Technical Guide on
Review and Certification of Investment
Risk Management Systems and
Processes of Insurance Companies
(2013)
Committee on Banking, Insurance of Pension
The Institute of Chartered Accountants of India
(Set up by an Act of Parliament)
New Delhi
© The Institute of Chartered Accountants of India
All rights reserved. No part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form, or by any means, electronic
mechanical, photocopying, recording, or otherwise, without prior permission,
in writing, from the publisher.
Edition : May, 2013
Committee/Department : Committee on Banking, Insurance & Pension
E-mail : cobip@icai.in
Website : www.icai.org
Price : ` /- (including CD)
ISBN : 978-81-8441-159-1
Published by : The Publication Department on behalf of the
Institute of Chartered Accountants of India,
ICAI Bhawan, Post Box No. 7100, Indraprastha
Marg, New Delhi - 110 002.
Printed by :
Foreword
Regulation of investment functions of insurance companies is necessary
even in the market driven economy as the money involved represents huge
`public savings'. Because of the quantum of monies involved and its
significance, the role of the Regulator in framing proper regulations for
safeguarding policyholders' interest becomes vital. The Insurance
Regulatory and Development Authority, the regulator of insurance sector,
issued Investment Regulations for the compliance of the insurers in 2000 and
amended the same from time to time. The latest amendment was made vide
IRDA (Investment) (5th amendment) Regulations, 2013 w.e.f. 1st April 2013.
The Institute of Chartered Accountants of India (ICAI) has been working very
closely with IRDA and has always been complementing the initiatives taken
by them. I am happy to note that in the amended Regulations, the IRDA has
notified that Investment Risk Management Systems and Process of Insurers
shall be reviewed and certified by a chartered accountant in practice at the
beginning of every second financial year or such shorter frequency as
decided by the Board of the insurer and the said certificate shall be filed with
the IRDA along with the first quarter returns. It is heartening to note that the
IRDA has mandated that the Review of Implementation shall be certified by
the chartered accountant in practice as per the Technical Guide on Review
and Certification of Risk Management Systems and Processes of Insurance
Companies issued by ICAI.
I am happy to know that the Committee on Banking, Insurance and Pension
of the Institute has revised the Technical Guide on Review and Certification
of Investment Risk Management Systems and Processes of Insurance
Companies originally issued in 2008 so as to reflect the changes made in
the Investment Regulations recently.
I wish to place on record my appreciation to CA. J. Venkateswarlu,
Chairman, Committee on Banking, Insurance and Pension and its members
and special invitees and other professionals who are involved in the revision,
for their invaluable contribution in the revision of this Technical Guide. I
would like to thank the Chairman IRDA and his dynamic team for guiding
ICAI in the revision of this Technical Guide.
I am confident that the Technical Guide would be immensely useful to all
concerned.
CA. Subodh Kumar Agrawal
President, ICAI
New Delhi
21st May 2013
iv
Preface
Owing to the liberalization and globalization of the insurance sector, now a days
insurers have huge amount of funds collected from the insured in the form of
premium. The involvement of the public funds necessitated the regulators to
frame regulation to make insurers properly use the freedom provided, but at the
same time, through exposure norms, ensures that flexibility is not used beyond
permitted levels. Thus, the Investment function in an insurance company is a
trade off between liquidity and profitability within the regulatory framework.
The Insurance Regulatory and Development Authority (IRDA) has always been
proactive in bringing out the relevant regulations for better management,
reporting and protection of the interest of various stakeholders. The IRDA has
recently notified IRDA (Investment) (5th Amendment) Regulations, 2013 which
came into force w.e.f. 1st April 2013. The amended Investment Regulations
requires implementation of investment risk management systems and process by
an insurer shall be reviewed and certified by a Chartered Accountant as per the
procedure laid town in the Technical Guide on Review and Certification of
Investment Risk Management Systems and Professes of Insurance Companies
issued by the ICAI.
In the backdrop of the fifth amendment to the Investment Regulations, the
Committee on Banking, Insurance and Pension of ICAI (COBIP) considered it
appropriate to revise the Technical Guide to bridge the knowledge gap in this
vital legislation. This revised Technical Guide provides comprehensive guidance
to the auditors in reviewing and certifying the implementation of risk management
systems and processes as mandated by the investment regulations of IRDA.
