Need Tally
for Clients?

Contact Us! Here

  Tally Auditor

License (Renewal)
  Tally Gold

License Renewal

  Tally Silver

License Renewal
  Tally Silver

New Licence
  Tally Gold

New Licence
 
Open DEMAT Account with in 24 Hrs and start investing now!
« Top Headlines »
Open DEMAT Account in 24 hrs
 March 31 deadline is getting near. How to save income tax with tax loss harvesting?
 45-day MSME payment rule: Impact and details of Section 43B(h) explained
 Small savings schemes that offer tax benefits of up to Rs 1.5 lakh under section 80C
 RE-OPENING OF CORRECTION WINDOW FOR MAY 2024 CA EXAMINATIONS
 Powerful Upgrades, Tally 12+1 months renewal Plan and Connected Services for your growing Business - March 2024
 How innovative solutions can help fix the Sec 43B conundrum for MSMEs
 Income Tax dept asks many individuals to explain high value transactions of FY20-21 as Updated ITR deadline nears
 Release Notes for TallyPrime and TallyPrime Edit Log Release 4.1 | What s New!
 Deadline to file updated ITR FY20-21 ends on March 31: Details on additional tax
 4 tax-planning mistakes to avoid this season
 ITR 2024: Here are 8 ways by which senior citizens can save on taxes this year

Technical Guide on Review and Certification of Investment Risk Management Systems and Processes of Insurance Companies (2013)
June, 04th 2013
          Technical Guide on
 Review and Certification of Investment
    Risk Management Systems and
  Processes of Insurance Companies
                (2013)




      Committee on Banking, Insurance of Pension
The Institute of Chartered Accountants of India
          (Set up by an Act of Parliament)
                      New Delhi
© The Institute of Chartered Accountants of India

All rights reserved. No part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form, or by any means, electronic
mechanical, photocopying, recording, or otherwise, without prior permission,
in writing, from the publisher.




Edition                   :   May, 2013


Committee/Department      :   Committee on Banking, Insurance & Pension


E-mail                    :   cobip@icai.in


Website                   :   www.icai.org


Price                     :   ` /- (including CD)


ISBN                      :   978-81-8441-159-1


Published by              :   The Publication Department on behalf of the
                              Institute of Chartered Accountants of India,
                              ICAI Bhawan, Post Box No. 7100, Indraprastha
                              Marg, New Delhi - 110 002.


