the observance of the established chronogram.
Art. 108-P – The supervised company should maintain at Susep’s disposal all policies, procedures, manuals, reports, opinions and other documentation which demonstrate the observance of the provisions of this Chapter, and these should be kept for at least 5 (five) years after the end of its utilization/effectiveness.
Art. 108-Q – Susep may determine that the supervised company adopt specific controls and procedures, also establishing a deadline for its implementation, if Susep considers its risks management inadequate or insufficient.”
Art. 4th – This Circular becomes effective as of 1st January 2016.
ROBERTO WESTENBERGER
Superintendent
(Official Gazette DOU of 18.12.2015 – pages 61 to 63 – Section 1)
(*) The information provided in this publication is general and may not apply to a specific situation or person. Every effort has been made to ensure that matters of concern to readers are covered. Although the information provided is accurate, be advised that this is a developing area. The information contained herein is not intended to be relied upon or to be a substitute for legal advice in relation to particular circumstances. Specific legal advice should always be sought from experienced local advisers. Accordingly, Editora Roncarati accepts no liability for any loss that may arise from reliance upon this publication or the information it contains.