I take this opportunity to thank IRDA for reposing confidence in the ICAI and its
membership in entrusting the job of verifying and certifying the implementation of
Risk Management Systems and Processes of insurers.
I place on record my sincere gratitude to CA. S.N. Jayasimhan, Joint Director
(Investments), IRDA; Shri R. Kumar, Deputy Director (Investment), IRDA; Shri
Suresh Nair, Sr Assistant Director (Investments), IRDA; Shri R Chandrasekar,
Secretary, General Insurance Council; CA Abhirajan Gupta; CA. Vittal Raj; CA S.
Venkatraman and CA. P.S. Prabhakar for helping us in revising the Technical
Guide. I am highly thankful to CA. N. Venkatakrishnan for preparing the basic
draft of this Guide. I am also thankful to the experts who had attended a Meeting
at Chennai in February 2013 in relation to finalizing the revised Guide.
I am thankful to the President of ICAI, CA. Subodh Kumar Agrawal and Vice
President of ICAI, CA. K. Raghu for their support and encouragement. I am
grateful to CA. Shriniwas Yeshwant Joshi, Vice Chairman of the Committee, CA.
Jay Chhaira, CA. Prafulla Premsukh Chhajed, CA. Tarun Jamnadas Ghia, CA. V.
Murali, CA. Vijay Kumar Garg, CA. Mukesh Singh Kushwah, CA. Naveen N.D.
Gupta, CA. Vijay Kumar Gupta, CA. Charanjot Singh Nanda, Shri Manoj Kumar,
CA. D.K. Singla, CA. S. V. Sunder Krishnan, CA. M. H. Singhal and CA. Patni
Dilip Kumar, members of the Committee for their valuable guidance and
cooperation in bringing out this revised Technical Guide. I appreciate the efforts
put in by the officials of Secretariat of the Committee for their contribution in
timely release of this Technical Guide.
I hope the members and others concerned would find this Technical Guide
immensely useful and it would serve as a handy tool in rendering professional
services to insurers.
CA. J. Venkateswarlu
New Delhi Chairman,
15th May, 2013 Committee on Banking, Insurance and Pension
vi
Contents
Foreword ..................................................................................................... iii
Preface ......................................................................................................... v
1. Introduction ....................................................................................... 01
2. Investment Function of the Insurer and
Risk Management Process ............................................................... 03
3. Information System Security and Audit ............................................. 10
4. Coverage and Review Methodology .................................................. 19
5. Format of Certificate ......................................................................... 46
Annexures
Annexure `A' Compliance Checklist to be submitted along
with application under `R2' ................................................... 50
Annexure `B' Review of standard operating procedure covering
`systems and processes' ...................................................... 57
Annexure `C' Review of Information Technology (IT) Systems and
Processes supporting Investment Operations ...................... 68
Annexure `D' Application Controls Checklist ........................................... 152
Appendices
Appendix `A' IRDA (Investment) Regulations, 2000 as amended
by IRDA (Investment) (5th Amendment)
Regulations, 2013 .............................................................. 177
Appendix `B' CIRCULAR NO. INV/CIR/008/2008-09 DATED
22.08.2008 Issued by IRDA to Insurers.............................. 240
Appendix `C' IRDA Letter No.IRDA/F&I/CIR/INV/067/04/2013
dt.1st April, 2013 ................................................................ 266
Appendix `D' Guidance Note on Preparation of Investment
Returns (Version-01) issued by Insurance Regulatory
and Development Authority in May 2013 ............................ 289
Appendix `E' Format of Engagement Letter ............................................ 340
viii
1
Introduction
1.01. Insurance in India has come of age.Insurers have been operating in
India for a very long time, but insurance then was entirely the monopoly of
the state-owned Life Insurance Corporation and four general Insurance
Companies. In the post- liberalisation phase, private entrepreneurs have
also come on to the scene. Since insurance is concerned with the protection
of a citizen's life and /or properties as well as national wealth, ever since
insurance emerged as a business, Government, in view of its strong societal
links, have felt the need for its proper monitoring and regulation through
extensive legislation.