Printed by                :
                                                             Foreword
Regulation of investment functions of insurance companies is necessary
even in the market driven economy as the money involved represents huge
`public savings'. Because of the quantum of monies involved and its
significance, the role of the Regulator in framing proper regulations for
safeguarding policyholders' interest becomes vital.         The Insurance
Regulatory and Development Authority, the regulator of insurance sector,
issued Investment Regulations for the compliance of the insurers in 2000 and
amended the same from time to time. The latest amendment was made vide
IRDA (Investment) (5th amendment) Regulations, 2013 w.e.f. 1st April 2013.
The Institute of Chartered Accountants of India (ICAI) has been working very
closely with IRDA and has always been complementing the initiatives taken
by them. I am happy to note that in the amended Regulations, the IRDA has
notified that Investment Risk Management Systems and Process of Insurers
shall be reviewed and certified by a chartered accountant in practice at the
beginning of every second financial year or such shorter frequency as
decided by the Board of the insurer and the said certificate shall be filed with
the IRDA along with the first quarter returns. It is heartening to note that the
IRDA has mandated that the Review of Implementation shall be certified by
the chartered accountant in practice as per the Technical Guide on Review
and Certification of Risk Management Systems and Processes of Insurance
Companies issued by ICAI.
I am happy to know that the Committee on Banking, Insurance and Pension of the Institute has revised the Technical Guide on Review and Certification of Investment Risk Management Systems and Processes of Insurance Companies originally issued in 2008 so as to reflect the changes made in the Investment Regulations recently. I wish to place on record my appreciation to CA. J. Venkateswarlu, Chairman, Committee on Banking, Insurance and Pension and its members and special invitees and other professionals who are involved in the revision, for their invaluable contribution in the revision of this Technical Guide. I would like to thank the Chairman IRDA and his dynamic team for guiding ICAI in the revision of this Technical Guide. I am confident that the Technical Guide would be immensely useful to all concerned. CA. Subodh Kumar Agrawal President, ICAI New Delhi 21st May 2013 iv Preface Owing to the liberalization and globalization of the insurance sector, now a days insurers have huge amount of funds collected from the insured in the form of premium. The involvement of the public funds necessitated the regulators to frame regulation to make insurers properly use the freedom provided, but at the same time, through exposure norms, ensures that flexibility is not used beyond permitted levels. Thus, the Investment function in an insurance company is a trade off between liquidity and profitability within the regulatory framework. The Insurance Regulatory and Development Authority (IRDA) has always been proactive in bringing out the relevant regulations for better management, reporting and protection of the interest of various stakeholders. The IRDA has recently notified IRDA (Investment) (5th Amendment) Regulations, 2013 which came into force w.e.f. 1st April 2013. The amended Investment Regulations requires implementation of investment risk management systems and process by an insurer shall be reviewed and certified by a Chartered Accountant as per the procedure laid town in the Technical Guide on Review and Certification of Investment Risk Management Systems and Professes of Insurance Companies issued by the ICAI. In the backdrop of the fifth amendment to the Investment Regulations, the Committee on Banking, Insurance and Pension of ICAI (COBIP) considered it appropriate to revise the Technical Guide to bridge the knowledge gap in this vital legislation. This revised Technical Guide provides comprehensive guidance to the auditors in reviewing and certifying the implementation of risk management systems and processes as mandated by the investment regulations of IRDA. I take this opportunity to thank IRDA for reposing confidence in the ICAI and its membership in entrusting the job of verifying and certifying the implementation of Risk Management Systems and Processes of insurers.
I place on record my sincere gratitude to CA. S.N. Jayasimhan, Joint Director (Investments), IRDA; Shri R. Kumar, Deputy Director (Investment), IRDA; Shri Suresh Nair, Sr Assistant Director (Investments), IRDA; Shri R Chandrasekar, Secretary, General Insurance Council; CA Abhirajan Gupta; CA. Vittal Raj; CA S. Venkatraman and CA. P.S. Prabhakar for helping us in revising the Technical Guide. I am highly thankful to CA. N. Venkatakrishnan for preparing the basic draft of this Guide. I am also thankful to the experts who had attended a Meeting at Chennai in February 2013 in relation to finalizing the revised Guide. I am thankful to the President of ICAI, CA. Subodh Kumar Agrawal and Vice President of ICAI, CA. K. Raghu for their support and encouragement. I am grateful to CA. Shriniwas Yeshwant Joshi, Vice Chairman of the Committee, CA. Jay Chhaira, CA. Prafulla Premsukh Chhajed, CA. Tarun Jamnadas Ghia, CA. V. Murali, CA. Vijay Kumar Garg, CA. Mukesh Singh Kushwah, CA. Naveen N.D. Gupta, CA. Vijay Kumar Gupta, CA. Charanjot Singh Nanda, Shri Manoj Kumar, CA. D.K. Singla, CA. S. V. Sunder Krishnan, CA. M. H. Singhal and CA. Patni Dilip Kumar, members of the Committee for their valuable guidance and cooperation in bringing out this revised Technical Guide. I appreciate the efforts put in by the officials of Secretariat of the Committee for their contribution in timely release of this Technical Guide. I hope the members and others concerned would find this Technical Guide immensely useful and it would serve as a handy tool in rendering professional services to insurers. CA. J. Venkateswarlu New Delhi Chairman, 15th May, 2013 Committee on Banking, Insurance and Pension vi Contents Foreword ..................................................................................................... iii Preface ......................................................................................................... v 1. Introduction ....................................................................................... 01 2. Investment Function of the Insurer and Risk Management Process ............................................................... 03 3. Information System Security and Audit ............................................. 10 4. Coverage and Review Methodology .................................................. 19 5. Format of Certificate ......................................................................... 46 Annexures Annexure `A' Compliance Checklist to be submitted along with application under `R2' ................................................... 50 Annexure `B' Review of standard operating procedure covering `systems and processes' ...................................................... 57 Annexure `C' Review of Information Technology (IT) Systems and Processes supporting Investment Operations ...................... 68 Annexure `D' Application Controls Checklist ........................................... 152 Appendices Appendix `A' IRDA (Investment) Regulations, 2000 as amended by IRDA (Investment) (5th Amendment) Regulations, 2013 .............................................................. 177 Appendix `B' CIRCULAR NO. INV/CIR/008/2008-09 DATED 22.08.2008 Issued by IRDA to Insurers.............................. 240 Appendix `C' IRDA Letter No.IRDA/F&I/CIR/INV/067/04/2013 dt.1st April, 2013 ................................................................ 266 Appendix `D' Guidance Note on Preparation of Investment Returns (Version-01) issued by Insurance Regulatory and Development Authority in May 2013 ............................ 289 Appendix `E' Format of Engagement Letter ............................................ 340 viii 1 Introduction 1.01. Insurance in India has come of age.Insurers have been operating in India for a very long time, but insurance then was entirely the monopoly of the state-owned Life Insurance Corporation and four general Insurance Companies. In the post- liberalisation phase, private entrepreneurs have also come on to the scene. Since insurance is concerned with the protection of a citizen's life and /or properties as well as national wealth, ever since insurance emerged as a business, Government, in view of its strong societal links, have felt the need for its proper monitoring and regulation through extensive legislation.
1.02. In order to protect the interests of holders of insurance policies, on th 19 of April, 2000, the Government set up the Insurance Regulatory and Development Authority (IRDA) under the Insurance Regulatory and Development Authority Act, 1999 (IRDA Act), to regulate, promote and ensure the orderly growth of the insurance industry and for matters connected therewith or incidental thereto and further to amend the Insurance Act, 1938, the Life Insurance Corporation Act, 1956 and the General Insurance Business (Nationalisation) Act,1972. 1.03. Insurance business has always been truly global and international in scope. Recognizing this, regulators of different countries banded together to form the International Association of Insurance Supervisors (IAIS). India is among the more than one hundred members of IAIS. The broad principles of IAIS are meant to see that: · There is recognition of the fact that insurance is an international subject; · Insurance requires to be monitored properly to ensure its healthy growth; and · There is a standards setting mechanism. 1.04. The International standards are mainly concentrated around the following areas: Technical Guide · Control over registration of companies · Management of business through fit and proper persons to be employed · Pricing of products to be done on prudent lines · Management of Investments and associated Risks · Maintenance of required Solvency margin · Proper settlement of claims of policy holders. 1.05. Hence, world over, the focus is on building control systems around the above key factors through regulations. In India, IRDA has implemented such controls through the following key regulations, as amended from time to time: 1. IRDA (Registration of Indian Insurance Companies) Regulations, 2000 2. IRDA (Assets, Liabilities and Solvency Margin of Insurers) Regulations, 2000 3. IRDA (Appointed Actuary) Regulations, 2000 4. IRDA (Actuarial Report and Abstract) Regulations, 2000 5. IRDA (Investment) Regulations, 2000 6. IRDA (Preparation of Financial Statements and Auditor's Report of Insurance Companies) Regulations, 2000 7. IRDA (General Insurers ­ Re-insurance) Regulations, 2000 8. IRDA (Life Insurers ­ Re-insurance) Regulations, 2000 9. IRDA (Protection of Policyholders' Interest) Regulations, 2000 10. IRDA (Distribution of Surplus) Regulations, 2000 2 2 Investment Function of the Insurer and Risk Management Process 2.01. During the nationalization regime, prior to the advent of IRDA , State owned LIC and GIC along with its four subsidiaries were the only players in the country in Life and General insurance business. 2.02. The investment portfolios of the insurance companies were earlier channelized to meet the objectives and priorities of the Government. 2.03. As per the recommendations of Malhotra Committee, the mandatory investment in Government and Approved Securities has been reduced to 50% in Life Fund in the case of Life Insurers, while in the case of General Insurance Companies it stands reduced to 30% of Investment assets. 2.04. Thus, a higher amount has been made available to insurers to invest in private and corporate sector, housing and infrastructure sector, etc., to provide freedom in the structure of the investment portfolio and also involve the Insurers in the task of fulfilling the rural and social sector obligation of the Government without sacrificing safety of public funds but at the same time aligning it to fit into the overall investment strategy of the insurer. This required the regulators to frame regulations to make insurers properly use such freedom provided, and, at the same time, through exposure norms, ensure safety. 2.05. Therefore, it would be appropriate to conclude that as the money involved represents huge `public savings' regulating investments is a necessity even in the market driven economy. Thus, what the public invest in insurance companies is out of their savings and not out of surplus, unlike in case of deposits with banks. It is because of this reason that the regulations keep `policyholder protection' as its prime concern. But the Regulator, responsible for the development of the insurance sector, allows investing in different investment avenues, by weighing the various risks associated to efficiently serve the policyholders and also ensure an orderly growth of Insurance business. The Audit of investment functions of insurance companies is a necessary effort in this direction. Technical Guide 2.06. Any insurance contract, ultimately, is based on fact as well as faith: Faith of the policyholders that if and when there is a claim under their policy, it would be settled properly; that there is mechanism to ensure that the insurance company will be solvent for a period longer than the term of the policy. 2.07. By themselves, insurance companies are major players in a nation's economy. The sheer volume of monies itself speaks its role in the economy of India. In the financial year 2011-12, the Life Insurance Companies collected first year premium of Rs. 1,13,942.17 crores and Non-life Insurance Companies (including health & specialized insurers) collected a gross premium of Rs. 59,819.95 crores making it to an aggregate of Rs. 1,73,762.12 crores. 2.08. The Non-life Insurance Companies held 33.83% of their overall invested funds in Government securities (inclusive of state govt. and other approved securities), 7.43% in the Housing sector and 15.31% in infrastructure investments in 2011-2012. The total invested funds as of March 31, 2012 were Rs. 99268 crores, which represented almost 20.30% increase in invested funds over the previous year. The national economy has benefited significantly from this sector, since the rate of investment of these funds was considerably higher than the growth rate of the GDP. 2.09. Because of the quantum of monies that are involved and due to their significance, the channeling of insurance monies into proper sectors has assumed great importance and therefore the regulations, owing to national priority, have become crucial. So, the Regulator's drive to push these funds into various channels by framing proper regulations, to confirm that the investments are in line with national economic policy [which also takes into consideration the expectations of the policyholders] becomes vital. Trade off in Investment Decisions 2.10. Though insurance companies provide solutions to risks of others, they have their own risk, both operational and financial. Investments always come with risk. However, the degree of risk varies based on the type of investments, quantum of money invested [exposure], and the term. 2.11. The Insurance company has to make a careful analysis before taking investment decisions, taking into consideration the nature of business, risk involved, return required to meet the actuarial assumptions on returns 4 Investment Function of the Insurer and Risk Management Process anticipated out of the investment to be made at the time of designing the product, liquidity requirements, regulatory prescriptions etc,. 2.12. Further, the investments made should also take into consideration the Policyholders' Reasonable Expectations (PRE) which has a bearing on the following factors: · Guarantees made, · Achieving a real return, that should be in excess of guarantees made, particularly on without profit policies, · Realised returns are fairly consistent with returns of earlier period(s) 2.13. Objectives of regulating the Investments of Insurance Companies: · To ensure the safety of funds, which belong to the Policy-holders (PH). · To maintain quality of invested assets to support the prescribed solvency parameters of the insurer. · The occasional lower interest rate regimes could compel companies to seek alternate investment channels which would optimize the returns, but such process would subject the investment to higher risks. Regulations would not allow exposure to such high risk investments. · The prudential norms ensure proper spread and thus avoid `concentration risk'. Hence investment regulations limit exposure to a particular company or a group (including group to which the insurer belongs) of companies or to a particular industry / sector to ensure proper investment portfolio. · Regulations also prevent an insurer from taking a controlling stake, out of policyholders' funds, in any company by limiting the exposure either to `Debt' or `Equity' mode. 2.14. Another important factor in regulation of investment that cannot be lost sight of is the need to earmark some portion of investible funds for social obligations. The savings of the people coming to insurance companies by way of premium have to be channelized into community development, infrastructure development, socially oriented investments, provision for basic amenities in rural areas etc. To this end, IRDA (Investment) Regulations, 2000, provides for a mandatory minimum of 15% 5 Technical Guide of Investible funds to be invested in housing and Infrastructure in the case of Life and General Insurance Business. Investment Function of Insurer - Regulatory Framework 2.15. The Insurance Act, IRDA Act and the Regulations made there under which are relevant for the inspection of investment function of Insurance Companies are featured with some technical terms/concepts whose familiarization is critical for the inspector to perform his function. There are references to some other statutes such as Public Debt Act, 1944, Securities Contract Regulation Act, 1956, etc in the above-referred regulations. This chapter lists all the relevant provisions of the related statutes (regarding those technical terms/concepts) at one place so that it will be like a ready reference for the members involved in this exercise. 2.16. The primary legislations which are relevant for investments of insurance companies in India are as follows: · Insurance Act, 1938; · Insurance Rules, 1939; · Insurance Regulatory and Development Authority Act, 1999; · Insurance Regulatory and Development Authority Regulations issued under IRDA Act, 1999 from time to time; · Insurance Regulatory and Development Authority (Investment) Regulations, 2000 as amended from time to time; · Insurance Regulatory and Development Authority (Preparation of Financial Statements and Auditor's Report of Insurance Companies) Regulations, 2000; · Insurance Regulatory and Development Authority (Assets, Liabilities and Solvency Margin of Insurance Companies) Regulations, 2000 and · Circular(s) issued by IRDA on Investment Function, as amended from time to time. 6 Investment Function of the Insurer and Risk Management Process IRDA (Investment) (Fifth Amendment) Regulations, 2013 2.17. Based on the experience gained and the feedback received through Internal / Concurrent Audit Reports and based on the periodical returns received at IRDA, a Working Group of professionals drawn from Industry, experts from SEBI and Ministry of Finance was set up to evaluate the need to introduce new instruments and amend the existing regulatory framework to enable Insurers deploy funds more prudently without sacrificing safety parameters, keeping all such suggestions within the various legal and regulatory requirements, as well as the developments in Financial Markets including the emergence of Unit Linked Insurance Policies as one of the most important product portfolios of life insurers. 2.18. Accordingly, the Working Group reviewed the statutory provisions on the pattern of Investment, operational and policy issues of Investment Regulations and suggested amendments that would give flexibility to the IRDA with reference to the Regulation on Investment of Life and General Insurance Companies. Apparently, the Group also looked into the modifications in the formats of the prescribed Returns so as to reflect the changes in the revised regulations. 2.19. The recommendations of the Working Group were examined by IRDA in the light of legal provisions, keeping in view the interests of the stakeholders. 2.20. The 4th amendment which was brought in 2008 was thus amended based on the real time experience of audit feedback. Thus the gaps that were identified in fully addressing the business requirement and audit requirement were factored in the 5th amendment. 2.21. This Technical Guide is specifically meant for review and certification of Investment risk and management systems of Insurance companies arising out of the IRDA (Investment) Regulations, 2000 as amended from time to time. 2.22. The current approach to evaluation of system controls is based on IT Governance Assurance approach wherein control evaluations to be performed by the auditor have now been re-categorized under control process categories and additional control evaluations have been included where ever needed. 7 Technical Guide 2.23 Scope and Coverage of this Technical Guide. The Technical Guide is designed on the basis of the following framework IT Governance based Assurance Framework IT Governance Control Process Categories Plan & Acquire & Deliver & Monitor & Organise Implement Support Evaluate Audit Checklist Control Evaluation to be performed by the Auditor 2.23. While the first Chapter of this Technical Guide provides a general overview of the insurance sector in India, the second chapter has been structured to present the important issues related to the investment function of insurance companies. The third Chapter deals with the role of information system security and audit in the investment risk management systems and processes of insurance companies. The structural change in the format of this Technical Guide is the preliminary step towards taking this exercise towards an enterprise wide risk management. Fourth Chapter provides detailed guidance on the review and certification of the Systems / Processes of investment in the context of Risk Management requirements as provided in the Circulars / Guidelines issued by IRDA. The Format of the Auditor's Certificate, after reviewing the Systems / Processes of investment of insurance companies in the context of Risk Management, has been given in the Fifth Chapter. 2.24. Annexures to this Technical Guide contains four different checklists/ templates, the purposes of which are as under: Annexure A - Checklist template covering key Regulatory issues at the time of R1/R2 application (Compliance with pending matters, if any, shall be reviewed during subsequent audit of Investment systems and processes) Annexure B - contains the key issues to be addressed while reviewing the Standard Operating Procedures (SOPs) of existing insurance companies 8 Investment Function of the Insurer and Risk Management Process with regard to the investment Operations and risk management systems and processes envisaged by IRDA Annexure C - covers the review of Information Technology (IT) Systems and Processes supporting Investment Operations as envisaged by Regulations Annexure D - covers the review of Application controls and interface systems as envisaged by Regulations and Guidelines issued by IRDA 2.25. Insurance Regulatory and Development Authority (Investment) (5th Amendment) Regulations, 2013 has been given as an Appendix to this Guide. 9 3 Information System Security and Audit Introduction 3.1. Information systems (IS) play a key role in the operations of a business organization. In fact, information is the life blood of business and this is equally true in Insurance sector. A proper framework that addresses governance, risk and compliance depends on the support of robust IS that ensure confidentiality, integrity and availability of information. Similarly, the IS facilities in turn need to be governed by appropriate policies and best practices, guided by specific procedures and supported and manned by trained people. Information Security has assumed great importance due to the growing incidents and threats causing huge losses to business over the years, bringing about legislative and procedural changes in its wake. 3.2. The position of the Insurance sector is unique in as much as it has a dual role to play. One, that of protecting and securing its own information and infrastructure to realize its business objectives including managing its investments for security, wealth / value maximization, solvency, liquidity and profitability, and the other, of promoting better information security through positive reinforcement and reward by providing insurance cover and lower premium for cyber risks of entities that have information security systems in place. 3.3. The increasing dependence of Insurance Companies on Information systems brings up issues like data storage, retrieval, access and processing that is opaque and unintelligible to laymen, loss of audit trail, adverse effect on controls especially segregation of duties, and a lot more. 3.4. However, they also provide greater computing power that enables automation of processes and implementation of systems that streamline front, mid and back office operations, enable policy servicing, transparent accounting and customer communication and reporting, market information, valuation, NAV computation, and provide support for other compliance/regulatory requirements. Information System Security and Audit 3.5. The important aspects and issues that necessitate inclusion of Information system controls, checks and balances for proper functioning of investment function and management of the risks are outlined below. These will set the tone for and provide proper perspective to the guidelines. SECURING AND USING CUSTOMER INFORMATION AND DATA 3.6. Insurance business essentially deals with risk management and by its very nature, is privy to sensitive information about customers. Information about their vulnerabilities and risks, their short comings and exposures ranging from business risks and exposures in loss of profits, policies relating to diseases, handicaps and family histories in case of health insurance. 3.7. It is not just the ethical and moral duty of the insurer to protect the client data and store it securely but also a good business practice to secure it and share it only with authorized partners for permitted purposes. 3.8. In the years to come, as the Indian Insurance industry expands, goes global, and matures, the impact will bring about sweeping changes across the insurance Industry ­ in the way information is collected, stored, sent and accessed both internally and externally. 3.9. This will result in growth in staffing in the information security sector/segment, greater surveillance and monitoring mechanisms being put in place, and growing expenditure on information security. Insurance companies will have to start putting information security policies, procedures and best practices in place and will have to implement information security solutions and audit those at regular intervals. 3.10. This will also mean placing restrictions on indiscriminate access and use of customer data for cross-selling purposes, and also of selling customer lists and data bases for a price. PREVENTING INSIDER ABUSE 3.11. Insurance companies by their very nature deal with a substantially large client base, their transactions span over a long time 11 Technical Guide period (typically twenty plus years in the case of a life policy), are open to abuse and misuse by unscrupulous clients and employees/agents (insurance frauds) and are also exposed to management frauds through misrepresenting accounting estimates and window dressing. 3.12. The emergence of corporate governance and the responsibility of quick, timely and accurate reporting of information, now places an extra burden of maintaining confidentiality, integrity and availability of information on insurance companies. PROTECTING DECENTRALIZED DATA 3.13. With the advent of networks, remote and tele-computing and spread of insurance services over geographical area, distributed data processing and multi-user computing has become the order of the day. 3.14. Data bases are no longer unified or centralized as in the past. Data is stored on different servers at different locations, needing broader security measures, which will ensure that protection levels are maintained across different networks and platforms. MANAGING LEGACY SYSTEMS AND INTEGRATING SECURITY INFRASTRUCTURE 3.15. Insurers were one of the early users of data processing systems. Electronic Data Processing (EDP) has today grown into Information Technology (IT), but most insurance companies are still flogging the earlier legacy systems and programs which can be seen being used with the latest technology. Given this diversity of systems, using different operating platforms, different network architectures, different types and differing versions of software, ensuring compatibility of security tools and integration of security infrastructure has become a Herculean task, not to mention the challenge of maintaining and ensuring effective and efficient functionality of the entire process. 12 Information System Security and Audit INTERNET/WEB ACCESS TO DATA BASES AND APPLICATIONS 3.16. Most insurance companies, in an attempt to reach a larger number of customers and providing better service and lower cost, are web-enabling their businesses especially the delivery systems and interfaces. This has brought the security issues associated with the internet especially unauthorized access, data modification and analysis, spoofing, passing off, identity theft, denial of service and hacking attacks, web vandalism, mistrust, privacy loss and repudiation into sharp focus. BALANCING SECURITY AND OPENNESS 3.17. Insurance companies require an open environment where customers and agents get maximum access to the required data in an easy, convenient way. Security features, which restrict or affect accessibility and ease of use, are bound to turn away customers from the most secure insurance company sites and portals. This is perhaps the biggest quandary in which insurers find themselves today. Ease of use, user-friendly interface and efficiency and innovation leading to fast processing speed and better customer service cannot be compromised by information security applications. KEY ISSUES IN INSURANCE SECTOR 3.18. The key issues for information security in the insurance sector today, apart from putting in place necessary Investment Risk Management Systems and Process, are maintaining privacy and confidentiality of customer information and data, providing authenticity and integrity of data and transactions, identification of users, non repudiation and preventing unauthorized access, insider abuse and cyber attacks and threats. It also revolves around ensuring efficiency and effectiveness of information systems and ensuring compliance with laws and building reliable systems. THE ROLE OF IS AUDIT IN INSURANCE SECTOR 3.19. Information System Audit has a significant role to play in the Insurance Sector. Information System Audit aims at providing 13 Technical Guide assurance in respect of Confidentiality, Availability and Integrity for Information systems. It also looks at their efficiency, effectiveness and responsiveness. It focuses on compliance with laws and regulations. 3.20. In the context of the growing dependence of Insurance Sector on Information Systems for record keeping, transacting business, reporting, as well as regulatory compliance and providing information and results to stakeholders, Information System Audit has assumed a very significant role. In fact it would not be wrong to say that without an effective IS Audit system in place, corporate governance, compliance and effective regulation and risk management of the insurance sector would be a difficult proposition. THE SOLUTION ­ A PROACTIVE APPROACH 3.21. It is always wise to put in place a proactive approach to security that is based on education, awareness, exchange of information, policies, practices, procedures, cooperation and motivation of all concerned that will enable insurers to meet the information security challenges faced, as there will be no wastage of time to take control of adverse situation in the long run. In order to protect the huge Investments of Insurers, the IRDA has recently issued clear guidelines on Investment Risk Management Systems and Process. THE SCOPE 3.22. With a view to addressing the concerns of the Regulator and other stakeholders, the review of investment risk and management system should include within its scope the following minimum areas of information system security and audit: i. Risk Management: Ensure that the features and system parameters implemented in the system are in accordance with the policies and procedures covered in IRDA Investment Regulations and applicable Guidelines / Circulars. ii. Application Review: Review and ensure that the software used by the insurance companies is in accordance with the security standards and policies and guidelines as prescribed by IRDA. iii. Security Policy and Implementation: Review the security policy and implementation procedures with special reference to the Hardware 14 Information System Security and Audit Platform, Network, Operating System, Physical Perimeter, Backups and databases. iv. Capacity Management: Assess the existing and planned capacity for growth and adequacy of the current capacity to handle the existing and future business. v. Disaster Recovery, Back-up and Contingency Planning: Review the existing disaster recovery, back-up and contingency plans and policies of the insurance companies and verify and assess the compliance to current policies. vi. Customer Services: Review the procedures for providing services and communicating with clients / investors. vii. Internal Vulnerability Assessment: Ascertain the data integrity, availability and security of the key information present in the network and the efficiency, effectiveness, responsiveness and compliance of the IS processing facilities. THE APPROACH 3.23. The checklist-based review should address and cover the following key activities of an Insurance Company: i. Understanding the Information Technology Infrastructure of the insurance company as it exists at the location. ii. Understanding the business process, related to the Investment function and risk management system. iii. Understanding the transaction mechanism and data flow with respect to investment management function. iv. Inspection and review of the documented policies and procedures, infrastructure and network diagram. v. Collection of evidence in the form of documents, test results, screenshots, confirmations, logs, third party evidence. vi. Conducting a risk analysis in the environment to evaluate and test the existing risk management processes and available controls, both system- based and manual. vii. Vulnerability analysis and audit of host servers. 15 Technical Guide viii. Discussing critical observations / findings with the Insurance Company and generating a report to be submitted to IRDA. 3.24. Structure of systems & applications in investment process of an Insurance Company is depicted below 16 Information System Security and Audit 3.25 Before commencing the review, the auditor is expected to obtain the following information at the location. Sl. PARTICULARS DETAILS / No. REMARKS i Location(s) from where Investment activity is carried out Ii IT Applications used to manage the Insurer's Investment Portfolio ­ Distributed applications Iii System layout of the IT and network infrastructure including: a. Server details, b. database details, c. type of network connectivity, firewalls, UTM, etc d. Other facilities / utilities (describe) iv Location of systems and applications i.e. whether hosted at a central location or at different offices v Previous Audit reports and issues / details of unresolved issues from: a. Internal audit b. Statutory audit c. IRDA Inspection / Internal and Concurrent audit d. Security Incidents IS Audits. vi Internal circulars and guidelines of the Insurer relating to investment functions. vii Standard Operating Procedures (SOPs)with reference to workflow, documentation of each activity/or activity cycle Viii List of new Products / funds introduced during the period under review along with IRDA approvals for the same. ix Scrip-wise list of all investments, fund wise, classified as per IRDA Guidelines, held on date (including investments held under a Group, Promoter Group of the Insurer) 17 Technical Guide Sl. PARTICULARS DETAILS / No. REMARKS x IRDA Correspondence files related to investments xi IT Security Policy xii Business Continuity Plans (BCP) and Disaster Recovery (DR) relevant to Investment functions xiii Network Security Reports pertaining to IT Assets xiv Appointment / Engagement Letter for the assignment with clearly defined scope and coverage 18 4 Coverage and Review Methodology Introduction 4.1. Insurance Regulatory and Development Authority of India (IRDA) has amended its Investment Regulations vide notification dated 16th February, 2013 and issued IRDA (Investment) (Fifth Amendment) Regulations, 2013 which requires specific minimum requirements on the Systems / Process of investment in the context of Risk Management viz. Investment Risk Management Systems. 4.2. All Insurance Companies seeking registration with IRDA need to comply with Investment Risk Management Systems and Processes as a part of registration process. All Life and General Insurance Companies are required to have their Investment Risk Management Systems reviewed and certified by a Chartered Accountant who is not the Statutory / Internal / Concurrent Auditor of the concerned Insurer. Such review should be conducted once in 2 years and the insurer shall file the certificate issued by the Chartered Accountant along with the first quarter periodical Investment returns with IRDA. 4.3. The Audit firm, as required under IRDA directives, should satisfy the following norms to undertake the Investment Risk Management Systems and Process Audit (a) The Chartered Accountant firm shall be a firm, registered with the Institute of Chartered Accountants of India (ICAI). (b) The Audit firm should have experience, for at least four years, in conducting reviews of Risk Management Systems and Process of either Banks or Mutual Funds or Insurance Companies or have, on behalf of IRDA conducted Investment Inspection of Insurance Companies. (c) On the date of appointment as an Auditor for certifying Investment Risk Management Systems and Process, the Auditor must not hold more than two audits of Internal, Concurrent and Risk Management Systems Audit, all taken together. Hence, the Audit firm, can at the Technical Guide maximum hold not more than three Audits (i.e., Investment Risk Management Systems and Process Audit, Internal Audit, Concurrent Audit ­ all taken together), apart from Statutory Audits at any point of time. For this purpose, at the time of appointment, the insurer shall obtain a declaration to this effect from the firm of Chartered Accountants. The Insurer shall, file with IRDA, the confirmation obtained from the Chartered Accountant firm, within 7 days of such appointment. (d) The Auditor should not have been prohibited/debarred by any regulating agency including IRDA, RBI, SEBI, ICAI etc., (e) The Auditor appointed for certifying the Investment Risk Management Systems and Process, should not have conducted the following assignments for the same Insurer proposing to be appointed as Systems Auditor, for a period of two years immediately preceding his appointment. (i) Statutory Audit (ii) Any Internal Audit (iii) Any Concurrent Audit (iv) Any Consulting assignment, whether or not related to Audit functions MATTERS TO BE INCLUDED IN THE AUDITOR'S REVIEW 4.4 GENERAL An Auditor entrusted with the responsibility of certification of Investment Risk and Management System is expected to have good understanding of the Investment Management System (IMS) of the insurer as this is the backbone of the investment department of Insurer. 4.4.1. FRONT & BACK OFFICE OPERATIONS: Investment Management System (IMS) has the following generic modules: · Front Office · MID Office 20 Coverage and Review Methodology · Back Office BRIEF FEATURES OF IMS MODULES The IRDA (Investment) (5th Amendment) Regulations, 2013 mandate the need for clear segregation to be built between Front, Mid and Back Office Systems. The various functions that fall under Front, Mid and Back Office are provided in the Technical Guide on Internal / Concurrent Audit of Investment functions of Insurance Companies, issued by ICAI. The Auditor shall report on the compliance of these requirements by the Insurer. Front Office System (FOS) FOS is further divided into Fund Manager module and Dealer module. Generic features of FOS are: It facilitates authorization of deals, order placement and entry of executed deals. The cash and securities position can be uploaded in the FOS to facilitate adherence to internal and regulatory limits. Research activity would fall under FOS MID Office System (MOS) All investment deals flow from FOS to MOS. Risk Analysis, risk measurement and Risk Management are a function of MID Office. It provides analytical tools, facilitates monitoring of investment restrictions, exposure limits and has risk management tools. Various risk measurement and management tools are applied to the trades and portfolio in the mid office module. Back Office Module (BOS) All investment deals flow to BOS from MOS, where the same are settled. In case of equity securities, deals forwarded by dealer are matched with the data of executed deals received from the brokers through Straight Through Process (STP) gate in BOS and confirmation is sent to broker and custodian. In case of debt securities, BOS generates the Counter party confirmation and custody letter for settlement of deals. The deals are pushed for accounting in the form of deal summary or trade blotter from the BOS to Fund Accounting System. 21 Technical Guide 4.4.2 REPORTING ON RISK MANAGEMENT SYSTEMS Compliance with Key regulations required to be reviewed and reported includes: (a) Insurer having Assets under Management (AUM) in excess of Rs.500 Crores shall ensure separate personnel acting as fund manager and dealer This clause requires the auditor to ensure that the insurer having asset under management (both Shareholders' and Policyholders' investment taken together) in excess of Rs. 500 Crores has separate Fund Managers and Dealers, for both Equity and Debt portfolio. The auditor has to confirm if: · There are separate Fund Managers and dealers for equity as well as debt segment by reviewing the organization chart of the company. · Functional responsibilities of Fund Managers and dealers are defined in the Standard Operating Process (SOP) /Operations Manual or Investment Policy. The auditor should review sample deals, either in software application or hard copies to confirm that all the deals are authorized by Fund Manager and executed by Dealer. (b) The Investment System should have separate modules for Front and Back Office. This clause requires the auditor to verify that the investment system has Front Office and Back Office Modules The auditor should review the software system to confirm that it has separate modules for dealing and settlement. The auditor should confirm that these activities are carried out by separate officials with separate logins and passwords. The auditor can confirm this aspect through review of system and observing the process of trade execution and settlement. (c) Transfer of data from Front Office to Back Office should be electronic on Real time basis without Manual intervention i.e., without re-entering data at Back Office. 22 Coverage and Review Methodology This clause requires the auditor to verify that there is no manual intervention for transfer of data from Front Office/MID Office to Back Office. The auditor should review the software system to confirm that deals for all types of securities captured and authorized in FOS, automatically flow to BOS. The auditor can review this aspect by entering different types of investment transactions in FOS and confirm that there is seamless flow of deals from FOS to BOS and in turn from Front Office to Back Office. (d) The Insurer may have multiple Data Entry Systems, but all such Systems should be seamlessly integrated without manual intervention. This clause requires the auditor to report whether manual intervention is required for integration of data entered through multiple data entry systems. In the case of integrated system, usually seamless integration between front office, mid office and back office would exist. The auditor can review this by carrying out the limited review of the system to confirm that Front Office, MID Office and Back Office systems is separate, the auditor would have to ascertain that, · These systems facilitate upload between systems with due authentication/validation process (as provided in STRUCTURE OF SYSTEMS & APPLICATIONS IN INVESTMENT PROCESS) duly approved by the Investment Committee of the Insurer. The auditor has to review the live operations of the investment department in real time to ascertain the integration of these systems and to verify the approval of the Investment Committee for such integration through upload of data from one system to another system. (e) The Front Office shall report through the Chief Investment Officer (CIO) to the Chief Executive Officer (CEO). The Mid Office and Back Office, to be headed by independent personnel, shall be under the overall responsibility of Chief Financial Officer (CFO) who shall in turn, independently report to the CEO. This clause requires the auditors to ascertain the separation of investment and settlement function. 23 Technical Guide The auditor should review the following aspects with particular attention to whether `investment', `review `& Monitoring' and `settlement' functions are clearly separated as per SOP as well as through lines of `internal reporting': · Organization Chart · SOPs / Operations Manual / Investment Policy to understand the roles of officials of Front office, Mid office and Back office, CEO, CFO and CIO · Reporting lines 4.4.3. EMPLOYEE DEALING GUIDELINES (a) The Standard Operating Procedure (SOP) followed by the Insurer shall clearly specify the Guidelines to be adhered to by the Dealer, that is, the Insurer shall clearly specify the Trading guidelines for Personal Investments of the dealer. The compliance of this requirement shall be commented upon by the Internal / Concurrent Auditor. Reference to Model code of conduct and the SEBI ­ Prohibition of Fraudulent and Unfair Trade Practices Regulations, 2003, as amended from time to time, will be useful to check on "front-running by employees, Brokers and others connected with the Insurance Company. This clause requires the auditors to comment on employee dealing policy of the Company and adherence to the guidelines laid down in this regard.. The auditor has to confirm that the company has framed Employee Dealing Policy for dealing in securities by: · Fund Manager · Dealer · Research personnel & · Head of all departments · Others at Management level, who are responsible for Investment Operations who possess/are likely to possess insider information (termed as `Key personnel'). The auditor may also check if such policy framework is made applicable to Brokers and others connected with the Investment function 24 Coverage and Review Methodology The Auditor has to verify that the Employee Dealing Policy inter alia contains the following minimum criteria: (i) List of key personnel covered under the employee dealing policy; (ii) Type of Investments covered such as equity, derivatives, investments in IPO etc.; (iii) Type of investments which would not be covered by these guidelines; (iv) Prior approval for dealing in securities from Compliance Officer for any trade; (v) Validity period of the approval i.e. the period within which a deal needs to be carried out after approval. If the transaction does not take place within the validity period, new approval needs to be obtained. (vi) Intimation of investment to be filed with Compliance Officer within specified time, say, within 7 days, along with the proof of investment; (vii) Holding period of securities i.e. securities purchased should not be sold for specified period, say, within 30 days of purchase; (viii) Cooling-off period i.e. the period for the key personnel mentioned above during which they are not allowed to purchase/sell a particular security post transaction by the insurer; (ix) Restriction on short sale or square-off of the trades during the day. (x) Obtaining declaration relating to no self-dealing and Front running from key personnel; (xi) Periodic disclosures of portfolios and transactions, say, quarterly; (xii) Record keeping by Compliance Officer; (xiii) Details of penalty or Disciplinary Action for non-adherence; (xiv) Exceptions to the guidelines; (xv) Reporting to Board of Directors The auditor shall review sample transactions to confirm that the Company complies with the policy and cover the same in his report. 25 Technical Guide 4.4.4. MAKER/ CHECKER PROCESS/ SEGREGATION OF DUTIES (a) Insurer should have the procedure of Maker / Checker mapped in their Standard Operating Procedure / Operations Manual of Investment Operations. The Internal / Concurrent Auditor shall comment on such practice in his report. This clause requires the auditors to comment upon whether maker/checker process is covered in SOP / operations manual of investment operations and whether adherence of maker /checker system is commented on by the internal/concurrent auditor. The auditor has to confirm that the insurer has SOP / Operations Manuals covering: · Investment operations for ALL types of investments such as equity, derivatives, Government Securities, debt and money market instruments · Cash Management/Treasury operations · NAV computation, · Fund Accounting Valuation of investments, under both Traditional and ULIP funds · Empanelment of brokers Review needs to be carried on the basis of the manuals to ascertain the maker/ checker principles are embedded in the application. The Auditor should verify whether SOPs/Manuals provide for maker/checker control for all the important functions (particularly where manual intervention is required). The auditor should also look at the processes which need to be carried out manually or require manual intervention such as deal entry, uploading prices for valuation, creation of masters etc. and confirm that the system has in-built maker/checker controls for such processes that are clearly documented and audited periodically for changes recorded. The auditor should ascertain the inclusion of verification of maker/ checker compliance. He should also go through the internal / concurrent audit reports to ascertain /concurrent comments on this aspect. 26 Coverage and Review Methodology 4.4.5. AUDIT TRAIL AT DATA ENTRY POINTS (a) The Audit trail should be available for all data entry points including at the Checker / Authorizer level This clause requires the auditor to comment on the audit trail maintained in the system for various activities. The auditor should review the FOS, MOS and BOS and confirm that the system maintains audit trail for data entry, authorization, cancellation and any subsequent modifications. Further, the auditor shall also ascertain that the system has separate logins for each user and maintains trail of every transaction w.r.t. login ID, date and time for each data entry, authorization and modifications. To gather information, the auditor can interact with the system administrator and see the log maintained in the back-end of the system for deal entry, authorization, modification and the period for which this log is maintained. The auditor may do a walk through and audit samples to see if transactions are reflected in the log 4.4.6. BUSINESS CONTINUITY PROCESS (a) To ensure Business continuity, the Insurer should have a clear Off-site Back-up of Data and the corresponding applications system in a City falling under a different Seismic Zone, either on his own or through a Service Provider. Further, the Insurer / service provider (if outsourced) is required to have the necessary infrastructure for Mission Critical Systems to address at least the following: 1. Calculation of daily NAV (Fund- wise) 2. Redemption processing This clause requires the auditor to comment on the adequacy of Business Continuity Plan of the company. The auditor has to cover the following aspects in his review: 1. Back-up procedure (BCP) / Disaster Recovery Policy/ Manual of the company to ascertain if it covers the details of: (i) Detailed back-up policy for various data bases of the Insurer 27 Technical Guide (ii) Various scenarios in which Disaster Recovery site needs to be activated and actions to be taken in such cases (iii) Details of crisis management team and Business Recovery team, roles and responsibilities of team members (iv) Processes to be carried out in case of disaster including activation of call tree (v) Contact numbers of ALL service providers and people in the organization responsible for/expected to be involved in the business continuity plan (vi) Critical functions for EACH DEPARTMENT, resources required for the same, and processes to carry out these functions (vii) Disaster Recovery measures 2. To ascertain whether the Insurer has their own Disaster Recovery site or an arrangement with service provider for Disaster Recovery site, at a seismic zone other than the one where Investment department is located and from where all operations relating to investment, risk management, settlement, Cash Flow preparation, NAV computation, funding for redemption processing can be carried out. The auditor should visit BCP/DR site of the insurer and ensure that the site has the following features: (i) Front Office/Back Office software; (ii) Policy servicing software (for ascertaining the units to be redeemed) (iii) NAV computation software; (iv) Bloomberg/Reuters/Television for market information; (v) NDS/NDS OM; (vi) Bond Valuer or any other software used for valuation; (vii) STP gate; (viii) Mail Back-up; (ix) Back-up of server data to access the contact details of custody, counter parties, brokers etc.; 28 Coverage and Review Methodology (x) Telephones / fax machine / printer etc.; (xi) Soft and Hard copy of Standard Operating Procedures (SOP) available at the site 3. That the insurer has carried out BCP testing at least once in a year and has prepared BCP testing report. Verify the adequacy of the coverage and whether report was placed before the Audit committee and/or Board of Directors. 4. Review confirmation obtained by the insurer for successful testing of BCP/DRP from the custodian. 5. In case the insurer has outsourced NAV computation activity, report / confirmation on BCP/DRP testing having been obtained from Fund Accountant. The auditor should comment on whether such testing is satisfactory. 4.5 FRONT OFFICE 4.5.1. Segregation of Fund Manager / Dealer (a) Investment Department should have documented the segregation of Fund Managers and Dealers through Authority Matrix as a part of its `Standard Operating Procedure'. This clause requires the auditor to confirm that the functions of the Fund Manager and Dealer are separated and clearly defined. The auditor has to verify that the insurer has investment policy/ SOP clearly defining the roles and functions of Fund Managers and Dealers. The auditor should peruse the SOP /operations manuals pertaining to Investment operations covering ALL types of investments such as equity, derivatives, Government Securities, debt and money market instruments and confirm that SOPs clearly state the activities to be carried out by Dealer and Fund Manager. (b) The Insurer should have documented the Access Controls and Authorization process for Orders and Deal execution. This clause requires the auditors to comment on Access control and authorization process in FOS. The auditor has to undertake the following tasks to comment on this aspect: 29 Technical Guide · Review the data access and data security policy of the company to confirm that it covers access controls. · Confirm that the Company has approved and updated data access policy which states the access controls for each login ID. · Review the system to confirm access controls have been defined in the software system for each login such as view, write, modify, and authorization rights are defined user wise. (c) The Dealing Room should have a Voice Recorder and procedure for maintaining the recorded conversation and their disposal including procedure like no mobile phone usage in dealing rooms, and other best practices. This clause requires the auditors to comment upon voice recording system in the investment operations of the company. The auditor has to undertake the following tasks to comment on this aspect: · Confirm that the Company has a voice recorder in the dealing room, and all the dealing room phone lines are connected to the voice recorder. · Verify that voice recorder is in working condition and has been tested at regular intervals by IT team. That there exists a process to retrieve the recorded voice and listen to the conversation. · Confirm that tapes/records on which conversations have been recorded are preserved in fireproof cabins. · Confirm that either mobile jammer is installed in dealing room or mobile phones are not allowed in the dealing room. · The Auditor should also confirm the above aspects by surprise visits to dealing room. 4.5.2. INVESTMENT IN INVESTEE / GROUP COMPANY / INDUSTRY SECTOR (a) System based checks should be in place for investments in an Investee Company, Group and Industry Sector. The system should signal when the Internal / Regulatory limits are nearly reached PRIOR to taking such exposure and making actual investment. 30 Coverage and Review Methodology This clause requires the auditor to comment on in-built controls in FOS or MOS to monitor investment restrictions prescribed in the Insurer's Investment Policy and under IRDA (Investment) Regulations. For this purpose the auditor will undertake the following tasks: (i) Review the system to check if investment limits have been set w.r.t. Investee company, Group, Industry sector, rating, other investment etc. as prescribed under IRDA Regulations and internal limits adopted, if any, by the company. (ii) Verify whether a report could be generated from the system enlisting these limits. (iii) Check if soft limits can be set in the system or that the system sends out alerts on nearing the set limit. (iv) Confirm that the system gives alert or sends exception report to Compliance Officer/CIO on breach of soft limit1 on real time basis. (v) Verify that the system does not accept trade which would exceed the hard limit i.e. regulatory limit. · In case of internal limits, check these aspects by carrying out review of the system and also by entering a few sample deals in FOS to verify that the rules are in-built in the system and they cannot be breached. · Review the exception reports generated, if any. 4.5.3. INTER- FUND TRANSFER (a) The System should handle Inter-Fund transfer as per Circular IRDA-FA-02-10-2003-04. The Investment Committee may fix the Cut- Off time, for such transfer within the fund. (The inter- fund transfer should be like any other Market deal and the same needs to be carried out during the Market hours only) This clause requires the auditor to assess system's capability for carrying out inter-fund transfers in accordance with the regulation. IRDA Circular No. IRDA-FA-02-10-2003-04 states that: 1 Soft limits means limits set in the system which are more stringent than the actual limits to be adhered to. 31 Technical Guide (a) Transfer from shareholder's fund to Policyholder's fund should be at cost or market price whichever is lower. Debt securities should be transferred at amortized cost. (b) Transfer between policyholders' funds: · In case of non-linked business, inter-fund transfer is not allowed. · In case of unit linked business, inter-fund transfer is allowed at market price of the investment. (c) In case of small sized funds i.e. where policyholders' funds are less than Rs. 50 crores, sale of security at market price is allowed from shareholders' funds to policyholders' funds (and not vice versa) subject to certain conditions stated in the circular. The auditor should review whether the system is capable of ensuring adherence to the aforesaid restrictions on inter-fund transfer. He has also to verify whether the system can prevent processing of inter-fund trade if carried out beyond market hours set as per the nature of security. For this, the auditor has to understand and check the controls set in the system. The auditor can use dummy trades of inter-fund by which system controls could be confirmed. 4.6 MID OFFICE 4.6.1. MARKET RISK (a) The system should be capable of computing various portfolio returns This clause requires the auditor to comment on system's capability in computing risk- adjusted portfolio returns Various ratios are used to measure the risk associated with the portfolio and the return, such as Sharp ratio, Tenor ratio, Sortino ratio, Stress testing, Back testing. The auditor should verify whether MOS or FOS or any other software acquired by the company is capable of computing these ratios. The auditor should verify whether the process of computing Portfolio return analysis, if any, has been stated in the SOP or Operations Manual. 32 Coverage and Review Methodology (b) Regular limits monitoring and Exception Reporting. Also reporting on movement of prices This clause requires the auditor to comment on the process of monitoring regulatory limits and movement in prices. The auditor should · Verify that FOS or MOS monitors all the Regulatory limits on Exposure and Rating. FOS/MOS would have list of regulatory limits set in it. The auditor can confirm the function of limit monitoring by entering the sample/dummy deals in the system for various types of securities. · The auditor has to ensure that regulatory limits set in the system are hard limits which cannot be breached. · He should confirm that the right to set and modify such limits does not rest with front office or back office officials. (This authority should be with Compliance Officer / Risk Officer.) · The auditor has to ascertain if the system generates exception reports for breach of limits prescribed in the system. · He should also ascertain whether the system has the capability to monitor price movement of securities held in the portfolio and parameterized reporting of exceptional price movement and its impact on the overall portfolio values. 