1.02. In order to protect the interests of holders of insurance policies, on
th
19 of April, 2000, the Government set up the Insurance Regulatory and
Development Authority (IRDA) under the Insurance Regulatory and
Development Authority Act, 1999 (IRDA Act), to regulate, promote and
ensure the orderly growth of the insurance industry and for matters
connected therewith or incidental thereto and further to amend the
Insurance Act, 1938, the Life Insurance Corporation Act, 1956 and the
General Insurance Business (Nationalisation) Act,1972.
1.03. Insurance business has always been truly global and international in
scope. Recognizing this, regulators of different countries banded together to
form the International Association of Insurance Supervisors (IAIS). India is
among the more than one hundred members of IAIS. The broad principles of
IAIS are meant to see that:
· There is recognition of the fact that insurance is an international
subject;
· Insurance requires to be monitored properly to ensure its healthy
growth; and
· There is a standards setting mechanism.
1.04. The International standards are mainly concentrated around the
following areas:
Technical Guide
· Control over registration of companies
· Management of business through fit and proper persons to be
employed
· Pricing of products to be done on prudent lines
· Management of Investments and associated Risks
· Maintenance of required Solvency margin
· Proper settlement of claims of policy holders.
1.05. Hence, world over, the focus is on building control systems around
the above key factors through regulations. In India, IRDA has implemented
such controls through the following key regulations, as amended from time
to time:
1. IRDA (Registration of Indian Insurance Companies) Regulations, 2000
2. IRDA (Assets, Liabilities and Solvency Margin of Insurers)
Regulations, 2000
3. IRDA (Appointed Actuary) Regulations, 2000
4. IRDA (Actuarial Report and Abstract) Regulations, 2000
5. IRDA (Investment) Regulations, 2000
6. IRDA (Preparation of Financial Statements and Auditor's Report of
Insurance Companies) Regulations, 2000
7. IRDA (General Insurers Re-insurance) Regulations, 2000
8. IRDA (Life Insurers Re-insurance) Regulations, 2000
9. IRDA (Protection of Policyholders' Interest) Regulations, 2000
10. IRDA (Distribution of Surplus) Regulations, 2000
2
2
Investment Function of the Insurer and
Risk Management Process
2.01. During the nationalization regime, prior to the advent of IRDA , State
owned LIC and GIC along with its four subsidiaries were the only players in
the country in Life and General insurance business.
2.02. The investment portfolios of the insurance companies were earlier
channelized to meet the objectives and priorities of the Government.
2.03. As per the recommendations of Malhotra Committee, the mandatory
investment in Government and Approved Securities has been reduced to
50% in Life Fund in the case of Life Insurers, while in the case of General
Insurance Companies it stands reduced to 30% of Investment assets.
2.04. Thus, a higher amount has been made available to insurers to invest
in private and corporate sector, housing and infrastructure sector, etc., to
provide freedom in the structure of the investment portfolio and also involve
the Insurers in the task of fulfilling the rural and social sector obligation of
the Government without sacrificing safety of public funds but at the same
time aligning it to fit into the overall investment strategy of the insurer. This
required the regulators to frame regulations to make insurers properly use
such freedom provided, and, at the same time, through exposure norms,
ensure safety.
2.05. Therefore, it would be appropriate to conclude that as the money
involved represents huge `public savings' regulating investments is a
necessity even in the market driven economy. Thus, what the public invest
in insurance companies is out of their savings and not out of surplus, unlike
in case of deposits with banks. It is because of this reason that the
regulations keep `policyholder protection' as its prime concern. But the
Regulator, responsible for the development of the insurance sector, allows
investing in different investment avenues, by weighing the various risks
associated to efficiently serve the policyholders and also ensure an orderly
growth of Insurance business. The Audit of investment functions of
insurance companies is a necessary effort in this direction.
Technical Guide
2.06. Any insurance contract, ultimately, is based on fact as well as faith:
Faith of the policyholders that if and when there is a claim under their policy,
it would be settled properly; that there is mechanism to ensure that the
insurance company will be solvent for a period longer than the term of the
policy.