4.6.2. LIQUIDITY RISK (a) The Insurer should have a Cash Management System to provide the funds available for Investment considering the settlement obligations and subscription and redemption of units etc, to pre- empt any leveraged position or liquidity risk. This clause requires the auditors to comment on robustness of cash management system to pre-empt leveraged positions or liquidity risk. Robust cash management system provides current and projected fund- wise cash flow, without manual intervention, which facilitates accurate deployment of funds. With the help of integrated cash management system, funds availability serves as additional precondition to comply within the FOS, before accepting any trade. To comment on the adherence to this requirement the Auditor 33 Technical Guide · should ensure that Cash Management System is not managed using just Spread Sheets. · needs to verify that there exists an efficient cash flow management system through software, which would provide the exact cash position to Fund Manager from time to time to avoid any leveraged position, illiquidity risk as well as idle cash balances. · should verify on sample basis the bank balances and ensure that there are NO instances of idle bank balances as well as over-drawn bank balances and cash management system is indeed implemented. · should report the software / systems used for cash management. (b) The System should be validated not to accept any commitment beyond availability of funds. This clause requires the auditor to comment on the capability of the system to prevent dealing beyond funds available. The auditor should confirm that the FOS has `in-built' controls for not allowing any trade beyond the available cash except in case of trades for settlement date other than T date. 4.6.3. CREDIT RISK (a) The Investment System should capture Instrument Ratings to enable it to automatically generate FORM 2 (Statement of Downgraded Investments) through the System. This clause requires the auditor to comment on whether Form 2 can be generated from IMS or any other software used by the insurer. The auditor should understand the process of generating Form 2 and ascertain if it is generated using system support. The auditor should verify on sample basis that downgrade in the rating is properly reflected in the Form 2 prepared through system. The auditor should also verify that the security master contains the mandatory field as rating of the security and that the insurer has put in place a system to review the investment ratings of the securities and make amendments to rating in security master, if there is a downgrade in the instrument rating. 34 Coverage and Review Methodology (b) The System should automatically monitor various Regulatory limits on Exposure & Rating This clause requires the auditor to comment on the ability of the IMS to monitor adherence to regulatory limits on exposure and rating on a regular and ongoing basis. The auditor should review the FOS or MOS to check if various exposure and rating wise investment limits set in the system are mapped with the actual exposure of the fund-wise portfolio on periodical basis (daily in the case of Unit-linked portfolio), and a report is generated by the system. To ascertain the System's capability, the auditor should verify the reports generated by the system in this regard; dummy deals may be entered to check the system's functionality. (c) The System should have the ability to track changes in ratings over a period and generate appropriate alerts, along with the ability to classify investment between Approved and Other Investments This clause requires the auditor to comment on the system/procedure at the insurer's for tracking the changes in the ratings of the security and classification of the investments. The auditor should verify whether there is a system in place to ensure that instruments downgraded below the minimum rating requirement for classification under `Approved Investment' category as per Investment Regulations, are listed under `Other Instruments' Investment category. To this end, the Auditor should verify that: · The Security master of FOS contains the mandatory field of rating and classification of security as approved and other investments. The System should not allow creation of master without entering these details. · The insurer has a system to monitor the ratings of the security. For that, check if the insurer has any sort of arrangement to receive update on rating of the security. It may be specifically noted that the credit Rating should always be security-wise and NOT issuer- wise. · The security-wise rating received can be uploaded in the securities master to pick-up the revised rating that would be ideal. Alternatively, 35 Technical Guide check whether a particular official is assigned the job of tracking the changes in the rating of the securities in the portfolio and updating the security master which would update the classification of securities accordingly. (The User rights assigned to the Officer updating the Security Master for rating changes should be specifically commented on by the Concurrent Auditor as to whether the same is properly documented and periodically audited). Verify whether the system automatically changes the classification of the security on change of rating wherever necessary in accordance with the IRDA (Investment) Regulations. Also verify on such changes, whether exception report is generated by the system for the use of compliance officer/risk officer and chief of Investments. Regarding system ability to classify investment in `Approved' and `Other investment', the auditor has to verify whether the system has the ability to classify the asset as approved or otherwise based on various parameters of classification prescribed under Regulations such as dividend track record, rating, secured, investment more than the limit prescribed. Verify that the process followed by the company in monitoring of changes in the rating and classification of asset is properly covered in the SOPs of the Company. (d) The Insurer should conduct periodic credit reviews for all companies in the portfolio. The periodicity should be clearly mentioned in the Investment Policy. This clause requires the auditors to comment on system/procedure of the insurer for carrying out periodic credit reviews of all the companies in the portfolio. The auditor has to understand the process followed by the company for periodic credit review of the companies in whose debt securities, the insurer has made investments. The reviews are carried out by a separate team such as a research team. The auditor has to ascertain and comment on the adequacy of credit reviews carried out by the insurer during the last one year and of the system support, if any, available for such review. The auditor should review the Investment Policy to ascertain the mandate given by the Investment Policy for credit rating along with the periodicity. 36 Coverage and Review Methodology (e) The Insurer is required to keep a track of movement of Securities between Approved and Other Investments Status, as a part of Audit trail, at individual security level This clause requires the auditor to comment on the process of the insurer for tracking the change in the status of the securities from Approved to other investments and vice versa. The auditor has to review the process followed by the company to track the change in the investment status of the investment. For this, review the change in the classification of asset made by the Company. Peruse the SOPs to understand the process specified by the Company for such monitoring and re-classification. Ascertain audit trail i.e. date of change, reason for the change, that is maintained for any change in the asset classification ideally through the system. Review MIS reports prepared for re-classification of investment, if any. The auditor should obtain a trail from the system or otherwise, for any such changes and confirm that audit trail of all such changes has been maintained at security level. 4.6.4. TRACKING OF REGULATORY LIMITS (a) The System should have key limits pre-set for ensuring compliance with all Regulatory requirements and should be supported by work-flow through the System ( real time basis) for such approval, if Regulatory limit is close to be breached. For Guidance on how to confirm the adherence by the Insurer to this requirement, please refer to guidelines given for clause No. 4.4.2.a and 4.5.3.b. (b) The System should have the capability of generating Exception reports for Audit by Internal / Concurrent Auditor This clause requires the auditor to comment on the systems of the insurer to generate exception reports pertaining to investments. Exception reports relating to investment function should, inter alia, include ­ Change in the rating of the debt security, change in the status of investment from approved to other investment or vice versa, non-receipt of interest or redemption amount, non-compliance of various prudential norms prescribed under IRDA (Investment) Regulations and various circulars and guidelines 37 Technical Guide issued under the Regulation, and non-compliance of various internal limits set by the insurer. The auditor has to review capability of IMS in generating such exception reports. For ascertaining this aspect, the auditor may feed dummy deals in the IMS. 4.6.5. REVIEW, MONITORING AND REPORTING (a) The System should automatically track and report all internal limit breaches. All such breaches should be audited by Internal / Concurrent Auditor. This is similar to clause 4.5.4.b above. Further, the auditor is required to comment whether software system (IMS) could track and report independently internal limit breaches (i.e., without manual invention). (b) Implementation and Review of Asset & Liability Matching and other Investment Policy Guidelines This clause requires the auditor to comment on the implementation and review of guidelines prescribed in the Investment Policy adopted by the insurer. The auditor has to ascertain that the insurer has prepared an Investment Policy in accordance with the Regulation of the IRDA (Investment) Regulations, and it has been approved by the Board of Directors. Investment Policy prescribes various guidelines for conducting the investment operations including Asset Liability Management. The auditor also needs to confirm that the insurer has: (a) A mechanism to address the Asset Liability Management (b) Reviewed implementation of Asset Liability Matching mentioned in the Investment Policy and the same has been presented to Board on periodic basis at a frequency of not later than six months. (c) Carried out corrective actions, if any, as directed by the Board of Directors (BoD). 38 Coverage and Review Methodology 4.7. BACK OFFICE 4.7.1. DATA INPUT ERROR (a) The system should be validated in such a way that the Deal can only be rejected by the Back Office and not edited This clause requires the auditor to comment on the access rights defined in the system for deal entry and modification. Once a deal is concluded by the front office it flows to back office for settlement. The creator of the trade is front office and the job of the back office is restricted to verification of trade and then settlement. In view of this, back office should not have access rights to modify the terms and if any discrepancy is noticed, ideally, the deal needs to be rejected and pushed back to front office. The auditor will verify if access rights are defined for each user and back office officials have only view rights and not the edit rights for deal entry. The auditor should verify this aspect through system review as well as by actually trying to modify the deal in the BOS. 4.7.2. SETTLEMENT RISK (a) The System should be validated to restrict Short Sales at the time of placing the order This clause requires the auditor to ascertain that FOS has in-built controls to prohibit sale of securities not held in the portfolio. The auditor should ascertain whether there is a process to receive the data from the custodian for saleable quantity and upload it in FOS. The auditor should confirm that FOS contains a restriction for sale of security beyond saleable quantity. The auditor may do a walk through and audit samples to see if transactions are reflected in the log 4.7.3. COMPUTATION OF `NAV' (a) The System should be capable of computing NAV and comparing it with the NAV computed by the Service provider, if it is outsourced. 39 Technical Guide This clause requires the auditor to comment on the capability of IMS or Fund Accounting System to compute NAV. The auditor is also required to comment on the process of verification of NAV in case NAV function is outsourced. In case, NAV computation is carried out in-house, the auditor should confirm that the system computes the NAV for each fund and plan without any manual intervention. (Manual uploads of valuation inputs received, if any, from the external sources should be considered as manual intervention). This could be verified by reviewing the process of NAV computation in its entirety. In case NAV has been outsourced, the auditor has to verify that the Company has a system in place to verify the NAV computed by service provider with the use of analytical techniques. This could be checked by review of working notes prepared/maintained by the insurer for NAV verification. (b) The Insurer should maintain NAV history (Fund-wise) in his Public Domain from the Start of the Fund to Current Date The auditor should visit the website of the insurer to ascertain if fund-wise and plan-wise data of daily NAV is available since the beginning on the website of the company and is easily accessible to the user. (c) `NAV' error ­ Computation and Compensation 1. All expenses and incomes accrued up to the Valuation date shall be considered for computation of NAV. For this purpose, while major expenses like management fees and other periodic expenses should be accrued on a day- to- day basis, other minor expenses and income can be accrued on a weekly basis, provided the non-accrual does not affect the NAV calculations by more than 1%. This clause requires the auditor to comment on the process of NAV computation, particularly with focus on accruing income and expenses on daily basis. The auditor is required to · Review SOP prepared for NAV computation and ascertain the appropriateness of the method prescribed for deal booking, valuation, 40 Coverage and Review Methodology corporate action, interest accrual, amortization, unit capital accounting, expenses accrual etc. Verify on sample basis, NAV computation for different funds to ascertain that correct method is followed for NAV computation. In case NAV computation is outsourced, then the auditor has to examine the NAV computation process followed at service provider to ascertain its appropriateness. The auditor has to verify that all major expenses are accrued on daily basis and other expenses at least on weekly basis only if non-accrual on daily basis does not impact NAV by 1% or more. 2. Any changes in Securities and in the number of Units should be recorded in the books not later than the first valuation date following the date of transaction. If this is not possible, the recording may be delayed up to a period of seven days following the date of the transaction, provided that the non-recording does not affect the NAV calculations by more than 1%. This clause requires the auditor to comment on promptness in recording of investment and unit related transactions. The auditor has to · Verify that all the investment deals and unit capital related transactions are accounted on a daily basis. He should peruse the SOP to understand the process defined for recording of investment transactions and particularly for unit capital transactions. · Understand the process of recording missed transactions, if any, and whether there exists a mechanism to ascertain the impact of such omission and corrective action taken on the same. If the insurer's accounting process is such that the transactions are not recorded on the same day, then the impact of non- recording of transactions on daily basis on the NAV, and whether the delay in accounting is beyond seven days, needs to be ascertained and commented upon. 3. In case the NAV of a Plan differs by more than 1% due to non - recording of the transactions, or any other errors / mistakes, the investors or fund(s), as the case may be, shall be paid the difference in amount as follows:- Such as Stock Splits, Dividend, Rights Issues, Buy Back, Bonus Issues etc. 41 Technical Guide (a) NAV' error ­ Computation & Compensation 1. All expenses and incomes accrued up to the Valuation date shall be considered for computation of NAV. 2. In case the NAV of a Plan differs by more than 1% due to non - recording of the transactions or any other errors / mistakes, the investors or fund(s) as the case may be, shall be paid the difference in amount as follows:- (i) If the investors are allotted units at a price higher than NAV or are given a price lower than NAV at the time of sale of their Units, they shall be paid the difference in amount by the plan. (ii) If the investors are charged lower NAV at the time of purchase of their units or are given higher NAV at the time of sale of their units, the Insurer shall pay the difference in amount to the Plan and shall be compensated by non-unit reserve of the ULIP funds. (iii) The Internal / Concurrent Auditor shall look into the above issues and specifically report on it and comment on the Systems in place to take care of such issues on an ongoing basis. (iv) A log of NAV errors and the management action taken on those errors shall be maintained in the System and be forwarded to Internal / Concurrent Auditors. 4.7.4. ERRORS DURING BROKER EXECUTION LEG (a) All Equity deals should be through STP gateway for all broker transactions This clause requires the auditor to comment on whether all equity deals are settled by Straight Through Process (STP). All mutual funds, financial institutions, banks, insurance companies tie up with the service provider for STP. All deals entered in FOS by dealer are matched with STP files received from the broker in the BOS. BOS matches the deals and generates the files to be sent to custodian for settlement. These files are sent to custodian without any manual intervention. 42 Coverage and Review Methodology The auditor should confirm that deal-matching and settlement take place through STP as stated above. This could be checked by actually reviewing the day-end process at investment department. 4.7.5. UPLOADING OF VALUATION PRICE FILES (a) System to have capability to upload Corporate Actions such as Stock Splits, Dividend, Rights Issue, Buy Back, Bonus issues etc., for computation of NAV / Portfolio valuation This clause requires the auditor to comment on the capability of the Fund Accounting system to compute NAV with least manual intervention. The auditor has to verify that Fund Accounting system supports upload of: · Deals from BOS · Corporate actions data received from custodian · Valuations received from Gilt Valuer, Bond Valuer, FIMMDA, BSE/NSE etc. · Units data received from Policy Admin System The auditor should also confirm that Fund Accounting system computes interest, amortization, expenses etc. and there is no manual intervention needed. The auditor has to review the whole process of NAV computation and confirm it. 4.7.6. RECONCILIATION (a) Fund-wise, in the case of Life Insurers, reconciliation with Investment Accounts, Bank, and Custodian records should be done on a day-to-day basis for all types of products. In the case of ULIP products, Unit reconciliation with Policy Admin. Systems should be ensured on a day- to- day basis for each (SFIN). This clause requires the auditor to comment on reconciliation process of the insurer. Such as Stock Splits, Dividend, Right Issue, Buy back, Bonus Issues etc. 43 Technical Guide The auditor must review the SOPs to understand the process and responsibilities specified for various reconciliations. They also have to review the process of fund-wise, plan-wise reconciliation on sample basis for: · Securities balance as per the books of account with the custodian records · Bank Accounts · Units Capital reconciliation ­ o Subscription reconciliation i.e. balances as per books of accounts, balance as per Policy Admin records, and funds received for subscription o Redemption reconciliation i.e. balance as per books of accounts, balance as per Policy Admin System, and funds paid for redemption o Switch reconciliation i.e. balance as per books of accounts, balance as per Policy Admin System, and funds transferred for switch and specifically comment on whether the above are done on a day- to-day basis. (b) In the case of General Insurer / Re-insurer, reconciliation with Investment Accounts, Bank and Custodian records should be done on a day-to-day basis. The auditor has to review the process as explained in para 6 (a) except for unit capital reconciliation. 4.8. INTERNAL / CONCURRENT AUDIT (a) An Insurer having Assets under Management (AUM) of not more than Rs.1000 Crores shall conduct a Quarterly Internal Audit to cover both Transactions and related Systems. Insurers having AUM above Rs.1000 Crores should appoint a Chartered Accountant firm for Concurrent Audit to have the transactions and related Systems audited. (b) The Audit Report shall clearly state the observation at transaction level and its impact, if any at System level. The Audit Report shall be based on Exception Reporting. 44 Coverage and Review Methodology (c) The Auditor shall clearly state that the Insurer had done the reconciliations as required under point 4.7.6.a and 4.7.6.b (d) Segregation of Shareholders & Policyholders' funds: 1. In the case of a Life Insurer, each individual fund, both falling under Shareholders' / Policyholders', under any class of business, has `scrip' level investments to comply with the provisions of Section 11(1B) of Insurance Act, 1938 2. Furthermore, the Shareholders' funds beyond Solvency Margin, to which the pattern of Investment will not apply, shall have a separate custody account with identified scrips for both Life and General Insurance Companies. (e) The Insurer is required to place the Audit Report before the Audit Committee and implement all its recommendations. (f) The Insurer shall, along with Quarterly Investment Returns to be filed with the Authority, confirm in FORM 4, that the Internal / Concurrent Audit observations, up to the Quarter preceding the Quarter to which the Returns are filed, were placed before the Audit Committee for its recommendations, and action taken. Note: Points 4.3.5.a.1 and 4.6.3 are specific to ULIP Business. The auditor has to report on the scope and coverage of the internal audit in line with the areas stated under this clause. As IRDA has prescribed requirement of concurrent audit, beyond Rs. 1000 Crores of AUM (Shareholders' and Policyholders' funds taken together) for investment operations to be carried out by the independent chartered accountant, if the insurer has not appointed the concurrent auditor, then the auditor has to state the plan of action of the insurer. 45 5 Format of Certificate Certificate on Investment Risk Management Systems and Processes To The Audit Committee of the Board [Insert name of the insurance company] We have examined the compliance of conditions of Investment Risk Management Systems & Processes of M/s ......................("the company") for the period from ------­ to ------------, as stipulated in Regulation 13 (E) (1) of IRDA (Investment) (Fifth Amendment) Regulations, 2013 notified by the Insurance Regulatory and Development Authority (`IRDA') on the 16th February, 2013, as amended from time to time. The design of the IT Governance Architecture, implementation of the Investment Risk Management Systems and Processes in accordance with the Regulations , Guidelines, and Circulars issued by IRDA from time to time, and compliance thereto, is the responsibility of the Company's management. Our responsibility is to examine the procedures and implementation thereof by the Company and issue a certificate thereon. An examination of the Company's implementation of the Investment Risk Management Systems and Processes includes examining evidence supporting the management's compliance with the Regulations , Guidelines, and Circulars of IRDA. Our examination was performed in accordance with the Guidance Note on Audit Reports and Certificates for Special Purposes and as per the procedure laid down in the Technical Guide on Review and Certification of Investment Risk Management Systems and Processes of Insurance Companies issued by the Institute of Chartered Accountants of India ("ICAI"). We believe that our examination provides a reasonable basis for our certificate. The above format is not applicable to an insurance company at the R1/R2 stage (for which only checklist in Annexure A is applicable). Format of Certificate We have examined the relevant records and information systems of the Company and obtained all the information, explanations and representations from the Chief Executive Officer/ the Chief Investment Officer/ Chief Technology Officer/ Chief Information Officer , which to the best of our knowledge and belief were necessary for the purpose of our examination. Based on our examination and according to the information and explanations given to us, we hereby certify that the Company has complied with the conditions of Investment Risk Management Systems & Processes prescribed under the IRDA (Investment) [5th Amendment] Regulations, 2013 except as under: (a) (b) (c) The areas of non-mitigated/residual risk resulting from deficient investment risk management systems and processes as identified by us during our examination are given in Annexure 1 appended herewith. This Certificate is issued solely for use of the Insurer for submission to IRDA pursuant to Regulation 13(E) of IRDA (Investment)(Fifth Amendment) Regulations, 2013. For............................................... Chartered Accountants (Firm Registration No. .........................) Place: Date: ..................................... Partner [ICAI membership number] 47 Technical Guide Annexure 1 to Auditor's Certificate (FORMING PART OF certificate on investment risk management systems and processes Dated __/__/____) .Name of Insurer : _______________________________ Period covered under review : _______________________________ SUMMARY (AS PER THE RISK RATING WITHOUT CONSIDERING MITIGATING CONTROLS) RISK CATEGORY NO. OF OBSERVATIONS INVESTMENT OPERATIONS (IO) Very Serious non-compliances (VSI) Serious Non-compliances (SI) Procedural Non-compliances (PI) IT APPLICATIONS & SYSTEMS (ITAS) Very Serious Non-compliances (VSI) Serious Non-compliances (SI) Procedural Non-compliances (PI) KEY FINDINGS No Annexure REVIEW REVIEW AUDITOR'S Risk Mitigating Residual ref OBJECTIVE OBJECTIVE OBSERVATIONS category controls* risk HEADING CHECKLIST category QUESTION ** Y N Comments * The auditor can consider and record other controls that mitigate the risk ** Opinion of the auditor For............................................... Chartered Accountants (Firm Registration No. .......................) Place: Date: ......................................... Partner [ICAI membership number] Encl: As above 48 ANNEXURE A/B/C/D (Forming Part of Certificate on Investment Risk Management Systems and Processes Dated __/__/____) The prescribed checklist formats are enclosed as Annexure A/B/C/D. ANNEXURE `A' COMPLIANCE CHECKLIST TO BE SUBMITTED ALONG WITH APPLICATION UNDER `R2' BACKGROUND AND SCOPE On issuance of an R1 certificate, an Insurer has to comply with certain requirements (conditions precedent) to obtain R2 and R3. IRDA vide Circular INV/CIR/008/2008-09 dated 22nd Aug, 2008 had directed all insurers to obtain a certificate from a Chartered Accountant for complying with the requirements on Investment Systems and Process before filing for R2/R3. The following is a checklist template prepared to cover all the Regulatory issues that IRDA had in the past identified through periodical Investment Inspections engaging Chartered Accountant. Note : The auditor of a new company shall carry out a full-fledged review of this area and in subsequent reviews, it will suffice if the pending issues are reviewed and reported. S.NO ISSUE / POLICY AUDITOR'S COMMENTS GENERAL CONTROLS: 1. If there are any conditions specified in the R1 certificate by IRDA, have these been complied with by the Insurer? 2. Has a CEO and CFO been appointed for the Insurer? 3. Has an Investment Committee (IC) been constituted? 4. Is the insurer's paid up equity capital in excess of Rs. 100 crores in case of General insurer and Re-insurer and Rs. 200 crores in case of Life Companies? 5. Have shares been allotted to all shareholders? 6. In case where the insurer has foreign entities as its shareholders, is the equity capital held by such foreign entities in accordance with Regulation 11 of IRDA (Registration of Indian Insurance Companies) Regulations 2000? Technical Guide S.NO ISSUE / POLICY AUDITOR'S COMMENTS 7. Has the Deposit under Section 7 of Insurance Act, 1938 complied with? 8. Has the Insurer opened two separate gilt accounts, one specifically for Section 7 deposit (with a clear direction to the Banker that it could be operated only after taking the prior permission of IRDA in writing) and the other for transactions as per Circular on Section 7: Deposit? 9. Has the insurer framed an Investment Policy (IP) to comply with IRDA regulations? 10. Whether the insurer had briefly described its self-established investment philosophy? 11. In addition to 10) above, other information like, · Investment Personnel, · Investment advisor (if outsourced), · location of the investment operations, · Investment brokers to be used etc., are included? 12. Were other regulations regarding investment, valuation, exposure on prudential and provisioning norms for life and non-life insurance companies issued by the authority taken into consideration? 13. The IP should cover the following: · Organisational structure relating to investment department and authorization matrix 52 Compliance Checklist to be Submitted along with Application... S.NO ISSUE / POLICY AUDITOR'S COMMENTS · IP should be applicable fund wise, including ULIP funds. · All risks should be addressed in IP · Internal / Concurrent Audit to review compliance with the provisions of IRDA provisions & IP · Segregation of Investment Operations / functions between Front, Mid & Back Office mandated along with reporting matrix · Fund wise performance, to be placed before Board on a Quarterly basis 14. All applicable returns to be filed with IRDA should have been identified and there are clear assignment of responsibilities and procedures to ensure that these are filed within the due dates 15. Has a custodian been identified? Is there an agreement with the custodian clearly specifying the terms and conditions of the arrangements? 16. If the custodian has been appointed, is the custodian part of the `Promoter Group'? 17. Is there a process in place for investment reconciliation with custodian certificates? 18. Has Delegation of Financial Authority and reporting to Investment Committee / Board been determined? 19. Have guidelines for internal reporting to the Board, IC been framed? 53 Technical Guide S.NO ISSUE / POLICY AUDITOR'S COMMENTS 20. Has all fees to IRDA been paid based on the class of business of the insurer? INFORMATION TECHNOLOGY CONTROLS 21. Are full descriptions on the different areas where the computer systems will be deployed provided? 22. Were the computer systems bought off the shelf (with/without customisation) developed locally or imported into India by the foreign promoter (with / without customisation)? 23. Is there a brief description on the magnitude of its usage for servicing the policy holders and the degree of interconnectivity of the computer systems ? 24. Is there a brief description on how the IT systems will be used to develop the required management systems? 25. Is the extent of manual procedures and operations that are going to be retained as such defined and provided? 54 Compliance Checklist to be Submitted along with Application... Requirements at the R1 / R2 Stage of Registration of Insurance Companies 1. Consideration of requisition for registration application:1 The Authority on being satisfied that ­ (a) The requisition in Form IRDA/R1 is complete in all respects and is accompanied by all documents required therein, (b) All information given in the Form IRDA/R1 is correct, (c) The applicant will carry on all functions in respect of the insurance business including management of investments within its own organization, (d) The applicant submitting requisition for registration application ­ (i) Is a bona fide applicant for registration under section 3 of the Act, (ii) Will be in a position to comply with the requirements for grant of certificate, may accept the requisition and direct supply of the application for registration to the applicant. 2. The following point is to be taken into consideration while applying for R1 Registration procedure2: Investments: Each company will have established its investment philosophy that will be appropriate for the products it intends to market. This should be described. Other information should include the investment personnel, investment adviser (if outsourced), location of the investment operations, investment brokers to be used, etc. Regulations regarding Investment, Valuation, Exposure ­ Prudential ­ Provisioning Norms ­ Life and Non Life issued by the Authority may be taken into account. 1 Based on Insurance Regulatory and Development Authority (Registration of Indian Insurance Companies) Regulation, 2000, as amended from time to time. 2 As per the requirements of Circular No. INV/CIR/008/2008-09, Dated 22nd Aug, 2008 55 Technical Guide 3. The following point is to be taken into consideration while applying for R2 Registration procedure: Information Technology: Insurance industry is very much dependent on computer technology. Full description should be provided for the following: · The different areas where computer systems will be employed · Whether the systems will be bought off the shelf (with some customization), developed locally or imported into India by the foreign promoter (with some customization) · The degree to which the systems will be used for policyholder servicing · The degree of inter-connectivity of the systems · A description of how the I/T systems will be used to develop the required Management Information Systems · Extent of procedures and operations which will remain manual 56 ANNEXURE B REVIEW OF STANDARD OPERATING PROCEDURE COVERING `SYSTEMS AND PROCESSES' Technical Guide Review of SOP · Check through interviews, review of documentation, reports and substantial checks, if the following are covered in SOP and whether they have been adhered to: S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS 1. Are the responsibilities Very of CIO, CFO, CEO Serious clearly laid down and is it ensured that the CIO is not in charge of mid office and back office functions ? 2. Does the SOP must Very have Clear guidelines Serious to be adhered by the Dealer? 3. Are there Clear Very guidelines to be Serious followed while dealing with iJntermediaries (brokers, counterparties etc.)? 4. Are Clear Trading Serious guidelines for Personal Investments laid down by the Investment Team ? 5. Has the Investment Very Department Serious documented the segregation of Fund Managers and Dealers through Authority Matrix as a part of its 58 Review of Standard Operating Procedure Covering... S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS `Standard Operating Procedure'? Such segregation should also include segregation of front office, mid office and back office functions. Reporting and compliance should be independent of investment activities . 6. Has The Insurer Very documented the Serious Access Controls and Authorization process for Orders and Deal execution? 7. Is there a Provision for Very conducting periodic Serious credit reviews for all companies in the portfolio. The periodicity should be clearly mentioned in the Investment Policy ? COMPLIANCE 8. Is there a Clear Very statement that there Serious cannot be any short sales by insurer ? 9. Are there procedures Very for Cover age of the Serious Dealing Room as well 59 Technical Guide S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS as the availability of a Voice Recorder and procedure for maintaining the recorded conversation and their disposal? 10. Is it ensured that Very Investments in an Serious Investee Company, Group and Industry Sector signal when both Internal / Regulatory limits are nearly reached PRIOR to taking such exposure and making actual investment? 11. Are procedures to Very ensure that circulars Serious and notices received from IRDA adhered to? 12. Are there Procedures Very to ensure that Serious exposure norms determined by IRDA from time to time are appropriately communicated within the organization, and adhered to? 13. Does the SOP cover Very the yearly compliance Serious 60 Review of Standard Operating Procedure Covering... S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS certificate with regard to section 7 deposit issued to IRDA. Are there procedures on the part of the insurer governing the deposits made under section 7? 14. Are there Procedures Very to be followed by the Serious Insurer to ensure that when corpus size or fund size crosses certain threshold limits defined by IRDA, applicable regulations, circulars and exposure limits are identified and acted upon? 15. Are there Procedures Very within the insurer for Serious identifying and assigning outsourcing activities? These should comply with IRDA regulations on outsourcing for insurance companies? 16. Are there Procedures Serious for empanelment of brokers / agents / others for investment activities. Do uch procedures also 61 Technical Guide S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS specify the limit for each broker / agent and others including the compliance with SEBI ­( Prevention of fraudulent and unfair trade practices) Regulations as applicable from time to time ? 17. Has there been an Serious audit of the custodial services to ensure that the service provider · Is a regulated custodial service provider with experience and expertise in NAV computation? · Is not part of a `Group' as defined under Regulation 2 (ca) of IRDA (Investment) Regulations, 2000 as amended from time to time and Guidelines issued there under? · Complies with all consumer laws and regulations? 62 Review of Standard Operating Procedure Covering... S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS · Maintains confidentiality and protects data from intentional or inadvertent disclosure to unauthorized persons? · Has a comprehensive and effective system for disaster recovery and periodic testing of backup facilities? · Has an adequate system to address all Operational Risks arising out of technology, errors and frauds been put in place? · Provides full access to all records and other material to the IRDA or its authorised representatives to the same extent as if it were a department of the insurer? 63 Technical Guide S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS 18. Does the outsourcing Serious agreement with custodian contain an exit clause providing for smooth transfer of records and functions to the insurer or its nominated contractor in the event of the outsourcing agreement being terminated, without imposing onerous penalties for termination? 19. Are there procedures Serious and assignment of responsibilities to ensure that when changes need to be made to system / application parameters consequent to circulars and notices of IRDA, these are communicated to the respective teams, and it is ensured that they are carried out? 64 Review of Standard Operating Procedure Covering... S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS OPERATIONS & PROCESSES 20. Is there a Procedure Very of Maker / Checker Serious mapped in Standard Operating Procedure / Operations Manual of Investment Operations? 21. Does such maker Very checker process also Serious cover activities in NDS system which are available and integrated with SOP covering investment procedures ? 22. Are there Procedures Very to ascertain cash Serious positions and make investment decisions within available cash positions? 23. Is there adequate Very process to identify all Serious corporate actions? 24. Is there adequate Very process to ensure that Serious all the corporate actions have been accounted for? 65 Technical Guide S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS 25. Is there a process for Very investment Serious reconciliation with custodian certificates? Alternate Processing 26. To ensure Business Very continuity, the Insurer Serious should have a clear Off-site back-up of data in a city falling under a different Seismic Zone, either on his own or through a Service Provider. Further, the Insurer / service provider (if outsourced) is required to have the necessary infrastructure for Mission Critical Systems to address at least the following: 1. Calculation of daily NAV (Fund wise) 2. Redemption processing. Internal / Concurrent Audit 27. An Insurer having Very 66 Review of Standard Operating Procedure Covering... S. ISSUE/POLICY AUDITOR'S RISK NO. OBSERVATION CATEGORY YES NO COMMENTS Assets under Serious Management (AUM) of not more than Rs.1000 Crores shall conduct a Quarterly Internal Audit to cover both Transactions and related Systems. Insurers having AUM above Rs.1000 Crores should appoint a Chartered Accountant firm for Concurrent Audit to have the transactions and related Systems audited. Has there been compliance with the above regulations during the period under review? 67 Annexure C REVIEW OF INFORMATION TECHNOLOGY (IT) SYSTEMS AND PROCESSES SUPPORTING INVESTMENT OPERATIONS Review of Information Technology (IT) Systems and Processes... Review of Information Technology (IT) Systems and Processes supporting Investment Operations S. No Audit Objective Auditor's Risk Observation Category Y N Comments A Planning the IT Function IT Plan and Strategy Very Serious A.1. Does the Organization have an IT strategy / IT plan approved by Management A.2. Is there a process of minimum of annual review of the IT strategy / Plan A.3. Is there a periodic review (minimum annual) of IT performance - covering key parameters in IT strategy such as Data Sizing, Network Performance? Information Architecture ­ Policy and Procedure Review INFORMATION SECURITY Very POLICY DOCUMENT Serious A.4. Is there an Information security policy, approved by the management and adopted by the Board? A.5. Does it state the management commitment and set out the organisational approach in managing information security? 69 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.6. Does the Information Security Policy cover the following key areas of IT Security · Detailed IT Security Policy and Procedures · Organisa0tion and security · Asset Classification and Control · Personnel Security · Physical and Environmental Security · Communications and Operations Management · Access Control · Systems Development and Maintenance · Information Security Incident Management · Business Continuity Management · Compliance requirements to Policies and Procedures IT Risk Management Process? A.7. Has the Security Policy been published and communicated as appropriate to all employees and vendors? A.8. Are new members of staff and vendors made aware of Information Security Policy? A.9. Are continuous awareness programmes conducted for security awareness? 70 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.10. Has the role of Information Security Officer with responsibilities for implementation of the Security Policy been assigned? A.11. Whether detailed procedures for each policy statement developed? A.12. Is the Information Security Officer made responsible for: · Reporting non- compliance with the approved policy · Incidents of security breaches to the Top Management, · Initiating and effecting corrective action? INCIDENT MANAGEMENT PROCEDURES A.13. Whether an Incident Management procedure exists to handle security incidents. A.14. Whether there are clearly defined procedures and rules covering the different types of security incidents. A.15. Whether the procedure addresses the incident management responsibilities, orderly and quick response to security incidents. 71 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.16. Whether the procedure addresses different types of incidents ranging from denial of service to breach of confidentiality etc., and ways to handle them. INVENTORY OF ASSETS A.17. Whether an inventory or register is maintained with the important assets associated with each information system. A.18. Whether each asset identified has an owner, the security classification defined and agreed and the location identified. A.19. Is there an up-to-date network diagram? A.20. Is the inventory schedule and networking plan reviewed at regular intervals to ensure that they are complete and up- dated? A.21. Are all the system configurations properly documented? A.22. Is the configuration document regularly updated as per a fixed schedule? INFORMATION LABELING AND HANDLING 72 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.23. Whether an appropriate set of procedures are defined for information labeling and handling in accordance with the classification scheme adopted by the organization. CORRECT DISPOSAL OF RESOURCES REQUIRING PROTECTION A.24. Is there a policy of identifying resources and media based on their level of sensitivity A.25. Is there a disposal process commensurate with each level of sensitivity A.26. Are the specified disposal provisions complied with A.27. Is the disposal procedure reliable ACCESS CONTROL POLICY A.28. Whether the business requirements for access control have been defined and documented. A.29. Whether the Access control policy does address the rules and rights for each user or a group of user. A.30. Whether the users and service providers were given a clear statement of the business requirement to be met by access controls. 73 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments CLASSIFICATION GUIDELINES A.31. Whether there is an Information classification scheme or guideline in place; which will assist in determining how the information is to be handled and protected. MANAGEMENT OF REMOVABLE COMPUTER MEDIA A.32. Whether there exists a procedure for management of removable computer media such as tapes, disks, cassettes, memory cards and reports. OTHER FORMS OF Serious INFORMATION EXCHANGE A.33. Whether there are any policies, procedures or controls in place to protect the exchange of information through the use of voice, facsimile and video communication facilities. A.34. Whether staffs are reminded to maintain the confidentiality of sensitive information while using such forms of information exchange facility. INFORMATION AND Serious SOFTWARE EXCHANGE AGREEMENT 74 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.35. Whether there exists any formal or informal agreement between the organisations for exchange of information and software. A.36. Whether the agreement does address the security issues based on the sensitivity of the business information involved. Determine technological direction. INDEPENDENT REVIEW OF Very INFORMATION SECURITY Serious A.37. Whether the implementation of security policy is reviewed independently on regular basis. This is to provide assurance that organisational practices properly reflect the policy, and that it is feasible and effective. TESTING, MAINTAINING AND Very RE-ASSESSING BUSINESS Serious CONTINUITY PLAN A.38. Whether Business continuity plans are tested regularly to ensure that they are up to date and effective. A.39. Whether Business continuity plans were maintained by regular reviews and updates to ensure their continuing effectiveness. 75 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.40. Whether procedures were included within the organisations change management programme to ensure that Business continuity matters are appropriately addressed. MOBILE COMPUTING Serious A.41. Whether a formal policy is adopted that takes into account the risks of working with computing facilities such as notebooks, palmtops etc., especially in unprotected environments. WORKING FROM OFFSITE Very Serious A.42. · Whether policy, operational plan and procedures are developed and implemented for working from offsite. This should cover both employees and partners. · Whether such activity is authorized and controlled by management and does it ensure that suitable arrangements are in place for this way of working. Define the IT Processes, Organization and Relationships AUTHORISATION PROCESS Very FOR INFORMATION Serious PROCESSING FACILITIES 76 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.43. · Whether there is a management authorisation process in place for any new facilities such as · Hardware · Software incl. applications · information processing facility like data centers, offices etc · changes to configurations in existing Assets. A.44. Are log-books kept of system changes A.45. Are there any guidelines for implementing changes to IT components, software or configuration data? A.46. Are all changes documented? INFORMATION SECURITY Procedural COORDINATION A.47. Whether there is a cross- functional forum of management representatives from relevant parts of the organization to coordinate the implementation of information security controls. ALLOCATION OF Very INFORMATION SECURITY Serious RESPONSIBILITIES A.48. Has an IT Security Officer been appointed? 77 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.49. Whether responsibilities for the protection of individual assets and for carrying out specific security processes are clearly defined. A.50. Is there an establishment of a suitable organisational structure for IT security CONFIDENTIALITY Very AGREEMENTS Serious A.51. Whether employees are asked to sign confidentiality or non- disclosure agreement as a part of their initial terms and conditions of the employment. A.52. Whether this agreement covers the security of the information processing facility and organisation assets. INCLUDING SECURITY IN JOB Procedural RESPONSIBILITIES A.53. Whether security roles and responsibilities as laid down in Organization's information security policy documented were appropriate. A.54. Does it include general responsibilities for: implementing or maintaining security policy, specific responsibilities for protection of particular assets, extension of particular security processes or activities. 78 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments PERSONNEL SCREENING Very AND POLICY Serious A.55. Whether verification checks on permanent staff were carried out at the time of job applications. This should include: · character reference, · confirmation of claimed academic · professional qualifications · independent identity checks. TERMS AND CONDITIONS OF Procedural EMPLOYMENT A.56. Whether terms and conditions of the employment covers the employee's responsibility for information security. Where appropriate: · At the joining date · At time of internal transfers · On termination/end of the employment. INFORMATION SECURITY Procedural EDUCATION AND TRAINING A.57. Whether all employees of the organization and third party users (where relevant) receive appropriate Information Security training and regular updates in organisational policies and procedures. 79 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.58. Is the IT Security Management Team involved in the planning and delivery of IT training? DATA PROTECTION AND Serious PRIVACY OF PERSONAL INFORMATION A.59. Whether there is a management structure and control in place to protect data and privacy of personal information. IDENTIFICATION OF Serious APPLICABLE LEGISLATION A.60. Whether all relevant statutory, regulatory and contractual requirements were explicitly defined and documented for each information system. INTELLECTUAL PROPERTY Very RIGHTS Serious A.61. Whether there exist any procedures to ensure compliance with legal restrictions on use of material in respect of which there may be intellectual property (IPR) rights such as copyright, design rights, trade marks. A.62. Whether the procedures are well implemented. A.63. Whether proprietary software products are supplied under a licence agreement that limits the use of the products to specified machines. The only exception might be for making own back- up copies of the software. 80 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments SAFEGUARDING OF Very ORGANISATIONAL RECORDS Serious A.64. Whether important records of the organisation are protected from loss destruction and falsification. SECURING OF EQUIPMENT Very OFF-PREMISES Serious A.65. Whether any equipment usage outside an organisation's premises for information processing has to be authorized by the management.. A.66. Whether the security provided for these equipments while outside the premises is at par with or more than the security provided inside the premises. SEGREGATION OF DUTIES Very Serious A.67. Whether duties and areas of responsibility are separated in order to reduce opportunities for unauthorized modification or misuse of information or services. This should include. Distinction between IT and Business Development and Production. SEPARATION OF Very DEVELOPMENT AND Serious OPERATIONAL FACILITIES 81 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.68. Whether the development and testing facilities are isolated from operational facilities. For example, development software should run on a computer different from the computer with production software. Where necessary development and production network should be separated from each other. NETWORK CONTROLS Very Serious A.69. Whether effective operational controls such as separate network and system administration facilities were established where necessary. A.70. Whether responsibilities and procedures for management of remote equipment, including equipment in user areas are established. A.71. Whether there exist any special controls to safeguard confidentiality and integrity of data processing over the public network and to protect the connected systems. A.72. Whether access attempts via telnet, ftp are logged and reviewed. IDENTIFICATION OF RISKS Very FROM THIRD PARTY Serious A.73. Whether risks from third party access are identified and appropriate security controls implemented. 82 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.74. Whether security risks with third party contractors working onsite are identified and appropriate controls are implemented. SECURITY REQUIREMENTS Very IN THIRD PARTY CONTRACTS Serious A.75. Whether there is a formal contract containing, or referring to, all the security requirements to ensure compliance with the organization's security policies and standards. WORKING IN SECURE AREAS Very Serious A.76. Whether there exists any security control for third parties or for personnel working in secure area. PREVENTION OF MISUSE OF Very INFORMATION PROCESSING Serious A.77. Whether use of information processing facilities for any non- business or unauthorised purpose, without management approval is treated as improper use of the facility. A.78. Whether at the log-on a warning message is presented on the computer screen indicating that the system facility being entered is private and that unauthorised access is not permitted. 83 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments REGULATION OF Procedural CRYPTOGRAPHIC CONTROLS A.79. Whether the cryptographic controls are used in compliance with all relevant agreements, laws, and regulations. ACCEPTABLE USE OF Very ASSETS Serious A.80. Whether regulations for acceptable use of information and assets associated with an information processing facility were identified, documented and implemented. The auditor is required to understand the policies with respect to use of Information Assets and controls available to prevent their misuse. MANAGEMENT Procedural RESPONSIBILITIES A.81. Whether the management requires employees, contractors and third party users to apply security in accordance with the established policies and procedures of the organization. Manage the IT investment REVIEW AND EVALUATION Procedural 84 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.82. Whether the IT Security process ensures that a review takes place in response to any changes affecting the basis of the original assessment, for example: significant security incidents, new vulnerabilities or changes to organisational or technical infrastructure. LEARNING FROM INCIDENTS Procedural A.83. Whether there are mechanisms in place to enable the types, volumes and costs of incidents and malfunctions to be quantified and monitored. REPORTING SECURITY Procedural INCIDENTS A.84. Are steps taken to ensure that anything unusual in the log files gets reported? A.85. Are the users regularly advised of the requirement to inform the administrator at once in case of irregularities? Communicate management aims and direction PUBLICLY AVAILABLE Procedural SYSTEMS A.86. Whether there is any formal authorisation process in place for the information to be made publicly available. Such as approval from Change Control which includes Business, Application owner etc., Auditor may also evaluate the control to disclose NAV on the website. 85 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.87. Whether there are any controls in place to protect the integrity of such information publicly available from any unauthorised access. The auditor may obtain VA and PT reports of the website and other web applications where investment related data is hosted. SECURITY REQUIREMENTS Serious IN OUTSOURCING CONTRACTS A.88. · Whether security requirements are addressed in the contract with the third party, when the organization has outsourced the management and control of all or some of its information systems, networks and/ or desktop environments. · The contract should address how the legal requirements are to be met, how the security of the organization's assets are maintained and tested, and the right of audit, physical security issues and how the availability of the services is to be maintained in the event of disaster. INFORMATION ACCESS Serious RESTRICTION 86 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.89. Whether access to application by various groups/ personnel within the organisation has been defined in the access control policy as per the individual business application requirement and whether it is consistent with the organisation's Information access policy. PASSWORD USE Very Serious A.90. Whether there are any guidelines in place to guide users in selecting and maintaining secure passwords. UNATTENDED USER Procedural EQUIPMENT A.91. Whether the users and contractors are made aware of the security requirements and procedures for protecting unattended equipment, as well as their responsibility to implement such protection. CLEAR DESK AND CLEAR Procedural SCREEN POLICY A.92. Whether automatic computer screen locking facility is enabled. This would lock the screen when the computer is left unattended for a period. 87 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.93. Whether employees are advised not to leave any confidential material in the form of paper documents, media, etc., in a locked place while unattended. RETURN OF ASSETS Very Serious A.94. Whether there is a process in place that ensures all employees, contractors and third party users surrender all of the organization's assets in their possession upon termination of their employment, contract or agreement. MANAGEMENT COMMITMENT Serious TO INFORMATION SECURITY A.95. Whether management demonstrates active support for security measures within the organization. This can be done via clear direction, demonstrated commitment, explicit assignment and acknowledgement of information security responsibilities. ROLES AND Procedural RESPONSIBILITIES A.96. · Whether employee security roles and responsibilities, contractors and third party users were defined and documented in accordance with the organization's information security policy. 88 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments · Were the roles and responsibilities defined and clearly communicated to job candidates during the pre- employment process Manage IT human resources USER DELETION Very Serious A.97. Is there a well defined process for revoking user rights on termination of employment? A.98. Is the IS Team promptly informed of the termination of service by a staff member? A.99. Are there any former staff members who still hold previously issued passes or user ID? A.100. Is it ensured that all entry and access rights of a staff member whose services have been terminated are revoked and deleted, and is the process adequate? A.101. When the contractual relationship with outside staff is terminated, are all access authorisations revoked or deleted? TERMINATION Very RESPONSIBILITIES Serious A.102. Whether responsibilities for performing employment termination, or change of employment, are clearly defined and assigned. 89 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments Manage quality EXTERNAL FACILITIES Serious MANAGEMENT A.103. Whether any of the Information processing facility is managed by external company or contractor (third party). A.104. Whether the risks associated with such management were identified in advance, discussed with the third party, and appropriate controls were incorporated into the contract. OUTSOURCED SOFTWARE Serious DEVELOPMENT A.105. · Whether the outsourced software development is supervised and monitored by the organization. · Whether points such as: Licensing arrangements, escrow arrangements, contractual requirement for quality assurance, testing before installation to detect Trojan code etc., are considered. Manage Projects EMERGENCY PROCEDURES Serious A.106. Is there an authorized person to determine the existence of an emergency? A.107. Is there an Emergency Procedure Manual? 90 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.108. Is a description of the emergency organisation available? A.109. Is consideration given to all possible emergencies? A.110. Are all persons and organisational units stated in the Manual aware of the emergency organization? A.111. Has configuration back-up been produced for every employed computer type and/or every employed operating system and easily accessible in case of emergency? A.112. Is a startup disk available for each configuration PC which can be used to boot the system in the event of a boot failure? NETWORK PERFORMANCE Procedural MEASUREMENT A.113. Are performance measurements and traffic-flow analyses conducted regularly? Is it within the SLA agreed to with the vendor? A.114. Has a security analysis of the network environment been conducted? SENSITIVE SYSTEM Procedural ISOLATION 91 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.115. Whether sensitive systems are provided with isolated computing environment such as running on a dedicated computer, sharing resources only with trusted application systems, etc. ALTERNATE PROCESSING Procedural A.116. Is there a specification of internal and external alternatives? A.117. Are these available and effective? A.118. Are the configuration, capacity and compatibility of internal and external alternatives being adapted to the current status of procedures? A.119. Are the integrity and confidentiality of IT application and data moved to external resources ensured in the case of recourse to external alternatives? A.120. Are there any contingency plans for failure of individual assets? A.121. Are there contingency plans in case of breakdown of data transmission? A.122. Has the data transmission capacity required for the use of alternative resources been adequately assessed? A.123. Are there any alternative solutions for important communication links? 92 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments A.124. Is there a provision of redundant communication lines? A.125. Is there a sufficient redundant arrangement for network components? A.126. Is there any point of failure in the current infrastructure? B Implement IT Plan Acquire and maintain application software OPERATIONAL CHANGE Very CONTROL Serious B.1 Whether all programs running on production systems are subject to strict change control i.e., whether any change to be made to those production programs needs to go through the change control authorisation. B.2 Whether audit logs are maintained for any change made to the production programs. AUDIT LOGGING Procedural B.3 · Whether audit logs recording user activities, exceptions, and information security events are produced and kept for an agreed period to assist in future investigations and access control monitoring. · Whether appropriate Privacy protection measures are considered in Audit log maintenance 93 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments FAULT LOGGING Procedural B.4 · Whether faults are logged analysed and appropriate action taken. · Whether level of logging required for individual system are determined by a risk assessment, taking performance degradation into account. APPLICATION ACCEPTANCE Procedural CRITERIA AND TESTS B.5 INPUT DATA VALIDATION · Whether data input to application system is validated to ensure that it is correct and appropriate. · Whether the controls such as: Different types of inputs to check for error messages, Procedures for responding to validation errors, defining responsibilities of all personnel involved in data input process etc., are considered. B.6 CONTROL OF INTERNAL PROCESSING · Whether validation checks are incorporated into applications to detect any corruption of information through processing errors or deliberate acts. 94 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments · Whether the design and implementation of applications ensure that the risks of processing failures leading to a loss of integrity are minimized. · Auditor needs to review the tests performed on the application at the time of acquisition and during any change B.7 MESSAGE INTEGRITY · Whether requirements for ensuring and protecting message integrity in applications are identified, and appropriate controls identified and implemented. · Whether a security risk assessment was carried out to determine if message integrity is required, and to identify the most appropriate method of implementation. B.8 OUTPUT DATA VALIDATION Whether the data output of application system is validated to ensure that the processing of stored information is correct and appropriate to circumstances. 95 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments B.9 ACCESS CONTROL TO PROGRAM SOURCE CODE Whether strict controls are in place to restrict access to program source libraries. (This is to avoid the potential for unauthorized, unintentional changes.) B.10 RESTRICTION ON CHANGES TO SOFTWARE PACKAGES Whether modifications to software package is discouraged and/ or limited to necessary changes. Whether all changes are strictly controlled Acquire and maintain technology infrastructure EQUIPMENT MAINTENANCE Procedural B.11 Whether the equipment is maintained as per the supplier's recommended service intervals and specifications. B.12 Whether the maintenance is carried out only by authorized personnel. B.13 Whether appropriate controls are implemented while sending equipment off premises. B.14 If the equipment is covered by insurance, whether the insurance requirements are satisfied. LAPTOPS Procedural 96 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments B.15 Are laptop users instructed as regards safe keeping of their computers during mobile use? B.16 Is there use of an encryption product for laptop PCs? AUTOMATIC TERMINAL Procedural IDENTIFICATION B.17 Whether automatic terminal identification mechanism is used to authenticate connections. PLANNING OF A WINDOWS `OS' NETWORK B.18 Is there any documentation indicating which directories on which computers have been shared for network access? CONFIGURATION OF `OS' Procedural SERVERS B.19 Is there a document detailing the settings of various parameters in the OS Server? B.20 Are these settings adhered to? B.21 Is protection of the registry under Windows in place? B.22 Have the default passwords for local access been replaced by secure ones? PROTECTION OF SYSTEM Procedural TEST 97 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments B.23 Whether system test data is protected and controlled. Whether use of personal information or any sensitive information for testing operational database is shunned. Enable operation and use DOCUMENTED OPERATING Very PROCEDURES Serious B.24 Whether the Security Policy has identified any Operating procedures such as Back-up, Equipment maintenance etc. B.25 Whether such procedures are documented and used. SECURITY OF SYSTEM Very DOCUMENTATION Serious B.26 Whether the system documentation is protected from unauthorised access. B. 27 Whether the access list for the system documentation is kept to the minimum and authorized by the application owner (for use by a limited number of users.) Manage Changes USE OF SYSTEM UTILITIES Very Serious B.28 Whether system utilities that come with computer installations, but may override system and application control are tightly controlled. 98 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments CHANGE MANAGEMENT Very Serious B.29 Whether all changes to information processing facilities and systems are controlled. B.30 Is there a written SOP covering the change control program that has been approved? TECHNICAL REVIEW OF Very APPLICATIONS AFTER Serious OPERATING SYSTEM CHANGES B.31 Whether there is process or procedure in place to review and test business critical applications for adverse impact on organizational operations or security after the change to Operating Systems. Periodically it is necessary to upgrade operating system i.e., to install service packs, patches, hot fixes etc. C Management of IT Service delivery Procedural C.1 Whether measures are taken to ensure that the security controls, service definitions and delivery levels, included in the third party service delivery agreement, are implemented, operated and maintained by a third party. Manage third party services 99 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments MONITORING AND REVIEW Serious OF THIRD PARTY SERVICES C.2 · Whether the services, reports and records provided by third party are regularly monitored and reviewed. · Whether audits are conducted on the above third party services, reports and records, on regular interval. MANAGING CHANGES TO Serious THIRD PARTY SERVICES C.3 · Whether changes to provision of services, including maintaining and improving existing information security policies, procedures and controls, are managed. · Does this take into account criticality of business systems, processes involved and re-assessment of risks? Manage Performance and capacity PATCH MANAGEMENT Serious C.4 Are steps taken to ensure that information about the latest patches is always available? How is the patch level status of systems verified? CAPACITY PLANNING Serious 100 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.5 Whether the capacity demands are monitored and projections of future capacity requirements are made. This is to ensure that adequate processing power and storage are available. Example: Monitoring Hard disk space, RAM, CPU on critical servers. Ensure continuous service BUSINESS CONTINUITY Very PLANNING FRAMEWORK Serious C.6 Whether there is a single framework of Business continuity plan. C.7 Whether this framework is maintained to ensure that all plans are consistent and identify priorities for testing and maintenance. C.8 Whether this identifies conditions for activation and individuals responsible for executing each component of the plan. WRITING AND Very IMPLEMENTING CONTINUITY Serious PLAN C.9 Whether plans were developed to restore business operations within the required time frame following an interruption in or failure of business process. C.10 Whether the plan is regularly tested and updated. 101 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.11 Review the written BCP / DRP (s) and verify whether the BCP / DRP(s): · Address(es) the recovery of each business unit/department/ function, · According to its priority ranking in the Risk Assessment; and · Considering interdependencies among systems. C.12 Whether it take(s) into account: · Personnel; · Facilities; · Technology (hardware, software, operational equipment); · Telecommunications/networks; · Vendors; · Utilities; · Documentation (data and records); · Law enforcement; · Security; · Media; and · Shareholders C.13 Whether it include(s) emergency preparedness and crisis management aspects: · Has an accurate employee/ manager contact tree; 102 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments · Clearly defines responsibilities and decision- making authorities for designated teams and/or staff members, including those who have authority to declare a disaster; · Explains actions to be taken in specific emergency situations; · Defines the conditions under which the back-up site would be used; · Has procedures in place for notifying the back-up site; · Designates a public relations spokesperson; and · Identifies sources of needed office space and equipment and list of key vendors (hardware/ software/ communications, etc.) C.14 Whether the BCP / DRP establishes processing priorities to be followed in the event not all applications can be processed. C.15 Whether adequate procedures are in place to ensure the BCP / DRP (s) is (are) maintained in a current fashion and updated regularly. 103 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.16 Whether a senior manager has been assigned responsibility to oversee the development, implementation, testing, and maintenance of the BCP / DRP. C.17 Whether the board reviews and approves the written BCP / DRP(s) and testing results at least annually and documents these reviews in the board minutes. C.18 Whether senior management periodically reviews and prioritizes each business unit, business process, department, and subsidiary for its critical importance and recovery prioritization. If so, determine how often reviews are conducted. C.19 If applicable, determine whether the senior management has evaluated the adequacy of the BCP/DRPs for its service providers, and ensured the organization's BCP/DRP is compatible with those service provider plans, commensurate with adequate recovery priorities. 104 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments BUSINESS IMPACT ANALYSIS Very Serious C.20 Are all functions and departments included in the BIA? C.21 Review the BIA to determine whether the identification and prioritization of business functions are adequate. C.22 Does the BIA identifies maximum allowable downtime for critical business functions, acceptable levels of data loss and backlogged transactions, and the cost and recovery time objectives associated with downtime? C.23 Review the risk assessment and determine if it includes scenarios and probability of occurrence of disruptions of information services, technology, personnel, facilities, and service providers from internal and external sources, including: · Natural events such as fires, floods, and severe weather; · Technical events such as communication failure, power outages, and equipment and software failure; and · Malicious activity including network security attacks, fraud, and terrorism. 105 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.24 Whether the risk assessment and BIA have been reviewed and approved by senior management and the board. C.25 Are reputation, operational, compliance, and other risks considered in plan(s). RISK MITIGATION Procedur STRATEGIES al C.26 Whether adequate risk mitigation strategies have been considered for: · Alternate locations and capacity for: · Data centers and computer operations; · Back-room operations; · Work locations for business functions; and · Telecommunications. C.27 Is there a policy for Back-up of: · Data; · Operating systems; · Applications; · Utility programs; and · Telecommunications? 106 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.28 Is there a policy for Off-site storage of: · Back-up media; · Supplies; and · Documentation, e.g., BCP(s), DRP, operating and other procedures, inventory listings, etc? C.29 Is there a provision for Alternate power supplies such as Uninterruptible power supplies (UPS); and Back-up generators. 107 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.30 Whether there are procedures for, · Duplicates of the operating systems are available both on- and off-site. · Duplicates of the production programs are available both on- and off-site, including both source (if applicable) and object versions. · All programming and system software changes are included in the back up. · Back-up media is stored off- site in a place from which it can be retrieved quickly at any time. · Frequency and number of back-up generations is adequate in view of the volume of transactions being processed and the frequency of system updates. · Duplicates of transaction files are maintained on- and off-site. · Data file back-ups are taken off-site in a timely manner and not brought back until a more current back-up is off- site. 108 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.31 Review the written IT continuity plan(s) and determine whether the plan(s) addresses the back- up of the systems and programming function (if applicable), including, Back-up of programming tools and software; and Off-site copies of program and system documentation. C.32 Does the plan deal with how backlogged transactions and other activity will be brought current. C.33 Whether adequate physical security and access controls exist over data back-ups and program libraries throughout their life cycle, including when they are created, transmitted/delivered to storage, stored, retrieved and loaded, and destroyed. C.34 Do appropriate policies, standards, and processes address business continuity planning issues including: · Systems Development Life Cycle, including project management; · The change control process; · Data synchronization, back up, and recovery; 109 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments · Employee training and communication planning; · Insurance; and · Government and community coordination? C.35 Whether personnel are adequately trained as to their specific responsibilities under the plan(s) and whether emergency procedures are posted in prominent locations throughout the facility. C.36 Does the continuity strategy include alternatives for interdependent components and stakeholders, including: · Utilities; · Telecommunications; · Third-party technology providers; · Key suppliers/business partners; and · Customers/members? C.37 · Are there adequate processes in place to ensure the plan(s) are maintained to remain accurate and current? · Designated personnel are responsible for maintaining changes in processes, personnel, and environment(s)? 110 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments · The board of directors reviews and approves the plan(s) annually and after significant changes and updates? · Process includes notification and distribution of revised plans to personnel and recovery locations? DISASTER RECOVERY SITE / Very ALTERNATE PROCESSING Serious SITE C.38 Does the Insurer have a clear Off-site Back-up of Data in a City falling under a different Seismic Zone, either on its own or through a Service Provider? C.39 Does the Insurer have, in addition to above, the necessary infrastructure for Mission Critical Systems to address at least the following: · Calculation of daily NAV (Fund wise) Redemption processing? C.40 · Whether satisfactory consideration has been given to geographic diversity for: · Alternate processing locations; 111 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments · Alternate locations for business processes and functions; and · Off-site storage. C.41 Are there arrangements for alternative processing capability in the event any specific hardware, the data center, or any portion of the network becomes disabled or inaccessible, and determine if those arrangements are in writing? C.42 If the organization is relying on in-house systems at separate physical locations for recovery, whether the equipment is capable of independently processing all critical applications. C.43 · If the organization is relying on outside facilities for recovery, whether the recovery site, · Has the ability to process the required volume; · Provides sufficient processing time for the anticipated workload based on emergency priorities; and, 112 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments · Allows the organization to use the facility until it achieves a full recovery from the disaster and resumes activity at the organization's own facilities. C.44 Review the contract between applicable parties, such as recovery vendors if any. Determine if the terms and conditions of the contract relate to the BCP/DRP C.45 Whether the organization ensures that when any changes (e.g. hardware or software upgrades or modifications) in the production environment occur that a process is in place to make or verify a similar change in each alternate recovery location. C.46 Whether the organization is kept informed of any changes at the recovery site that might require adjustments to the organization's software or its recovery plan(s). C.47 Whether there are plans in place that address the return to normal operations and original business locations once the situation has been resolved and permanent facilities are again available. 113 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.48 Whether adequate documentation is housed at the alternate recovery location including: · Copies of each BCP / DRP; · Copies of necessary system documentation C.49 Whether appropriate physical and logical access controls have been considered and planned for the inactive production system when processing is temporarily transferred to an alternate facility. C.50 · Whether the methods by which personnel are granted temporary access (physical and logical) during continuity planning implementation periods are reasonable. · Evaluate the extent to which back-up personnel have been reassigned different responsibilities and tasks when business continuity planning scenarios are in effect and if these changes require a revision to the levels of systems, operational, data, and facilities access. 114 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments · Review the assignment of authentication and authorization credentials to determine if they are based upon primary job responsibilities and if they also include business continuity planning responsibilities. C.51 Whether the intrusion detection and incident response plan considers resource availability, and facility and systems changes that may exist when alternate facilities are placed in use. TESTING Very Serious C.52 Whether the BCP / DRP(s) is tested periodically C.53 Whether all critical business units/departments/functions are included in the testing. C. 54 Whether the tests include: · Setting goals and objectives in advance; · Realistic conditions and activity volumes; · Use of actual back-up system and data files while maintaining off-site back-up copies for use in case of an event concurrent with the testing; 115 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments · Participation and review by internal audit; · A post-test analysis report and review process that includes a comparison of test results to the original goals; · Development of a corrective action plan(s) for all problems encountered; and · Board of Directors' review. C.55 Whether interdependent departments, vendors, and key market providers have been involved in testing at the same time to uncover potential conflicts and/or inconsistencies. C.56 Whether the level of testing is adequate for the size and complexity of the organization. Determine if the testing includes: · Testing the operating systems and utilities (infrastructure); · Testing of all critical applications (application level); · Data transfer between applications (integrated testing); and · Testing the complete environment and workload (stress test). 116 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.57 Whether testing at an alternative location includes: · Network connectivity; · Items processing and backroom operations connectivity and information; and · Other critical data feed connections/interfaces. C.58 Whether testing of the information technology infrastructure includes: · Rotation of personnel involved; and · Business unit personnel involvement. C.59 Whether management considered testing with: · Critical service providers; · Customers; · Affiliates; · Correspondent institutions; and · Payment systems and major financial market participants. C.60 When testing with the critical service providers, determine whether management considered testing, · From the institution's primary location to the TSPs' alternative location; 117 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments · From the institution's alternative location to the TSPs' primary location; and · From the institution's alternative location to the TSPs' alternative location. INFORMATION BACK-UP Very Serious C.61 Whether Back-up of essential business information such as production server, critical network components, configuration backup etc., were taken regularly. C.62 Whether the backup media along with the procedure to restore the backup are stored securely and well away from the actual site. C.63 Can data restoration be performed with the help of the documentation even by a person other than the one who backed up the data? C.64 Are the persons responsible for data backup and restoration sufficiently trained? C.65 Are data restoration exercises carried out periodically? C.66 Whether the backup media are regularly tested to ensure that they could be restored within the time frame allotted in the operational procedure for recovery. 118 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments Ensure systems security MANAGEMENT INFORMATION Very SECURITY FORUM Serious C.67 Whether there is a management forum to ensure there is a clear direction and visible management support for security initiatives within the organisation. IT SECURITY GUIDELINES AND Very PROCEDURES Serious C.68 Does the organization have a detailed IT Security Guidelines and procedures manual? C.69 Is there a process of reviewing and updating these manuals at periodic intervals? ENDPOINT USAGE Very GUIDELINES Serious C.70 Have Endpoint Use Guidelines been established? C.71 How is compliance with the Endpoint Use Guidelines monitored? C.72 Does every user have a copy of these Endpoint Use Guidelines? SECURITY OF ELECTRONIC Very OFFICE SYSTEMS Serious C.73 Whether there is an acceptable use policy to address the use of Electronic office systems. 119 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.74 Whether there are any guidelines in place to effectively control the business and security risks associated with the electronic office systems. DISABLING REMOVABLE Very DRIVES Serious C.75 Has it been ensured that floppy disk / USB drives will generally be locked and can be accessed only through authorized use? POWER SUPPLIES / UPS Very Serious C.76 Is the equipment protected from power failures by multiple feeds, through uninterruptible power supply (UPS), backup generator etc.? C.77 Are the required intervals for UPS maintenance being observed? C.78 Is the effectiveness of the UPS system being tested on a regular basis? C.79 If any failures due to the location occurred in the past, had remedial action been taken for the same? C.80 Are generators available to protect against prolonged power loss and are they in working condition? 120 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments GRANTING OF Very (SYSTEM/NETWORK) ACCESS Serious RIGHTS C.81 Are the issue and the retrieval of access authorizations and access-granting means documented? C.82 Is separation of functions being observed in the granting of access rights? C.83 Are users being trained in the correct handling of access- granting means? C.84 If use of access-granting means is logged, are such logs also analysed? USER PASSWORD Very MANAGEMENT Serious C.85 Is the allocation and reallocation of passwords controlled through a formal management process? C.86 Are the users asked to sign a statement to keep the password confidential? C.87 Have users been informed on how to handle passwords correctly? C.88 Is the password quality controlled? C.89 Are password changes mandatory? 121 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.90 Has every user been provided with a password? C.91 Are there any fixed procedures relating to the escrow of passwords? C.92 If Yes, are the escrowed passwords complete and up-to- date? C.93 Have provisions been made to ensure proper handling of escrowed passwords? C.94 Is the system of password changes controlled on the basis of updating entries for escrowed passwords? PASSWORD USE Very Serious C.95 Are there any guidelines in place to guide users in selecting and maintaining secure passwords? POLICY ON USE OF NETWORK Very SERVICES Serious C.96 Does a policy exist that does address concerns relating to networks and network services such as: Parts of network to be accessed, Authorisation services to determine who is allowed to do what, Procedures to protect the access to network connections and network services? 122 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.97 Are users provided with standard configuration of work stations? If not, are deviations authorized and documented? TERMINAL LOGON Very PROCEDURES Serious C.98 Has it been ensured that access to information system is attainable only via a secure log- on process? C.99 Are machines configured to boot from hard drives? C.100 Is there a BIOS password set for PC to disable users from booting through CD drives? C.101 Is the number of unsuccessful log-in attempts restricted? C.102 Whether After each unsuccessful log-in attempt, the waiting time until the next log-in prompt increases. C.103 Are unsuccessful log-in attempts reported to the user? C.104 Is access to the console protected by passwords or other means? USER IDENTIFICATION AND Very AUTHORISATION Serious 123 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.105 Whether unique identifier is provided to every user such as operators, system administrators and all other staff including technical. C.106 Whether the generic user accounts are supplied under exceptional circumstances only where there is a clear business benefit. Additional controls may be necessary to maintain accountability. C.107 Whether the authentication method used does substantiate the claimed identity of the user. Commonly used method: Password that only the user knows. PASSWORD MANAGEMENT Very SYSTEM Serious C.108 Whether there exists a password management system that enforces various password controls such as individual password for accountability, enforcing password changes, storing passwords in encrypted form, not displaying passwords on screen etc. TERMINAL TIMEOUT Very Serious 124 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.109 Whether Inactive terminal in public areas are configured to clear the screen or shut down automatically after a defined period of inactivity. LIMITATION OF CONNECTION Very TIME Serious C.110 Whether there exists any restriction on connection time for high-risk applications. This type of set up should be considered for sensitive applications for which the terminals are installed in high-risk locations. USER REGISTRATION Very Serious C.111 Whether there is any formal user registration and deregistration procedure for granting access to multi-user information systems and services. The creation of a user account must be approved by the business owner of the application in question or their nominee. C.112 Are there standard rights profiles for different functions or tasks? PRIVILEGE MANAGEMENT Very Serious 125 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.113 Whether the allocation and use of any privileges in multi-user information system environment is restricted and controlled i.e., privileges are allocated on need- to-use basis; privileges are allocated only after formal authorisation process. C.114 Are there any organisational procedures governing the designation of users or user groups? C.115 Is there any program for the configuration of users or user groups? C.116 Are there records of the authorized users and groups and their authorisation profiles? REVIEW OF USER ACCESS Very RIGHTS Serious C.117 Whether there exists a process to review user access rights at regular intervals. Example: Special privilege review every 3 months, normal privileges every 6 months. INFORMATION ACCESS Very RESTRICTION Serious 126 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.118 Whether access to application by various groups/ personnel within the organisation has been defined in the access control policy as per the individual business application requirement and whether it is consistent with the organisation's Information access policy. MONITORING SYSTEM USE Very Serious C.119 Whether procedures are set up for monitoring the use of information processing facility. The procedure should ensure that the users are performing only the activities that are explicitly authorized. C.120 Whether the results of the monitoring activities are reviewed regularly. UNAUTHORISED SOFTWARE Very Serious C.121 Has a procedure for the authorisation and registration of software been laid down? C.122 Has the ban on use of non- approved software been put in writing? C.123 Have all staff members been informed of the ban? 127 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.124 What possibilities happen to be there for installation or use of unauthorised software? C.125 Are checks carried out periodically on the software inventory? ADMINISTRATOR FUNCTIONS Very Serious C.126 To which persons is the supervisor password known? C.127 Have administrator roles been divided up? C.128 Are the authorisations assigned by the administrator randomly checked? C.129 How frequently are logins and logouts using administrator ID checked? EVENT LOGGING Very Serious C.130 Whether audit logs recording exceptions and other security relevant events are produced and kept for an agreed period to assist in future investigations and access control monitoring. REPORTING SECURITY Very WEAKNESSES Serious C.131 Whether a formal reporting procedure or guideline exists for users, to report security weakness in, or threats to, systems or services. 128 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.132 Are staff members informed in a suitable form of IT security incidents which have occurred either within the organisation or which have become public knowledge, and are they told how to avoid them? DISCIPLINARY PROCESS Very Serious C.133 Whether there is a formal disciplinary process in place for employees who have violated organisational security policies and procedures. Such a process can act as a deterrent to employees who might otherwise be inclined to disregard security procedures. EQUIPMENT SITING Very PROTECTION Serious C.134 Whether critical equipment is located in appropriate place to minimize unnecessary access into work areas. C.135 Whether the items requiring special protection were isolated to reduce the general level of protection required. C.136 Whether controls were adopted to minimize risk from potential threats such as theft, fire, explosives, smoke, water, dust, vibration, chemical effects, electrical supply interfaces, electromagnetic radiation, flood. 129 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.137 Whether there is a policy towards eating, drinking and smoking in proximity to information processing services. C.138 Whether environmental conditions, which would adversely affect the information processing facilities, are monitored. C.139 Verify that heating, ventilation and air-conditioning systems maintain constant temperatures within the data center. C.140 Verify that ground earthing exists to protect the computer systems. Ensure that power is conditioned to prevent data loss. C.141 Is the Server Room designed as a closed secure area? CABLING SECURITY Procedural C.142 Whether the power and telecommunications cable carrying data or supporting information services are protected from interception or damage. C.143 Whether there are any additional security controls in place for sensitive or critical information. SECURITY OF NETWORK Very SERVICES Serious 130 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.144 Whether the organisation, using public or private network service does ensure that a clear description of security attributes of all services used is provided. C.145 Are all Internet connections routed through a Firewall? Does a dedicated team manage the Firewall? Are the ports opened only on a "need to have" basis? C.146 Is there an Intruder Detection System (IDS) implemented? C.147 Are the application and database servers kept separated from the web server in the de-militarized zone? C.148 Is the de-militarized zone separated from the Internet cloud by means of a Firewall? C.149 If the de-militarized zone is connected to the Intranet, is it separated by a Firewall? C.150 Is the Firewall rule base treated as a sensitive information and is knowledge of the same restricted to only authorized officials in the IT / Computer operations department? 131 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.151 Is the decision to open specific firewall ports/rule base approved in accordance with IT Security Policy (IT Security Policy should list out such ports) e.g. firewalls should block unwanted ports running services such as ftp, telnet, SMTP, etc. into the de- militarized zone? CLOCK SYNCHRONISATION Procedural C.152 Whether the computer or communication device has the capability of operating a real time clock. If yes, has it been set to an agreed standard such as Universal Coordinated Time or local standard time? The correct setting of the computer clock is important to ensure the accuracy of the audit logs. UNATTENDED USER Procedural EQUIPMENT C.153 Whether the users and contractors are made aware of the security requirements and procedures for protecting unattended equipment, as well as their responsibility to implement such protection. SENSITIVE SYSTEM Procedural ISOLATION 132 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.154 Whether sensitive systems are provided with isolated computing environment such as running on a dedicated computer, sharing resources only with trusted application systems, etc. SECURITY OF ELECTRONIC Procedural EMAIL C.155 Whether there is a policy in place for the acceptable use of electronic mail or does security policy address the issues with regards to use of electronic mail. C.156 Whether there are adequate procedures, which require that all the incoming e-mail messages be scanned for virus to prevent virus infection to the network C.157 Have regulations governing file transfer and exchange of messages with external parties been established? C.158 Are there formal rules based on which e-mail addresses are assigned? C.159 Are security measures such as filtering and text search in emails implemented? C.160 Is the criterion for e-mail filtering adequate? What are the procedures for changes in filtering parameters? 133 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.161 Have controls such as anti-virus checking, isolating potentially unsafe attachments, spam control, anti relaying etc., been put in place to reduce the risks created by electronic mail? CONTROL AGAINST Serious MALICIOUS SOFTWARE C.162 Whether there exists any control against malicious software usage. C.163 Whether the security policy does address software licensing issues such as prohibiting usage of unauthorized software. C.164 Whether there exists any Procedure to verify that all warning bulletins are accurate and informative with regards to the malicious software usage. C.165 Whether Antivirus software is installed on the computers to check and isolate or remove any viruses from computer and media. C.166 Whether this software signature is updated on a regular basis to check any latest viruses. 134 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.167 Whether all the traffic originating from un-trusted network into the organisation is checked for viruses. Example: Checking for viruses on email, email attachments and on the web, FTP traffic. C.168 Are periodic runs of a virus detection program configured? C.169 Are there occasional checks as to whether updates have been performed? Have the results been documented? C.170 Use of a virus scanning program when exchanging of data media and data transmission ­ Is Anti Virus auto enabled to check CDs and floppies? C.171 Are received files and data media checked for virus infection before being imported? REMOTE DIAGNOSTIC PORT Procedural PROTECTION C.172 Whether accesses to diagnostic ports are securely controlled i.e., protected by a security mechanism. SEGREGATION IN NETWORKS Very Serious 135 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.173 Whether the network (where business partner's and/ or third parties need access to information system) is segregated using perimeter security mechanisms such as firewalls. NETWORK CONNECTION Very PROTOCOLS Serious C.174 Whether there exists any network connection control for shared networks that extend beyond the organisational boundaries. Example: electronic mail, web access, file transfers, etc., NETWORK ROUTING Procedural CONTROL C.175 Are changes to network configuration documented? C.176 Is the system administrator the only person who is able to change the configuration C.177 Is the system administrator the only person who is able to read the network log files SECURITY OF MEDIA IN Procedural TRANSIT C.178 Whether security of media while in transit has been taken into account. 136 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.179 Whether the media is well protected from unauthorised access, misuse or corruption. ELECTRONIC COMMERCE Procedural SECURITY C.180 Whether Electronic commerce is well protected and controls implemented to protect against fraudulent activity, contract dispute and disclosure or modification of information. C.181 Whether Security controls such as Authentication, Authorisation are considered in the E- Commerce environment. C.182 Whether electronic commerce arrangements between trading partners include a documented agreement, which commits both parties to the agreed terms of trading, including details of security issues. USER AUTHENTICATION FOR Procedural EXTERNAL CONNECTIONS C.183 Whether there exists any authentication mechanism for challenging external connections. Examples: Cryptography based technique, hardware tokens, software tokens, challenge/ response protocol etc., 137 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments FIRE DETECTION AND Serious PREVENTION CONTROLS C.184 Are Fire detection measures adequate such as fire alarms available? C.185 Has staff been informed of the location of hand-held fire extinguishers? C.186 Can the hand-held fire extinguishers actually be accessed in case of a fire? C.187 Is training provided for the use of hand-held fire extinguishers? C.188 Are hand-held fire extinguishers regularly inspected and maintained? C.189 Is the fire alarm system checked periodically to ensure that it is working properly? C.190 Has all the staff been informed of the steps to be taken in the event that an alarm goes off? C.191 Is there an adequate number of fire extinguishers (generally one for every 50 sqft of area)? C.192 · Is a fire suppression system in place consisting of Fire extinguishers and Sprinklers? · Are they in working order and being monitored? 138 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments Manage the configuration CONTROL OF TECHNICAL VULNERABILITIES C.193 · Whether timely information about technical vulnerabilities of information systems being used is obtained. · Whether the organization's exposure to such vulnerabilities evaluated and appropriate measures taken to mitigate the associated risk. SAFEGUARDING OF Very ORGANISATIONAL RECORDS Serious C.194 Whether important records of the organisation are protected from loss destruction and falsification. DISPOSAL OF MEDIA Very Serious C.195 Whether the media that are no longer required are disposed off securely and safely. C.196 Whether disposal of sensitive items is logged where necessary in order to maintain an audit trail. SECURE DISPOSAL OR RE- Very USE OF EQUIPMENT Serious 139 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.197 Whether storage device containing sensitive information is physically destroyed or securely over- written. INFORMATION HANDLING Procedural PROCEDURES C.198 Whether there exists a procedure for handling the storage of information. Does this procedure address issues such as information protection from unauthorised disclosure or misuse? DATA MANAGEMENT Procedural C.199 Are the persons responsible for the exchange of data media familiar with the process of physical erasure? MANAGEMENT OF Procedural REMOVABLE MEDIA C.200 · Whether procedures exist for management of removable media, such as tapes, disks, cassettes, memory cards, and reports. · Whether all procedures and authorization levels are clearly defined and documented. BUSINESS INFORMATION Procedural SYSTEMS 140 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.201 Whether policies and procedures have been developed and enforced to protect information associated with the interconnection of business information systems. Manage the physical environment PHYSICAL SECURITY Serious PERIMETER C.202 · Are physical border security facilities implemented adequate to protect the Information processing service? Some examples of such security facilities are: card control for entry gate, walls, manned reception etc.? · Are visitors required to record their entry inside the premises in a separate register? · Are details of their possessions recorded and verified at the time of their exit from the premises · Are cameras disallowed inside the premises? 141 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.203 · Does Data Center exterior Lighting, building orientation provide a secure environment? · Data Centers should be anonymous. Ensure that there is no signage or listings in directories? SECURING OFFICES, ROOMS Serious AND FACILITIES C.204 Whether the rooms, which have the Information processing service, are: · locked · have lockable cabinets · safes. C.205 Whether the Information processing service is protected from natural and man-made disaster such as raised floors, good exterior walls /or other suitable acceptable infrastructure C.206 Whether there is any potential threat from neighboring premises. C.207 Ensure that water alarm system is configured to detect water in high risk areas of the data center C.208 Ensure that burglar alarm is protecting the data center from physical intrusion. 142 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments C.209 Are there adequate controls over modems and other dial up devices for employees and visitors (data cards, etc)? C.210 Ensure that surveillance systems (CCTV) are designed and operating properly? PHYSICAL ENTRY CONTROLS Serious C.211 Are entry controls in place to allow only authorised personnel into various areas within organisation? C.212 Is there a practice of Supervising or escorting outside staff/visitors? REMOVAL OF PROPERTY Serious C.213 Whether equipment, information or software can be taken off-site without appropriate authorisation. PROTECTING AGAINST Serious EXTERNAL AND ENVIRONMENTAL THREATS C.214 Whether physical protection against damage from fire, flood, earthquake, explosion, civil unrest and other forms of natural or man-made disaster has been designed and applied. D Maintain IT Monitoring and Compliance 143 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments COMPLIANCE WITH SECURITY Serious POLICIES AND STANDARDS D.1 · Whether managers ensure that all security procedures within their area of responsibility are carried out correctly to achieve compliance with security policies and standards. · Do managers regularly review the compliance of information processing facility within their area of responsibility for compliance with appropriate security policy and procedure? ADMINISTRATOR AND Serious OPERATOR LOGS D.2 · Whether system administrator and system operator activities are logged. · Whether the logged activities are reviewed on regular basis. TECHNICAL COMPLIANCE Serious CHECKING 144 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments D.3 · Whether information systems are regularly checked for compliance with security implementation standards. · Whether the technical compliance check is carried out by, or under the supervision of, competent, authorized personnel. INFORMATION SYSTEMS Serious AUDIT CONTROLS D.4 · Whether audit requirements and activities involving checks on operational systems have been carefully planned and agreed to minimise the risk of disruptions to business process. · Whether the audit requirements, scope are agreed with appropriate management. Application and logical access Very controls Serious Name of the application used for investment operations: 145 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments D.5 Obtain a list of valid user IDs at the location and, · Reconcile Active users to those present in the location as per attendance roles · Validate User Work Class with the designation of the users at the location · Verify if concurrent auditors have been provided with only view access · Check for user with maximum inactive time greater than 10 minutes · Check for user with password expiry date greater than 40 days from the current day. · For user ID disabled, check whether these have been done immediately after their names have been removed from the attendance register. In case any delays are noticed from the time of removal from attendance register to the actual date of disabling the user Id report the same. Are there any discrepancies in the above? 146 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments D.6 Are Access privileges defined for each user as per the designation? D.7 Whether the User Ids of employees who have been transferred, or have retired/ resigned are deleted from application. D.8 · Whether the application logs out the user after 5 minutes of inactivity. · Whether the system forces the user to change the initial password given by system manager. · Users acknowledge receipt of the password on the register maintained for the purpose D.9 Whether the user log-off the application whenever they leave the work place for break. D.10 · Check that all user accounts are identifiable to a user and generic user- ids, which cannot be attributed to any individual, are not allowed. · Check that all default vendor accounts shipped with the application have been disabled. 147 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments D.11 Is the user ID temporarily suspended when the staff members are out on training/outstation assignment and the user ID will remain inactive for certain days? D.12 Whether an undertaking for maintaining secrecy and confidentiality of password has been obtained from every user and preserved. D.13 Whether super user passwords are changed immediately after those are used by support persons for rectification of problems and this usage is documented. D.14 Whether every user has only one identifiable user ID and not more than one user id has been given to any user. D.15 Whether Super user passwords (for applications hosted at the location) are confined to systems manager only and the same are kept with the location in charge in a sealed cover. 148 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments D.16 Password Security:- · Whether the users change their password periodically. · Does the application force the user to set an alpha numeric password/ · Is the minimum length of the password set to 8 characters? · Whether password entry is disabled after three unsuccessful log-on attempts? · Whether the system forces the users to change their password after 40 days from the date of last creation / modification. · Whether password history is maintained by the application. From Transaction records, day end reports or audit trails, perform a sample check to verify if user ID has been used on any day when the user is on leave. ENFORCED PATH Procedural D.17 Whether there is any control that restricts the route between the user terminal and the designated computer services the user is authorised to access, for example, enforced path to reduce the risk. 149 Technical Guide S. No Audit Objective Auditor's Risk Observation Category Y N Comments NODE AUTHENTICATION Procedural D.18 Whether connections to remote computer systems that are outside organisations security management are authenticated. Node authentication can serve as an alternate means of authenticating groups of remote users where they are connected to a secure, shared computer facility. NETWORK TESTS Serious D.19 Is it ensured that products/services that use the Internet for connectivity or communications have undergone a successful penetration test prior to production implementation? D.20 Is there a penetration test process that ensures that modifications to the product/service that uses the Internet for connectivity or communication have been reviewed to determine whether a subsequent penetration test is warranted? D.21 Is there an intrusion detection system in place for all the external IP connections? ON-LINE TRANSACTIONS Serious 150 Review of Information Technology (IT) Systems and Processes... S. No Audit Objective Auditor's Risk Observation Category Y N Comments D.22 Whether information involved in online transactions is protected to prevent incomplete transmission, mis-routing, unauthorized message alteration, unauthorized disclosure, unauthorized message duplication or replay. 151 Annexure D APPLICATION CONTROLS CHECKLIST Application Controls Checklist IRDA Regulations S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation 1 Functional ­ The Investment Overall System should have separate modules for Front, Mid and Back Office with separate login 2 Segregation (1) In the case of a of Life Insurer, (SFIN In Shareholders the case of ULIP) each & individual fund, both Policyholders falling under ' funds Shareholder / Policyholders', under any class of business, has `scrip' level investments (except in the case of General Insurance Companies) to comply with the provisions of Section 11(1B) of Insurance Act, 1938 (2) Furthermore the Shareholders funds beyond Solvency Margin, to which the pattern of Investment will not apply, shall have a separate custody account with Please check the parameterisation and configuration of the application related to these. Screen shots may be taken as evidence. Any non compliance is treated as "Very Serious". 153 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation identified scrip for both Life and General Insurance Companies. 3 To ensure Business continuity, the Insurer should have a clear Off-site Backup of Data in a City falling under a different Seismic Zone, either on his own or through a Service Provider. Further, the Insurer / service provider (if outsourced) is required to have the necessary infrastructure for Mission. Critical Systems to address at least the following: 1. Calculation of daily NAV (Fund wise) 2. Redemption processing 4 System based checks should be in place for investments in an Investee Company, Group, Promoter Group and Industry Sector. The system should signal when the Internal / Regulatory 154 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation limits are nearly reached PRIOR to taking such exposure and making actual investment. 5 Functional ­ Transfer of data from Overall Front Office to Back Office should be electronic without Manual intervention (Real time basis) i.e., without re-entering data at Back Office. 6 Functional ­ All Investment Overall Systems to be seamlessly integrated without manual intervention. 7 The Insurer may have multiple Data Entry Systems, but all such Systems should be seamlessly integrated without manual intervention. 8 Functional - Audit trail to be Overall available for all data entry points including at the Checker / Authorizer level 9 Functional - Maker Checker Overall process to be enforced 10 Functional - System based checks Overall to be in place for 155 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation investments as per Internal / Regulatory limits PRIOR to taking such exposure and making actual investment. 11 Inter-Fund transfer capability 12 Inter-Fund transfer capability - Non Switching between Traditional and Unit Linked Funds 13 Functional - The system to be Overall capable of computing various portfolio returns 14 The System should handle Inter Fund transfer as per Circular IRDA-FA-02-10-2003- 04. The Investment Committee may fix the Cut Off time as per Market practice, for such transfer within the fund. (The inter fund transfer should be like any other Market deal and the same needs to be carried out with in the Market hours only) 156 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation 15 Functional - System to perform Overall regular limits monitoring and Exception Reporting. Also reporting on movement of prices. 16 Functional - Cash Management Overall System should provide the funds available for Investment considering the settlement obligations and subscription and redemption of units 17 Functional - The System to be Overall validated not to accept any commitment beyond availability of funds. 18 Functional - The System to be Overall validated to restrict Short Sales at the time of placing the order 19 Functional - The Investment Overall System to capture Instrument Ratings to enable it to automatically generate FORM 2 (Statement of Downgraded Investments) through the System. 20 Functional - The Investment Overall System to capture 157 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation Instrument Ratings to enable it to automatically generate FORM 2 (Statement of Downgraded Investments) through the System. 21 Functional - The System to have Overall the ability to track changes in ratings over a period & generate appropriate alerts, along with ability to classify investment between Approved and Other Investments 22 Functional - Track of movement of Overall Securities between Approved and Other Investments Status, as a part of Audit trail, at individual security level 23 Functional - The System should Overall have key limits preset for ensuring compliance with all Regulatory requirements and should be supported by workflow through the System, (Real time basis) for such approval, if Regulatory 158 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation limit is close to be breached 24 Functional - The System to have Overall capability of generating Exception reports for Audit by Internal / Concurrent Auditor The System should have capability of generating Exception reports for Audit by Internal / Concurrent Auditor 25 Functional - System to Overall automatically track and report all internal limits breaches. All such breaches should be audited by Internal / Concurrent Auditor. 26 Functional - The system to be Overall validated in such a way, that the Deal can only be rejected by the Back Office & NOT edited 27 The System to be capable of computing NAV 28 The System should be capable of computing NAV and compare it with the NAV computed by the Service provider, if 159 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation outsourced. 29 The Insurer should maintain NAV history (Fund wise) in his Public Domain from the Start of the Fund to Current Date. 30 Functional - Method of computing Overall NAV should be in line with IRDA regulations 31 Methodology Every Purchase, Sale of Operating of Investment, Income Segregated on Investment Fund' (including Corporate Action) shall be identified with reference to the particular `Segregated Fund' and accounted for. 32 Methodology Every `Deal Slip' shall of Operating be identified with Segregated reference to the Fund' `segregated fund' along with `Segregated Fund Identification Number "SFIN" for such Segregated Fund and the respective `sub-code' of Custody and the respective Bank Account. 33 Units Unit Report shall be Creation / reconciled with the Investment Accounting 160 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation Redemption System's Creation / Redemption Report, after booking of unit capital entries 34 Units Units created on a Creation / `day-to-day' basis Redemption (including switches), shall be backed by `segregated fund wise' Investment assets. In other words, the value / amount for which Units are created for the particular day (at the prevailing NAV, at the opening of the day, of the respective fund), should be equivalent to the premium receipt (net of switches) less applicable charges and other outflows such as benefits paid, surrenders and foreclosures in excluding applicable charges of the `respective segregated fund'. 35 Security 1. Equity Investments Master Based on the inputs Creation from treasury: the investment back-office shall create Security Masters in the system (linked via NSE/BSE 161 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation codes) and the same shall be validated by the Mid-Office. The procedure includes documentation of supporting and supervisory sign off. 36 Security 2. Debt Investments: Master Security masters for Creation debt Instruments are prepared on the basis of Information memorandum in case of primary and secondary market deals by the Back Office. The procedure includes documentation of supporting and supervisory sign off. 37 Primary 1. Booking of Primary Market Deals Market Deals:Debt / IPO Primary Market Deals shall be booked on the date of application, and on the date of allotment the Securities will be reflected in the Investment Accounts 38 Primary 2. Booking of Equity Market Deals IPO: / IPO Equity Investments shall be accounted on 162 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation the date of application for IPO Issue as `Application Money' and on the date of allotment the allotted Shares shall be reflected in the Investment accounts. 39 Secondary 1. Debt DealsAll Debt Market Debt / securities as Equity Deal categorised in Authorization IRDA/GLN/001/2003- 04 ­ Categories of Investments, as amended from time to time, shall be executed with counterparties and reported on NSE / BSE / FIMMDA reporting platform and the same shall be confirmed with counterparties. The deals shall be authorised in the investment system and the trade files / information shall be sent to custodian / other online settlement systems as recognised by any financial regulator for settlement. 40 Secondary 2. Equity Deals - STP Market Debt / (Straight Through 163 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation Equity Deal Process) Authorization Reconciliation: All Secondary Market equity deals shall be put through the STP module in the investment system. The dealer shall put though the deal in the investment system after concluding the transaction. The deal would then flow to the back office which would be compared with the input details and the STP file received from broker. If all details match, the transaction would be authorised in the system for settlement. 41 Secondary 2. Equity Deals - STP Market Debt / (Straight Through Equity Deal Process) Authorization Reconciliation Custodian /Broker settlement: After STP reconciliation the equity trade files ISO files shall be sent to custodian and broker houses through STP. 42 Secondary All deals shall be Market Debt / recorded on trade date 164 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation Equity Deal accounting basis. Authorization 43 Settlement 1. Equity (Sale) - (as Process per Exchange Compliance Norms, Currently T+2): Bank settlement (trade receivables) entries shall be passed for trades settling on current day. 44 Settlement 2. Equity (Purchase) - Process (as per Exchange Compliance Norms, Currently T+1): Bank settlement (trade payables) entries shall be passed for trades settling on current day. It may also be settled on T+2 basis, if the company had deposited margin money with the exchanges as required for equity settlement. 45 Settlement 3. Debt (purchase/ Process Sale) - (as per Exchange Compliance Norms, Currently T+1): Bank settlement (trade payables/receivables) entries shall be passed for trades settling on current day. Corporate 165 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation Debt deals dealt on T+0 basis shall be settled on T+0 basis. 46 Settlement 4. Money market Process transactions & Non- SLR - (as per Exchange Compliance Norms, Currently T+1): Bank settlement (trade payables/receivables) entries shall be passed for trades settling on current day. Money market transactions excluding treasury bills could also be dealt and settled on T+O basis. 47 Settlement 5. Reverse Repo Process withdrawal: Reverse Repo maturities shall be posted in bank accounts 48 Settlement 6. Brokerage Process Payments: Brokerage Payment shall be settled in Bank 49 Corporate 2. Debt: The insurer Action shall configure their Investment System for details of interest receivable and 166 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation redemption dates. Further, details of interest receivable and redemption can also be obtained from the custodian / other online settlement systems as recognised by any financial regulator. 50 Valuation Valuation of securities Process shall be in line with the INV/CIR/020/2008-09 ­ Point. G ­ Statement of Investment Reconciliation - Annexure 2. 51 Valuation The Insurer shall close Process the Investment Front Office system for transactions at 5.30 PM. The Concurrent Auditor shall confirm the compliance of this requirement in their quarterly report to the Board of Directors . 52 Charges - Fund Management Fund Charges (FMC) Management including service tax Charges shall be `accounted' for on a day-to-day basis in the investment accounting system. The actual transfer of 167 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation accumulated FMC shall be done at the end of the month. 53 Charges - Dealing costs including Dealing brokerage, securities costs transaction tax and service tax shall be adjusted in the cost of investments. 54 NAV The NAV of the Computation Segregated FUND shall be computed as Market Value of investment held by the fund + Value of Current Assets ­ Value of Current Liabilities & Provisions, if any DIVIDED BY Number of Units existing on Valuation Date 55 NAV Number of units Computation derived from the investment accounting system shall be reconciled on a day to day basis with the policy admin system 56 `NAV' error ­ All expenses and Computation incomes accrued up to & the Valuation date Compensation shall be considered for computation of NAV. For this purpose, while major expenses like 168 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation management fees and other periodic expenses should be accrued on a day to day basis, other minor expenses and income can be accrued on a weekly basis, provided the non-accrual does not affect the NAV calculations by more than 1%. 57 Functional - System to have Overall capability to upload Corporate Actions such as Stock Splits, Dividend, Rights Issue, Buy Back, Bonus issues etc., for computation of NAV / Portfolio valuation 58 Functional - Ability to have Overall Segregation of Shareholders & Policyholders' funds 59 Ability to maintain Fund wise 60 Functional - The Systems to have Overall the capability of providing alerts on transaction to transaction basis, its "current" level of exposure BEFORE taking further 169 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation exposure. 61 Functional - Investment valuation Overall methodology as per IRDA circular for different asset categories 62 Functional - Investment Category Overall Handling for different categories 63 Functional - NAV Error handling Overall 64 Functional - IRDA forms to be Overall directly generated from the system 65 Functional - Capability to compute Overall Yield on investment for quarter / yearly basis 66 Functional - NPA computation and Overall classification 67 Security Access to information Issues - system should be only Application via a secure log-on security process. controls 68 ULIP `Deal Slip' to be Business identified with reference to the `segregated fund' along with `Segregated Fund Identification Number "SFIN" for such Segregated Fund(s) and the respective `sub-code' 170 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation of Custodian and the respective Bank Account 69 ULIP Every Purchase, Sale Business of Investment, Income on Investment (including Corporate Action) shall be identified with reference to the particular `Segregated Fund' 70 ULIP Daily Report of Business `Subscription & Redemptions' received from the Policy Admin System (PAS) to be uploaded [without manual intervention through process integration] in the Investment Accounting System 71 ULIP Units created on a Business 'day-to-day' basis (including switches), shall be backed by 'segregated fund wise' Investment assets. In other words, the value / amount for which Units are created for the particular day (at the prevailing NAV, applicable for the day, 171 Technical Guide S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation of the respective fund), should be equivalent to the premium receipt (net of switches) less applicable charges and other outflows such as benefits paid, surrenders and foreclosures in excluding applicable charges of the 'respective segregated fund'. 72 ULIP All Debt securities as Business categorized shall be executed with counterparties and reported on NSE / BSE / FIMMDA reporting platform and the same shall be confirmed with counterparties. The deals to be authorized in the investment system and the trade files / information shall be sent to custodian / other online settlement systems as recognized by any financial regulator for settlement 73 ULIP All Secondary Market Business equity deals shall be put through the STP 172 Application Controls Checklist S. Area or Sub IRDA Requirement Auditor's Observation No. Area (Extracted from its Yes- No Comments Circulars) (refer Complies columns 2 and 3) with the regulation module in the investment system. 74 All Equity deals should be through STP gateway for all broker transactions. 75 ULIP The insurer to Business configure their Investment System for details of interest receivable and redemption dates. 76 ULIP Accounting of coupon Business payments, redemption/maturities for debt investments shall be automatically triggered by the system, based on the interest payment dates and maturity dates defined in the security masters created for 'each' security. 77 ULIP Investment Front Business Office system should close for transactions at 6.00 PM. 78 ULIP The Investment Trial Business Balance, in respect of each `Segregated Fund' with clear link to SFI + is generated through the system. 173 APPENDICES Appendix `A' INSURANCE REGULATORY AND DEVELOPMENT AUTHORITY NOTIFICATION Hyderabad, the 16th February, 2013 Insurance Regulatory and Development Authority (Investment) (Fifth Amendment) Regulations, 2013 F. No. IRDA/Reg./16/74/2013­ In exercise of the powers conferred by Sections 27A, 27B, 27D and 114A of the Insurance Act, 1938 (4 of 1938), the Authority, in consultation with the Insurance Advisory Committee, hereby makes the following regulations to further amend the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, notified on 16th August, 2000 in the Gazette of India and amended on 31st May 2001 in the Gazette of India, further amended on 2nd April, 2002 in the Gazette of India and further amended on 5th January 2004 and further amended on 31st Jul, 2008 and further amended on 8th Feb, 2013 namely:- 1. Short title and commencement: 1. (1) These regulations may be called the Insurance Regulatory and Development Authority (Investment) (Fifth Amendment) Regulations, 2013 (2) They shall come into force on the date of their publication in the Official Gazette 2. Amendment to Regulation 2: Regulation 2 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000 shall be substituted with the following:- "Definitions 2. In these regulations, unless the context otherwise requires,-- (a) "Act" means the Insurance Act, 1938 (4 of 1938) (b) "Accretion of funds" means investment income, gains on sale/redemption of existing investment and operating surplus Technical Guide (c) "Accounting Standard" (AS) means: Accounting Standard as recommended by the Institute of Chartered Accountants of India and notified by the Central Government under the Companies Act, 1956 or any successor enactment thereunder (d) "Authority" means the Insurance Regulatory and Development Authority established under sub-section (1) of section 3 of the Insurance Regulatory and Development Authority Act, 1999 (41 of 1999) (e) "Financial Derivatives" means a derivative as defined under clause (aa) of section 2 of the Securities Contracts (Regulation) Act, 1956, and includes a contract which derives its value from interest rates of underlying debt securities and such other derivative contracts as may be stipulated by the Authority, from time to time (f) "Group" means: two or more individuals, association of individuals, firms, trusts, trustees or bodies corporate, or any combination thereof, which exercises, or is established to be in a position to exercise, significant influence and / or control, use of common brand names, directly or indirectly, over any associate as defined in AS 23, body corporate, firm or trust, or (ii) Associated persons, as may be stipulated by the Authority, from time to time, by issuance of guidelines under these regulations. (g) "Investment Assets" mean all investments made out of: (1) in the case of a Life Insurer (a) shareholders' funds representing solvency margin, non- unit reserves of unit linked insurance business, participating and non-participating funds of policyholders at their carrying value (b) policyholders' funds of Pension, Annuity business and Group business at their carrying value (c) policyholders' unit reserves of unit linked insurance business at their market value as per guidelines issued under these regulations, from time to time (2) in the case of a General Insurer (a) shareholders' funds representing solvency margin and policyholders funds at their carrying value 178 Appendix `A' as shown in its balance sheet drawn as per the Insurance Regulatory and Development Authority (Preparation of Financial Statements and Auditors' Report of Insurance Companies) Regulations, 2000, but excluding items under the head `Miscellaneous Expenditure' (h) Money Market Instruments Money Market Instruments shall comprise of Short term funds with maturity not more than one year comprising of the following instruments: 1. Certificate of deposit rated by a credit rating agency registered under SEBI (Credit Rating Agencies) Regulations, 1999 2. Commercial paper rated by a credit rating agency registered under SEBI (Credit Rating Agencies) Regulations, 1999 3. Repos, Reverse Repo 4. Treasury Bills 5. Call, Notice, Term Money 6. CBLO as per Schedules I and II of these Regulations. 7. Any other instrument as may be prescribed by the Authority (i) "Promoter" means a promoter as defined under Regulation 2 (m) of IRDA (Issuance of Capital by Life Insurance Companies) Regulations, 2011 (j) "Principal Officer" means any person connected with the management of an insurer or any other person upon whom the Authority has served notice of its intention of treating him as the principal officer thereof. (k) All words and expressions used herein and not defined but defined in the Insurance Act, 1938 (4 of 1938), or in the Insurance Regulatory and Development Act, 1999 (41 of 1999), or in any Rules or Regulations made thereunder, shall have the meanings respectively assigned to them in those Acts or Rules or Regulations" 3. Amendment of Regulation 3: Regulation 3 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000 shall be substituted with the following:- 179 Technical Guide "Regulation of Investments 3. A life insurer, for the purpose of these Regulations, shall invest and at all times keep invested, the Investment Assets forming part of the Controlled Fund as defined in Section 27A of the Act as under: (a) all funds of Life insurance business and One Year Renewable pure Group Term Assurance Business (OYRGTA), and non-unit reserves of all categories of Unit linked life insurance business, as per Regulation 4 (b) all funds of Pension, Annuity and Group Business [as defined under Regulation 2 (d) of IRDA (Actuarial Report and Abstract) Regulations, 2000] as per Regulation 5; and (c) the unit reserves portion of all categories of Unit linked funds, as per Regulation 6" 4. Insert New Regulation 4: Insert the following New Regulation 4 to the Insurance Regulatory and Development Authority (Investment) Regulations, 2000:- "4. Without prejudice to Sections 27 or 27A of the Act, every insurer carrying on the business of Life Insurance, shall invest and at all times keep invested his Investment Assets as defined in Regulation 3 (a) (other than funds relating to Pension & General Annuity and Group Business and unit reserves of all categories of Unit Linked Business) in the following manner: No Type of Investment Percentage to funds as under Regulation 3(a) (i) Central Government Securities Not less than 25% (ii) Central Government Securities, State Not less than Government Securities or Other Approved 50% (incl (i) Securities above) (iii) Approved Investments as specified in Section Not exceeding 27A of the Act and Other Investments as 50% specified in Section 27A(2) of the Act and Schedule I to these Regulations, (all taken together) subject to Exposure / Prudential Norms as specified in Regulation 9: 180 Appendix `A' No Type of Investment Percentage to funds as under Regulation 3(a) (iv) Other Investments as specified under Section Not exceeding 27A (2) of the Act, subject to Exposure / 15% Prudential Norms as specified in Regulation 9: (v) Investment in housing and infrastructure by way of subscription or purchase of: A. Investment in Housing Total Investment (a) Bonds / debentures of HUDCO and National in housing and Housing Bank infrastructure (b) Bonds / debentures of Housing Finance (i.e.,) investment Companies either duly accredited by in categories (i), National Housing Banks, for house building (ii), (iii) and (iv) activities, or duly guaranteed by above taken Government or carrying current rating of not together shall not less than `AA' by a credit rating agency be less than 15% registered under SEBI (Credit Rating of the fund under Agencies) Regulations, 1999 Regulation 3(a) (c) Asset Backed Securities with underlying housing loans, satisfying the norms specified in the guidelines issued under these regulations from time to time. B. Investment in Infrastructure (Explanation: Subscription or purchase of Bonds / Debentures, Equity and Asset Backed Securities with underlying infrastructure assets would qualify for the purpose of this requirement. `Infrastructure facility' shall have the meaning as given in clause (h) of regulation 2 of Insurance Regulatory and Development Authority (Registration of Indian Insurance Companies) Amendment Regulations, 2008 as amended from time to time Note: Investments made under category (i) and (ii) above may be considered as investment in housing and infrastructure, 181 Technical Guide No Type of Investment Percentage to funds as under Regulation 3(a) provided the respective government issues such a security specifically to meet the needs of any of the sectors specified as `infrastructure facility' 5. Insert New Regulation 5: Insert the following New Regulation 5 to the Insurance Regulatory and Development Authority (Investment) Regulations, 2000:- "5. Without prejudice to Sections 27 or 27A of the Act, every insurer carrying on Pension, Annuity and Group Business [as defined under Regulation 2 (d) of IRDA (Actuarial Report and Abstract) Regulations, 2000] shall invest and at all times keep invested his Investment Assets of Pension, Annuity and Group business in the following manner: No Type of Investment Percentage to funds under Regulation 3(b) (i) Central Government Securities Not less than 20% (ii) Central Government Securities, State Government Not less than 40% Securities or Other Approved Securities (incl (i) above) (iii)Balance to be invested in Approved Investments, Not exceeding as specified in Schedule I, subject to Exposure / 60% Prudential norms as specified in Regulation 9. Note: For the purposes of this regulation no investment falling under `Other Investments' as specified under 27A (2) of the Act shall be made" 6. Insert New Regulation 6: Insert the following New Regulation 6 to the Insurance Regulatory and Development Authority (Investment) Regulations, 2000:- "6. Unit Linked Insurance Business: - Every insurer shall invest and at all times keep invested his segregated fund(s) under Regulation 3(c) (with underlying securities at custodian level) of Unit linked business as per pattern of investment offered to and approved by the policy-holders where the units are linked to categories of assets which are both marketable and 182 Appendix `A' easily realizable. However the investment in Approved Investments shall not be less than 75% of such fund(s) in each such segregated fund" 7. Amendment to Regulation 4: Regulation 4 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- "Regulation of Investments 7. General Insurance Business ­ without prejudice section 27B of the Act, every General insurer (including Health insurer) shall invest and at all times keep invested his investment assets in the manner set out below: No Type of Investment Percentage of Investment Assets (i) Central Government Securities Not less than 20% (ii) Central Government Securities, State Government Not less than Securities or Other Approved Securities 30% (incl (i) above) (iii) Approved Investments as specified in Section 27B Not exceeding of the Act and Other Investment as specified in 70% Section 27B(3) of the Act and Schedule II to these Regulations, (all taken together) subject to Exposure / Prudential Norms as specified in Regulation 9: (iv) Other investments as specified under Section 27B Not more than (3) of the Act, subject to Exposure / Prudential 25% Norms as specified in Regulation 9: (v) Housing and loans to State Government for Total Investment Housing and Fire Fighting equipment, by way of in housing (i.e.,) subscription or purchase of: investment in A. Investments in Housing categories (i), (ii), (a) Bonds / Debentures issued by HUDCO, (iii) and (iv) National Housing Bank above taken (b) Bonds / debentures of Housing Finance together shall not Companies either duly accredited by National be less than 5% 183 Technical Guide No Type of Investment Percentage of Investment Assets Housing Banks, for house building activities, of the Investment or duly guaranteed by Government or carrying Assets. current rating of not less than `AA' by a credit rating agency registered under SEBI (Credit Rating Agencies) Regulations, 1999 (c) Asset Backed Securities with underlying Housing loans, satisfying the norms specified in the Guidelines issued under these regulations from time to time. B. Investment in Infrastructure Total Investment (Explanation: Subscription or purchase of Bonds/ in Infrastructure Debentures, Equity and Asset Backed Securities (i.e.,) investment with underlying infrastructure assets would qualify in categories (i), for the purpose of this requirement. (ii), (iii) and (iv) `Infrastructure facility' shall have the meaning as above taken given in clause (h) of regulation 2 of Insurance together shall not Regulatory and Development Authority be less than 10% (Registration of Indian Insurance Companies) of the Investment (Amendment) Regulations, 2008 as amended from Assets. time to time. Note: Investments made under category (i) and (ii) above may be considered as investment in housing or infrastructure, as the case may be, provided the respective government issues such a security specifically to meet the needs of any of the sectors specified as `infrastructure facility' 8. Insert New Regulation 8: Insert the following New Regulation 8 to the Insurance Regulatory and Development Authority (Investment) Regulations, 2000:- 184 Appendix `A' 8. Reinsurance Business ­ Every re-insurer carrying on re-insurance business in India shall invest and at all times keep invested his investment assets in the same manner as set out in Regulation 7 9. Amendment of Note appended at the end of Regulation 4: Note appended at the end of Regulation 4 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- "Note ­ For the purpose of Regulations 3 to 8: 1. All investment in assets or instruments, which are capable of being rated as per market practice, shall be made on the basis of credit rating of such assets or instruments. No approved investment shall be made in instruments, if such instruments are capable of being rated, but are not rated. 2. The rating should be done by a credit rating agency registered under SEBI (Credit Rating Agencies) Regulations, 199. 3. Corporate bonds or debentures rated not less than AA or its equivalent and P1 or equivalent ratings for short term bonds, debentures, certificate of deposit and commercial paper, by a credit rating agency, registered under SEBI (Credit Rating Agencies) Regulations, 1999 would be considered as `Approved Investments'. 4. The rating of a debt instrument issued by All India Financial Institutions recognized as such by RBI shall be of `AA' or equivalent rating. In case investments of this grade are not available to meet the requirements of the investing insurance company, and Investment Committee of the investing insurance company is fully satisfied about the same, then, for the reasons to be recorded in the Investment Committee's minutes, the Investment Committee may approve investments in instruments carrying current rating of not less than `A+' or equivalent as rated by a credit rating agency, registered under SEBI (Credit Rating Agencies) Regulations, 1999, would be considered as `Approved Investments'. 5. Approved Investments under regulations 4, 5, 6, 7 and 8 which are downgraded below the minimum rating prescribed should be automatically re-classified under `Other Investments' category for the purpose of pattern of investment. 185 Technical Guide 6. Investments in equity shares listed on a registered stock exchange should be made in actively traded and liquid instruments viz., equity shares other than those defined as thinly traded as per SEBI Regulations and guidelines governing mutual funds issued by SEBI from time to time. 7 (a) Not less than 75% of investment in debt instruments (including Central Government Securities, State Government Securities or Other Approved Securities) in the case life insurer and not less than 65% of investment in debt instruments (including Central Government Securities, State Government Securities or Other Approved Securities) in the case of general insurer - shall be in sovereign debt, AAA or equivalent rating for long term and sovereign debt, P1+ or equivalent for short term instruments. This shall apply at segregated fund(s) in case of Unit linked business. (b) Not more than 5% of funds under Regulation 3 (a) and Regulation 3 (c) in debt instruments (including Central Government Securities, State Government Securities or Other Approved Securities) in the case of life insurer and not more than 8% of investment in debt instruments (including Central Government Securities, State Government Securities or Other Approved Securities) in the case of general insurer ­ shall have a rating of A or below or equivalent rating for long term. (c) No investment can be made in other investments out of funds under Regulation 3 (b). (d) Investments in debt instruments rated AA - (AA minus) or below shall form part of Other Investments. 8 Notwithstanding the above, it is emphasized that rating should not replace appropriate risk analysis and management on the part of the Insurer. The Insurer should conduct risk analysis commensurate with the complexity of the product(s) and the materiality of their holding, or could also refrain from such investments. 10. Amendment of Regulation 5: Regulation 5 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- 186 Appendix `A' 9. Exposure / Prudential Norms Without prejudice to anything contained in Sections 27A and 27B of the Act every insurer shall limit his investment as per the following exposure norms: A. Exposure norms for investment assets of: 1. (a) all funds of Life insurance business and One Year Renewable pure Group Term Assurance Business (OYRGTA), and non-unit reserves of all categories of Unit linked life insurance business. (b) all funds of Pension, Annuity and Group Business [as defined under Regulation 2 (d) of IRDA (Actuarial Report and Abstract) Regulations, 2000]. (c) the unit reserves portion of all categories of Unit linked funds, as per Regulation 6" Life, Pension, Annuity and Group business and each segregated fund within Unit Linked Insurance business (except for promoter group exposure). 2. General Insurance business, 3. Re-insurance Business for both Approved Investments as per the Act, Schedule I and Schedule II of these Regulations, and Other Investments as permitted under 27A(2) and 27B(3) of the Act shall be as under. B. The maximum exposure limit for a single `investee' company (equity, debt and other investments taken together) from all investment assets under point (A.1.a, A.1.b, A.1.c all taken together), (A.2) and (A.3) mentioned above, shall not exceed the lower of the following; (i) an amount of 10% of investment assets as under Regulation 2 (g) (1), Regulation 2 (g) (2) (ii) an aggregate of amount calculated under point (a) and (b) of the following table 187 Technical Guide Type of Limit for Limit for the Limit for Industry Investment `Investee' entire Group Sector to which Company of the Investee Investee Company (1) (2) Company belongs (3) (4) a. Investment in 10% * of Not more than Investment by the `Equity', Outstanding 15% of the insurer in any Preference Equity Shares amount under industrial sector Shares, (Face Value) point A.1.(a) or should not exceed Convertible or A.1.(b) or 15% of the amount Debentures 10% of the A.1.(c) or A.2 under point A.1.(a) amount under or A.3 or 15% or A.1.(b) or point A.1.(a) or of investment A.1.(c) or A.2 or A.1.(b) or Assets in all A.3 or or 15% of A.1.(c) above companies investment Asset, considered belonging to whichever is lower separately in the group, the case of Life whichever isNote: Industrial insurers / lower Sector shall be amount under classified in the A.2 or A.3 in Exposure to lines of National the case of Investments Industrial General Insurer made in Classification (All / Re-insurer companies Economic belonging to Activities) - 2008 whichever is Promoter [NIC] for all lower Group shall be sectors, except b. Investment in 10% * of the made as per infrastructure Debt / Loans Paid-up Share Point 7 under sector. Exposure and any other capital, Free notes to shall be calculated permitted reserves Regulation 9 at Division level Investments as (excluding from A to R. For per Act / revaluation Financial and Regulation reserve) and Insurance other than item Debentures / Activities sector `a' above. Bonds of the exposure shall be 188 Appendix `A' Type of Limit for Limit for the Limit for Industry Investment `Investee' entire Group Sector to which Company of the Investee Investee Company (1) (2) Company belongs (3) (4) `Investee' at Section level. company or Exposure to 10% amount `infrastructure' under point investments are A.1.(a) or subject to Note: 1, A.1.(b) or 2, 3 and 4 A.1.(c) above mentioned below considered separately in the case of Life insurers. An amount under A.2 or A.3 in the case of General Insurer / Re-insurer whichever is lower. * In the case of insurers having investment assets within the meaning of Regulation 2 (g) (1) and Regulation 2 (g) (2) of the under mentioned size, the (*) marked limit in the above table for investment in equity, preference shares, convertible debentures, debt, loans or any other permitted investment under the Act / Regulations, shall stand substituted as under: Investment assets Limit for `investee' company Equity Debt Rs 250000 Crores or 15% of outstanding 15% of paid up share more equity shares (face capital, free reserves value) (excluding revaluation reserve) & debentures / 189 Technical Guide Investment assets Limit for `investee' company Equity Debt bonds Rs. 50000 Crores 12% of outstanding 12% of paid up share but less than Rs. equity shares (face capital, free reserves 250000 Crores value) (excluding revaluation reserve) & debentures / bonds Less than Rs. 50000 10% of outstanding 10% of paid up share Crores equity shares (face capital, free reserves value) (excluding revaluation reserve) & debentures / bonds Note: 1 Industry sector norms shall not apply for investments made in `Infrastructure facility' sector as defined under Regulation 2(h) of IRDA (Registration of Indian Insurance Companies) Regulations, 2000 as amended from time to time. NIC classification shall not apply to investments made in `Infrastructure facility' 2 Investments in Infrastructure Debt Fund (IDF), backed by Central Government as approved by the Authority, on a case to case basis shall be reckoned for investments in Infrastructure. 3 Exposure to a public limited `Infrastructure investee company' will be 20% of outstanding equity shares (face value) in case of equity (or) 20% of equity plus free reserves (excluding revaluation reserve) plus debentures / bonds taken together, in the case of debt (or) amount under Regulation 9 (B) (i), whichever is lower. The 20% mentioned above, can be further increased by an additional 5%, in case of debt instruments alone, with the prior approval of Board of Directors. The outstanding tenure of debt instruments, beyond the exposure prescribed in the above table, in an infrastructure Investee Company, should not be less than 5 years at the time of investment. In case of Equity investment, dividend track record as per Sec 27A (I) (I) and 27B (I) (h) of the Act, in the case of primary issuance of a wholly owned subsidiary of a Corporate / PSU shall apply to the holding 190 Appendix `A' company. However all investments made in an `infrastructure investee company' shall be subject to group / promoter group exposure norms. 4 An insurer can, at the time of investing, subject to group / promoter group exposure norms, invest a maximum of 20% of the project cost (as decided by a competent body) of an Public Limited Special Purpose Vehicle (SPV) engaged in infrastructure sector (or) amount under Regulation 9 (B) (i), whichever is lower, as a part of Approved Investments provided: a. such investment is in Debt b. the parent company guarantees the entire debt extended and the interest payment of SPV c. the principal or interest, if in default and if not paid within 90 days of the due date, such debt shall be classified under other investments. d. the latest instrument of the parent company (ies) has (have) rating of not less than AA e. such guarantee of the parent company (ies) should not exceed 20% of net worth of parent company (ies) including the existing guarantees, if any, given f. the net worth of the parent company (ies), if unlisted, shall not be less than Rs. 500 crores or where the parent company (ies) is listed on stock exchanges having nationwide terminals, the net worth shall not be less than Rs. 250 Crores Investment Committee should continuously evaluate the risk of such investments and take necessary corrective actions where the parent company (ies) is floating more than one SPV 5 Investment in securitized assets [Mortgaged Backed Securities (MBS) / Asset Backed Securities (ABS) / Security Receipts (SR) both under approved and other investment category shall not exceed 10% of Investment Assets in case of Life companies and 5% of Investment Asset in the case of Non-life companies. Approved Investment in MBS / ABS with underlying Housing or Infrastructure Assets shall not exceed 10% of investment assets in the case of life companies and not more than 5% of investment assets in the case of non-life 191 Technical Guide companies. Any MBS / ABS with underlying housing or infrastructure assets, if downgraded below AAA or equivalent, shall be reclassified as Other Investments. 6 Investment in immovable property covered under Section 27A (I) (n) of the Act shall not exceed, at the time of investment, 5% of (a) Investment Assets in the case of general insurer and (b) 5% of Investment Assets of funds relating to life funds, pension, annuity and group funds in the case of life insurer 7 Subject to exposure limits mentioned in the table above, an insurer shall not have investments of more than 5% in aggregate of its total investments in all companies belonging to the promoters' groups. Investment made in all companies belonging to the promoters' group shall not be made by way of private placement (equity) or in unlisted instruments (equity, debt, certificate of deposits and fixed deposits (without prejudice to Section 27A (9) and Section 27B (10) of the Act) held in a Scheduled Commercial Bank), except for companies formed by Insurers under Sec 27A (4) or Sec 27B (5) of the Act. 8 The exposure limit for financial and insurance activities (as per Section K of NIC classification ­ 2008) shall stand at 25% of investment assets for all insurers. 9 Investment in fixed deposit and certificate of deposit of a Scheduled Bank shall be made in terms of the provisions of Section 27A (9) and Section 27B (10) of the Act. Such investments would not be deemed as exposure to financial and insurance activities (as per Section K of NIC classification - 2008). 7. Amendment of Regulation 6: Regulation 6 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- "10. Returns to be submitted by an Insurer Every insurer shall submit to the Authority the following returns within such time, at such intervals duly verified/certified in the manner as indicated there against. 192 No Form Description Periodicity Time limit Verified / of Return for Certified by submission 1 Form Statement of Quarterly Within 30 Principal Officer / 1 Investment and days of the Chief of Income on end of the (Investments)/ Investment Quarter Chief of (Finance) 2 Form Statement of Quarterly Within 30 Principal Officer / 2 Downgraded days of the Chief of (Part Investments, end of the (Investments)/ A, B) Details of Rated Quarter Chief of Instruments (Finance) 3 Form Statement of Quarterly Within 30 Principal Officer / 3A Investments days of the Chief of (Part Assets (Life end of the (Investments)/Chi A, B, Insurers) Quarter ef of (Finance) C, D,E) 4 Form Statement of Quarterly Within 30 Principal Officer / 3B Investment days of the Chief of (Part Assets (General end of the (Investments)/ A, B) Insurance & Re- Quarter Chief of insurer) (Finance) 5 Form Exposure / Quarterly Within 30 Principal Officer, 4 Prudential and days of the Chief of (Part other Investment end of the (Investments), A) Norms ­ Quarter Chief of Compliance (Finance) Certificate 6 Form Internal / Quarterly Within 30 Internal / 4 Concurrent days of the Concurrent (Part Auditor's end of the Auditor appointed B) Certificate on Quarter under this Investment Risk regulation Management Technical Guide No Form Description Periodicity Time limit Verified / of Return for Certified by submission Systems - Implementation Status 7 Form Statement of Quarterly Within 30 Principal Officer / 4A Investment days of the Chief of (Part Subject to end of the (Investments)/ A, B, Exposure Norms Quarter Chief of C) ­ Investee (Finance) Company, Group, Promoter Group, Industry Sector 8 Form Statement of Quarterly Within 30 Principal Officer / 5 Investment days of the Chief of Reconciliation end of the (Investments)/ Quarter Chief of (Finance) 9 Form Statement of Quarterly Within 30 Principal Officer / 5A Investment in days of the Chief of Mutual Funds end of the (Investments)/ Quarter Chief of (Finance) 10 Form Certificate under Quarterly Within 30 Chairman, 6 sections 28 (2A), days of the Director 1, 28 (2B) and 28B end of the Director 2, (3) of the Quarter Principal Officer Insurance Act, 1938 11 Form Statement of Quarterly Within 30 Principal Officer / 7 Non-Performing days of the Chief of Assets end of the (Investments)/ Quarter Chief of (Finance) 194 Appendix `A' Note: 1. The Internal / Concurrent Audit Report of the previous quarter with comments of Audit Committee of the Board, on `very serious', `serious' points (as per the Technical Guide on Internal / Concurrent Audit of Investment functions of Insurance Companies, issued by the Institute of Chartered Accountants of India) in the report, and status of implementation of Audit committee recommendation shall be filed with the Authority along with current quarter returns 2. All returns for the quarter ending March shall be filed within the period stipulated above based on provisional figures and later re-submitted with Audited figures within 15 days of adoption of accounts by the Board of Directors. 8. Amendment of Regulation 7: Regulation 7 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- 11. Power to call for additional information. The authority may, by general or special order, require from the insurers such other information in such manner, intervals and time limit as may be specified therein. 9. Amendment of Regulation 8: Regulation 8 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- 12. Duty to Report extraordinary events affecting the investment portfolio. Every insurer shall report to the Authority forthwith, the effect or the probable effect of any event coming to his knowledge, which could have material adverse impact on the investment portfolio and consequently on the security of policy-holder benefits or expectations. 10. Amendment of Regulation 9: Regulation 9 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- "13. Provisions on Investment Management 195 Technical Guide A. Constitution of Investment Committee 1. Every insurer shall constitute an Investment Committee which shall consist of a minimum of two non-executive directors of the Insurer, the Chief Executive Officer, Chief of Finance, Chief of Investment division, and wherever an appointed actuary is employed, the Appointed Actuary. The decisions taken by the Investment Committee shall be recorded and be open to inspection by the officers of the Authority. B. Investment Policy 1. Every Insurer shall draw up, an Investment Policy (fund wise IP in the case of Unit Linked Insurance Business) and place the same before its Board of Directors for its approval and its annual review. 2. Every insurer shall have a model code of conduct to prevent insider / personal trading of Officers involved in various levels of Investment Operations in compliance with SEBI (Prohibition of Insider Trading) Regulation, 1992 as amended from time to time and place the same before its Board of Directors for its approval. 3. While framing the Investment Policy, the Board shall ensure compliance with the following: (i) Issues relating to liquidity, prudential norms, exposure limits, stop loss limits including securities trading, management of all investment risks, management of assets liabilities mismatch, Scope of Internal or Concurrent audit of Investments and investment statistics and all other internal controls of investment operations, the provisions of the Insurance Act, 1938 and Insurance Regulatory and Development Authority (Investment) Regulations, 2000, Guidelines and Circulars made there under. (ii) Ensuring adequate return on policyholders and shareholders' funds consistent with the protection, safety and liquidity of such fund(s). 4. The investment policy of both Life and Non-Life insurers, as approved by the Board shall be implemented by the investment committee. The Board shall review on a quarterly basis the monitoring of fund wise and product wise performance. 196 Appendix `A' 5. The Board shall review the investment policy and its implementation on a half-yearly basis or at such short intervals as it may decide and make such modification to the investment policy as is necessary to bring it in line with the investment provisions laid down in the Act and Regulations made there under, keeping in mind protection of policyholders' interest and pattern of investment laid down in these regulations or in terms of the agreement entered into with the policyholders in the case of unit linked insurance business. C. Investment Operations 1. The funds of the insurer shall be invested and continued to be invested in equity shares, equity related instruments and debt instruments rated as per Note below Regulations 3 to 8 by a credit rating agency, registered under SEBI (Credit Rating Agencies) Regulations, 1999. The Board shall lay down clear norms for investing in `Other Investments' as specified under sections 27A(2) and 27B(3) of the Insurance Act, 1938 by the investment committee, taking into account the safety and liquidity of the policyholders' funds and protection of their interest. 2. As required under Chapter II, Regulation 7 (c) of IRDA (Registration of Indian Insurance Companies) Regulations, 2000, to ensure proper internal control of investment functions and operations the insurer shall clearly segregate the functions and operations of front, mid and back office (as provided in the Technical Guide on Internal / Concurrent Audit of Investment functions of Insurance Companies issued by the Institute of Chartered Accountants of India) and no function falling under Front, Mid and Back Office Investment function(s), shall be outsourced. Also, the primary data server of the computer application used for investment management shall remain within the country. D. Processing of Unit Linked Business Applications and Declaration of NAV 1. All applications received for premium payment, switches, redemption, surrender, maturity claim etc., should be time stamped and dated. 2. Applications for "premium payment" a. for applications received, with local cheques, cash or demand draft payable at par at the place where the premium is received, 197 Technical Guide before cut-off time (3.00 pm) on a business day, the applicable NAV would be the closing NAV of the same day. b. for applications received, along with local cheques, cash or demand draft payable at par at the place where the premium is received, after cut-off time (3.00 pm) on a business day, the applicable NAV would be the closing NAV of the next business day. c. for premiums received with an outstation cheque or demand draft, the closing NAV of the day on which the cheque / Demand Draft is realized shall be applied. 3. Applications for "other than" premium payment a. for applications received before the cut-off time (3.00 pm) on a business day, the applicable NAV would be the closing NAV of the same day. b. for applications received, after the cut-off time (3.00 pm) on a business day, the applicable NAV would be the closing NAV of the next business day. 4. Daily disclosure / reconciliation of Product and Fund information a. Every insurer doing Unit linked business shall reconcile, through the system, the premium received (net of charges and benefits paid) under each product (Unique Identification Number ­ UIN) with value of all the segregated fund(s) (Segregated Fund Identification Number ­ SFIN) net of fund management charges, held under a single UIN, on a day to day basis. b. The insurer shall disclose UIN wise reconciliation (as in point `a' above) and the value of policy wise units held by policyholder on the insurers website and fund wise NAV (SFIN wise) on both the Insurer's website and life council website on the same day. c. The internal / concurrent Auditor shall report on the automated system and process to handle the UIN wise reconciliation (as in point `a' above) and value of policy wise units held by policyholder and fund wise NAV, on a quarterly basis 5. Applicable NAV for the applications received on the last business day of the Financial Year 198 Appendix `A' a. for applications received on the last business day of the financial year UP TO 3.00 pm shall be processed with NAV of the last business day (irrespective if the payment instrument is local or outstation) b. for applications received AFTER 3.00 pm on the last business day, the same shall fall into the next Financial Year and NAV of the immediate next business day would be applicable. c. The insurer shall declare NAV for the last business day of a Financial Year, even if it is a non business day. 6. For allotment of units, the applicable NAV shall be as per the date of commencement of policy for new policy contracts and date of receipt of premium for renewals. 7. All Insurers shall file a certificate, issued by Internal / Concurrent Auditor for compliance of each of the directions issued at point 5 above, regarding the applicable NAV for applications received on the last business day. The Statutory Auditors shall also confirm the same in the Annual Accounts. Note: Business day shall mean days other than holidays where stock exchanges with national wide terminals are open for trade (other than day on which exchanges are open for testing) or any day declared by the Authority as business day. E. Risk Management Systems and its Review 1. The Board shall implement the Investment Risk Management Systems and Process, mandated by the Authority. The implementation shall be certified by a Chartered Accountant firm, as per the procedure laid down in the "Technical Guide on Review and Certification of Investment Risk Management Systems and Process of Insurance Companies", issued by the Institute of Chartered Accountants of India, as amended from time to time. 2. The Investment Risk Management Systems and Process shall be reviewed at the beginning of every second financial year or such shorter frequency as decided by the Board of the Insurer, by a Chartered Accountant firm and file the certificate issued by such 199 Technical Guide Chartered Accountant, with the Authority along with the first quarter returns. 3. The appointment of Chartered Accountant firm to certify implementation and review of Investment Risk Management Systems and Process shall be as per the circular issued under these regulations. F. Audit and Reporting to Management 1. Every Insurer shall constitute an Audit Committee of the Board. The Audit Committee shall be headed by a Chartered Accountant, if he is a member in the Board of the Insurer. 2. The Insurer shall have the investment transactions covering both Shareholders and Policyholders funds be audited through Internal or Concurrent Auditor as per the circular issued under this regulation. 3. The quarterly internal / concurrent audit report, covering investments of both shareholders as well as policyholders, shall be as per the "Technical Guide on Internal / Concurrent Audit of Investment functions of Insurance Companies" issued by the Institute of Chartered Accountants of India, as amended from time to time. 4. The Details of Investment Policy, implementation status of Investment Risk Management Systems and Process or its review shall be made available to the internal or concurrent auditor. The auditor shall comment on such review and its impact on the investment operations, systems and process in their report to be placed before the Board's Audit Committee. G. Category of Investments 1. Every Insurer shall invest all his fund(s) only within the exhaustive category of investments listed in the guidelines issued by the Authority, as amended from time to time. H. Others 1. The Authority may call for further information from time to time from the insurer as it deems necessary and in the interest of policyholders and issue such directions to the insurers as it thinks fit. 200 Appendix `A' 11. Amendment of Regulation 10: Regulation 10 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- 14. Miscellaneous. 1. Accounting of Investments shall be as per the Insurance Regulatory and Development Authority (Preparation of Financial Statements and Auditor's Report of Insurance Companies) Regulations, 2000 and Valuation of Assets shall be as per guidelines issued under these regulations from time to time. 2. The Authority may, by any general or special order, modify or change the application of sub-regulations (3), (4), (5), (6), (7), (8), (9) and (10) to any insurer either on its own or on an application made to it. 12. Amendment of Regulation 11: Regulation 11 of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000, shall be substituted with the following:- "15. Dealing in Financial Derivatives 1. Every Insurer carrying on the business of life insurance or general insurance may deal in financial derivatives only to the extent permitted and in accordance with the guidelines issued by the Authority in this regard from time to time. 2. Any margin or unamortized premium paid by any insurer in connection with the financial derivatives to the extent they are reflected as asset position in the balance sheet of the insurer in accordance with the guidelines issued by the Authority, shall be treated as `Approved Investment' under Schedule I and Schedule II to these Regulations, only to the extent the derivative position constitutes a hedge for the underlying investment or portfolio which itself is treated as an approved investments under these regulations. All other margins or unamortized premium paid, to the extent reflected in the balance sheet of the insurer in accordance with the guidelines issued by the Authority in this regard from time to time, shall be treated as `Other Investments" 201 Technical Guide 13. Amendment of Schedule I: Schedule I of the Insurance Regulatory and Development Authority (Investment) Regulations, 2000 shall be substituted with the following:- Schedule I (See Regulation 3 to 6) List of Approved Investments for Life Business `Approved Investments' for the purposes of section 27A of the Act shall consist of the following: (a) all investments specified in section 27A of the Act except (i) clause (b) of sub-section (I) of section 27A of the Act; (ii) first mortgages on immovable property situated in another country as stated in clause (m) of sub-section (I) of section 27A of the Act; (iii) Immovable property situated in another country as stated in clause (n) of sub-section (I) of section 27A of the Act. (b) In addition the following investments shall be deemed as approved investments by the Authority under the powers vested in it vide clause (s) of sub-section (I) of section 27A of the Act. (i) All loans secured as required under the Act, rated debentures (including bonds) and other rated & secured debt instruments as per Note appended to Regulation 3 to 8. Equity shares and preference shares and debt instruments issued by all India Financial Institutions recognized as such by Reserve Bank of India ­ investments shall be made in terms of investment policy guidelines, benchmarks and exposure norms, limits approved by the Board of Directors of the insurer. (ii) Bonds or debentures issued by companies rated not less than AA or its equivalent and P1 or equivalent ratings for short term bonds, debentures, certificate of deposits and commercial papers by a credit rating agency, registered under SEBI (Credit Rating Agencies) Regulations 1999 would be considered as `Approved Investments'. 202 Appendix `A' (iii) Subject to norms and limits approved by the Board of Directors of the insurers deposits (including fixed deposits as per section 27A (9) of Insurance Act, 1938) with banks (e.g. in current account, call deposits, notice deposits, certificate of deposits etc.) included for the time being in the Second Schedule to Reserve Bank of India Act, 1934 (2 of 1934) and deposits with primary dealers duly recognized by Reserve Bank of India as such. (iv) Collateralized Borrowing and Lending Obligations (CBLO) created by the Clearing Corporation of India Ltd and recognized by the Reserve Bank of India and exposure to Gilt, G Sec and liquid mutual fund forming part of Approved Investments as per Mutual Fund Guidelines issued under these regulations and money market instrument / investment. (v) Asset Backed Securities with underlying Housing loans or having infrastructure assets as underlying as defined under `infrastructure facility' in clause (h) of regulation 2 of Insurance Regulatory and Development Authority (Registration of Indian Insurance Companies) Amendment Regulations, 2008 as amended from time to time. (vi) Commercial papers issued by a company or All India Financial Institution recognized as such by Reserve Bank of India having a credit rating by a credit rating agency registered under SEBI (Credit Rating Agencies) Regulations 1999. (vii) Money Market instruments as defined in Regulation 2(h) of these Regulation. 203 Technical Guide Explanation ­ 1. All conditions mentioned in the `note' appended to Regulation 3 to 8 shall be complied with. 14. Amendment of Schedule II: Schedule II to the Insurance Regulatory and Development Authority (Investment) Regulations, 2000 shall be substituted with the following:- Schedule II (See Regulation 7 & 8) List of Approved Investments for General Business `Approved Investments' for the purpose of section 27B of the Act shall consist of the following: (a) All investments specified in section 27B of the Act except (i) clause (b) of sub-section (I) of section 27A of the Act; (ii) Immovable property situated in another country as stated in clause (n) of sub-section (I) of section 27A of the Act; (iii) First mortgages on immovable property situated in another country as stated in clause (i) of sub-section (I) of section 27B of the Act. (b) In addition the following investments shall be deemed as approved investments by the Authority under the powers vested in it vide clause (j) of sub-section (I) of section 27B of the Act: (i) All loans secured as per the Act, rated debentures (including bonds) and other rated & secured debt instruments as per Note appended to Regulations 3 to 8. Equity shares, preference shares and debt instruments issued by All India Financial Institutions recognized as such by Reserve Bank of India ­ investments shall be made in terms of investment policy guidelines, benchmarks and exposure norms, limits approved by the Board of Directors of the insurer. (ii) Bonds or debentures issued by companies rated not less than AA or its equivalent and P1 or Equivalent ratings for short term bonds, debentures, certificate of deposits and commercial papers by a credit rating agency, registered under SEBI (Credit Rating 204 Appendix `A' Agencies) Regulations 1999 would be considered as `Approved Investments'. (iii) Subject to norms and limits approved by the Board of Directors of the insurers deposits (including fixed deposits as per section 27B (10) of Insurance Act, 1938) with banks (e.g. in current account, call deposits, notice deposits, certificate of deposits etc.) included for the time being in the Second Schedule to Reserve Bank of India Act, 1934 (2 of 1934) and deposits with primary dealers duly recognized by Reserve Bank of India as such. (iv) Collateralized Borrowing & Lending Obligations (CBLO) created by the Clearing Corporation of India Ltd and recognized by the Reserve Bank of India and exposure to Gilt, G Sec and liquid mutual fund forming part of Approved Investments as per Mutual Fund Guidelines issued under these regulations and money market instrument / investment. (v) Asset Backed Securities with underlying Housing loans or having infrastructure assets as underlying as defined under `infrastructure facility' in clause (h) of regulation 2 of Insurance Regulatory and Development Authority (Registration of Indian Insurance Companies) Amendment Regulations, 2008 as amended from time to time. (vi) Commercial papers issued by a company or All India Financial Institution recognized as such by Reserve Bank of India having a credit rating by a credit rating agency registered under SEBI (Credit Rating Agencies) Regulations 1999 (vii) Money Market instruments as defined in Regulation 2(h) of this Regulation. Explanation: 1. All conditions mentioned in the `note' appended to Regulation 3 to 8 shall be complied with. J. HARI NARAYAN, Chairman [ADVT. III/4/161/12/Exty.] 205 FORM - 1 (Read with Regulation 10) Name of the Insurer: Technical Guide Registration Number: Statement as on: Name of the Fund Statement of Investment and Income on Investment Periodicity of Submission: Quarterly Rs Crore 3 Current Quarter Year to Date (current year) Year to Date (previous year) Category Income on Income on Income on No. Category of Investment Investment Gross Yield Investment Gross Yield Investment Gross Yield Code Investment Net Yield (%)² Investment Net Yield (%)² Investment Net Yield (%)² (Rs.)¹ (%)¹ (Rs.)¹ (%)¹ (Rs.)¹ (%)¹ (Rs.) (Rs.) (Rs.) 206 TOTAL CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Signature Date: Full Name Chief of Finance Note: Category of Investment (COI) shall be as per Guidelines, as amended from time to time 1 Based on daily simple Average of Investments 2 Yield netted for Tax 3 In the previous year column, the figures of the corresponding Year to date of the previous financial year shall be shown 4 FORM-1 shall be prepared in respect of each fund. In case of ULIP FORM 1 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level. FORM - 2 (Read with Regulation 10) PART - A Name of the Insurer: Registration Number: Statement as on: Name of Fund Statement of Down Graded Investments Periodicity of Submission: Quarterly Rs Crore Date of Date of No Name of the Security COI Amount Rating Agency Original Grade Current Grade Remarks Purchase Downgrade A. During the Quarter ¹ 207 B. As on Date ² CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Signature Date: Full Name and Designation Note: Chief Finance Officer 1 Provide details of Down Graded Investments during the Quarter. 2 Investments currently upgraded, listed as Down Graded during earlier Quarter shall be deleted from the Cumulative listing. 3 FORM-2 shall be prepared in respect of each fund. In case of ULIP FORM 1 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level. Appendix `A' 4 Category of Investmet (COI) shall be as per INV/GLN/001/2003-04 FORM - 2 PART - B (Read with Regulation 10) Name of the Insurer : Technical Guide Registration No : Name of the fund INVESTMENT ASSETS - RATING PROFILE Rs. Cr Investments in Equity or Equity AA or lower upto A+ A or lower than A or Sovereign AAA or Equivalent AA+ or Equivalent Unrated NPA Related Instruments or Equivalent Equivalent instruments and other Instruments Total BV No Type of Investments % to Inv. % to Inv. % to Inv. % to Inv. % to Inv. % to Inv. % to Inv. % to Inv. BV BV BV BV BV BV BV BV Assets Assets Assets Assets Assets Assets Assets Assets (a) (b) (c) (d) (e) (f) (g) (h) (i) 208 i Central Govt Securities State Govt Sec. or Other ii Approved Securities iii (1) Housing Sector (a) Debt or debt related instruments (b) Loans (c) Others (Specify) (2) Infrastructure Sector (a) Debt or debt related instruments (b) Equity or equity related instruments (c) Loans (d) Others (Specify) (3) Approved Investments (a) Debt or debt related instruments (b) Equity or equity related instruments (c) Loans (d) Investment Property - Immovable (e) Mutual Fund (f) Money Market (g) Net current assets 209 (h) Others (Specify) iv Other Investments (a) Debt or debt related instruments (b) Equity or equity related instruments (c) Loans (d) Investment Property - Immovable (e) Mutual Fund (f) Others (specify) Investment Asset Appendix `A' Rs. Cr Book Value (Life, Penison Fund Market Value (for Investment in 'Debt' instruments % and General Insurers) ULIP Funds) Technical Guide Investments in Sovereign instruments APPROVED INVESTMENTS AAA or upto AA or Equivalent MM, Loans, Others - Approved Invt OTHER INVESTMENTS AA-,A, lower than A or Equivalent Unrated, Loans, Others - Other Invt Total Debt Investments (a to g) 210 Certified that the information given herein are correct and complete to the best of my knowledge. Also certified that the various investments made and covered in the return are within the categories provided in Investment Guidelines as amended from time to time. Signature : Full Name : Note: Chief of Finance 1 The figures in Col (i) must match (for each type of investment) with Form 3A (Part A)/Form 3B 2 Non-Perfoming investment assets shall be separately shown irrespective of the rating 3 For Linked business values of Investments shall be at Market Value 4 Equity or Equity related instruments shall be as permitted under the Insurance Act, 1938 or IRDA (Investment) Regulations, 2000 as amended from time to time 5 FORM - 2 (Part B) shall be prepared in respect of each fund. In case of ULIP Form 2 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level. Appendix `A' FORM - 2 (Read with Regulation 10) Name of the Insurer: PART - C Registration No: INVESTMENT ASSETS & INFRA INVESTMENTS - RATING PROFILE Name of the Fund INVESTMENT ASSETS Rs Crore % to Inv. Assets Central Govt. Sec + Other Approved Securities TOTAL (1) Approved Investments AAA or upto AA or Equivalent Equity - Approved Invt MM, Loans, Others - Approved Invt TOTAL (2) Other Investments AA-, A, lower than A or Equivalent Equity - Other Invt Unrated, NPA, Loans, Others - Other Invt TOTAL (3) TOTAL FUND (1+2+3) INFRASTRUCTURE INVESTMENTS Approved Investments AAA or upto AA or Equivalent Equities-Approved MM, Loans, Others-Approved Invt TOTAL (1) Other Investments AA-,A, lower than A or Equivalent Equities-Other Investments Loans, NPAs, Others - Other Invt TOTAL (2) Total Infra Investment (1+2) TOTAL FUND 0 Certification Certified that the information given herein are correct and complete to the best of my knowledge. Also certified that the various investments made and covered in the return are within the categories provided in Investment Guidelines as amended from time to time. Signature: Full name: Chief of Finance Note: 1. The figures in Col (i) must match (for each type of investment) with Form 3A (Part A)/Form 3B 2. FORM - 2 (Part C) shall be prepared in respect of life fund 211 Technical Guide FORM - 3A (Read with Regulation 10) Name of the Insurer: Registration Number: PART - A Statement as on: Statement of Investment Assets (Life Insurers) (Business within India) Periodicity of Submission: Quarterly Rs. Crore Section I Total Application as per Balance Sheet (A) 0 Reconciliation of Investment Assets Add (B) Total Investment Assets (as per Balance Sheet) 0 Provisions Sch-14 Balance Sheet Value of: Current Liabilities Sch-13 A. Life Fund 0 B. Pention & General Annuity and Group Business Less (C ) C. Unit Linked Funds Debit Balance in P& L A/c 0 Deferred tax asset Loans Sch-09 Adv & Other Assets Sch-12 Cash & Bank Balance Sch-11 Fixed Assets Sch-10 Misc Exp. Not Written Off Sch-15 Funds available for Investments 0 Section II NON - LINKED BUSINESS SH PH Book Value Market UL-Non Unit NON Actual % FVC Amount Total Fund Balance FRSM+ PAR (SH+PH) Value Res PAR % as per A. LIFE FUND Reg (f) = (g) = [(f) - (a) (b) (c) (d) (e) (h) (i)=(a+f+h) (j) [a+b+c+d+e] (a)]% Not Less 1 Central Govt. Sec than 25% Central Govt Sec, State Govt Sec or Other Approved Not Less 2 Securities (incl (i) above) than 50% 3 Investment subject to Exposure Norms a. Housing & Infrastructure Not Less 1. Approved Investments than 15% 2. Other Investments b. i) Approved Investments Not exceeding ii) Other Investments 35% TOTAL LIFE FUND 100% PH FVC Market B. PENSION & GENERAL ANNUITY AND GROUP NON Book Value Actual % Total Fund % as per Reg PAR Amount Value BUSINESS PAR (a) (b) (c)= (a+b) (d) (e) (f)=(c+e) (g) 1 Central Govt. Sec Not Less than 20% Central Govt Sec, State Govt Sec or Other Approved 2 Not Less than 40% Securities (incl (i) above) 3 Balance in Approved investment Not Exceeding 60% TOTAL PENSION, GENERAL ANNUITY FUND 100% LINKED BUSINESS PH C. LINKED FUNDS % as per Reg NON Total Fund Actual % PAR PAR 1 Approved Investments Not Less than 75% (a) (b) (c)= (a+b) (d) 2 Other Investments Not More than 25% TOTAL LINKED INSURANCE FUND 100% CERTIFICATION: Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Signature: Date: Full name: Chief of Finance Note 1 (+) FRSM refers to 'Funds representing Solvency Margin' 2 Funds beyond Solvency Margin shall have a separate Custody Account. 3 Other Investments' are as permitted under Secction 27A(2) of Insurance Act, 1938 4 Pattern of Investment is applicable to both Shareholders funds representing solvency margin and policyholders funds. 5 Exposure Norms shall apply to Funds held beyond Solvency Margin, held in a separate Custody Account 212 Appendix `A' FORM 3A (Read with Regulation 10) Unit Linked Insurance Business PART - B Name of the Insurer: Registration Number: Link to Item 'C' of FORM 3A (Part A) Periodicty of Submission: Quarterly Statement as on: PARTICULARS SFIN 1 SFIN 2 SFIN 'n' Total of All Funds Opening Balance (Market Value) Add: Inflow during the Quarter Increase / (Decrease) Value of Inv [Net] Less: Outflow during the Quarter TOTAL INVESTIBLE FUNDS (MKT VALUE) SFIN 1 SFIN 2 SFIN 'n' Total of All Funds INVESTMENT OF UNIT FUND Actual Inv. % Actual Actual Inv. % Actual Actual Inv. % Actual Actual Inv. % Actual Approved Investments (>=75%) Central Govt Securities State Governement Securities Other Approved Securities Corporate Bonds Infrastructure Bonds Equity Money Market Investments Mutual funds Deposit with Banks Sub Total (A) Current Assets: Accrued Interest Dividend Recievable Bank Balance Receivable for Sale of Investments Other Current Assets (for Investments) Less: Current Liabilities Payable for Investments Fund Mgmt Charges Payable Other Current Liabilities (for Investments) Sub Total (B) Other Investments (<=25%) Corporate Bonds Infrastructure Bonds Equity Mutual funds Venture funds Others Sub Total (C) Total (A + B + C) Fund Carried Forward (as per LB 2) Signature: Date : Full name: Chief of Finance Note: 1. The aggregate of all the above Segregated Unit-Funds should reconcile with item C of FORM 3A (Part A), for both Par & Non Par Business 2. Details of Item 12 of FORM LB 2 which forms part of IRDA (Acturial Report) Regulation, 2000 shall be reconciled with FORM 3A (Part B). 3. Other Investments' are as permitted under Sec 27A(2) 213 FORM - 3A Technical Guide (Read with Regulation 10) Name of the Insurer: Registration Number: PART - C Link to FORM 3A (Part B) Statement for the period: Periodicity of Submission: Quarterly Statement of NAV of Segregated Funds Rs.Crore Assets Under Highest NAV Date of NAV as per NAV as on the Previous Qtr 2nd Previous 3rd Previous 4th Previous 3 Year Rolling No Fund Name SFIN Par/Non Par Management on Return/Yield since Launch LB 2 above date* NAV Qtr NAV Qtr NAV Qtr NAV CAGR the above date inception 1 Segregated Fund 1 214 2 Segregated Fund 2 3 Segregated Fund n Total CERTIFICATION Certified that the performance of all segregated funds have been placed and reviewed by the Board. All information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. DATE : Signature: Note: Full Name : 1. * NAV should reflect the published NAV on the reporting date Chief of Finance Appendix `A' FORM - 3A (Read with Regulation 10) PART - D Name of the Insurer: Registration Number: Link to FORM 3A (Part A) Statement as on: Statement of Accretion of Funds (Business within India) Rs.Crore Periodicity of Submission : Quarterly Opening Net Accretion % to Total TOTAL % to Total No Category of Investments POI Balance % to Total (A) for the Qtr. Accretion (1+2) (1) (2) (1+2) A LIFE FUND Not less than 1 Central Govt. Sec 25% Not less than 2 Central Govt Sec, State Govt Sec or Other Approved Securities (incl (i) above) 50% 3 Investment subject to Exposure Norms a. Housing & Infrastructure Not less than 1. Approved Investments 15% 2. Other Investments Not b. (i) Approved Investments exceeding 35% (ii) Other Investments (Not to exceed 15%) Total (A) Opening Net Accretion % to Total TOTAL % to Total No Category of Investments POI Balance % to Total (B) for the Qtr. Accretion (1+2) (1) (2) (1+2) B PENSION & GENERAL ANNUNITY AND GROUP BUSINESS Not less than 1 Central Govt. Sec 20% Not less than 2 Central Govt Sec, State Govt Sec or Other Approved Securities (incl (i) above) 40% Not 3 Balance in Approved investment exceeding 60% Total (B) Opening Net Accretion % to Total TOTAL % to Total No Category of Investments POI Balance % to Total (C) for the Qtr. Accretion (1+2) (1) (2) (1+2) C LINKED FUNDS Not less than 1 Approved Investment 75% Not more 2 Other Investments than 25% Total (C) CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Date: Signature: Full name: Chief of Finance 215 Technical Guide FORM - 3A (Read with Regulation 10) PART - E Name of the Insurer: Registration Number: Statement as on: Statement of Investment Details of ULIP Products to Segregated Funds (Business within India) Rs.Crore Periodicity of Submission : Quarterly INVESTMENT DETAILS OF "ULIP" PRODUCTS [UIN]TO SEGREGATED FUNDS [SFIN] Inflow UIN1 UIN2 UIN n Premium Others (Specify) TOTAL (A) Outflow Commission Charges Claims Others TOTAL (B) Total C = (A-B) Policy Funds at "C" above allotted to SFIN 1 SFIN 2 SFIN n TOTAL (D) Difference (if any) E = (C-D) CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Date: Signature: Full name: Chief of Finance Note: 1. UIN represents the Unique product number as per "file and use' approved under ULIP prodcuts 2. SFIN represents the Segregated Fund Identification Number as approved by the Product Approval Committee 216 Appendix `A' FORM - 3B (Read with Regulation 10) Name of the Insurer: Registration Number: Statement as on: PART - A Statement of Investment Assets (General Insurer, Re-insurers) (Business within India) Rs.Crore Periodicity of Submission: Quarterly Section I No PARTICULARS SCH AMOUNT 1 Investments 8 2 Loans 9 3 Fixed Assets 10 4 Current Assets a. Cash & Bank Balance 11 b. Advances & Other Assets 12 5 Current Liabilities 13 a. Current Liabilities b. Provisions 14 c. Misc. Exp not Written Off 15 d. Debit Balance of P&L A/c Application of Funds as per Balance Sheet (A) 0 Less: Other Assets SCH Amount 1 Loans (if any) 9 2 Fixed Assets (if any) 10 3 Cash & Bank Balance (if any) 11 4 Advances & Other Assets (if any) 12 5 Current Liabilities 13 6 Provisions 14 7 Misc. Exp not Written Off 15 8 Debit Balance of P&L A/c Total (B) TOTAL (B) 0 'Investment Assets' As per FORM 3B (A-B) 0 Section II SH Book Value % FVC PH Total Market Value No 'Investment' represented as Reg. % Balance FRSM + (SH + PH) Actual Amount (h) (a) (b) (c) d = (a+b+c) (e) (f) (g)=(d+f) Not less than 1 Central Govt. Securities 20% Central Govt Sec, State Govt Sec or Other Approved Not less than 2 Securities (incl (i) above) 30% 3 Investment subject to Exposure Norms Not less than a. Housing & Loans to SG for Housing and FFE 5% 1. Approved Investments 2. Other Investments Not less than b. Infrastructure Investments 10% 1. Approved Investments 2. Other Investments c. Approved Investments Not exceeding d. Other Investments 55% Investment Assets 100% Certification: Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Date: Signature: Full name: Chief of Finance Note: 1. (+) FRSM refers 'Funds representing Solvency Margin' 2. Other Investments' are as permitted under 27B(3) 3. Pattern of Investment is applicable to both Shareholders funds representing solvency margin and policyholders funds. 4. Exposure Norms shall apply to Funds held beyond Solvency Margin, held in a separate Custody Account 217 FORM - 3B (Read with Regulation 10) Name of the Insurer: PART - B Registration Number: Statement as on: Technical Guide Statement of Accretion of Assets Rs. Crore (Business within India) Periodicity of Submission : Quarterly Net Opening % to Accretion % to Total TOTAL No Category of Investments COI Balance Opening % to Total for the Qtr. Accrual Balance (A) (B) (A+B) 1 Central Govt. Securities 2 Central Govt Sec, State Govt Sec or Other Approved Securities (incl (i) above) 3 Investment subject to Exposure Norms 218 a. Housing & Loans to SG for Housing and FFE 1. Approved Investments 2. Other Investments b. Infrastructure Investments 1. Approved Investments 2. Other Investments c. Approved Investments d. Other Investments (not exceeding 25%) Total Certification: Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Date: Signature: Note: Full name: 1. Total (A+B), fund wise should tally with figures shown in Form 3B (Part A) Chief of Finance FORM 4 (read with regulation 10) EXPOSURE / PRUDENTIAL AND OTHER INVESTMENT NORMS ­ COMPLIANCE CERTIFICATE PART A Insurer Name and Code: Date: as at: ................ Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) I Investee Company a. Investment in equity, preference shares, convertible debenture:- Exposure Exposure at any point of time did not exceed 10% of outstanding equity shares (face value) or 10% of the amount under point Regulation 9 (A.1.(a) or A.1.(b) or A.1.(c) considered separately) of this Regulation, in the case of Life insurers / an amount under Regulation 9 (A.2) or (A.3) of this Regulation, in the case of General 219 Insurer / Re-insurer whichever is lower. [In case of Infrastructure Co, the limit of 10% shall be read as 20%. Where the investment assets of the insurer is Rs. 250000 Crores or more, the limit of 10% shall be read as 15% of outstanding equity shares (face value) or where the investment assets of the insurer is Rs.50000 Crores but less than Rs 250,000 Crores the limit of 10% shall be read as 12% of outstanding equity shares (face value)] b. Investment in Debt/ loans and any other permitted Investments as per Act / Regulation, other than `Equity', Preference Shares, Convertible Debentures :- Exposure at any point of time did not exceed 10% of the paid-up share capital, free reserves (except revaluation reserve) and debenture / bonds of the investee company or 10% of amount under point Regulation 9 (A.1.(a) or A.1.(b) or A.1.(c) above considered separately) of this Regulation, in the case of Life insurers / an amount Appendix `A' under Regulation 9 (A.2) or (A.3) of this Regulation, in the case of Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) General Insurer / Re-insurer whichever is lower. [In case of Infrastructure Co, the limit of 10% shall be read as 20%. Where the investment assets of the insurer is Rs. 250000 Crores or Technical Guide more, the limit of 10% shall be read as 15% of paid up share capital, free reserves (excluding revaluation reserve) and debenture / bonds or where the investment assets of the insurer is Rs.50000 Crores but less than Rs 250,000 Crores the limit of 10% shall be read as 12% paid up share capital, free reserves (excluding revaluation reserve) and debenture / bonds) c. Has the maximum exposure under limit for a single `investee' company from all investment assets (Equity / Preference Shares / Convertible Debenture / Debentures/ bonds / CPs / loans and any other permitted debt Investments as per Act / Regulation), are within 220 the limit prescribed in Regulation 9 (B) (In case of Infrastructure Co, the limit of 10% shall be read as 20%)? d. Has debt investments made in infrastructure SPV have complied with the limits, terms and conditions as mentioned in the Note: 4 of the Investment Regulation 9? II Limit for the entire Has total investments made in entire "Group of the Investee Company" Group of the Investee is the lower of: Company a. amount under point Regulation 9 (A.1.(a) or A.1.(b) or A.1.(c) above considered separately) of this Regulation, in the case of Life insurers / an amount under Regulation 9 (A.2) or (A.3) of this Regulation, in the case of General Insurer / Re-insurer (or) b. 15% of investment Assets in all companies belonging to the group (In case of Infrastructure company the limit mentioned in point `a' above shall be read as 20%) Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) III Promoter Group Has total investments made in all "Companies falling under Insurer's Company Promoter Group": a. is not more than 5% in aggregate of its total investments in all companies belonging to the promoters' groups. b. not made investments in any companies belonging to the promoters' group by way of private placement (equity) c. not made any investment in unlisted instruments [equity & debt certificate of deposits and fixed deposits (without prejudice to Section 27A (9) and Section 27B (10) of the Act) held in a Scheduled Commercial Bank], except for companies formed by Insurers under Sec 27A (4) or Sec 27B (5) of the Act. IV Industry sector Has investment made by the insurer in any industrial sector [except 221 Financial and Insurance Activities sector as per National Industrial Classification (All Economic Activities) - 2008]: 1. not exceeded the lower of: 15% of the amount under Regulation 9 (A.1.(a) or A.1.(b) or A.1.(c) considered separately) of this regulation in the case of life insurer / an amount under Regulation 9 (A.2) or (A.3) of this regulation, in the case of General Insurer / Re-insurer (or) 15% of investment Asset 2. Has the investment made by the insurer in Financial and Insurance Activities sector as per National Industrial Classification (All Economic Activities) - 2008 (excluding Fixed Deposit, Term Deposit and Certificates of Deposit) not exceeded 25% of its total investment assets? Appendix `A' Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) 3. Is the classification of industrial sectors been done on the lines of National Industrial Classification (All Economic Activities) - 2008 [NIC] for all sectors, except "infrastructure sector". Technical Guide 4. Has exposure been calculated at Division level from A to R of (NIC (All Economic Activities) ­ 2008) Classification for all sectors other than infrastructure sector? 5. Has exposure been calculated for Financial and Insurance Activities sector at Section level (of NIC (All Economic Activities) ­ 2008)? V Rating Criteria 1. Are investments under `Approved Investments' made only in rated instruments, if such instruments are capable of being rated? 222 2. At the time of purchase, are Corporate Bonds rated below AA (A+ with the prior approval of the Board of the Insurer) or its equivalent and P1 or equivalent (in case of short term instruments) classified under "Other Investments"? 3. Are instruments downgraded below the minimum rating prescribed under Note 3 & 4 to Regulation 3 to 8 of the IRDA (Investment) Regulation, 2000, as amended from time to time, reclassified under "Other Investments" through the System? 4. Are `Debt' instruments (including Central Govt, State Govt Securities and Other Approved Securities) - fund wise, in the case life insurer (including ULIP funds at segregated fund level) and Investment Assets in the case of general insurer - have a minimum rating of Sovereign, AAA or equivalent rating for long term and Sovereign, P1+ or equivalent for short term instruments, not less than 75% (Life Insurer) / 65% (General Insurer)? Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) 5. Are `Debt' instruments (including Central Government Securities, State Government Securities and Other approved securities) ­ fund wise, in the case of life insurer (including ULIP funds at segregated fund level) and Investment Assets in the case of general insurer ­ have a rating of A or below or equivalent rating for long term, are not more than 5% (8% in the case of Non-Life Insurers)? VI Others A. CONFIRMATION ON POLICY / SYSTEMS / PROCEDURE 1. Has the software application for Investment Operations, been fully automated without manual intervention in calculating the exposure norms of Investee Company, Group, Promoter Group and Industry Sector, as per the various slabs of `investment assets' provided under Regulation 9 (B)? 223 2. Is the Constitution of the Investment Committee of the Insurer in full compliance with the requirements mentioned under Regulation 13 of Investment Regulation? 3. Was none of the functions of the insurer relating to Investment Operations falling under Front / Mid / Back Office, (covering both Shareholders and Policyholders Investments), outsourced (except to the extent permitted under Point 11 and 12 of Annexure II to Circular INV/CIR/008/2008-09 Dt. 22nd Aug, 2008 with respect to Outsourcing of Investment Advice and NAV Calculation)? 4. Is the Audit Committee of the Board, headed by a Chartered Accountant, provided he is a member of the Board of the Insurer? 5. Have periodical Investment Returns to be filed for the Quarter, prepared in full compliance with the "Guidance Note on preparation of Investment Returns" issued by IRDA? Appendix `A' Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) 6. Have amendments to the Investment Policy, been approved by the Board of the Insurer? 7. Has the model code of conduct, to prevent insider / personal trading of Technical Guide officers involved in Investment Operations, including front, mid and back office as approved by the Board, implemented? If so: a. Does it cover Officers involved in Investment Operations at various levels? b. Does the code of conduct cover each Officer in such level? c. Has the Board been informed of compliance or otherwise to model code of conduct during the Quarter? d. Has the Concurrent Auditor issued his Audit Report of previous Quarter, without any qualification on aspects of model code of conduct implemented by the Insurer? 224 e. Where breach of model code of conduct, if any, reported during the previous Quarter, been dealt properly and appropriate action as recommended by Audit Committee/ Board been taken? 8. Does the segregation of front, mid and back office ­ are as per Technical Guide on Internal / Concurrent Audit of Investment functions of Insurance Companies issued by the Institute of Chartered Accountants of India? 9. Have all non-compliance reported in the Chartered Accountant's certificate issued (as per the Technical Guide on Investment Risk Management Systems & Process of Insurance Companies, by ICAI) on the `status' of implementation of Investment Risk Management Systems and Process been implemented as per timelines committed to IRDA? 10. Has the Internal / Concurrent audit Report of the previous Quarter with the with comments of Audit Committee of the Board, on `very Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) serious', `serious' points (as per the Technical Guide on Internal / Concurrent Audit of Investment functions of Insurance Companies, issued by the Institute of Chartered Accountants of India) in the report, and status of implementation of Audit committee recommendation been placed before the Board of the Insurer during the current quarter? 11. Have the Audit Report of the previous Quarter along with Audit Committees recommendation and its implementation status filed with the Authority along with these returns? 12. Have the increase during the quarter, in Shareholders' funds (other than income from shareholders' investments, maintained in a separate custody account) held beyond solvency margin requirement, is supported by surplus calculation certified by the Appointed 225 Actuary? [annex a copy of Appointed Actuary's Certificate to this return] 13. Has the Board reviewed (both life and non-life Insurers) during the previous quarter the performance of products [at line of business level in the case of General Insurers]? 14. Has the Board, during the previous Quarter, reviewed (both life and non-life insurers) the performance of investments? [the review in the case of life insurers should cover both Non-Linked and Linked funds [SFIN] level] 15. Has the life insurer, in the case of ULIP business reconciled, through the system, the premium received (net of charges and benefits paid) under each product (Unique Identification Number ­ UIN wise) with value of all the segregated fund(s) (Segregated Fund Identification Number ­ SFIN wise) net of fund management charges, held under a single UIN, on a day to day basis, during the quarter? Appendix `A' Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) 16. Has the life insurer disclosed UIN wise reconciliation, on the Insurer's website on the same day? Technical Guide 17. Is there a fully automated system to generate, on a day to day basis, Form 3A - Part E (Investment Details of ULIP Products to Segregated Funds)? 18. Has the life insurer disclosed the value of policy wise units held by policyholder on the Insurer's policyholder portal? 19. Has the life insurer disclosed fund wise NAV (SFIN wise) on the Insurer's website and life council website on the same day? 20. Has the Standard Operating Procedure (SOP) approved by the Investment Committee of the Insurer? 226 21. Does the SOP, for each `category of investment' is same across all fund(s)? 22. Does SOP of the Insurer, for "each" Category of Investment, (as per Guidelines INV/GLN/001/2003-04, as amended from time to time, issued by the Authority) provide individual activities to be carried out in Front, Mid and Back office? 23. Have all investments made (100%) followed the IC approved SOP? 24. Does the Investment made during the Quarter, are within the exhaustive `Categories of Investments' prescribed under Guidelines INV/GLN/001/2003-04, as amended from time to time? 25. Has the Insurer during the Quarter taken any Derivative position (including interest rate swap and Credit default swap)? If Yes: Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) a. Has the Derivative Policy been approved by the Board of the Insurer? b. Has the insurer taken prior approval of IRDA for such Derivative policy? c. If so, is there a process to identify the risk to be hedged [`fund- wise' in the case of Life Insurers]? d. Does such derivative position comply with IRDA Guidelines? e. Has derivative exposure taken, are clearly identified with the portfolio risk to be hedged? f. Has the Insurer filed the regulatory information / returns required under the Guidelines issued? 26. Are investment made in immovable property covered under Section 27A (1) (n) of the Act shall not exceed, at the time of investment, within 5% of the Investment Assets [as per FORM 3B (Part A)] in the case of General Insurer / within 5% of Life fund, Pension & General 227 Annuity Fund, [as per FORM 3A (Part A)] in the case of Life Insurer. 27. Have NO investments in Immovable Properties been made out of ULIP Funds? 28. Are investments in equity shares through IPO, Mutual fund, Venture fund, SEBI approved Alternate Investment Funds, Corporate Bond Reverse Repo, IDF (as per Note 2 to Regulation 9) Perpetual Debt instruments of Bank's Tier-I Capital and Debt Capital instruments of Bank's Upper Tier-II Capital, made in compliance with the relevant circulars issued in this regards from time to time? 29. Are investments in asset backed securities, PTC, SRs both under Approved and Other investment category, made within 10% of Investment assets in case of Life Companies and 5% of Investment assets in case of Non ­ life companies 30. Are any securitized assets with underlying housing or infrastructure assets, if downgraded below AAA or equivalent reclassified as Other Appendix `A' Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) Investments B. CONFIRMATION ON INVESTMENT OPERATIONS / EXPOSURE Technical Guide 1. Has Shareholders funds been split Funds Representing Solvency Margin (FRSM) in FORM 3A (Part A)? 2. If funds are split as per point 1 above, between FRSM and Balance, have the same been maintained in separate custodian account with identified `scrips' for both Life and General (including Re-insurance) companies and reconciled with FORM 3A (Part A) / FORM 3B? 3. Do each `Segregated fund' [SFIN] have underlying `Scrips', identified upto to Custodian level? 228 4. Do each `Segregated Fund' [SFIN] have not less than 75% of Approved Investments as defined in the Act? 5. Does all investments in assets or instruments which are capable of being rated (except Fixed Deposits with Scheduled Commercial Banks) are made based on `instrument' rating and NOT based on Investee `Company' rating? 6. Have Investments in debt instruments rated AA - (AA minus) or below classified under Other Investments? 7. Are Investments made in a Public Limited Special Purpose Vehicle (SPV) engaged in infrastructure sector is within 20% of the project cost (or) amount under Regulation 9 (B) (i), whichever is lower? 8. If answer to point above is `yes', have all the requirements mentioned under Note 4 to Regulation 9 have been complied? Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) 9. Are investments made in Mortgaged Backed Securities [MBS] / Assets Backed Securities [ABS] complied with the requirements of Note 5 to Regulation 9? 10. Has `each' purchase and sale of Investments, as mentioned in the Deal Slip, been identified with respect to `each' fund / `segregated fund' in respect of ULIP funds? 11. Are all thinly traded equity (as per SEBI norms) classified as "Other Investment"? 12. Has inter fund transfer, been done as per circular IRDA/FA/02/10/2003-04 and any other circular issued from time to time , between ULIP funds during Market Hours, for Equity and Debt at the prevailing price and not based on broker quote? 229 13. With respect to `each' Segregated Fund [including Discontinued Policy Fund (DPF)] in the case of ULIP business, whether reconciliation of "Units" have been made, between Policy Admin System (PAS) and Investment Accounting Systems through a fully automated system using process integrators to ensure seamless data transfer without manual intervention? 14. Does the Primary Data Server of the Computer Application used for Investment Management, maintained within the Country? 15. Has the insurer, reconciled investments, fund-wise, with bank and custodian records on `day-to-day basis for `each' segregated fund? 16. Has the insurer, reconciled investment accounts, for each fund in the case of Non-ULIP Business and General Insurance Business, with Custodian records? 17. Has valuation of investments of `each' fund (including ULIP), done as Appendix `A' Are the required Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks (Yes / No) prescribed in IRDA (Preparation of Financial Statements and Auditors Report of Insurance Companies) Regulations, 2002? Technical Guide 18. Is there any shortfall/deficit in meeting the Discontinued Policies Fund (DPF) liabilities? 19. If the answer to above point is `Yes', has the Insurer provided for such shortfall / deficit on a quarterly basis? 20. Have all the negative deviations reported in FORM 4A (Part A)? 21. Has NAV of each segregated fund [SFIN] been audited before its declaration by Internal / Concurrent Auditor on a day-to-day basis (on T+0 basis)? 22. Has the Insurer floated any new fund during the quarter? 230 23. If the answer to point above is `yes', has the directions in respect of Fund Approval procedure and Guidelines on NAV Process as per Circular IRDA/F&I/CIR/INV/173/08/2011 Dt. 29th Jul, 2011 complied with? 24. Has the insurer, apart from the credit rating evaluated by the rating agencies, carried out their own risk analysis commensurate with the complexity of the product(s) and the materiality of their holding for every investment made? CERTIFICATION Certified that the information given herein is correct and complete to the best of my knowledge and belief and nothing has been concealed or suppressed. Signature:............................................. Signature:............................................. Signature:............................................. Chief Executive Officer Chief of Finance Chief of Investments Date: FORM - 4 (Read with Regulation 10) PART B Name of the Insurer: Registration Number: Statement as on: INTERNAL / CONCURRENT AUDITOR'S CERTIFICATE ON INVESTMENT RISK MANAGEMENT SYSTEMS - IMPLEMENTATION STATUS Remarks & Comments of Audit MMM/YYYY Committed by the Proof provided (or) Committee of the Board on non- Severity of Non Action(s) taken for Insurer's Board to IRDA for demonstrated by the Insurer, to No Annexure Ref Audit Objective Audit Observation compliance of `time frame' Compliance Compliance complying with the the Auditor to comply with the communicated to IRDA on requirement Requirement implementing Systems & Processes 1 2 3 4 5 6 7 8 9 A ISSUES OF PREVIOUS QUARTER(S) 231 B ISSUES TO BE COMPLIED IN CURRENT QUARTER CERTIFICATE We certify that all issues, to be reported to IRDA on implementation of Investment Risk Management Systems and ProcessES, for the Quarter and pending issues of previous Quarter(s) [as committed to IRDA], and as listed in the Chartered Accountant's Certificate issued, vide Circular INC/CIR/008/2008-09 Dt. 22 nd Aug, 2008, have been covered in the above table. Place: ------------------------------ Date: Chartered Accountants (Internal / Concurrent Auditor) Note: 1. No. (under Col. 1 in above table) shall be as per the Annexure(s) to the Certificate issued by the Chartered Accountant appointed to certify implementation of Investment Risk Management Systems and Process Appendix `A' 2. If all the issues have been complied with and no issues to be reported, a NIL statement should be filed FORM - 4A (Read with Regulation 10) PART A Name of the Insurer: Registration Number: Statement as on: Total Investment Asset for the quarter as per FORM 3A: Technical Guide EXPOSURE NORM COMPLIANCE - INVESTEE COMPANY Rs. Crore % of Deviation with respect to Equity & Equity related Debt + Others Equity + Debt + Others Deviation Amount Regulation Whether No Investee Company Eligibility Limit Eligibility Limit Eligibility Limit Equity + (Equity/Debt) (Debt + Equity + Debt (Debt + as per Actual as per Actual as per Actual Equity Equity Debt + Others) + Others Others) Regulation 9* Regulation 9* Regulation 9* Others 232 CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Signature: Date: Full name: Note: Chief of Finance 1. Above table shall be Complied separately for Life, Pension & General Annuity and Group Business and Individually for each Segregated Fund (SFIN) AND at Assets under Management Level 2. Only (-ve) deviations are to be reported 3. Exposure would be on the basis of Book Value for Non-unit linked funds & on Market Value for Unit linked Funds 4. Provisions of Section 27A (8) / Section 28B (9) of The Insurance Act, 1938 has been complied with. FORM - 4A (Read with Regulation 10) PART B Name of the Insurer: Registration Number: Total Investment Asset for the quarter as per FORM 3A: Statement as on: Rs. Crore EXPOSURE NORMS COMPLIANCE- PROMOTER GROUP Eligibility limit of group as Actual Investments % of Deviation with respect No Name of Group Company Deviation per Regulation 9 (Cumulative) to regualtion a b d e f=d-e g 233 CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Signature: Date: Full name: Chief of Finance Note: 1. Above table shall be Complied in aggregate of its total investments 2. Exposure would be on the basis of Book Value for Non-unit linked funds & on Market Value for Unit linked Funds Appendix `A' FORM - 4A (Read with Regulation 10) PART C Name of the Insurer: Registration Number: Technical Guide Statement as on: Rs. Crore Total Investment Asset as per FORM 3A: EXPOSURE NORMS COMPLIANCE- GROUP Eligibility limit of Actual % of Deviation with No Name of Group Company group as per Investments Deviation respect to regualtion Regulation 9 (Cumulative) a b c d f=c-d g 234 CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Signature: Date: Full name: Chief of Finance Note: 1. Above table shall be Complied separately for Life, Pension & General Anniuty and Group Business and Individually for each Segregated Fund (SFIN) AND at Assets under Management Level its total investment assets 2. Exposure would be on the basis of Book Value for Non-unit linked funds & on Market Value for Unit linked Funds FORM - 4A (Read with Regulation 10) PART D Name of the Insurer: Registration Number: Statement as on: Rs.Crore Total Investment Asset as per FORM 3A: EXPOSURE TO INDUSTRY SECTOR Eligibility limit of Actual % of Deviation with No Name of Industry Sector (as per Regulations) industry as per Investments Deviation respect to Regulation 9 (Cumulative) regualtion a b c d e=d-c f 235 CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Signature: Date: Full name: Chief of Finance Note: 1. Above table shall be Complied separately for Life, Pension & General Annuity and Group Business and Individually for each Segregated Fund (SFIN) AND at Assets under Management Level its total investment assets 2. Exposure would be on the basis of Book Value for Non-unit linked funds & on Market Value for Unit linked Funds Appendix `A' FORM - 5 (Read with Regulation 10) Name of the Insurer: Registration Number: Statement as on: Statement of Investment Reconciliation Name of the Fund: (Business within India) Rs.Crore Periodicity of Submission : Quarterly Technical Guide Opening Balance Purchase for the Period Sale for the Period Adjustments Closing Balance No Category of Investments COI % to Total (1+2+3) Face Value Book Value Face Value Book Value Face Value Book Value Face Value Book Value Face Value Book Value Makret Value 1 Central Govt. Securities Total (1) 2 Central Govt. Sec, State Govt Sec or Other Approved S Total [1+2] 3 Investments subject to Expsoure Norms (a) Housing & Loans to State Govt for Housing / FFE 1. Approved Investments 2. Other Investments Total [3(a)] (b) Infrastructure Investments 1. Approved Investments 236 2. Other Investments Total [3(b)] (c) Approved Investments Total [3(c)] (d) Other Investments Total (3(d)) Total [3 (a+b+c+d)] TOTAL Total (1+2+3) CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Also, certified that all Cash Market transactions executed on the Stock Exchange are made only on Delivery basis. Date: Signature NOTE: Full Name & Designation 1. Individual Categories under each of the above Major heads should be listed with Category Code Chief of Finance 2. FORM-5 shall be prepared in respect of each fund. In case of ULIP Form 5 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level. 3. Each sub-total of FORM-5 shall be linked to its corresponding head in PART-A of FORM-3A / FORM-3B. 4. 'Other Investments' are as permitted under Sec 27A(2) and 27B(3) 5. Guidelines on preparation of FORM 5 should be strictly followed. 6. The ' % to Total ' Column, in the case of Non-Linked funds shall be computed on Book Value and in the Case of Linked Funds it shall to Market Value FORM - 5A (Read with Regulation 10) Name of the Insurer: Registration Number: Statement as on: Name of the Fund: Statement of Investment made in Mutual Funds Rs.Crore Periodicity of Submission : Quarterly Op. Balance Purchase for the Qtr Sale for the Qtr Cl. Balance PARTICULARS COI Market Value % to Total Inv. Units Amount Units Amount Units Cost of Sale Units Book Value Approved Investments MF - Gilt / G Sec / Liquid Schemes EGMF 0 0 0 Total (A) 0 0 0 MF - (under Insurer's Promoter Group) EMPG 0 0 0 Total (B) 0 0 0 Total (A+B) Other Investments MF - Debt / Income / Serial / Liquid Funds OMGS 237 0 0 0 Total (C) 0 0 0 MF - (under Insurer's Promoter Group) OMPG 0 0 0 Total (D) 0 0 0 Total (C+D) Total (A+B+C+D) CERTIFICATION Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief. Signature: Date: Full name: NOTE Chief of Finance 1. FORM-5A shall be prepared in respect of Life, Pension & General Annuity and Group Business and ULIP funds 2. Each sub-total of FORM-5A shall be linked to its corresponding head in FORM-5. 3. 'Other Investments' are as permitted under Sec 27A(2) and 27B(3) of The Insurance Act,1938 4. Guidelines on preparation of FORM 5 should be strictly followed. 5. Invsetments made in liquid and Gilt mutual funds in excess of norms specified in Circular: INV/CIR/008/2008-09 Dt. 2nd Aug, 2008 under Point:5, shall be reported under 'Other investments' Appendix `A' 6. FORM-5A shall be prepared in respect of each fund. In case of ULIP Form 5 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level. FORM - 6 (Read with Regulation 10) Name of the Insurer: Registration Number: Name of the Fund: Statement as on: Certificate under Section 28(2A) / 28(2B) / 28B(3) of The Insurance Act, 1938 Rs.Crore Periodicity of Submission : Quarterly Under the Custody of Technical Guide No Investment Particulars Bank / Custody (Rs) Self (Rs) Others (Rs) Total (Rs) Share Holders Policy Holders Share Holders Policy Holders Share Holders Policy Holders SH + PH 1 Central Govt. Security 2 Central Govt Securities, State Govt Securities or Other Approved Securities 3 Investment subject to Exposure Norms a. Housing & Loans to State Govt. for Housing & FFE 1. Approved Investments 2. Other Investments b. Infrastructure Investments 1. Approved Investments 2. Other Investments c. Approved Investments 238 d. Other Investments TOTAL CERTIFICATE We certify that the above mentioned securities are held free of any encumbrance, charge, hypothecation, or lien as on the above date. Signature: Signature: Signature: Full name: ___________________________ Full name: Full name: Chairman ___________________________ Director 1 Director 2 Signature: Full name: Principal Officer Note: 1. Custodian should certify that he is not disqualified under SEBI (Custodian of securities) Regulations, 1996 as amended from time to time. 2. Value of the Securities shall be as per Guidelines 3. In the case of Life Insurance Business, FORM-6 shall be prepared in respect of each fund and in aggregate for Segregated Funds 4. The values under certificate should be adjusted for Purchase / Sale of investments purchased and awaiting settlement. A reconciliation to this effect should be attached to the Certificate. FORM 7 (Read with Regulation 10) Name of the Insurer: Registration No: Name of Fund: Rs.Crore DETAILS OF NON-PERFORMING ASSETS - QUARTERLY Bonds / Debentures Loans Other Debt instruments T0TAL NO PARTICULARS YTD ( As on Prev. FY ( As on YTD ( As on Prev. FY ( As on YTD ( As on Prev. FY ( As on YTD ( As on Prev. FY ( As date) 31 Mar .....) date) 31 Mar .....) date) 31 Mar .....) date) on 31 Mar .....) 1 Investments Assets (As per Form 3A / 3B - Total Fund) 2 Gross NPA 3 % of Gross NPA on Investment Assets (2/1) 4 Provision made on NPA 5 Provision as a % of NPA (4/2) 6 Provision on Standard Assets 7 Net Investment Assets (1-4) 8 Net NPA (2-4) 9 % of Net NPA to Net Investment Assets (8/7) 239 10 Write off made during the period Certification Certified that the information given herein are correct and complete to the best of my knowledge. Also certified that the various investments made and covered in the return are within the exhaustive categories provided in Investment Guidelines as amended from time to time. Signature: Full name: Chief of Finance Note: 1. The above statement, in the case of 'Life' Insurers shall be prepared 'fund-wise' Viz. Life Fund, Pension & General Annuity and Group Business and ULIP Fund 2. Investment Assets should reconcile with figures shown in Schedule 8, 8A, 8B & 9 of the Balance Sheet 3. Gross NPA is investments classified as NPA, before any provisions 4. Provision made on the 'Standard Assets' shall be as per Circular: 32/2/F&A/Circulars/ 169/Jan/2006-07 as amended from time to time. 5. Net Investment assets is net of 'provisions' 6. Net NPA is gross NPAs less provisions Appendix `A' 7. Write off as approved by the Board APPENDIX `B' Date: 22rd Aug. 2008 Ref.: INV/CIR/008?2008-09. The CEOs of all Insurers Dear Sir/Madam Sub: IRDA (Investment) (Fourth Amendment) Regulations, 2008 - Reg. 1. As you are aware, a Working Group was set up by the Authority, to review comprehensively the current regulatory and other provisions on Investments of Insurance companies and suggest changes considered necessary in the light of experience gained/ the constraints faced by Insurance Companies, as well as the developments in Financial Markets. The Working Group reviewed the statutory provisions on the pattern of Investment, Operational and Policy issues of Investment Regulations and suggested amendments that would provide flexibility to the Authority in the manner of Regulation on Investment of Life and General Insurance Companies. The Group also looked into the concurrent modifications in the formats of the prescribed Returns to reflect the changes. 2. The recommendations of the Working Group have been examined by the Authority in the light of legal provisions and keeping in view the interests of the stakeholders. The implementation of some of the proposals requires appropriate changes in Regulations and evolution of suitable regulatory framework. It was also observed by the Authority while monitoring compliance with the regulations over a period that some of the extant instructions/guidelines also needed clarity and consistency. 3. Accordingly, the Authority has initiated action to amend the provisions of IRDA Investment Regulations, 2000 in order to implement the recommendations of the Working Group and also to effect such changes that are considered necessary to clarify the existing regulatory requirements. A copy of the Gazette notification on the amended regulations is available at our website www.irdaindia.org. Insurers are advised to peruse the notifi cation to take the modifications on record for further compliance. For the sake of convenience a brief summary of the changes proposed to be effected in the Regulations is furnished in Annexure ­ I. Appendix `B' 4. Besides the amendment in regulations, it has also been decided to effect some modifications in the extant Guidelines/ Circulars on investment portfolio [Annexure - II] and also introduce certain requirement on the Systems/Process of investment in the context of Risk Management requirements. The proposals in this regard are outlined in Annexure ­ III. 5. Insurers are advised to place the Circular before the Board at the next meeting in order to apprise the Directors of the important changes brought about in the management of investment portfolio. The Board should also be advised of the specific time bound action taken to comply with the requirements on investment systems and process wherever considered necessary. 6. The changes would be effective from the dates indicated therein. C. R. MURALIDHARAN MEMBER 241 Technical Guide Annexure I AMENDMENT TO IRDA (INVESTMENT) REGULATIONS, 2000 Reg. Regulation Implication of Amendment No. 2. DEFINITIONS Investment Assets a. Investment Assets of Life and General Insurance Companies have been defined along with valuation methods. Group b. Group will include Financial Institutions for the purpose of Exposure calculations. Money Market Instruments c. Money Market Instruments include rated CDs, CPs, TDs, Repo, Reverse Repo, Treasury Bills, Call, Notice, Term Money, CBLO with maturity less than one year. 3. RENAMING OF OTHER THAN APPROVED INVESTMENTS The Insurance Act,1938 under a. This category of Investments Sections 27A (2) and 27B (3) will henceforth be referred to refers to investment permitted as `Other Investments'. under these sections as b. All provisions of the Act, `Otherwise than in an Approved Regulations, Circulars and Investments' and the IRDA Guidelines pertaining to (Investment) Regulations, 2000 investments falling under had interpreted it as 'Other than Sections 27A (2) and 27B (3) Approved Investments'. of Insurance Act, 1938 shall continue to be applicable as such. 3. REGULATION OF INVESTMENTS Exposure Norms a. It is now proposed that the Exposure Norms would be applicable to ULIP Business also. Infrastructure Investments b. Infrastructure facility had 242 Appendix `B' been aligned as per the definition of Reserve Bank of India. c. Infrastructure Investments would be subject to Investee, Mortgage Backed Securities Group Exposure. (MBS) d. Investment in MBS, rated as per Guidelines, will fall under `Approved Investments' and will qualify for investment under `Housing Sector' for the purpose of pattern of Investments. e. MBS will be subject to Industry Sector Exposure Approved Investments and Rating Norms. Requirement f. It is now proposed to recognize securities complying with the following criteria as `Approved Investments'. i. Bonds/Debentures issued by companies (including All India Financial Institutions, recognized by RBI as such) shall be rated not less than AA or its equivalent and P1 or Equivalent ratings for Short term Bonds/ Debentures/ CDs and CPs. ii. Tier II Bonds of Banks, complying with the above rating criteria, will be classified under Approved Investments. g. Assets / Instruments, downgraded below the minimum rating prescribed above, should automatically 243 Technical Guide be re-classified under 'Other Investments' category for the purpose of pattern of Investments. h. The above approach will be reviewed based on experience after a period of two years. i. Rating should not replace appropriate risk analysis and management on the part of the Insurer. The Insurer should conduct risk analysis commensurate with the complexity of the product(s) and the materiality of their holding, or could also refrain from such investments. j. The modification will be effective from August 1, 2008 5. COMPLIANCE TO EXPOSURE The Authority, to remove the NORMS differential treatment of IRDA (Investment) Regulations, a.provisions applicable to 2000 requires exposure norms to Public Sector and Private be calculated based on Controlled Sector Insurers, had Fund and Total Assets in the case amended the exposure of Life and General Insurance norms as follows: Companies respectively. b. 10% of Outstanding Shares Regulation 3 of IRDA (Investment) (Face Value) or 10% of Fund Regulations, 2000, in terms of size, whichever is lower, can explanation in Section 27A of the be invested in Equity Shares Act, had determined that assets of Investee Company. relating to Pension Business, c. Sum of 10% of Subscribed Annuity Business and Linked Life Share Capital, Free Insurance. Reserves and Business would not form part of Debentures/Bonds of Controlled Fund for the purpose of Investee Company or 10% of that section. Fund size, whichever is lower, can be invested in Debt instruments of Investee Company. d. A maximum of 5% of 244 Appendix `B' Investments Assets of General Insurers or 5% of Investment Assets of funds relating to life funds, pension and general annuity funds in the case of life insurer can be invested in Immovable Property as per Sec. 27A(1)(n) of Insurance Act, 1938. e. A maximum of 25% of Investment Assets can be invested in Banking and Financial Sector instruments. f. Not less than 75% of debt instruments excluding Government and Other approved Securities ­ fund wise, in the case of life insurer and Investment assets in the caser of general insurer ­ shall have a rating of AAA or equivalent rating for long term and P1+ or equivalent for short term instruments. This shall also apply to Unit linked funds(s). g. FDs, TDs, CDs invested as per Sec. 27A(9) and 27B(10) of the Act and subject to Promoter Group Exposure limits, would not be deemed as Exposure to Banking Sector. Treatment of Free Reserves h. Free Reserves of the Investee Company, recognized in Regulations 5 of IRDA (Investment) Regulations, 2000 under Investee Company Exposure Norms will be considered under 27A(3), 27A(4), 27B(4) 245 Technical Guide & 27B(5) in addition to the Subscribed Share Capital and Debentures of the Investee Company. i. At any point of time, exposure to a single Investee Company under 27A (3) and 27B (4) shall not exceed 10% of the sum of Subscribed Share Capital, Free Reserves and Debenture/Bonds, taken as per the previous year Balance Sheet of the Investee Company. 6. RETURNS TO BE FURNISHED Introduction of new periodical a. All forms have been returns and amendment to existing amended for the various returns. decisions reached. b. All returns are required to be filed on a Quarterly basis. The period of submission has been increased from 21 to 45 days to ensure proper sync with Actuarial returns. c. FORM 3C is no more required to be filed. d. FORM 7A is introduced to capture details of Non- Performing Assets. 9. CONSTITUTION OF a. Chief of Investment (CIO) INVESTMENT COMMITTEE and Chief of Finance (CFO) AND INVESTMENT POLICY will be different individuals in Investment Committee the Investment Committee Investment Policy and Investment (IC) Department b. Investment Policy need not be filed with the Authority. But is required to be drawn in respect of each Unit linked fund. c. Investment Policy should 246 Appendix `B' address all risks, Scope of Internal and Concurrent Audits including investment Statistics. d. To ensure internal control of Investment function, the Insurer is required to segregate operations and functions between Front, Mid and Back Office. Further, the Front office will report through CIO to the CEO. The Mid and Back Office, headed by separate personnel, will report through CFO to the CEO. e. Issues relating to Internal and Concurrent Audit made clear. Audit is made to cover Investment Operations and System & Process supporting Investment Operations. 247 Technical Guide Annexure II 1. NEED FOR INVESTMENT SYSTEMS IRDA (Registration of Companies) Regulations, 2000 under Regulation 7 (c) of Chapter II requires every Insurer to carry on all functions in respect of the Insurance business including management of investments within its own organization. In the context of the increasing volumes of the Unit linked life Insurance business and consequent market risk being assumed by the policyholders, it is appropriate to specify the minimum requirements for risk management systems within the Insurers, with particular reference to the investment activity (Please see Annexure ­ III enclosed). The Investment Risk Management Systems & Processes specified, outline the minimum requirement to be in place. While it is likely that some of the Insurers have already put in place adequate systems and processes consistent with the proposals, there may be others who need to modify the systems to achieve compliance. Hence the effective date for adoption of the suggested measures by all insurers shall be not later than December 31, 2008. All Insurance Companies, seeking registration henceforth shall comply with this guideline, as a part of the registration process. The Authority advises that a Chartered Accountants firm, who is not the Statutory or Internal or Concurrent Auditor of the concerned Insurer and having a minimum of three to four years audit experience of IT systems, risk management and process controls of Banks or Mutual Funds or Insurance Companies, shall certify that the Investment Risk Management Systems and Processes envisaged by these guidelines are in place and working effectively. The Insurer shall file with the Authority, the Chartered Accountants certificate not later than the 1st week of January, 2009. 2. RENAMING OF OTHER THAN APPROVED INVESTMENTS AS `OTHER INVESTMENTS' The Insurance Act, 1938 under Sections 27A (2) and 27B (3) refers to investment permitted under these sections as `otherwise than in an approved investment'. IRDA (Investment) Regulations, 2000 refers it as `other than approved investments'. For simplicity, this category of investment will henceforth be referred to as `Other Investments'. All provisions of the Act, Regulations, Circulars and Guidelines pertaining to investments falling under Sections 27A (2) and 27B (3) of Insurance Act, 1938 shall continue to be applicable as such. 248 Appendix `B' 3. TREATMENT OF FREE RESERVES AND EXPOSURE The Insurance Act, 1938 under Sections 27A (3), 27A (4), 27B (4) and 27B (5) allows exposure to banking companies, investment companies and other companies based on the least of Capital Employed or the specified percentage of `controlled fund' in the case of Life insurer and `assets' in the case of general insurance companies. Further, the Insurance Act, 1938 do not recognize `free reserves' as a part of capital employed, though the same is recognized in IRDA (Investment) Regulations, 2000 for calculating the investee company exposure norms. It is now clarified that: a. In addition to subscribed capital and debentures, `free Reserves' of the investee company, recognized in Regulations 5 of IRDA (Investment) Regulations, 2000 under investee company exposure norms, shall be considered in calculating the exposure under 27A(3), 27A (4), 27B (4) and 27B (5). b. Also, at any point of time, the exposure to Investee Company under Sections 27A(3) and 27B(4) shall not exceed 10% of the sum of paid-up share capital, free reserves and debenture/bonds, taken as per the audited balance sheet not more than one year old of the investee company. c. The effective date for adoption of norm by all insurers shall be from August 1, 2008. 4. INVESTMENT IN IPOs The Authority had issued Circular INV/CIR/046/2004-05 Dt: November 8, 2004 on Investment in Initial Public Offer which was further modified vide Circular INV/CIR/059/2004-05 dated December 28, 2004. As compliance with a few conditions mentioned in the above circular posed operational difficulties, the guidelines have been reviewed to effect the following changes: (i) Equity Shares offered through IPO which comply with the criteria listed in the circular INV/CIR/046/2004-05 dated November 8, 2004 for categorization as `Approved Investments' would henceforth include `Offer for sale' also. (ii) The criterion on minimum size of the IPO including Offer for Sale for investment by Insurers would now stand uniform at Rs. 200 249 Technical Guide Crores in super session of the instructions at item 2 and 3 of our Circular of November 8, 2004 and that contained in Circular INV/CIR/059/2004-05 dated December 28, 2004. (iii) It has now been decided that the details of investments in Equity Shares through IPOs required to be filed with IRDA vide Circular dated November 8, 2004 need not be filed with the Authority with effect from August 1, 2008 (iv) It has also been decided to prescribe the following limits for investments in IPOs by insurers: LIMIT FOR INVESTMENT IN `IPO' In the case of Life Insurance Company, the maximum bid amount (and not Margin Money) to be invested in IPO shall be the lesser of the following: (a) 10% of Subscribed Capital (Face Value) of the Investee Company (including the proposed Equity issue through IPO) or (b) 10% of the `Fund'. In the case of General Insurance Company, the maximum bid amount (and not Margin Money) to be invested in IPO shall be the lesser of the following: (a) 10% of Subscribed Capital (Face Value) of the Investee Company (including the proposed Equity issue through IPO) or (b) 10% on the Investment Assets. Note: `Fund' shall refer to all investment funds under management put together. 5. INVESTMENT IN MUTUAL FUNDS As Gilt, G Sec and Liquid Mutual Funds, predominantly invest in Government Securities and Money Market instruments, the Authority has decided to revise the existing guidelines on investment in Mutual Funds. These investments in Gilt, G Sec and Liquid Mutual Funds would form part of `Approved Investment' under IRDA (Investment) (Fourth Amendment) Regulations, 2008 as per guidelines listed below. However, these investments should not be used as long-term investments instead of investing directly in Government Securities. This Guideline shall be effective from August 1, 2008. Any Investment made in other categories of Mutual Funds, including those which partly invest in Government Securities and Money Market 250 Appendix `B' instruments, will fall under `Other Investments', which in turn shall be subject to the limits prescribed in the guidelines issued under IRDA (Investment) Regulations, 2000 along with the norms mentioned below. A. NORMS FOR MUTUAL FUND INVESTMENTS The investment shall be restricted to schemes of Mutual Funds comprising of Liquid, Gilt, G Sec or Debt/Income funds and subject to the following conditions: i. The Mutual Fund should be registered with SEBI and be governed by SEBI (Mutual Funds) Regulations, 1996. ii. Gilt, G Sec, Liquid MFs, Debt/Income shall have the same meaning as under SEBI Regulations. iii. The insurer shall ensure proper diversification among various Mutual Funds to minimize risk. iv. The Investment Committee of the Insurer shall lay down proper Guidelines for selection of Mutual Funds and schemes permissible including exposure norms to a Single Mutual Fund and to each Scheme of Mutual Fund to avoid concentration. v. Where the schemes of mutual funds in which such investment is made by an Insurer, is managed by an Investment Manager who is under the direct or indirect management or control of the Insurer or its promoter, the same shall not exceed 3% of Life Fund and 5% of Unit Linked Fund/Investment Assets. B. OVERALL INVESTMENT/EXPOSURE LIMIT i. The investment in Gilt, G Sec, Liquid Mutual Funds at any point of time, under the Approved Investment category shall be as under: Fund size Limit Above Rs.50000 Crores in the 1.5 % of the Fund in the case case of Life Company and of Life Company and 1.5% of above Rs.2000 Crores in the Investment Assets in the case case of General Insurance of General Insurance Company. Company Upto Rs.50000 Crores in the 5% of the Fund in the case of case of Life Company and up to Life Company and 5% of 251 Technical Guide Rs.2000 Crores in the case of Investment Assets in the case General Insurance Company. of General Insurance Company. ii. In addition to the above, the maximum investments in Mutual Funds falling under `Other Investments' Category, shall be as follows: Nature of Private Sector Public Sector Business Life Fund ULIP Life Fund ULIP Life 7.5% 12.5% 3% 5% Non Life 12.5% 5% The percentage in the above table refers to in the case of: Life Companies - to individual Fund Size General Insurance Companies - to Investment Assets. iii. Investment in Gilt, G Sec, Liquid Mutual Funds beyond the percentage mentioned in the table under point B(i), will automatically fall under the `Other Investments' category in calculating pattern of investment. C. VALUATION OF MUTUAL FUND INVESTMENTS i. The purchase and sale of units shall be calculated at Weighted Average Cost. Also, the insurer shall report the aggregate Market Value of such Mutual Funds in FORM 5 and FORM 5A of IRDA (Investment) Regulations, 2000, ii. A separate Fair Value Change Account for Mutual Fund Investments shall be maintained. iii. The unrealized gains/losses arising due to changes in fair value of the Mutual Funds shall be taken to `Fair Value Change ­ Mutual Fund' account. The Profit/Loss on sale of Mutual Fund units, shall include accumulated changes in the Fair value previously recognized in Mutual Funds under the heading "Fair Value Change ­ Mutual Fund" in respect of a particular Mutual Fund and being recycled to Revenue/Profit and Loss Account on actual sale of Mutual Fund units. 252 Appendix `B' iv. The Insurer shall assess, on each Balance Sheet date, whether any diminution in the value has occurred to the Investment. A diminution in the value of investments shall be recognized as an expense in Revenue/Profit and Loss Account to the extent of the difference between the remeasured fair value of the Investment and its Cost as reduced by any previous diminution in value of investments is recognized as expenses in Revenue/ Profit and Loss Account. Any reversal of diminution in value of investments earlier recognized in Revenue/Profit and Loss Account shall be recognized in Revenue/Profit and Loss Account. v. In the case of Unit Linked Business, Mutual Fund units shall be valued at NAV. 6. INVESTMENT IN ASSET BACKED SECURITIES, PTCs & SRs The extant Guidelines INV/GLN/001/2004-05 dated January 1, 2004 allow investment in Pass through Certificates (PTC) under Approved Sectors, namely `Infrastructure/Social Sector'. The Authority, after considering the request of Insurers, the significant growth of this market and the suitability of these instruments to match the long-term liabilities of insurers has decided to reckon them as `Approved Investments' subject to the following conditions. Hence, Asset Backed Securities, but only with underlying Housing loans and infrastructure assets would be reckoned to be part of Approved Investments subject to exposure norms, under Housing, Infrastructure Sector Investments for the purpose of Regulation 3 and 4 of IRDA (Investment) Regulations, 2000 as modified now. This Guideline shall be effective from August 1, 2008. The investment in Asset Backed Securities with underlying Housing and/or Infrastructure assets [as defined under Regulation 2(h) of IRDA (Registration of Indian Insurance Companies) Regulation, 2000] may be deemed as a part of "Approved Investments" and Pass Through Certificates (PTCs), Asset backed Securities (ABS) and Security Receipts (SRs) may be deemed as part of "Other Investments" for the purpose of Regulation 3 and 4 of IRDA (Investment) Regulations, 2000 subject to following exposure and prudential norms: 1. The securitized assets must be rated and shall have highest rating by a reputed Credit Rating Agency, registered under SEBI (Credit Rating Agencies) Regulations, 1999. 2. The investment in Asset Backed Securities with underlying Housing and/or Infrastructure assets shall at `all times' not exceed 10% of 253 Technical Guide respective fund(s) in the case of Life Insurance Companies and not more than 5% of Investment Assets in the case of General Insurance Companies. 3. If the Asset Backed Securities with underlying Housing and/or Infrastructure assets are downgraded below AAA, or the highest rating, such investment shall be re-classified as `Other Investments'. 4. In case the cash-flows from such instrument are not received on due dates, the investment in such assets are to be re-classified as "Other Investments" from such date for reporting to the Authority through FORM 3A (Part A) of IRDA (Investment) Regulations, 2000. 5. The investments in securitized assets, both under Approved and Other Investments, taken together shall not exceed 10% of fund size in the case of Life Companies and not more than 5% of Investment Assets in the case of General Insurers. 6. The Insurer shall lay down internal guidelines for investment in securitized assets (ABS, PTCs and SRs) to avoid concentration with regards to issuer, tenor and type of underlying and any other criteria to achieve diversification. 7. All guidelines of Classification, Income Recognition and Valuation of Assets issued by the Authority shall be applicable to such investments. 7. INVESTMENTS IN PERPETUAL DEBT INSTRUMENTS In terms of the Circular IRDA/INV/CIR/005/2006-07 Dt. April 28, 2006 on `Investment in Innovative Perpetual Debt Instrument of Bank Tier 1 Capital and Debt Capital of Banks Upper Tier 2 Capital' within certain limits are considered under `Approved Investment'. As it is represented that the current ceiling on maximum investment in the bonds is restrictive, IRDA has reexamined the issue and has decided to delete the maximum permissible limit for such instruments by Life and General Insurers prescribed in paras 3 and 4 of the above Circular dated April 28, 2006. The revision will be effective from August 1, 2008. 8. INVESTMENT IN VENTURE FUNDS The Authority vide Circular INV/CIR/007/2003-04 dated: December 15, 2003 had listed the conditions and maximum investment that can be made in Venture Funds. While investment in Venture Funds would continue to be categorised under `Other Investments' as per IRDA (Investment) Regulations, 2000 as 254 Appendix `B' amended from time to time, the following special guidelines may be kept in view in respect of Venture Funds:- 1. The decision to invest in the Venture Fund shall remain with the Investment Committee of the Insurer, and within the approved Investment Policy of the Insurer, subject to appropriate prudential and exposure norms and complying with the provisions of IRDA Regulations concerned. 2. The Venture Fund would invest in Infrastructure Projects as defined under IRDA (Registration of Indian Companies) Regulations, 2000 as amended from time to time. [Refer latest amendment to `infrastructure facility' under Regulation 2 (h) of Insurance Regulatory and Development Authority (Registration of Indian Insurance Companies) (Second Amendment) Regulations, 2008 vide GO Gazette notification dated February 11, 2008.] 3. Investments in Venture Fund(s) shall be subject to the following exposure norms: Particulars Overall exposure limits Limits for Investment Life Insurance Company in `Venture Fund' 3% of respective Fund (or) 10% of Venture Fund's Size, whichever is lower. General Insurance Company 5% of Investment Assets (or) 10% of Venture Fund's Size, whichever is lower. The above conditions supersede those issued in the Circular INV/CIR/007/2003- 04 dated: December 15, 2003. The new Guidelines will be effective from August 1, 2008. 9. APPOINTMENT OF CUSTODIAN Section 28B(3) of The insurance Act, 1938 requires every insurer to submit, along with the returns referred to in Sections 28B(1) and 28B(2), a statement, where any part of the assets are in the custody of a Banking Company, from that company, and in any other case, from the Chairman, two directors and the Principal Officer, of the company specifying the assets, which are subject to a charge and certifying that the other assets are held free of encumbrance, charge, hypothecation or lien. The Authority, has also prescribed FORM 6 in the IRDA 255 Technical Guide (Investment) Regulations, 2000 for the certification. Currently the custodian appointed by the Insurer (which could be either belonging to the Insurer's promoter group or otherwise) issues a certificate to the above effect and the Insurer, as required under the Act, certifies that the Assets held are free from encumbrance, charge, hypothecation or lien. Considering the implications of the certification by the Custodian belonging to the Insurers Promoter Group of the Insurer, it is decided that all insurers should comply with the following norms: A. Appointment of Custodian (i) The Board of the Insurance Company shall be responsible for the appointment of Custodian to carry out the custodial service for its Investments. (ii) No custodian in which the promoter or its associates hold 50% or more of the voting rights of the Share Capital of the custodian or where 50% or more of the Directors of the Custodian represent the interest of the promoter or its associates shall act as Custodian for the Insurance Company constituted by the same promoter or any of its associates or subsidiary company. B. Agreement with Custodian (i) The Insurer shall enter into a custodial agreement with the Custodian, which shall contain the clauses, which are necessary for the efficient and orderly conduct of the affairs of the Custodian. (ii) The agreement, the services contract, terms and appointment of the Custodian shall be entered into with the prior approval of the Board. Insurers who are not compliant currently with the above conditions shall take immediate steps to achieve compliance not later than December 31, 2008, under intimation to the Authority. 10. SEGREGATION OF SHAREHOLDERS & POLICYHOLDERS FUNDS The Insurance Act, 1938 under Section 11 (1B) requires `Every insurer to keep separate accounts relating to funds of shareholders and policyholders'. Taking note of representations of general insurance companies, as a measure of practical application, the provisions of Section 11(1B) would be deemed to have been complied with, in the case of General Insurance Company, if Investments 256 Appendix `B' are `allocated' to the policyholders' funds to the extent of the Technical reserves in respect of general insurance business and the specifi c liabilities of general insurance business and the balance shown as Shareholders' funds. However, a Life Insurer should continue to maintain strict segregation of Investments between Shareholders and Policyholders funds at `Scrip' level for every individual fund under any class of business without making arbitrary transfer of investments from one fund to another. Further, both Life and General insurers should make necessary arrangements (through a separate Custody Account) to facilitate identification of investment out of Shareholders funds that do not support Solvency Margin and which is not covered by the prescribed pattern of Investments. This Guideline shall be effective from December 31, 2008. 11. OUTSOURCING OF INVESTMENT ADVICE The Authority, considering the cost involved in setting up Research and advisory divisions would permit outsourcing of Investment advice only at the initial stages and till the insurers attain a Fund Size of Rs.500/- Crores Assets under Management (AUM) or two years from the commencement of business, whichever is earlier, subject to the following conditions: a. The Investment decisions are made within the Company with proper documentation within the delegated power as provided in the Investment Policy. b. Deal placement and execution are done by the Front Office personnel. c. Periodic reports to Management and Authority are drawn by the Company (in-house). d. The advisory fee to be paid to the Service Provider is on a case-to-case basis and not on Net Asset Value. The advisory fee shall: a. not form part of NAV calculations in the case of ULIP business b. be paid out of Shareholders funds not representing Solvency Margin. The Authority may, on an application made to it by an existing insurer, for valid reasons, grant a further period of time of not more than one year to comply with the above direction. 257 Technical Guide 12. OUTSOURCING OF `NAV' CALCULATION The permission to outsource Computation of NAV would be available only up to attainment of Fund Size of Rs.500/- Crores (Assets under Management) or two years from the commencement of business, whichever is earlier. Also, the fees paid to the service provider shall not form part of NAV calculations. The Authority may, on an application made to it by an existing insurer, for valid reasons, grant a further period of time of not more than one year to comply with the above direction. 258 Appendix `B' Annexure III INVESTMENT RISK MANAGEMENT SYSTEMS & PROCESSES A. GENERAL 1. FRONT & BACK OFFICE OPERATIONS a. Insurer having Assets under Management (AUM) in excess of Rs.500 Crores shall ensure separate personnel acting as fund manager and dealer. b. The Investment System should have separate modules for Front and Back Office. c. Transfer of data from Front Office to Back Office should be electronic without Manual intervention (Real time basis) i.e., without re-entering data at Back Office. d. The Insurer may have multiple Data Entry Systems, but all such Systems should be seamlessly integrated without manual intervention. e. The Front Office shall report through the Chief Investment Officer (CIO) to the Chief Executive Officer (CEO). The Mid Office and Back Office, to be headed by separate personnel, shall be under the overall responsibility of Chief Financial Officer (CFO) who shall independently report to the CEO. 2. EMPLOYEE DEALING GUIDELINES a. The Standard Operating Procedure followed by the Insurer shall clearly specify the Guidelines to be adhered by the Dealer i.e., the Insurer shall clearly specify the Trading guidelines for Personal Investments of the dealer. The compliance of this requirement shall be commented upon by the Internal/Concurrent Auditor. 3. MAKER CHECKER PROCESS a. Insurer should have the procedure of Maker/Checker mapped in their Standard Operating Procedure/Operations Manual of Investment Operations. The Internal/Concurrent Auditor shall comment on such practice in his report. 259 Technical Guide 4. AUDIT TRAIL AT DATA ENTRY POINTS a. The Audit trail should be available for all data entry points including at the Checker/Authorizer level. 5. BUSINESS CONTINUITY PROCESS a. To ensure Business continuity, the Insurer should have a clear Off-site Back-up of Data in a City falling under a different Seismic Zone, either on his own or through a Service Provider. Further, the Insurer/service provider (if outsourced) is required to have the necessary infrastructure for Mission Critical Systems to address at least the following: 1. Calculation of daily NAV (Fund wise) 2. Redemption processing. B. FRONT OFFICE 1. SEGREGATION OF FUND MANAGER/DEALER a. Investment Department should have documented the segregation of Fund Managers and Dealers through Authority Matrix as a part of its `Standard Operating Procedure'. b. The Insurer should have documented the Access Controls and Authorization process for Orders and Deal execution. c. The Dealing Room should have a Voice Recorder and procedure for maintaining the recorded conversation and their disposal including procedure like no mobile phone usage in dealing rooms and other best practices. 2. INVESTMENT IN INVESTEE/GROUP COMPANY/INDUSTRY SECTOR a. System based checks should be in place for investments in an Investee Company, Group and Industry Sector. The system should signal when the Internal/Regulatory limits are nearly reached PRIOR to taking such exposure and making actual investment. 260 Appendix `B' 3. INTER FUND TRANSFER a. The System should handle Inter Fund transfer as per Circular IRDA-FA-02-10-2003-04. The Investment Committee may fix the Cut Off time as per Market practice, for such transfer within the fund. (The inter fund transfer should be like any other Market deal and the same needs to be carried out within the Market hours only.) C. MID OFFICE 1. MARKET RISK a. The system should be capable of computing various portfolio returns. b. Regular limits monitoring and Exception Reporting. Also reporting on movement of prices. 2. LIQUIDITY RISK a. The Insurer should have a Cash Management System to provide the funds available for Investment considering the settlement obligations and subscription and redemption of units etc., to preempt any leveraged position or liquidity risk. b. The System should be validated not to accept any commitment beyond availability of funds. 3. CREDIT RISK a. The Investment System should capture Instrument Ratings to enable it to automatically generate FORM 2 (Statement of Downgraded Investments) through the System. b. System should automatically monitor various Regulatory limits on Exposure & Rating. c. The System should have the ability to track changes in ratings over a period and generate appropriate alerts, along with ability to classify investment between Approved and Other Investments. d. The Insurer should conduct periodic credit reviews for all companies in the portfolio. The periodicity should be clearly mentioned in the Investment Policy. 261 Technical Guide e. The Insurer is required to keep a track of movement of Securities between Approved and Other Investments Status, as a part of Audit trail, at individual security level. 4. TRACKING OF REGULATORY LIMITS a. The System should have key limits preset for ensuring compliance with all Regulatory requirements and should be supported by workflow through the System, (Real time basis) for such approval, if Regulatory limit is close to be breached. b. The System should have capability of generating Exception reports for Audit by Internal/Concurrent Auditor. 5. REVIEW, MONITORING AND REPORTING a. System should automatically track and report all internal limits breaches. All such breaches should be audited by Internal/Concurrent Auditor. b. Implementation and Review of Asset & Liability Matching and other Investment Policy Guidelines. D. BACK OFFICE 1. DATA INPUT ERROR a. The system should be validated in such a way, that the Deal can only be rejected by the Back Offi ce and not edited. 2. SETTLEMENT RISK a. The System should be validated to restrict Short Sales at the time of placing the order. 3. COMPUTATION OF `NAV' a. The System should be capable of computing NAV and compare it with the NAV computed by the Service provider, if outsourced. b. The Insurer should maintain NAV history (Fund wise) in his Public Domain from the Start of the Fund to Current Date. c. `NAV' error ­ Computation & Compensation 262 Appendix `B' 1. All expenses and incomes accrued up to the Valuation date shall be considered for computation of NAV. For this purpose, while major expenses like management fees and other periodic expenses should be accrued on a day to day basis, other minor expenses and income can be accrued on a weekly basis, provided the non-accrual does not affect the NAV calculations by more than 1%. 2. Any changes in Securities and in the number of Units should be recorded in the books not later than the first valuation date following the date of transaction. If this is not possible, the recording may be delayed upto a period of seven days following the date of the transaction. Provided, the non-recording does not affect the NAV calculations by more than 1%. 3. In case the NAV of a Plan differs by more than 1% due to non-recording of the transactions or any other errors/mistakes, the investors or fund(s) as the case may be, shall be paid the difference in amount as follows:- (i) If the investors are allotted units at a price higher than NAV or are given a price lower than NAV at the time of sale of their Units, they shall be paid the difference in amount by the plan. (ii) If the investors are charged lower NAV at the time of purchase of their units or are given higher NAV at the time of sale of their units, the Insurer shall pay the difference in amount to the Plan and shall be compensated from Shareholders portfolio that does not support Solvency Margin. (iii) The Internal/ Concurrent Auditor shall look into the above issues and specifically report on it and comment on the Systems in place to take care of such issues on an ongoing basis. (iv) A log of NAV errors shall be maintained in the System and be forwarded to Internal/Concurrent Auditors. 263 Technical Guide 4. ERRORS DURING BROKER EXECUTION LEG a. All Equity deals should be through STP gateway for all broker transactions. 5. UPLOADING OF VALUATION PRICE FILES a. System to have capability to upload Corporate Actions such as Stock Splits, Dividend, Rights Issue, Buy Back, Bonus issues etc., for computation of NAV/Portfolio valuation. 6. RECONCILIATION a. Fund wise, in the case of Life Insurers, reconciliation with Investment Accounts, Bank, and Custodian records should be done on day-to-day basis for all types of products. In the case of ULIP products, Units reconciliation with Policy Admin Systems should be ensured on a day to day basis. b. In the case of General Insurer/Re-insurer reconciliation with Investment Accounts, Bank and Custodian records should be done on a day-to-day basis. E. INTERNAL/CONCURRENT AUDIT a. An Insurer having Assets under Management (AUM) not more than Rs.1000 Crores shall conduct a Quarterly Internal Audit to cover both Transactionsand related Systems. Insurers having AUM above Rs.1000 Crores should appoint a Chartered Accountant firm for Concurrent Audit, to have the transactions and related Systems audited. b. The Audit Report shall clearly state the observation at transaction level and its impact, if any at System level. The Audit Report shall be based on Exception Reporting. c. The Auditor shall clearly state that the Insurer had done the reconciliations as required under point D.6.a. and D.6.b. d. Segregation of `Shareholders & Policyholders' funds 1. In the case of a Life Insurer, each individual fund, both falling under Shareholder/Policyholders', under any class of business, has `scrip' level investments to comply with the provisions of Section 11(1B) of Insurance Act, 1938 264 Appendix `B' 2. Furthermore the Shareholders funds beyond Solvency Margin, to which the pattern of Investment will not apply, shall have a separate custody account with identified scrips for both Life and General Insurance Companies. e. The Insurer is required to place the Audit Report before the Audit Committee and implement all its recommendations. f. The Insurer shall, along with Quarterly Investment Returns to be filed with the Authority, shall confirm in FORM 4, that the Internal/ Concurrent Audit observations, up to the Quarter preceding the Quarter to which the Returns are filed, were placed before the Audit Committee for its recommendation and action taken. Note: Points A (5.a.1) and D (3) are specific to ULIP Business. 265 Appendix `C' Date: 1st April, 2013 REF: IRDA/F&I/CIR/INV/067/04/2013 The CEOs of all Insurers Dear Sir / Madam, Sub: IRDA (Investment) (Fifth Amendment) Regulations, 2013 ­ Reg. As you are aware, based on the experience gained from the earlier amendments, feedback received through internal/Concurrent Audit report and periodical returns filed with the Authority, various issues were discussed with Working Group of professionals drawn from Industry, experts from SEBI and Department of Financial Service, MoF, Life Insurance Council, General Insurance Council in evaluating the need for introducing new instruments/amending existing regulatory framework to enable Insurers deploy funds more prudently without sacrificing safety, disclosure and governance requirements, very specific to Insurance Industry. The recommendations were analysed for legal and regulatory consistency, as well as the developments in Financial Markets including Unit Linked Insurance Policies as one of the product portfolios of life insurers. Also, the Authority during Investment Inspection observed that few regulations required clarifications. Thus the Authority initiated the process for amending the Investment Regulations to address the need of the Industry. The copy of the Gazette Notification on the amended regulation is placed at www.irda.gov.in Insurers may take note of the same for compliance. For the convenience of the Insurers, the brief details of the important changes brought in the 5th Amendment and clarification required are provided in Annexure-I. The regulations shall be effective from 1st April, 2013 and where ever the regulations demand departure from the effective date, the same are mentioned therein. The Insurers are hereby informed to place the Regulations, Circulars and Guidelines issued before their Board in their next meeting to apprise their Board of the important changes that have been brought in the 5th Amendments to IRDA (Investment) Regulations, 2000 R K NAIR Member (F&I) Appendix `C' Annexure ­ 1 KEY CHANGES IN IRDA (INVESTMENT) REGULATIONS, 2000 AS AMENDED BY IRDA (INVESTMENT) (5TH AMENDMENT) REGULATIONS, 2013 Reg. No REGULATION IMPLICATION OF AMENDMENT 2(f) "Group" means: two or more Use of common brand names individuals, association of shall be looked in conjunction individuals, firms, trusts, with other parameters of trustees or bodies corporate, or significant influence and / or any combination thereof, which control, whether direct or exercises, or is established to indirect. be in a position to exercise, significant influence and / or control, use of common brand names, directly or indirectly, over any associate as defined in AS 23, body corporate, firm or trust, or (ii) Associated persons, as may be stipulated by the Authority, from time to time, by issuance of guidelines under these regulations 2(g) "Investment Assets" mean all Pattern of Investment will not be investments made out of: applicable for Shareholders' (1) in the case of a Life Insurer funds held in business beyond (i) shareholders' funds required solvency margin. But representing solvency such excess shall be: margin, non-unit i. made only after fully reserves of unit linked complying with mandatory insurance business, investment in Central participating and non- Government Securities, participating funds of State Government and policyholders at their Other Approved Securities carrying value and in Housing & (ii) policyholders' funds of Infrastructure Investments from funds representing 267 Technical Guide Reg. No REGULATION IMPLICATION OF AMENDMENT Pension, Annuity solvency margin. business and Group ii. such excess of business at their Shareholder's funds, held carrying value beyond Solvency Margin (iii) policyholders' unit requirement, shall be held reserves of unit linked in a separate custody insurance business at account with identified their market value as scrips per guidelines issued iii. such excess funds shall be under these determined only after regulations, from time Actuarial Valuation, certified to time by Appointed Actuary and (2) in the case of a General such valuation is filed with Insurer the Authority. (i) shareholders' funds iv. such transfer made representing solvency between quarters, shall be margin and certified by the Concurrent policyholders funds at Auditor to have complied their carrying value with the above mentioned as shown in its balance sheet requirement drawn as per the Insurance Exposure Norms of `investee Regulatory and Development company', `group', `promoter Authority (Preparation of group' and `industry sector' shall Financial Statements and be applicable to both funds Auditors' Report of Insurance representing solvency margin Companies) Regulations, 2000, [FRSM] and funds held in excess but excluding items under the of required solvency margin. head `Miscellaneous Expenditure 4 Pattern of Investment: Any investment made in Central In the case of Life Insurers, the Government Securities, State Regulations require total Government Securities, Other Investment in housing and Approved Securities, (provided infrastructure (i.e.,) investment in the respective government categories (i), (ii), (iii) and (iv) of issues such a security Regulation 4, taken together specifically to meet the needs of 268 Appendix `C' Reg. No REGULATION IMPLICATION OF AMENDMENT shall not be less than 15% of the any of the sectors specified as fund under Regulation 3(a)" `infrastructure facility') along with Approved Investments and Other Investments will qualify for the mandatory requirement of not less than 15% to be investment in Housing and Infrastructure Investments. But in any combination the total investment falling under Other Investments cannot exceed 15% of fund under Regulation 3(a) Exposure Norms of `Investee Company', `Group', and `Promoter Group' shall apply to investments made in housing and infrastructure. Any investment made in housing and infrastructure as per earlier regulations which are in excess of the limits specified as per Regulation 9, as at 31st March, 2013, Investee company, Group, Promoter Group wise, as certified by the Internal / Concurrent Auditor shall be filed with IRDA. No further exposure shall be made in such companies. The Insurer shall make all efforts to re-align the exposure to be in line with regulations. In compliance to this direction, the Insurer shall commit the time required to the Authority. 269 Technical Guide Reg. No REGULATION IMPLICATION OF AMENDMENT 6 Unit Linked Insurance Business:- Every insurer shall invest and at The insurer shall invest only in all times keep invested his such investments for which the segregated fund(s)under day-to-day Valuations are Regulation 3(c)(with underlying available. No investment can be securities at custodian level) of made in any Funds of Fund or a Unit linked business as per fund for which NAV is not pattern of investment offered to available on a day-to-day basis. and approved by the policy- holders where the units are linked to categories of assets which are both marketable and easily realizable. However the investment in Approved Investments shall not be less than 75% of such fund(s) in each such segregated fund" 7 Pattern of Investment: Any investment made in Central In the case of General Insurer, Government Securities, State the Regulations require Total Government Securities, Other Investment in housing (i.e.,) Approved Securities, (provided investment in categories (i), (ii), the respective government (iii) and (iv) of Regulation 7 taken issues such a security together shall not be less than specifically to meet the needs of 5% of the Investment Assets; any of the sectors specified as and `housing' or `infrastructure Total Investment in facility') along with Approved Infrastructure (i.e.,) investment Investments and Other in categories (i), (ii), (iii) and (iv) Investments will qualify for the of Regulation 7 taken together mandatory requirement of not shall not be less than 10% of the less than 5% and 10% to be Investment Assets. investment in `Housing' and `Infrastructure' Investments respectively. But in any 270 Appendix `C' Reg. No REGULATION IMPLICATION OF AMENDMENT combination, the total investment falling under Other Investments cannot exceed 25% of Investment Assets Exposure Norms of `Investee Company', `Group', and `Promoter Group' shall apply to investments made in housing and infrastructure. Any investment made in housing and infrastructure as per earlier regulations which are in excess of the limits specified as per Regulation 9, as at 31st March, 2013, Investee company, Group, Promoter Group wise, as certified by the Internal / Concurrent Auditor shall be filed with IRDA. No further exposure shall be made in such companies. The Insurer shall make all efforts to re-align the exposure to be in line with regulations. In compliance to this direction, the Insurer shall commit the time required to the Authority. 3 to 8 Note 7 (a) for the purpose of In calculating the 75% and 65% Regulation 3 to 8 of investment in `Debt' Not less than 75% of investment instruments in the case of Life in debt instruments (including and General insurers Central Government Securities, respectively, the following shall State Government Securities or not be taken either in the Other Approved Securities) in the numerator or denominator: case life insurer and not less 1. Reverse Repo with 271 Technical Guide Reg. No REGULATION IMPLICATION OF AMENDMENT than 65% of investment in debt corporate bond underlying instruments (including Central 2. Fixed Deposit Government Securities, State 3. Investment in Promoter Government Securities or Other Group Mutual Fund(s) and Approved Securities) in the case un-rated Mutual funds of general insurer - shall be in sovereign debt, AAA or equivalent rating for long term and sovereign debt, P1+ or equivalent for short term instruments. This shall apply at segregated fund(s) in case of Unit linked business 9 Exposure Norms compliance: In compliance of Regulation 9, the Insurer shall file a statement, a. Investee Company Exposure as at 31st March, 2013, with the b. Group Company Exposure Authority, certified by Internal / Concurrent Auditor, both at c. Promoter Group exposure fund level and at Investment d. Industry Sector exposure Assets level [as per Regulation 2(g)(1) and 2(g)(2)] providing: (a) In the case of `Investee Company', the exposure details of individual company exposure which is in excess of the prescribed limits (b) In the case of `Group Company', the exposure in respect of `each group', which are in excess of prescribed limits (c) In respect of `Promoter Group' the details of investment in Equity, Debt, 272 Appendix `C' Reg. No REGULATION IMPLICATION OF AMENDMENT FDs, MFs or any other Investments made in Promoter Group entities, which are in excess of the prescribed limits. (d) In respect of `Industry Sector', the exposure in respect of `each' sector (as per National Industrial Classification (All Economic Activities) - 2008 [NIC]) exposure which is in excess of the prescribed limits. The above information shall be filed with IRDA on or before 15th April, 2013. Where ever exposure is in excess of limits mandated under Regulation 9 of IRDA (Investment) (5th Amendment) Regulations, 2013 no further or additional exposure shall be made. The Insurer shall make all efforts to re-align the exposure to be in line with regulations. In compliance to this direction, the Insurer shall commit the time required to the Authority. 9 Fixed Deposit under section a. No investment shall be 27A(9) of Insurance Act, 1938 made in FDs and CDs in and Certificate of Deposit financial institutions falling under Promoter Group. b. Investment in FDs and CDs taken together shall comply 273 Technical Guide Reg. No REGULATION IMPLICATION OF AMENDMENT with the provisions of Section 27A(9) c. Section 27A (9) shall be monitored at a Controlled Fund level[Investment Assets as per Regulation 2(g)(1) level] 10 Filing of Forms In filing returns, the Insurer shall: Regulation 10 requires all a Confirm to procedure insurers to file within 30 days mentioned in "Guidance from the end of the Quarter the Note on preparation of various periodical returns Investment Returns" for each prescribed. Also, the Authority to of the form standardise the data filed, had b. As the Insurer will be issued the "Guidance Note on required to amend the preparation of Investment Systems for preparing Returns". Investment Returns, the returns as per Regulation 10 shall be filed with effect from the Quarter ending 30th September, 2013 c. All returns of Unit Linked fund(s), prepared based on "Segregated Fund Identification Number" [SFIN], shall be filed at a consolidated level. But, Insurer shall maintain the data at SFIN level in their system and may 13 B (4) Quarterly review of Product and A Life Insurer shall report to its Fund performance Board, the following minimum, in respect of each product: a. New business scale 274 Appendix `C' Reg. No REGULATION IMPLICATION OF AMENDMENT planned versus actual at the end of the period1 to maturity b. Expenses projected versus actual c. Persistency / renewal premium streams projected versus actual d. Claims - projected versus actual e. Actual Yield versus projected yield or returns f. Action plan and follow up status In respect of General Insurers, the reporting as mentioned above, to the Board shall be with respect to each `line of business' 13 D (4) Daily disclosure of Unique The Insurer shall, with effect from Identification Number (UIN) 1stOctober, 2013 disclose the wise reconciliation of Product reconciliation as per Annexure II, in the Insurer's website on a and Fund information in insurer's website day-to-day basis. Till the above reconciliation is automated, the Insurer shall disclose such reconciliation, in their website on a monthly basis, with effect from April, 2013. The Internal / Concurrent Auditor shall confirm such disclosure in his report to the Audit Committee of the Board. Disclosure of value of `policy' The Insurer shall in his customer wise `units' held by portal disclose the information 275 Technical Guide Reg. No REGULATION IMPLICATION OF AMENDMENT `policyholder' on the insurers provided in Annexure III. The customer portal customer portal of the insurer shall be enabled for `every' policyholder to login and know the details as per the format in Annexure III on any given date The Insurer shall provide the details in their customer portal from 1st October, 2013 Disclosure of SFIN wise NAV on The Insurer shall disclose, the both the insurers' and Life day-to-day, SFIN wise NAV in Insurance Council website both the Insurers' and Life Insurance Council's website. 13 D (6) For allotment of units, the applicable NAV shall be as per the date of commencement of policy for new policy contracts and date of receipt of premium for renewals. 13 E Risk Management Systems and a. The Board shall implement Review the Investment Risk Management Systems and Process as per the "Technical Guide on Review and Certification of Investment Risk Management Systems and Process of Insurance Companies', issued by the Institute of Chartered Accountant of India. b. Insurers, who have either implemented for the 1st time or have reviewed their Investment Risk 276 Appendix `C' Reg. No REGULATION IMPLICATION OF AMENDMENT Management Systems and Process, during the year 2012 shall have the review done from the quarter April, 2014 and file the Audit Certificate issued by the Chartered Accountant with status of implementation of recommendations of Audit Committee of the Board, on issues of `very serious' and `serious' nature, as per the Technical Guide referred in point `a' above. c. Where the Insurers have not done the review of Investment Risk Management Systems and Process, during the year 2012, shall have such review done during the quarter April, 2013 of the financial year 2013-14, and with the implementation status of recommendations of the Audit Committee, on issues of `very serious' and `serious' nature, as per the Technical Guide referred in point `a' above, file with the returns of June, 2013. d. Subsequent reviews shall follow Regulations 13 E. 18 (b) IRDA (Linked Insurance Products) Regulations, 2013 277 Technical Guide Reg. No REGULATION IMPLICATION OF AMENDMENT Chapter V ­ Discontinuance terms In the case of Unit Linked 1. As the insurer is required to Products, the discontinued policy pay a minimum guaranteed fund shall be a unit fund with the interest rate of 4% per following asset categories: annum for the discontinued i) Money Market Instruments: policy, and Insurers 0% to 40% represented that the asset ii) Government Securities: 60% allocation for Money Market to 100% Instruments should not be restricted to 40%, the Authority had considered the submissions made and hereby permits upto 100% to be invested in Money Market instruments [as defined in Regulation 2 (h) of IRDA (Investment) (5th Amendment) Regulations, 2013 19 (a) Minimum Guaranteed Interest Rate: The Minimum guaranteed 2. As the discontinued policy interest rate applicable to the premium, along with 4% discontinued fund/ discontinued interest requires to be paid policy account shall be at a rate back to the Policyholder, the of 4% per annum. Insurer's Policy Admin System (PAS) shall be `automated' for tracking `policy-wise', information of discontinued policies along with the information of the particular ULIP fund to which the same pertains. 3. The Insurer shall implement 278 Appendix `C' Reg. No REGULATION IMPLICATION OF AMENDMENT the above mentioned system requirement, and the Internal / Concurrent Auditor shall confirm the same in their report to Audit Committee of the Board, to avail the dispensation provided in point 1 above. 279 Technical Guide Annexure II Name of the Insurer: Report Date Registration No: DAILY RECONCILIATION OF ULIP PORTFOLIO Unique Name of Segregated Name of the Life / Group Policy Admin System Identity the Fund Fund Opening Opening Net Amount Net units Closing Closing Number Product Identifiation Unit Capital Units (as of collected or allotted or unit capital units (as at (UIN) Number (as at the the start of redeemed redeemed for (as at the the end of (SFIN) start of the the day) (net of the day end of the the day) day) (Number of charges) for (Number of day) (Number of (Amount in Units) the day Units) (Amount in Units) Rs) (Amount in Rs) Rs) (a) (b) (c) (d) (e) = (a) + (f) = (b) + (c) (d) X A XYZ Fund Name 1 Y B Z C Sub total L D ABC Fund Name 'n' M E Sub total Appendix `C' Investment Management System SFIN Name Opening Opening Addittional Addittional Investment FMC Closing Closing NAV per of the fund Value units (as at fund Value Units income for charges fund Value Units (as at Unit Fund (as at the the start of created or created or the day deducted (as at the the end of declared start of the the day) redeemed redeemed (including for the day end of the the day) day) (Number of for the day for the day unrealised day) (Number of Units) gain/loss) units) (g) (h) (i) (j) (k) (l) (m) = (g) (n) = (h) + (o) = (m) / +(i)+(k)-(l) (j) (n) Fund 1 Fund 2 Fund 'n' Notes: 1. Opening units as per Life / Group Policy Admin System of previous NAV day [refer (b)] shall reconcile with Opening Units as per Investment Management System [refer (h)] 2 Addittional fund or Units created or redeemed for the day in Investment Management System [refer (i) and (j)] shall reconcile with Net Amount or Units collected or redeemed as per Life / Group Policy Admin System [refer (c) and (d)] 3 Closing units as per Life / Group Policy Admin System of previous NAV day [refer (f)] shall reconcile with Closing Units as per Investment Management System [refer (n)] 4 NAV per unit declared [refer (O)] must reconcile with NAV per unit uploaded on Life Insurance council's website 5 The unit movements of day "T" in Life/Group Admin System shall flow into Investment Management System with a maximum time lag of 1 working day i.e T+1. 281 Annexure III Insuer Name XYZ Insurance Company Limited Registration No: Policyholder ID Login Dt DD/MM/YYYY Name of Policyholder Address: PART - A Product UIN Premium Premium Funds Units as per Value Product (Rs) Allocation Allocated Policy per Value Charge (Rs) Admin Unit (Rs) (Rs) System (Rs) (PAS) ZXY [A] Premium Plus PART ­ B Rs. Particulars SFIN... SFIN... SFIN Name of the Fund Fund X Fund Y Total Units (as per Investment Management System) Percentage of Allocation (as on Login Dt) % % % Funds Allocated Switch In Switch Out Withdrawals Charges Commission Switch charge Policy Administration charge Mortality charges Other charges (specify) Service Tax Total amount invested in Segregated funds Current NAV Fund value as on Login Dt: [B] Appendix `C' PART - C (Product Statistics) Insurance Cover over the interim reporting period from dd/mm/yyyy to dd/mm/yyyy Total Premium Paid from inception Total Risk premium from inception, for insurance cover Total Charges and deductions other than Mortality including Allocation charges till Login Dt. (including Service Charges) Difference between (B) (C) (unrealised Gain / Loss) Portfolio value on Net Investment as per Benefit Illustration at the lower rate as prescribed in the regulations Portfolio value on Net Investment as per Benefit Illustration at the upper rate prescribed in the regulations Note: 1. Product Porfolio value would be aggregate of all fund values in a product. 2. Product value per unit would be arrived at post dividing aggregate fund value by initial units 3. Consolidated Product Value would be a derived by aggregating the product values and divding the same by consolidated initial units 4. Product Value would be in addition to all the existing disclosures and calculations 5. Current prescribed practices shall continue. 283 Technical Guide Annexure IV AUDIT OF INVESTMENT RISK MANAGEMENT SYSTEMS & PROCESS, INTERNAL / CONCURRENT AUDIT [Vide Circular INV/CIR/023/2009-10 Dt. 4th Aug, 2009] The Authority vide notification F.No.IRDA/Reg./16/74/2013 dated 16th Feb, 2013 notified IRDA (Investment) (5th Amendment) Regulations, 2013. Regulation 13 (E) prescribes as under: 1. The Board shall implement the Investment Risk Management Systems and Process, mandated by the Authority. The implementation shall be certified by a Chartered Accountant firm, as per the procedure laid down in the "Technical Guide on Review and Certification of Investment Risk Management Systems and Process of Insurance Companies", issued by the Institute of Chartered Accountants of India, as amended from time to time. 2. The Investment Risk Management Systems and Process shall be reviewed at the beginning of every second financial year or such shorter frequency as decided by the Board of the Insurer, by a Chartered Accountant firm and file the certificate issued by such Chartered Accountant, with the Authority along with the first quarter returns. 3. The appointment of Chartered Accountant firm to certify implementation and review of Investment Risk Management Systems and Process shall be as per the circular issued under these regulations. Thus, all Insurer shall have their Investment transactions and related Systems of Investment functions audited on a Quarterly basis through Internal Audit (either through internal resources or through firms of Chartered Accountants) and Insurer with AUM of over Rs.1000 Crores shall necessarily appoint a firm of Chartered Accountants as Concurrent Auditor to have its Investment transactions and related Systems audited on a concurrent basis. Where a firm of Chartered Accountant is appointed either as Internal / Concurrent Auditor, the Audit team engaged for Internal / Concurrent Audit shall be headed by an Finance professional, preferably a Chartered Accountant, with a minimum experience of 3 to 5 years in a Senior position handling Investment Operations, Audit, Accounts of an Insurance Company or have been engaged by the Authority in Audit of Investment Operations / Investment Risk Management Systems and Process of the Insurers and is fully conversant with IRDA's 284 Appendix `C' Accounting and Investment Regulations and Circulars and Guidelines issued there under. A. AUDIT OF INVESTMENT RISK MANAGEMENT SYSTEMS AND PROCESS i. As per Regulation 13 (E) of IRDA (Investment) (5th Amendment) Regulations, 2013 a Chartered Accountants firm, which is not the Statutory or Internal or Concurrent Auditor of the concerned Insurer shall certify that the Investment Risk Management Systems and Processes as per the "Technical Guide on Review and Certification of Investment Risk Management Systems and Process of Insurance Companies" issued by the Institute of Chartered Accountants of India (ICAI), in consultation with IRDA, had been implemented. ii. All companies seeking IRDA registration shall file a certificate issued by a Chartered Accountant firm, to confirm that the Insurer had complied with the systems related requirements, as given in the "Technical Guide on Review and Certification of Investment Risk Management Systems and Process of Insurance Companies", when the Insurer seeks registration under R3 of IRDA (Indian Insurance Companies Registration) Regulations, 2000. It should also indicate the actions further required to be taken B. INTERNAL / CONCURRENT AUDIT OF TRANSACTIONS 1. The minimum Scope of Audit for Internal or Concurrent Audit shall be as detailed in the "Technical Guides on Internal / Concurrent Audit of Investment Functions of Insurance Companies" issued by ICAI (in consultation with IRDA), for both Life and Non-Life Insurers. The Insurer could include additional scope depending upon their need for control systems. The Internal / Concurrent Audit is expected to cover 100% of transactions of all fund(s) as per the periodicity prescribed. 2. Where the Internal Audit is carried in house, the internal audit report shall be signed by the Head of Internal Audit. 3. An insurer who gets covered under AUM clause of over Rs. 1000 Crores for the 1st time, for the purpose of applicability of Internal / Concurrent Audit, will continue to have the Investment functions concurrently audited, even if the AUM falls below Rs.1000 Crores, subsequently. 285 Technical Guide C. APPOINTMENT OF AUDITORS i. COMMON FOR BOTH "INVESTMENT RISK MANAGEMENT SYSTEMS & PROCESS", "INTERNAL / CONCURRENT AUDIT" 1. The Chartered Accountant firm shall be a firm, registered with the Institute of Chartered Accountants of India. 2. The Audit firm should have experience, for at least four years, in conducting reviews of Risk Management Systems and Process of either Banks or Mutual Funds or Insurance Companies or have, on behalf of IRDA conducted Investment Inspection of Insurance Companies. 3. On the date of appointment as an Auditor for certifying Investment Risk Management Systems and Process, the Auditor must not hold more than two audits of Internal, Concurrent and Risk Management Systems Audit, all taken together. Hence, the Audit firm, can at the maximum hold not more than three Audits (i.e., Investment Risk Management Systems and Process Audit, Internal Audit, Concurrent Audit ­ all taken together), apart from Statutory Audits at any point of time. For this purpose, at the time of appointment, the insurer shall obtain a declaration to this effect from the firm of Chartered Accountants. The Insurer shall, file with IRDA, the confirmation obtained from the Chartered Accountant firm, within 7 days of such appointment. Also, it is clarified that Investment Risk Management Systems & Process Auditor, shall not be the Internal / Concurrent Auditor. 4. The Auditor should not have been prohibited/debarred by any regulating agency including IRDA, RBI, SEBI, ICAI etc. 5. Every Insurer, upon appointing the firm of Chartered Accountants as Internal or Concurrent or Risk Management Systems Auditor shall send a communication to IRDA within seven days of such appointment, confirming such appointment as per format provided below under point (iv) ii. AUDIT OF "INVESTMENT RISK MANAGEMENT SYSTEMS & PROCESS" 1. The Auditor appointed for certifying the Investment Risk Management Systems and Process, should not have conducted 286 Appendix `C' the following assignments for the same Insurer proposing to be appointed as Systems Auditor, for a period of two years immediately preceding his appointment. i. Statutory Audit ii. Any Internal Audit iii. Any Concurrent Audit iv. Any consulting assignment, whether or not related to Audit functions iii. AUDIT OF "INTERNAL / CONCURRENT AUDIT OF TRANSACTIONS" 1. The Internal/Concurrent audit term shall be for the financial year and where the appointment is made during the course of the financial year, it shall be up to the end of that financial year. 2. The Internal / Concurrent Auditor shall be appointed by the Audit Committee of the Insurer's Board and the Auditor shall directly report to the Audit Committee of the Insurer's Board. Any change in Auditor during the middle of the term, shall be communicated to IRDA with the reasons for such change. The new Auditor, for the remaining term, shall be appointed only with the prior approval of IRDA. 3. The Internal / Concurrent Auditor shall not be eligible for re- appointment, with the same Insurer after serving three consecutive years or three years during the preceding five years. 4. The Internal / Concurrent Auditor appointed for the first time should not have conducted the following assignments for the same Insurer proposing to be appointed as Internal or Concurrent Auditor for Investment functions during a period of two years immediately preceding his appointment as Internal or Concurrent auditor. i. Statutory Audit ii. Any Internal Audit iii. Any Concurrent Audit iv. Any consulting assignment, whether or not related to Audit functions 287 Technical Guide v. Reviews or Certification of Investment Risk Management Systems and Process iv. CONFIRMATION OF APPOINTMENT OF AUDITOR IN THE LETTER HEAD OF THE INSURER Date:....................... To The Insurance Regulatory and Development Authority Parisram Bhavan, 3rd Floor, Basheerbagh Hyderabad ­ 500 004 Sir In pursuant of IRDA Circular INV/CIR/008/2008-09 Dt. 22nd Aug, 2008 and related provisions of IRDA (Investment) (5th Amendment) Regulations, 2013 in respect of Internal (or) Concurrent Audit of Investment functions, we have appointed the following firm(s) as our Internal / Concurrent Auditor(s) for the Investment functions for the period starting from:....................... to .......................... We have taken necessary confirmations in writing from the Chartered Accountant firm(s) Yours faithfully Chief Executive Officer 288 Appendix 'D' Guidance note on Preparation of Investment Returns (Version ­ 01) Issued by: Insurance Regulatory and Development Authority in May, 2013 INTRODUCTION The Authority issued the Investment Regulations, for the first time, in 2000 and had since then amended it from time to time, (the latest having been notified on 16th Feb, 2013) to keep pace with the changing market and to have a hold on policyholders funds. The Assets under Management that were around Rs. 2.91 Lakh Crores in 2000 are around Rs. 17.83 lakh Crores in 2013. When funds grow in such volumes, the Systems and Processes too should keep pace. Such systems and processes put in place should enable the Regulator to watch growth and channelize the same to the needy sectors without compromising on the safety aspect. Such information, to benefit of all stakeholders, including the Regulator, requires to be taken in the electronic form. In this effort of collating huge volume of information, it is essential that the information / data is `standardized' to facilitate proper consolidation and meaningful comparability within and among Insurers. In order to ensure compliance with regulations, all Insurers are expected to put in place a proper system for the preparation of periodical returns to be filed with the Authority. To help such preparation and to enable the Investment Committee of the Insurer ensure that the periodical returns are prepared in compliance with the procedures laid down, the Authority is coming out with this guidance note. Even though the periodical returns are signed by the respective officer named in the form, the Chairman of the Insurer, Chief Executive Officer, Chief Investment Officer, Chief Financial Officer and Chief Risk Officer of the Insurer, as the case may be, the Officers Technical Guide shall be collectively responsible for the authenticity of information / data submitted, filed either in electronic as well as hard copy. All periodical returns are required to be filed with the Authority within 30 days from the end of the Quarter. In relation to Quarter ending on the Balance Sheet date, the return shall first be filed based on `Provisional figures' and shall again be re-filed with Audited figures in addition to other Returns. On each return the Insurer shall clearly mark `Provisional' if submitted based on provisional figures. The final returns, based on Audited figures, shall be clearly marked as `Audited figures'. All figures shall be reported in Crores, corrected to two decimals. The Authority, soon after amending the Regulations had worked with the Industry in bringing out this "Guidance Note on preparation of Investment Returns". While due care had been taken to prepare the material, users can point out through Life Insurance Council or General Insurance Council any inconsistency. The Authority will look into such issues and will address the same in the subsequent versions. 290 Appendix `D' FORM 1 ­ STATEMENT OF INVESTMENT AND INCOME ON INVESTMENT OBJECTIVE In order to ascertain the return on the investment assets, all insurers are required to file FORM-1 listing category of Investment wise (as per the Guidelines INV/GLN/001/2003-04 - Guidelines ­ Category of Investments Dt. 1st Jan 2004 as amended from time to time) income and the yield on such investment at gross and net basis The Form should be prepared in respect of each fund. In case of ULIP FORM 1 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level. The Income on Investments shown in FORM1 should reconcile with Revenue and Profit & Loss Account figures A. METHOD OF PREPARATION a. COI (Category of Investments) Category of investment shall be as per the IRDA Guidelines INV/GLN/001/2003-04 - Guidelines ­ Category of Investments Dt. 1st Jan 2004 as amended from time to time b. Cat Code (Category Code) Category code shall be stated as prescribed in Guidelines as amended from time to time. DETAILS PERTAINING TO THE CURRENT QUARTER c. Investments The insurer shall state the simple average of investments for (Non- ULIP and General Insurance Business) the quarter at their Balance Sheet Value and for ULIP Business at the value of Investment Assets taken for computing NAV. The simple average investments shall be calculated based on daily closing balance. In case where any security has been reclassified (when the Security is moved from Approved to Other Investment Category or vice versa) to another category then the simple average balance shall be shown under the first category till the time such investment was classified under that category and for the balance period in the reclassified category. 291 Technical Guide NOTE: Simple average of investments shall be the sum of daily closing balance of Investments divided by the number of day(s) such investments are outstanding. The net investment current assets of linked funds should be reported as at the period end in the Current quarter and Year to Date column. d. Income on Investment For non-ULIP funds and General insurers, Income on Investments will include the income taken to Revenue Account & Profit and Loss account (Interest, profit / (loss) on sale, accretion of discount, amortization of premium, dividend earned during the quarter) and taken to financial statements pertaining to all the securities held under that category during that quarter. In case of ULIP funds, any incremental un-realized gains / (loss) arisen for the period on investment shall be included. In case where any security has been reclassified to another category then income shall be shown under the first category till the time such investment was classified under that category and for the balance period in the reclassified category. e. Gross yield The gross yield (absolute) shall be computed by dividing the income on Investment for the quarter by the simple daily average investments outstanding for number of days for the quarter. f. Net Yield The net yield shall be computed by giving the effect of tax rate to the gross yield. 1. DETAILS PERTAINING TO THE INCOME AND YIELD FOR YEAR TO DATE Under the head "Year to Date", details of Investments, Income, Gross Yield and Net Yield shall be shown for the period April to the end of the quarter for which details are being furnished. For example for the quarter ended June, the details from April to June shall be provided and for the quarter ended September, the details pertaining to April to September shall be provided. 292 Appendix `D' 2. DETAILS PERTAINING TO THE INCOME AND YIELD FOR PREVIOUS YEAR Under the head "Year to Date", details of Investments, Income, Gross Yield and Net Yield for the corresponding period of the previous year are to be shown. 293 Technical Guide FORM 2 ­ STATEMENT OF DOWNGRADED INVESTMENTS (PART ­ A) OBJECTIVE In order to establish the movement of securities from one category to another especially the movement from Approved Investments to Other Investments on account of rating downgrades/upgrades on the reporting date, all insurers are required file FORM 2, listing various instruments which have been downgraded from its rating at the time of the purchase (original rating). A. METHOD OF PREPARATION The details of all the downgraded debt securities during the quarter shall be given under `current quarter' and all downgraded securities shall be shown under "As on date". 'Investments currently upgraded to the original grade or above, listed as Down Graded during earlier Quarter shall be deleted from the Cumulative listing. a. COI (Category of Investments) Insurers are required to pick up the corresponding Category of Investment (COI) for every downgraded security, reposition the same at the appropriate COI as prescribed in the regulation. b. Amount The Balance Sheet Value shall be stated in this column. c. Date of purchase In this column, the insurer shall state the date of purchase of that security. In case there are multiple purchases then the date on which the earliest purchase was made shall be stated. d. Rating Agency In this column, the insurer shall state the name of the rating agency as prescribed in the regulation. If an instrument is rated by more than one rating agency, the lowest rating must be used as a matter of conservatism. e. Original Grade Original grade is the rating at the time of purchase of the instrument. 294 Appendix `D' f. Current Grade Current grade is the rating for the instrument as at the last day of the quarter. g. Date of Downgrade Further the Insurer shall state the date of downgrade along with remarks, if any. In case of any downgrade of security resulting in securities being reclassified as "Other Investment", in Pension and General Annuity fund, the same shall be specifically disclosed in the Returns. 295 Technical Guide FORM 2 ­ INVESTMENT ASSETS ­ RATING PROFILE (PART ­ B) OBJECTIVE To assess the credit quality of the Investment portfolio, Insurers are required to file FORM 2. This form needs to be linked to FORM 3A/ 3B. Equity or Equity Related Instruments and other than Debt Instruments Portfolio are also reported in FORM 2, for the purpose of linking the total portfolio to FORM 3A / 3B. A. METHOD OF PREPARATION 1. FORM - 2 shall be prepared in respect of each fund/investment assets. In case of ULIP Form 2 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level. 2. For the purpose of asset classification in various rating classes, the following points may be noted: a. Debt investments which are capable of being rated and are not rated shall be shown under "Unrated" b. In case of loans in housing sector, infrastructure sector, secured loans appearing in approved investment and unsecured loans appearing in `Other investments' amount shall appear in unrated column of the form 2(part B). In this regard, the unrated loans having security as prescribed by Insurance Act shall be classified as approved investment. Unrated & unsecured loans and unrated and in adequately secured as prescribed in Insurance act shall be classified as Other Investment. c. Reverse Repo with underlying corporate bond, Investment in Mutual Funds including the Promoter Group Mutual Fund, Bank FDs, CBLO, Net investment current assets, Venture funds, Derivative instruments, immovable property and any other non- debt investments as permitted under the regulations, shall be shown under "Equity or Equity Related Instruments and other Instruments". No investment shall be made in "Equity related instruments" unless the same is specifically permitted by IRDA. 296 Appendix `D' d. In case of Reverse Repo with underlying Government securities the same shall be classified under 'AAA' or Equivalent e. Non-Performing investments assets will be shown separately irrespective of rating 3. Balance sheet values of the Investments shall be provided. The figures in Col (i) must match with FORM 3A/B 4. Percentage to Investment Assets shall be computed, in the case of Non-ULIP funds and General Insurers by dividing the Balance Sheet value of investments in various rating class by the total Balance Sheet Value of Investment assets held and in the case of ULIP funds, by dividing the Market value of investments in various rating class by the total market value of Investment assets held. 297 Technical Guide FORM 2 - INVESTMENT ASSETS & INFRA INVESTMENTS - RATING PROFILE (PART ­ C) OBJECTIVE To assess the amount of infrastructure investments in life funds, Insurers are required to file FORM 2C. This form needs to be linked to FORM 3A / 3B. A. METHOD OF PREPARATION 1. FORM ­ 2C shall be prepared in respect of life fund only and general insurer including reinsurers. 2. The figures under investment assets category must reconcile with Form 3A / Form 3B 3. The figures under the infrastructure category must reconcile with Form 3A / Form 3B 298 Appendix `D' FORM 3A ­ STATEMENT OF INVESTMENT ASSETS (PART ­ A) OBJECTIVE The Insurer shall file FORM 3A (Part A) for compliance of fund wise Pattern of Investments showing Investment assets and other assets and linking the same with Balance Sheet figures. A. METHOD OF PREPARATION 1. FORM 3A (Part-A) has two Sections SECTION-I Section I provides link to Investment assets reported in the Balance Sheet with that as reported in FORM 3A (Part A). The investment assets which are subject to pattern of investments, under each fund of the Life Insurer as required under Regulation 3, and shown under "funds available for investments" (i) Funds available for Investment To arrive at the "funds available for investments", the amounts appearing in the non investment schedules and non investment line items appearing in Balance Sheet under Application of Funds, are deducted. Similarly any non-investment items, deducted from Balance Sheet, shown under Application of Funds, shall be added back in the reconciliation to arrive at the "funds available for investments". If any Insurer is carrying Loans as a part of investments, then the same shall not be deducted from the application of the funds. The balance so arrived as "funds available for investments" shall tally with the sum of the values shown in the "Total Fund" column of all the three funds in FORM 3A (Part A) which shall reconcile with figures shown in schedule 8, 8A, 8B & 9. Application Money for investments under `non linked funds' shall form part of the Schedule 12 and the same shall not form part of the Schedule 8, 8A, & 9. It shall not form part of the investment assets till the allotment is complete. In case of `Linked portfolios' the same shall form part of `Net Current assets' till the allotment is complete. Also, it shall be reported under Schedule 8B. If investment application money 299 Technical Guide is paid through ASBA Fixed Deposit instead of cash, the same shall be treated as application money (current Assets) and the lien shall be properly disclosed in Form 6 as a note. SECTION-II Section II requires the insurer to report the fund wise, pattern of investments as prescribed under Regulation 4, 5 and 6 of the IRDA (Investment) Regulations 2000 as amended from time to time. Separate Custodian account shall be maintained for "balance" investments of Shareholder's fund that does not form part of the FRSM (except in case of Securities held with RBI/ CCIL). Shareholders' funds held beyond the solvency requirements shall not be subject to Pattern of Investments prescribed under Regulation 4, 5 and 6 and shall be subject to Prudential / Exposure norms prescribed under Regulation 9, provided the same are maintained in a separate custody account. (i) Category of Investments Investments shall be categorized as per the Regulation or circular issued there under, such as Central Government Securities, State Government Securities, Other Approved Securities, Housing and Infrastructure, Approved Investments and Other Investments. (ii) % as per Regulation This specifies the minimum or maximum % of investments under each category of investments as prescribed in Regulation for various funds. (iii) Shareholder's and Policyholder's fund All the insurers shall maintain portfolios of SH - FRSM, SH BALANCE (other than fund representing solvency margin), UL non-unit reserves, Par and Non par. The insurer shall maintain sub portfolios under these broad portfolios on the basis of various line of business. The Pattern of Investment, with respect to Life Fund, shall be complied with respect to the total of Life fund (both shareholder fund representing solvency and Policyholder funds taken together). It may be noted that the pattern of Investment will not apply to Shareholders funds in excess of solvency requirement, held in a separate custody account. But exposure norms of `Investee' company, `Group', and 300 Appendix `D' `industry sector' will apply to both shareholders and policyholders funds. (iv) Book Value (SH+PH) In case of ULIP Net asset value including net current assets shall be considered for pattern of investments. Net current assets shall be considered as `approved investment' for this purpose. All the securities (both Equity and Debt) shall be marked to market. In case of `Non-Linked' funds, cost plus amortization value of the debt securities and acquisition cost in case of Equity, mutual fund and investment property and other than Debt investments will be considered for pattern of investments. Net current Assets shall not be considered for calculation of Pattern of Investments for non linked portfolio. (v) Actual % The actual % of the each category of investments under Non-linked portfolios shall be calculated as a % to the total book value of investment assets in the fund. The amounts in the column (f) shall be used for calculating the Exposure %. In case of the ULIP, the actual % of each category are calculated as a % to the `market value' of the assets of the funds including `net current assets' that is considered for NAV calculation. (vi) Fair Value Change (FVC) Amount The insurer shall compute the fair value for equities and units of mutual fund. The difference between the fair value and the book value is the Fair Value Change (FVC) and the same shall be disclosed in the column provided for. (vii) Total Fund The amount after adding the fair value amount to the book value shall be shown under Total Fund Column. The Grand total under this column shall reconcile with the `Balance Sheet' value of investments assets shown in Section I 301 Technical Guide Market Value The market value of the securities classified under the various categories of investments shall be shown under Market Value column. In the case of Equity, the Market Value shall be the lower of BSE / NSE prices. NOTE a. In case of Life Fund, Pattern of Investment is applicable for Share holder fund representing solvency margin and Policyholder funds. Shareholder fund beyond solvency margin is not subject to pattern of investment. b. In Form 3A part A, the equation provided under 'Book Value (SH+PH) shall be read as '(f) = [b+c+d+e], c. "Other Investments" made from all Categories of Investment including housing and infrastructure category shall not exceed 15% of investment assets of Life fund. d. All the investment assets such as Fixed Deposits, Section 7 deposits by way of investment assets shall form part of the Schedule, 8, 8A, 8B or 9 with a note in the respective forms. e. Non-investment assets of the non-linked funds shall be shown in the respective schedules other than 8, 8A & 9 f. Non investment assets of the Linked portfolios are also shown as a separate line item in the Schedule 8B 302 Appendix `D' FORM 3A ­ STATEMENT OF INVESTMENT ASSETS (PART ­ B) OBJECTIVE The objective of the form is for compliance to the pattern of Investment under Reg. at the Segregated Fund level of ULIP fund. This Form is linked to the item C of FORM 3A (Part-A). A. METHOD OF PREPARATION Fund 1 to Fund `n` Details about each Segregated Fund of ULIP and its total shall be provided in this form. The number of funds shall be the funds as approved by the File & Use of IRDA. a. FORM 3A (Part-B) has two sections SECTION-I This section shows the movement of funds from the previous quarter to the reporting quarter on account of the inflow /outflow in the policyholders funds and increase/decrease in the value of investments during the quarter. (i) Opening Balance (Market Value) The closing fund values i.e. total Assets under Management (AUM) (at the segregated ULIP fund level) at the end of the previous quarter shall be brought forward as opening balance of the linked portfolio(s). (ii) Inflow during the quarter Inflow (a positive figure) will represent the funds brought in for creation of units in each of the Fund(s). (iii) Outflow During the quarter Outflow (a negative figure) during the quarter shall represent the redemption of units for surrender, claims, charges etc. (iv) Increase / (Decrease) value of Investments Increase / (decrease) in the value of investments shall include the realized, unrealized gains/losses and other Investment income that has accrued to the individual fund during the reporting quarter (v) Total Investible Funds (Market Value) 303 Technical Guide Opening Balance (Market Value) + inflow during the quarter + net Increase / (Decrease) in the value of Investments ­ outflow during the quarter of all funds taken together. In the case of Equity, the Market Value shall be the lower of BSE / NSE prices. SECTION-II INVESTMENT OF UNIT FUND All the Investments under the ULIP each Segregated Fund(s) shall be shown under two heads namely Approved and Other Investments. Under the Approved Investment Category, the investments shall be further divided into Central Govt. Securities, State Govt Securities, Other Approved Securities, Corporate Bonds, Infrastructure Bonds, Equity, Money Market investments, Mutual funds, Deposit with Banks. `Net current assets' shall be classified as `Approved Investment' and its breakup shall be provided as prescribed in the format. Under the Other Investment Category, the investments shall be further divided into between Corporate Bonds, Infrastructure Bonds, Equity, Mutual funds, and any other investments which can be readily realizable and marketable. No investment shall be made in the securities which cannot be marked to market on daily basis. Total funds i.e. aggregate of Approved and Other Investments shall reconcile with the Total investible funds as shown in the Section 1 of the FORM 3A (Part B). NOTE (a) The aggregate of all the above Segregated Unit-Funds should tally with item C of FORM 3A (Part A), for both Par & Non Par Business (b) The details of Item 12 of FORM LB 2 which form part of IRDA (Actuarial Report) Regulation, 2000 shall be reconciled with FORM 3A (Part B). LB2 being an annual form the reconciliation would be done only at year end. (c) Other Investments' are as permitted under Sec 27A(2) and 27B(3) (d) Market value of the securities considered for NAV calculation shall be taken for the purpose of applicability of Pattern of Investments for ULIP (e) All the assets of linked funds at the segregated level including net current assets shall be considered in the denominator for limit monitoring 304 Appendix `D' FORM 3A ­ STATEMENT OF INVESTMENT ASSETS (PART - C) OBJECTIVE The objective of the form is to compare the performance of funds at various periods. Further the form establishes the consistency of NAV considered for accounting and that reported in Actuarial Statement LB2 are the same. Also the form provides the periodical investment returns of fund(s). This Form is linked to the FORM 3A (Part B). A. METHOD OF PREPARATION a. Name of the Segregated fund Details about each segregated fund of linked fund shall be provided in this column. b. SFIN SFIN for each of the segregated fund shall be provided. c. Date of Launch The date of the first unit allotted under the fund needs to be stated against each segregated fund. d. Par/Non Par Details about the fund whether it is Par/Non Par to be provided e. Assets Under Management on the above date The total should be equivalent to the Assets under Management (AUM) of the segregated fund as provided in FORM 3A PART B. f. NAV as per LB 2 NAV as per FORM LB2, (Regulation 4 of IRDA (Actuarial Report and Abstract) Regulations 2000 shall be provided in the column. LB2 being an annual form, the NAV as per LB2 would equal the published NAV on a quarterly basis. g. NAV as on the above date The NAV on the last day of the quarter shall be provided for calculating the return. 305 Technical Guide h. NAV of previous quarters NAV from previous quarter upto the 4th previous quarter shall be provided. For example for the quarter ended June 2012, the NAV on March 31, 2012 shall be provided in Previous Qtr NAV column, the NAV on December 31, 2011 shall be provided in 2nd Previous Qtr NAV column, the NAV on September 30, 2011 shall be provided in 3rd Previous Qtr NAV column and the NAV on June 30, 2011 shall be provided in 4rd Previous Qtr NAV column. i. Return The absolute yield should be computed for one year return based on NAV movement. Absolute return/ yield = Current quarter NAV/ 4th Previous Qtr NAV -1. In case the fund inception data is later than 4th previous quarter NAV date the same must be reported as NA (Not Applicable). j. 3 Year rolling CAGR The formulae for 3 year CAGR is = ((X/Y) ^ (1/3))-1 X = NAV as provided in the as on above date column Y = NAV of the corresponding date of the 3rd previous year In case the fund inception data is later than three years from as on above date of the Form the same must be reported as NA (not applicable). k. Highest NAV since inception Highest NAV of each fund since inception should be provided. 306 Appendix `D' FORM 3A ­ STATEMENT OF INVESTMENT ASSETS (PART - D) OBJECTIVE All insurers are required to file FORM 3A (Part ­ D) to provide the details of investments made under various funds (Life, Pension and Linked) of the Life Insurer during the quarter. The Form should be prepared separately for each fund and in aggregate for all segregated linked funds. The form is intended to bring out the accretion to the insurers investments (fund wise) while complying with the fund wise pattern of Investment. A. METHOD OF PREPARATION a. Opening balance The value of investments of the previous quarter as disclosed under FORM 3A (Part A) shall be reported in the column. b. % to Total The opening balance of prescribed category of investments under various funds divided by total value of investments of the fund expressed as a percentage. c. Net Accretion for the Qtr. Net increase/ (decrease) in the category of investments during the quarter. d. Total Opening balance of the category of investments plus net accretion during the quarter must be shown in the column. The summation of the column for the various funds should tally with book value figures shown in FORM 3A (Part A). 307 Technical Guide FORM 3A ­ STATEMENT OF INVESTMENTS (PART - E) OBJECTIVE All insurers are required to file FORM 3A (Part ­ E) to provide the details of investments made under unit linked funds (at a segregated fund level) of the Life Insurer during the quarter. The Form should be prepared separately for each fund and in aggregate for all segregated linked funds. The form is intended to bring out the reconciliation of Investment details of ULIP products (UIN) to segregated funds (SFIN) A. METHOD OF PREPARATION a. This form is to be prepared for all ULIP products at UIN level. UIN approved by IRDA b. Premium a. It represents premium income (including first year premium, renewal premium, Top up premium and Single premium) received during the quarter for each UIN b. Others ­ need to specify type of inflow, other than premium income, which flows into policy fund. c. Outflow a. Details of all charges, policyholders' payouts including claims, surrender, partial withdrawal, and any other outflows (need to specify), which gets deducted either from premium inflow or policy fund (by way of policyholders' payout or charges) during the quarter. d. The above information will flow from policy admin system at UIN level e. Policy funds a. Net inflow or outflow as computed above will flow into or flow out of segregated policy fund (at SFIN level) during the quarter. This information will reconcile with change in unit capital and premium reserve at SFIN level in the Investment management system f. Difference between net inflows/outflows as per UIN level and Net inflows/outflows as per SFIN level must be "nil" 308 Appendix `D' FORM 3B ­ STATEMENT OF INVESTMENTS (PART - A) OBJECTIVE The Insurer shall file FORM 3B (Part A) for compliance of Pattern of Investments showing Investment assets and other assets and linking the same with Balance Sheet figures A. METHOD OF PREPARATION (a) FORM 3B has two sections: Section I Section I requires the insurer to establish linkage with the details of investment as shown in the Balance Sheet and the investment returns. The Insurer shall furnish the figures as appearing in Schedule 8 to 15 and the debit balance in Profit & Loss Account. Further, all the items pertaining to investments disclosed in the investment returns (FORM 5) which do not form part of schedule 8 need to be shown in the "less" items of this section. The Investment assets as appearing in section I shall be reconciled with the investment assets shown under the head "Total Fund" in section II. Section II In Section II, the insurer is required to comply with the pattern of investments as prescribed under Regulation 7 of the IRDA (Investment) Regulations 2000 as amended from time to time. Separate Custodian account shall be maintained for "balance" investments of Shareholder's fund that does not form part of the FRSM (except in case of Securities held with RBI/ CCIL). Shareholders' funds held beyond the solvency requirements shall not be subject to Pattern of Investments prescribed under Regulation 7 (provided such assets are kept in a separate custody account) but shall be subject to Prudential / Exposure norms prescribed under Regulation 9, provided the same are maintained in a separate custody account. 309 Technical Guide (b) Category of Investments Investments shall be categorized as per the Regulation, such as Central Government Securities, State Government Securities, Other Approved Securities, Housing and Infrastructure, Approved Investments and Other Investments. (c) % as per Regulation This specifies the minimum or maximum % of investments under each category of investments as prescribed in Regulation for various funds. (d) Shareholders' Fund (SH) and Policyholders' Fund All the insurers shall maintain portfolios of SH BALANCE (other than fund representing solvency margin) and /or assets representing Solvency Margin. The Pattern of Investment shall be complied with funds representing solvency margin (both shareholder fund representing solvency and Policyholder funds taken together. It may be noted that the pattern of Investment will not apply to Shareholders funds in excess of solvency requirement, held in a separate custody account. But exposure norms of `Investee', `company', `Group' and `industry sector' will apply to both shareholders and policyholders funds. Any amount shown under the head "Balance" shall clearly identified (security wise) in a separate custody account. (e) Book Value (SH + PH) Investment assets allocated under SH and PH shall be shown at Book value i.e. all the debt securities shall be at historical cost subject to amortization. Units of Mutual Fund and equity and equity related instruments shall be shown at cost of acquisition. In the investment returns, column d would be sum of column b and column c. (f) % Actual The insurer shall work out the percentage of holding in G Sec, G Sec or Other Approved Securities (including Govt. Securities), Housing & Loans to State Government for Firefighting 310 Appendix `D' equipments; Infrastructure Investments, Approved investments and Other Investments with respect to Total Investment asset. (g) FVC Amount The insurer shall compute the fair value for holding in equities and for units of mutual fund. The difference between the fair value and the book value is the Fair Value Change (FVC). (h) Total This is the sum of Balance of Shareholders Fund, FRSM, Policyholders funds and FVC amount. The grand total under this column should tally with the investments assets shown in section I. (i) Market Value The market value all the securities shall be shown, Category code wise as provided in the Guidelines issued. In the case of Equity, the Market Value shall be the lower of BSE / NSE prices NOTE a. "Other Investments" made from all categories of Investment including Housing and Infrastructure sectors shall not exceed 25% of the total investment assets. b. All investment assets such as Fixed Deposit, Section 7 deposit should form part of Schedule 8 in the Balance Sheet 311 Technical Guide FORM 3B ­ STATEMENT OF INVESTMENTS (PART - B) OBJECTIVE All insurers are required to file FORM 3B (Part ­ B) to provide the details of investments during the quarter. The form is intended to bring out the accretion to the Insurer's investments while complying with the pattern of Investment. A. METHOD OF PREPARATION a. Opening balance The closing book value of investments of the previous quarter as disclosed under FORM 3B (Part A) shall be reported in the column. b. % to Opening Balance The opening balance of prescribed category of investments under various funds divided by total book value of investments of the fund expressed as a percentage. c. Net Accretion for the Qtr. Net increase/ (decrease) in the category of investments during the quarter is the difference between the opening balance and the closing balance during the quarter. d. Total Opening balance of the pattern of investment assets plus net accretion during the quarter must be shown in the column. The summation of the column for the various funds should tally with book value figures shown in FORM 3B (Part A). 312 Appendix `D' FORM 4A ­ EXPOSURE NORMS COMPLIANCE (PART A, B, C & D) OBJECTIVE In order to establish compliance with prudential and exposure norms as prescribed in Regulation 9 and other circulars issued by the Authority from time to time, all insurers are required to file FORM 4A (PART A, B, C & D). Norms for exposure to Investee Company, Investee Company Group and Industrial Sector have been laid down in Regulation 9 of the IRDA (Investment) Regulation, 2000 as amended from time to time. FORM 4A (Part A) requires exception reporting and hence only deviations from the prescribed regulations are required to be reported. FORM 4A (Part B) shall be prepared for Promoter Group, FORM 4A (Part C) shall be prepared for Non Promoter Group and Part D be prepared for each Industry Sector. FORMs 4A (PART A, B, C & D) shall be prepared for Life, Pension & General Annuity and for ULIP at Segregated Funds [SFIN] level. A. METHOD OF PREPARATION In Part A of FORM 4A The insurer is required to submit only the instances of deviation where there is non-compliance with investee company norms as prescribed in Regulation. a. Investee Company The insurer shall state the full name of the Investee Company. b. Eligibility limit as per Regulation The insurer shall state the limit in terms of amount for equity and debt. The maximum amount (Eligible limit) for investment in equity, preference shares and convertible debentures shall be the lower of amount computed as per percentage (prescribed under Regulation 9 of IRDA (Investment) Regulations, 2000 as amended from time to time) of (1) investee company's outstanding shares or (2) insurers investment assets/ funds. In case of debt, loans and other investments the limit shall be the lower of amount computed as per percentage (prescribed under Regulation 9 of IRDA (Investment) Regulations, 2000 as amended 313 Technical Guide from time to time) of (1) Paid-up share capital, free reserves and Debentures / Bonds or (2) insurers investment assets/ funds. Outstanding shares do not include the preference shares. Investments in preference shares, Convertible debentures / bonds shall be as per Regulation 9 of IRDA (Investment) Regulations, 2000 as amended from time to time. Further, the total exposure to any company (equity, debt and all other investments taken together) shall be capped as prescribed in the regulations. The insurer shall endeavor to obtain the latest available details. c. Actual Investment In this column the insurer shall show, Investee Company wise, the actual investments at Book Value. The insurer shall show equity investments and debt investments separately. d. Deviation Amount The deviation amount is the difference between the eligible investment amount and the actual investment made by the insurer. The deviations shall be given separately for equity and debt investments. The insurer shall report only those cases where there are deviations. In Part B of FORM 4A a. Name of the Promoter Group Company: The insurer shall identify Investee Company with the promoter group to which Investee Company belongs to.. The insurer shall follow the "Group" definition consistently as prescribed in the Investment Regulation b. Eligible limit of the Promoter Group as per Regulation 9 The maximum investments in any company belonging to the Insurer's promoter Group shall be the percentage (as prescribed in the Regulations) computed on investment assets at aggregate level. c. Actual Investments In this column the insurer shall show, Investee Company group wise, the actual investments at Book value 314 Appendix `D' d. Deviation The deviation amount is the difference between the eligible investment limit as shown in column `d' and the actual investment as shown in column `e'. e. % deviation The insurer shall show the deviation as a % to investment assets. In Part C of FORM 4A a. Name of the Group The insurer shall identify every investee company with the group to which Investee Company belongs to. The insurer shall follow the "Group" definition consistently as prescribed in the Investment Regulation. b. Eligible limit of the Promoter Group as per Regulation 9 The maximum investments in the investee company belonging to the Group Company as defined in the Investment Regulation. Shall be the percentage (as prescribed in the Regulations) computed on investment asset/ fund. In the case of ULIP funds, the limit shall be applicable both at Segregated Fund level and at aggregate level. c. Actual Investments In this column the insurer shall show, Investee Company group wise, the actual investments at Book value d. Deviation The deviation amount is the difference between the eligible investment limit as shown in column `c' and the actual investment as shown in column `d'. e. % deviation The insurer shall show the deviation as a % to investment assets/controlled fund/ULIP fund size. 315 Technical Guide In Part D of FORM 4A a. Name of the Industry The insurer shall state the name of industrial sector. The classification of any investee company into any industry sector shall be classified on the lines of National Industrial Classification (All Economic Activities) ­ 2008 (NIC) for all sectors, except infrastructure sector. Exposure shall be calculated at Division level from A to R. For Financial and Insurance Activities sector, exposure shall be at Sectional level. In case an investee company is capable of being classified under more than one classification, then the insurer shall classify such that it reflects same in such a way the broad business of the investee company and shall consistently classify the same under the industrial sector in future. b. Actual investments The insurer shall state the total investments made in that industrial sector at Book value. c. Deviation The deviation amount is the difference between the eligible investment limit as shown in column `c' and the actual investment as shown in column `d'. d. % deviation The insurer shall show the deviation as a % to investment assets/controlled fund/ULIP fund size. Lastly, the insurer shall state the % deviation from the limit prescribed under Regulation 9 of the IRDA (Investment) Regulation 2000 as amended from time to time. Further investments in fixed deposits, term deposit and certificate of deposits would not be deemed as exposure to Financial and Insurance Activities sector. However, such exposure to the promoter group is subject to Industrial exposure norms. Industry sector norms shall not apply for investments made in `Infrastructure' sector as defined under Regulation 2(h) of IRDA (Registration of Indian Insurance Companies) Regulations, 2000 as amended from time to time. 316 Appendix `D' FORM 5 ­ STATEMENT OF INVESTMENT RECONCILIATION OBJECTIVE In order to understand the movement of instruments as a result of Purchase and Sale of Investments during the Quarter and in order to link the same [FORM-5 shall be prepared in respect of each fund. In case of ULIP Form 5 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level and Total Investments in the case of General Insurer] with FORM-3A (Part A) / FORM-3B filed for each Quarter this report is presented. Listing of various investments made based as per Guidelines INV/GLN/001/2003-04 - Guidelines ­ Category of Investments Dt. 1st Jan 2004 as amended from time to time. A. METHOD OF PREPARATION The statement shall be prepared as per major categories mentioned under IRDA (Investment) Regulations, 2000 amended from time to time and as applicable to Life Insurers, General Insurers namely; 1. Central Government Securities 2. State Government Securities or Other Approved Securities 3. Housing and Loans to State Government for Housing and Fire Fighting Equipments 4. Infrastructure Investments 5. Approved Investments 6. Other Investments NOTE For all securities, falling under the above heads, the respective Category Code shall be Guidelines INV/GLN/001/2003-04 - Guidelines ­ Category of Investments Dt. 1st Jan 2004 as amended from time to time. a. Category Listing Method The list should follow the category code as prescribed in the Annexure ­ 1 of IRDA/Reg./5/47/2008 as amended from time to time. 317 Technical Guide The Opening Balance of each sub-category shall be the consolidated entry, shown at the book cost of that particular sub-category or at the Actual Cost of Purchases after amortization. In respect of investment property, equity, mutual fund investment, the opening balance shall be shown at weighted average cost of acquisition under respective category of investments. The same shall be the closing balance of previous quarter. b. Purchases for the Quarter All purchases made during the period shall be shown at the consolidated Weighted Average Value, category code wise (as provided in Guidelines on Category of Investments), and be listed in the same sequence as provided in the "Category of Investments". The Face Value shall be the consolidated Value of each security purchased during the Quarter. c. Cost of Sales In case of equity, cost of sales shall be the Weighted Average Cost of the investment and in case of debt securities the cost of sales shall be the amortized cost of investment at the time of sale. d. Closing Balance In Closing Balance column, the book value shall be the sum of Weighted Average Cost of Opening Balance and Purchases made during the period as reduced by the Cost of Sales for that period plus adjustments if any. The closing balance, thus arrived at each sub- category level should be grossed at each category level. The book value, Market Value of each sub-category of Category of Investments shall be reconciled with Form 3A/3B. e. % To Total For Life Insurance Companies : In case of Non- Linked Funds, each category code will be calculated with respect to on Book value and the same will be calculated with respect to Market Value basis for linked funds. For Non-Life Insurance Companies, It will be calculated on Book value basis. 318 Appendix `D' f. Adjustments Any change in value of investments due to cat code reclassification during the quarter, adjustments in securities on account of corporate action entitlements and amortization of premium/ accretion of discount on investments shall be reported under Adjustments column. NOTE 1. Circular No. 32/2/F&A/Circulars/169/Jan/2006-07 Dt. 24th Jan, 2007 on "Prudential norms for Income Recognition, Asset Classification and Provisioning and Other related matters" should strictly be complied with. 2. Refer Annexure ­ 1 of this Guidelines for "Category of Investments for Life, Linked and General Insurance Business as amended from time to time" 3. Refer Annexure ­ 2 of this Guidelines for "Market Value ­ Basis for FORM 3A, FORM 3B" 4. In case of ULIP, FORM 5 shall be prepared at Segregated Fund (SFIN) level for ULIP funds. 5. All transaction shall comply with IRDA/INV/CIR/062/Jan 2005 on transaction on stock market to be on cash basis. 319 Technical Guide FORM 5A ­ STATEMENT OF INVESTMENT IN MUTUAL FUNDS OBJECTIVE The details of investments in made by the Insurer in Mutual Funds, within the limits permitted under the Regulations, shall be captured in this Form. The sum of such investments made in Mutual Funds, as shown in FORM 5A shall be linked to FORM 5 under respective head. A. METHOD OF PREPARATION The statement shall be prepared with regard to Approved Investments and Other Investments. a. Category Listing Method The list should follow the category code as prescribed in the Annexure ­ 1 of IRDA/Reg./5/47/2008 as amended from time to time. In respect of Mutual Fund Investments, the Opening Balance shall be the acquisition cost of the Mutual Fund. b. Purchases For The Quarter All purchases in respect of Mutual Fund made during the period shall be shown at the number of Units purchased and the Weighted Average Value of NAV of all purchase made during the quarter for each of the Mutual Fund. c. Sales For The Quarter All sales in respect of Mutual Fund during the period shall be shown at the number of Units sold and the Weighted Average Cost of all sales made during the quarter for each of the Mutual Fund. d. Closing Balance In Closing Balance column, the book value shall be the sum of Weighted Average Cost of Opening Balance and Purchases made during the period as reduced by the Cost of Sales for that period plus adjustments if any, which shall be listed sub-category wise. The closing balance, thus arrived at each sub-category level should be grossed at each category level. This shall be the investment in mutual fund that will be carried forward to the next period. 320 Appendix `D' e. Market Value Market value for the units held in respect to Mutual Funds shall be shown in this column. f. % To Total Percentage of Investment in Mutual Funds to the book value of Fund (as per FORM 3A/3B) of the respective fund shall be provided in this column. The Mutual Funds shown in "Approved Investments" shall be moved to "Other Investments" category in case of exceeding the limit as provided in the Circular INV/CIR/008/2008-09 as amended from time to time. 321 Technical Guide FORM 6 ­ CERTIFICATE UNDER SECTION 28 OF INSURANCE ACT, 1938 OBJECTIVE This is a certificate requires under Section 28 (2A) / (2B) of Insurance Act, 1938. This form confirms the reconciliation of Investments as per Investment Returns and the same held free of charge, lien, hypothecation etc. This form is linked to FORM 3A/3B. This form shall be signed by Chairman and two Directors and the Principal Officer. The non-encumbrance shall need to be reported by both insurer and the custodian. A. METHOD OF PREPARATION 1. The form is prepared fund-wise and in aggregate for all segregated linked funds. 2. The Separate Custodian account shall be maintained for balance investments of Shareholder's fund that does not form part of the FRSM. 3. The details are furnished at major category code level namely, investment in Central Government Securities, State Government Securities, Other Approved Securities, Infrastructure/Housing & Loans to State Govt. for Housing & FFE, Approved Investment, Other than Approved Investment. 4. The statement reveals the holding particulars of Banks (Custodian bank), Self and Others with respect to Shareholder / Policy holder fund and shall certify the following. (i) The custodian should certify in the disclosure that he is not disqualified by SEBI (Custodian of securities) Regulation every time on annual basis. (ii) The value should be adjusted for Purchase/Sale of investments purchased and awaiting settlement. Reconciliation to this effect should be attached to the certificate. (iii) If the custodian belongs to promoter group, the norms of the promoter group as in the mentioned in INV/CIR/008/2008-09 dated 22nd Aug, 2008 (Annexure II), point 9 shall be complied with. 322 Appendix `D' 5. Investment current assets of linked business to be presented under the custody of self. CBLO to be presented under the custody of `Others'. Government Securities and Treasury bills, Reverse Repo held in SGL account with Reserve Bank of India shall be classified under `Bank' while for insurers availing CSGL account, these holdings should be shown under the respective head i.e. Banks if held with Custodian Bank else under `Others'. 6. Section 7 deposit shall be shown under `Banks if the same is kept with a Bank 323 Technical Guide FORM 7 ­ DETAILS OF NON-PERFORMING ASSETS OBJECTIVE This form provides the Non Performing Asset details in the debt investments of the funds. A. METHOD OF PREPARATION 1. Investments assets are excluding Central Government Securities and State Government Securities (SDL), Other Approved securities and any other equity or equity related instruments. This form is to be prepared at SFIN level for ULIP fund and at aggregate fund level for Life Fund, Pension & General Annuity funds and General Insurers. 2. The absolute amount of Gross NPA as on date (before Provision of NPA to be provided but after write off) 3. Gross NPA as on date to Investment assets shall be shown by dividing "Gross NPA" by "Investment Assets" 4. Item No 4 shall be Provisions made for NPAs appearing under "Gross NPA" 5. Ratio of provisions made on the "NPAs" to "Gross NPA" shall not include provisions made on Standard Assets 6. Provision made on the 'Standard Assets' shall be as per Circular: 32/2/F&A/Circulars/169/Jan/2006-07 as amended from time to time. 7. "Net Investment Assets" is to be arrived at by subtracting provisions (Item no. 4) from Investment Assets (Item no. 1) 8. "Net NPA" is to be arrived at by subtracting provision (Item no. 4) from the Gross NPA (Item no.2) 9. "% of the net NPA" shall be calculated by dividing "Net NPA" by "Net Investment Asset" 10. Write off made during the period shall be as approved by the Board of the Insurer. 324 ANNEXURE-1 CATEGORY OF INVESTMENTS FOR LIFE, LINKED, GENERAL INSURANCE BUSINESS The Authority vide Notification F. No. IRDA/Reg./5/47/2008 dated 30th Jul, 2008 published the 4th Amendment of Investment Regulations on 22nd Aug, 2008. With a view of reflecting the specific changes brought about in respect of Insurers investment in various Categories, had issued Guidelines: INV/GLN/001/2003-04 dated 1st Jan, 2004, the same had been amended suitably as under. These are the Category of Investments that are permissible for Life, Pension and General Annuity, Linked Insurance Business and General Insurance (including Re Insurance) Business. These are the exhaustive categories as per the Insurance Regulatory and Development Authority. No INVESTMENT CATEGORY HEADS CAT CODE A GOVERNMENT SECURITIES A01 Central Government Bonds CGSB A02 Special Deposits CSPD A03 Deposit under Section 7 of Insurance Act, 1938 CDSS A04 Treasury Bills CTRB GOVERNMENT SECURITIES / OTHER APPROVED B SECURITIES B01 Central Government Guaranteed Loans / Bonds CGSL B02 State Government Bonds SGGB B03 State Government Guaranteed Loans SGGL B04 Other Approved Securities (excluding Infrastructure Investments) SGOA B05 Guaranteed Equity SGGE HOUSING & LOANS TO STATE GOVT. FOR HOUSING AND C FIRE FIGHTING EQUIPMENT C01 Loans to State Government for Housing HLSH C02 Loans to State Government for Fire Fighting Equipments HLSF C03 Term Loan - HUDCO / NHB / Institutions accredited by NHB HTLH C04 Commercial Papers - NHB / Institutions accredited by NHB HTLN C05 Housing - Securitised Assets HMBS C06 Debentures / Bonds / CPs / Loans - (Promoter Group) HDPG TAXABLE BONDS C07 Bonds / Debentures issued by HUDCO HTHD Bonds / Debentures issued by NHB / Institutions accredited by C08 HTDN NHB Bonds / Debentures issued by Authority constituted under any C09 Housing / Building Scheme approved by Central / State / any HTDA Authority or Body constituted by Central / State Act TAX FREE BONDS Technical Guide C10 Bonds / Debentures issued by HUDCO HFHD Bonds / Debentures issued by NHB / Institutions accredited by C11 HFDN NHB Bonds / Debentures issued by Authority constituted under any C12 Housing / Building Scheme approved by Central / State / any HFDA Authority or Body constituted by Central / State Act OTHER INVESTMENTS C13 Debentures / Bonds / CPs / Loans HODS C14 Housing - Securitised Assets HOMB C15 Debentures / Bonds / CPs / Loans - (Promoter Group) HOPG D INFRASTRUCTURE INVESTMENTS D01 Infrastructure - Other Approved Securities ISAS D02 Infrastructure - PSU - Equity shares - Quoted ITPE D03 Infrastructure - Corporate Securities - Equity shares-Quoted ITCE D04 Infrastructure - Equity (Promoter Group) IEPG D05 Infrastructure - Securitised Assets IESA Infrastructure - Debentures / Bonds / CPs / loans - (Promoter D06 IDPG Group) D07 Infrastructure - Infrastructure Development Fund (IDF) IDDF TAXABLE BONDS D08 Infrastructure - PSU - Debentures / Bonds IPTD D09 Infrastructure - PSU ­ CPs IPCP D10 Infrastructure - Other Corporate Securities - Debentures/ Bonds ICTD D11 Infrastructure - Other Corporate Securities - CPs ICCP D12 Infrastructure - Term Loans (with Charge) ILWC TAX FREE BONDS D13 Infrastructure - PSU - Debentures / Bonds IPFD D14 Infrastructure - Other Corporate Securities - Debentures/ Bonds ICFD OTHER INVESTMENTS D15 Infrastructure - Equity (including unlisted) IOEQ D16 Infrastructure - Debentures / Bonds / CPs / loans IODS D17 Infrastructure - Securitised Assets IOSA D18 Infrastructure - Equity (Promoter Group) IOPE Infrastructure - Debentures / Bonds / CPs / loans - (Promoter D19 IOPD Group) E APPROVED INVESTMENT SUBJECT TO EXPOSURE NORMS E01 PSU - Equity shares ­ Quoted EAEQ E02 Corporate Securities - Equity shares (Ordinary)- Quoted EACE Equity Shares - Companies incorporated outside India (invested E03 EFES prior to IRDA Regulations) E04 Equity Shares - Promoter Group EEPG E05 Corporate Securities - Bonds - (Taxable) EPBT E06 Corporate Securities - Bonds - (Tax Free) EPBF E07 Corporate Securities - Preference Shares EPNQ E08 Corporate Securities - Investment in Subsidiaries ECIS 326 Appendix `D' E09 Corporate Securities - Debentures ECOS Corporate Securities - Debentures / Bonds/ CPs /Loan - (Promoter E10 EDPG Group) E11 Corporate Securities - Derivative Instruments ECDI E12 Municipal Bonds ­ Rated EMUN E13 Investment properties - Immovable EINP E14 Loans - Policy Loans ELPL Loans - Secured Loans - Mortgage of Property in India (Term E15 ELMI Loan) Loans - Secured Loans - Mortgage of Property outside India (Term E16 ELMO Loan) Deposits - Deposit with Scheduled Banks, FIs (incl. Bank Balance E17 ECDB awaiting Investment), CCIL, RBI E18 Deposits - CDs with Scheduled Banks EDCD E19 Deposits - Repo / Reverse Repo - Govt Securities ECMR E20 Deposits - Repo / Reverse Repo - Corporate Securities ECCR Deposit with Primary Dealers duly recognised by Reserve Bank of E21 EDPD India E22 CCIL ­ CBLO ECBO E23 Commercial Papers ECCP E24 Application Money ECAM Perpetual Debt Instruments of Tier I & II Capital issued by PSU E25 EUPD Banks Perpetual Debt Instruments of Tier I & II Capital issued by Non- E26 EPPD PSU Banks Perpetual Non-Cum. P.Shares & Redeemable Cumulative E27 EUPS P.Shares of Tier 1 & 2 Capital issued by PSU Banks Perpetual Non-Cum. P.Shares & Redeemable Cumulative E28 EPPS P.Shares of Tier 1 & 2 Capital issued by Non-PSU Banks E29 Foreign Debt Securities (invested prior to IRDA Regulations) EFDS E30 Mutual Funds - Gilt / G Sec / Liquid Schemes EGMF E31 Mutual Funds - (under Insurer's Promoter Group) EMPG E32 Net Current Assets (Only in respect of ULIP Business) ENCA F OTHER INVESTMENTS F01 Bonds - PSU ­ Taxable OBPT F02 Bonds - PSU - Tax Free OBPF F03 Equity Shares (incl Co-op Societies) OESH F04 Equity Shares (PSUs & Unlisted) OEPU F05 Equity Shares - Promoter Group OEPG F06 Debentures OLDB F07 Debentures / Bonds/ CPs / Loans etc. - (Promoter Group) ODPG F08 Municipal Bonds OMUN F09 Commercial Papers OACP F10 Preference Shares OPSH 327 Technical Guide Venture Fund / SEBI approved Alternate Investment Fund F11 OVNF (Category I) F12 Short term Loans (Unsecured Deposits) OSLU F13 Term Loans (without Charge) OTLW F14 Mutual Funds - Debt / Income / Serial Plans / Liquid Secemes OMGS F15 Mutual Funds - (under Insurer's Promoter Group) OMPG F16 Derivative Instruments OCDI F17 Securitised Assets OPSA F18 Investment properties - Immovable OIPI Note: F. `Other Investments' shall not be applicable to Pension and General Annuity Funds of Life Insurers. 328 Appendix `D' ANNEXURE-2 MARKET VALUE - BASIS FOR FORM-3A / FORM-3B The Authority vide Notification F. No. IRDA/Reg./5/47/2008 dated 30th Jul, 2008 published the 4th Amendment of Investment Regulations on 22nd Aug, 2008. With a view of reflecting the specific changes brought about in respect of Maket Value of Investments for the purpose of FORM 3A, FORM 3B, the Authority issued Guidelines INV/GLN/003/2003-04 dated 1st Jan, 2004 and the same has been amended suitably as under. The following shall, without prejudice to Section 27A, 27B of the Insurance Act, 1938 be the basis for arriving at the "Market Value" of Investment to be furnished in FORM-3A and FORM-3B. S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B A Government Securities A01 Central Government Bonds CGSB Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency A02 Special Deposits CSPD At Cost A03 Deposit under Section 7 of CDSS Value as per FIMMDA if rated. If Insurance Act, 1938 not, valued at applicable Market Yield rates published as per reputed Rating Agency A04 Treasury Bills CTRB Valued as per FIMMDA. B Government Securities / Other Approved Securities B01 Central Government CGSL Value as per FIMMDA if rated. If Guaranteed Loans / Bonds not, valued at applicable Market Yield rates published as per reputed Rating Agency B02 State Government Bonds SGGB Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency B03 State Government Guaranteed SGGL Value as per FIMMDA if rated. If Loans not, valued at applicable Market Yield rates published as per reputed Rating Agency B04 Other Approved Securities SGOA Value as per FIMMDA if rated. If (excluding Infrastructure not, valued at applicable Market Investments) Yield rates published as per 329 Technical Guide S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B reputed Rating Agency B05 Guaranteed Equity SGGE Book Value. C Housing & Loans to State Govt. for Housing and Fire Fighting Equipment C01 Loans to State Government for HLSH At Cost Less Provisions Housing C02 Loans to State Government for HLSF At Cost Less Provisions Fire Fighting Equipments C03 Term Loan - HUDCO / NHB / HTLH At Cost Less Provisions Institutions accredited by NHB C04 Commercial Papers - NHB / HTLN Value as per FIMMDA if rated. If Institutions accredited by NHB not, valued at applicable Market Yield rates published as per reputed Rating Agency C05 Housing - Securitised Assets HMBS Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency C06 Bonds/Debentures/CPs/Loans - HDPG Value as per FIMMDA if rated. If Promoter Group not, valued at applicable Market Yield rates published as per reputed Rating Agency TAXABLE BONDS OF C07 Bonds / Debentures issued by HTHD Value as per FIMMDA if rated. If HUDCO not, valued at applicable Market Yield rates published as per reputed Rating Agency C08 Bonds / Debentures issued by HTDN Value as per FIMMDA if rated. If NHB / Institution accredited by not, valued at applicable Market NHB Yield rates published as per reputed Rating Agency C09 Bonds / Debentures issued by HTDA Value as per FIMMDA if rated. If Authority constituted under any not, valued at applicable Market Housing / Building Scheme Yield rates published as per approved by Central / State / reputed Rating Agency any Authority or Body constituted by Central / State Act TAX FREE BONDS C10 Bonds / Debentures issued by HFHD Value as per FIMMDA if rated. If 330 Appendix `D' S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B HUDCO not, valued at applicable Market Yield rates published as per reputed Rating Agency C11 Bonds / Debentures issued by HFDN Value as per FIMMDA if rated. If NHB / Institution accredited by not, valued at applicable Market NHB Yield rates published as per reputed Rating Agency C12 Bonds / Debentures issued by HFDA Value as per FIMMDA if rated. If Authority constituted under any not, valued at applicable Market Housing / Building Scheme Yield rates published as per approved by Central / State / reputed Rating Agency any Authority or Body constituted by Central / State Act OTHER INVESTMENTS C12 Debentures / Bonds / CPs / HODS Value as per FIMMDA if rated. If Loans not, valued at applicable Market Yield rates published as per reputed Rating Agency C13 Housing - Securitised Assets HOMB Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency C14 Debentures / Bonds / CPs / HOPG Value as per FIMMDA if rated. If Loans - (Promoter Group) not, valued at applicable Market Yield rates published as per reputed Rating Agency D INFRASTRUCTURE INVESTMENTS D01 Infrastructure - Other Approved ISAS Value as per FIMMDA if rated. If Securities not, valued at applicable Market Yield rates published as per reputed Rating Agency D02 Infrastructure - PSU - Equity ITPE If quoted, valued at Market Value shares ­ Quoted (last Quoted price should not be later than 30 days). In unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the 331 Technical Guide S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B year, the same shall be reduced from the Book Value) D03 Infrastructure - Corporate ITCE If quoted, valued at Market Value Securities - Equity shares- (last Quoted price should not be Quoted later than 30 days). If unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) D04 Infrastructure - Equity (Promoter IEPG If quoted, valued at Market Value Group) (last Quoted price should not be later than 30 days). If unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) D05 Infrastructure - Securitised IESA Value as per FIMMDA if rated. If Assets not, valued at applicable Market Yield rates published as per reputed Rating Agency D06 Infrastructure - Debentures / IDPG Value as per FIMMDA if rated. If Bonds / CPs / loans - Promoter not, valued at applicable Market Group Yield rates published as per reputed Rating Agency and in case of loans at cost D07 Infrastructure - Infrastructure IDDF At NAV (if available) or at cost Development Fund (IDF) less Provision for diminution TAXABLE BONDS OF D08 Infrastructure - PSU - IPTD Value as per FIMMDA if rated. If Debentures / Bonds not, valued at applicable Market Yield rates published as per reputed Rating Agency D09 Infrastructure - PSU ­ CPs IPCP Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per 332 Appendix `D' S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B reputed Rating Agency D10 Infrastructure - Other Corporate ICTD Value as per FIMMDA if rated. If Securities - Debentures/ Bonds not, valued at applicable Market Yield rates published as per reputed Rating Agency D11 Infrastructure - Other Corporate ICCP Value as per FIMMDA if rated. If Securities ­ CPs not, valued at applicable Market Yield rates published as per reputed Rating Agency D12 Infrastructure - Term Loans ILWC At Cost less opening Provisions (with Charge) TAX FREE BONDS D13 Infrastructure - PSU - IPFD Value as per FIMMDA if rated. If Debentures / Bonds not, valued at applicable Market Yield rates published as per reputed Rating Agency D14 Infrastructure - Other Corporate ICFD Value as per FIMMDA if rated. If Securities - Debentures/ Bonds not, valued at applicable Market Yield rates published as per reputed Rating Agency OTHER INVESTMENTS D15 Infrastructure - Equity (including IOEQ If quoted, valued at Market Value unlisted) (last Quoted price should not be later than 30 days). In unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) D16 Infrastructure - Debentures / IODS Value as per FIMMDA if rated. If Bonds / CPs / loans not, valued at applicable Market Yield rates published as per reputed Rating Agency and in case of loans at cost D17 Infrastructure - Securitised IOSA Value as per FIMMDA if rated. If Assets not, valued at applicable Market Yield rates published as per reputed Rating Agency and in case of loans at cost 333 Technical Guide S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B D18 Infrastructure - Equity (Promoter IOPE If quoted, valued at Market Value Group) (last Quoted price should not be later than 30 days). In unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) D19 Infrastructure - Debentures / IOPD Value as per FIMMDA if rated. If Bonds / CPs / loans - (Promoter not, valued at applicable Market Group) Yield rates published as per reputed Rating Agency and in case of loans at cost E APPROVED INVESTMENT SUBJECT TO EXPOSURE NORMS E01 PSU - Equity shares - quoted EAEQ Market Value E02 Corporate Securities - Equity EACE Market Value shares (Ordinary)-quoted E03 Equity Share - Companies EFES If quoted, valued at Market Value incorporated outside India (last Quoted price should not be (invested prior to IRDA later than 30 days). In unquoted, Regulations) Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) E04 Equity Shares - Promoter Group EEPG If quoted, valued at Market Value (last Quoted price should not be later than 30 days). In unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced 334 Appendix `D' S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B from the Book Value) E05 Corporate Securities - Bonds - EPBT Value as per FIMMDA if rated. If (Taxable) not, valued at applicable Market Yield rates published as per reputed Rating Agency E06 Corporate Securities - Bonds - EPBF Value as per FIMMDA if rated. If (Tax Free) not, valued at applicable Market Yield rates published as per reputed Rating Agency E07 Corporate Securities - EPNQ If quoted, valued at Market Value Preference Shares (last Quoted price should not be later than 30 days). In unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) E08 Corporate Securities - ECIS At Cost less Provision for Investment in Subsidiaries diminution E09 Corporate Securities ­ ECOS Value as per FIMMDA if rated. If Debentures not, valued at applicable Market Yield rates published as per reputed Rating Agency E10 Corporate Securities - EDPG Value as per FIMMDA if rated. If Debentures / Bonds/ CPs /Loan not, valued at applicable Market - Promoter Group Yield rates published as per reputed Rating Agency and in case of loans at cost E11 Corporate Securities - Derivative ECDI Marked to Market Instruments E12 Municipal Bonds - Rated EMUN Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency and in case of loans at cost E13 Investment properties ­ EINP At Cost Immovable E14 Loans - Policy Loans ELPL At Cost E15 Loans - Secured Loans - ELMI At Cost Less Provisions 335 Technical Guide S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B Mortgage of Property in India (Term Loan) E16 Loans - Secured Loans - ELMO At Cost Less Provisions Mortgage of Property outside India (Term Loan) E17 Deposits - Deposit with ECDB At Carrying Cost Scheduled Banks, FIs (incl. Bank Balance awaiting Investment), CCIL, RBI E18 Deposits - CDs with Scheduled EDCD At Carrying Cost Banks E19 Deposits - Repo / Reverse ECMR At Cost Repo- Govt Securities E20 Deposits - Repo / Reverse ECCR At Cost Repo- Corporate Securities E21 Deposit with Primary Dealers EDPD At Cost duly recognised by Reserve Bank of India E22 CCIL ­ CBLO ECBO At Carrying Cost E23 Commercial Papers ECCP Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency E24 Application Money ECAM At Cost E25 Perpetual Debt Instruments of EUPD Value as per FIMMDA if rated. If Tier I & II Capital issued by PSU not, valued at applicable Market Banks Yield rates published as per reputed Rating Agency E26 Perpetual Debt Instruments of EPPD Value as per FIMMDA if rated. If Tier I & II Capital issued by Non- not, valued at applicable Market PSU Banks Yield rates published as per reputed Rating Agency E27 Perpetual Non-Cum. P.Shares & EUPS Value as per FIMMDA if rated. If Redeemable Cumulative not, valued at applicable Market P.Shares of Tier 1 & 2 Capital Yield rates published as per issued by PSU Banks reputed Rating Agency E28 Perpetual Non-Cum. P.Shares & EPPS Value as per FIMMDA if rated. If Redeemable Cumulative not, valued at applicable Market P.Shares of Tier 1 & 2 Capital Yield rates published as per issued by Non-PSU Banks reputed Rating Agency E29 Foreign Debt Securities EFDS At Carrying Cost 336 Appendix `D' S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B (invested prior to IRDA Regulations) E30 Mutual Funds - Gilt / G Sec / EGMF At NAV as on the reporting date Liquid Schemes E31 Mutual Funds - (under Insurer's EMPG At NAV as on the reporting date Promoter Group) E32 Net Current Assets (Only in ENCA At book value respect of ULIP Business) F OTHER INVESTMENTS F01 Bonds - PSU ­ Taxable OBPT Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency F02 Bonds - PSU - Tax Free OBPF Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency F03 Equity Shares (incl Co-op OESH If quoted, valued at Market Value Societies) (last Quoted price should not be later than 30 days). In unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) F04 Equity Shares (PSUs & OEPU If quoted, valued at Market Value Unlisted) (last Quoted price should not be later than 30 days). In unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) F05 Equity Shares - Promoter Group OEPG If quoted, valued at Market Value (last Quoted price should not be later than 30 days). In unquoted, 337 Technical Guide S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) F06 Debentures OLDB Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency F07 Debentures / Bonds/ CPs / ODPG Value as per FIMMDA if rated. If Loans etc. - Promoter Group not, valued at applicable Market Yield rates published as per reputed Rating Agency and in case of loans at cost F08 Municipal Bonds OMUN Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency and in case of loans at cost F09 Commercial Papers OACP Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency F10 Preference Shares OPSH If quoted, valued at Market Value (last Quoted price should not be later than 30 days). In unquoted, Book Value Less Provisions (Provisions shall be made at the end of the Year. For the purpose of Quarterly Returns, if there exist any Provision for any Equity Share at the beginning of the year, the same shall be reduced from the Book Value) F11 Venture Fund / SEBI approved OVNF At NAV (if available) or at cost Alternate Investment Fund less Provision for diminution (Category I) F12 Short term Loans (Unsecured OSLU At Cost Less Provisions Deposits) 338 Appendix `D' S.No Particulars Cat Market value ­ basis for Form- code 3A, Form-3B F13 Term Loans (without Charge) OTLW At Cost Less Provisions F14 Mutual Funds - Debt / Income / OMGS At NAV as on the reporting date Serial Plans F15 Mutual Funds (under Insurer's OMPG At NAV as on the reporting date Promoter Group) F16 Derivative Instruments OCDI Marked to Market F17 Securitised Assets OPSA Value as per FIMMDA if rated. If not, valued at applicable Market Yield rates published as per reputed Rating Agency. If NAV is available, at applicable NAV. F18 Investment properties ­ OIPI At Cost Immovable 339 Appendix 'E' Format of Engagement Letter to be sent to the Appointing Authority of the Insurance Company for "Certificate on Investment Risk Management Systems and Processes" To the Board of Directors (or the appropriate representative of senior management). [The objective and the scope of the engagement] This has reference to your letter No. ................ dated ....... whereby you have offered us to carry out the examination of compliance status of "Investment risk management system and processes" as at ................. as stipulated in regulation 13(E) (1) of IRDA (Investment) (Fifth Amendment) Regulations, 2013 notified by the Insurance Regulatory and Development Authority (IRDA) and issue a certificate thereon. [The responsibility of the practitioner] We are pleased to confirm our acceptance for the aforementioned assignment through the letter of acceptance attached herewith subject to the following: We shall conduct our examination as per the procedure laid down in the Technical Guide on Review and Certification of Investment Risk Management Systems and Processes of Insurance Companies issued by the Institute of Chartered Accountants of India ("ICAI"). An examination of the Company's implementation of the Investment Risk Management Systems and Processes includes examining evidence supporting the management's compliance with respect to requirements mandated in the Regulations, Guidelines, and Circulars of IRDA. The procedures selected for examination depend on our judgment.We shall take into cognizance of the internal controls relevant and necessary for compliance of regulations issued by IRDA on investment risk management systems and processes in order to obtain evidencethat is appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity's over all internal control. However, we will communicate to you in writing concerning any significant deficiencies in Appendix `E' internal control relevant to the compliance of conditions of Investment Risk Management System & Processes. [The responsibility of Management] Our assignment will be conducted on the basis that the management and, where appropriate, those charged with governance acknowledge and understand that they have responsibility: · For the design of IT Governance Architecture · For implementation of the Investment Risk Management Systems and process in accordance with the Regulations , Guidelines, and Circulars issued by IRDA from time to time, and compliance thereto · For making judgments and estimates those are reasonable and prudent for compliance of IRDA regulations and guidelines on Investment Risk Management System and Processes; and To provide us with: (i) Access, at all times, to all information, including the books of accounts, vouchers and other records and documentation relevant for information system of the company and for Investment Risk Management System and Processes. (ii) Additional information that we may request from the Chief Executive Officer/the Chief Investment Officer/ Chief Technology Officer/ Chief Information Officer /Other Officers of the company for the purpose of examination; and (iii) Unrestricted access to persons within the entity from whom we determine it necessary to obtain evidence for examination. This includes our entitlement to require from the officers of the branch or head office such information and explanations as we may think necessary for the purpose of issue of Certificate on Investment Risk Management Systems and Processes. As part of our assignment, we will request from the management and where appropriate, those in charge of governance, written confirmation concerning representations made to us in connection with the information system of the company and the compliance of conditions of Investment Risk Management System and Processes as may be considered necessary by us for the purpose of our assignment. It may also be noted that non provision of any information/ confirmation requested by us from the management and where appropriate those in charge of governance, may result in limitation on the scope of our assignment. 341 Technical Guide We also wish to invite your attention to the fact that our examination is subject to 'peer review' under the Chartered Accountants Act, 1949 to be conducted by an Independent reviewer. The reviewer may inspect, examine or take abstract of our working papers during the course of the peer review, as required The Chartered Accountants Act, 1949, as amended from time to time and the same need not be construed as breach of confidentiality agreement entered with you. We look forward to full cooperation from your staff during our examination. [Other relevant information] [Insert other information, such as fee arrangement, billings and other specific terms as appropriate.] [Certificate] [Insert appropriate reference to the expected form and content of certificate] The form and content of our certificate may need to be amended in the light of findings of our examination. Please sign and return the attached copy of this letter to indicate your acknowledgement of, and agreement with, the arrangement for our aforementioned assignment/s including our respective responsibilities. Kindly also mark a copy of such acknowledgement to the concerned official/s of the respective managements. XYZ & Co. Chartered Accountants .............................. (Signature) Date : (Name of the Member) Place : (Designation1) Acknowledged on behalf of Insurance Company by .......................... (Signature) Name and Designation Date Attached: Letter of Acceptance duly signed by us. 1 Partner or proprietor, as the case may be. 342
Home | About Us | Terms and Conditions | Contact Us
Copyright 2024 CAinINDIA All Right Reserved.
Designed and Developed by Ritz Consulting