2.07. By themselves, insurance companies are major players in a nation's
economy. The sheer volume of monies itself speaks its role in the economy
of India. In the financial year 2011-12, the Life Insurance Companies
collected first year premium of Rs. 1,13,942.17 crores and Non-life
Insurance Companies (including health & specialized insurers) collected a
gross premium of Rs. 59,819.95 crores making it to an aggregate of
Rs. 1,73,762.12 crores.
2.08. The Non-life Insurance Companies held 33.83% of their overall
invested funds in Government securities (inclusive of state govt. and other
approved securities), 7.43% in the Housing sector and 15.31% in
infrastructure investments in 2011-2012. The total invested funds as of
March 31, 2012 were Rs. 99268 crores, which represented almost 20.30%
increase in invested funds over the previous year. The national economy
has benefited significantly from this sector, since the rate of investment of
these funds was considerably higher than the growth rate of the GDP.
2.09. Because of the quantum of monies that are involved and due to their
significance, the channeling of insurance monies into proper sectors has
assumed great importance and therefore the regulations, owing to national
priority, have become crucial. So, the Regulator's drive to push these funds
into various channels by framing proper regulations, to confirm that the
investments are in line with national economic policy [which also takes into
consideration the expectations of the policyholders] becomes vital.
Trade off in Investment Decisions
2.10. Though insurance companies provide solutions to risks of others, they
have their own risk, both operational and financial. Investments always
come with risk. However, the degree of risk varies based on the type of
investments, quantum of money invested [exposure], and the term.
2.11. The Insurance company has to make a careful analysis before taking
investment decisions, taking into consideration the nature of business, risk
involved, return required to meet the actuarial assumptions on returns
4
Investment Function of the Insurer and Risk Management Process
anticipated out of the investment to be made at the time of designing the
product, liquidity requirements, regulatory prescriptions etc,.
2.12. Further, the investments made should also take into consideration the
Policyholders' Reasonable Expectations (PRE) which has a bearing on the
following factors:
· Guarantees made,
· Achieving a real return, that should be in excess of guarantees made,
particularly on without profit policies,
· Realised returns are fairly consistent with returns of earlier period(s)
2.13. Objectives of regulating the Investments of Insurance Companies:
· To ensure the safety of funds, which belong to the Policy-holders
(PH).
· To maintain quality of invested assets to support the prescribed
solvency parameters of the insurer.
· The occasional lower interest rate regimes could compel companies to
seek alternate investment channels which would optimize the returns,
but such process would subject the investment to higher risks.
Regulations would not allow exposure to such high risk investments.
· The prudential norms ensure proper spread and thus avoid
`concentration risk'. Hence investment regulations limit exposure to a
particular company or a group (including group to which the insurer
belongs) of companies or to a particular industry / sector to ensure
proper investment portfolio.
· Regulations also prevent an insurer from taking a controlling stake,
out of policyholders' funds, in any company by limiting the exposure
either to `Debt' or `Equity' mode.
2.14. Another important factor in regulation of investment that cannot be
lost sight of is the need to earmark some portion of investible funds for
social obligations. The savings of the people coming to insurance
companies by way of premium have to be channelized into community
development, infrastructure development, socially oriented investments,
provision for basic amenities in rural areas etc. To this end, IRDA
(Investment) Regulations, 2000, provides for a mandatory minimum of 15%
5
Technical Guide
of Investible funds to be invested in housing and Infrastructure in the case of
Life and General Insurance Business.
Investment Function of Insurer - Regulatory Framework
2.15. The Insurance Act, IRDA Act and the Regulations made there under
which are relevant for the inspection of investment function of Insurance
Companies are featured with some technical terms/concepts whose
familiarization is critical for the inspector to perform his function. There are
references to some other statutes such as Public Debt Act, 1944, Securities
Contract Regulation Act, 1956, etc in the above-referred regulations. This
chapter lists all the relevant provisions of the related statutes (regarding
those technical terms/concepts) at one place so that it will be like a ready
reference for the members involved in this exercise.
2.16. The primary legislations which are relevant for investments of
insurance companies in India are as follows:
· Insurance Act, 1938;
· Insurance Rules, 1939;
· Insurance Regulatory and Development Authority Act, 1999;
· Insurance Regulatory and Development Authority Regulations issued
under IRDA Act, 1999 from time to time;
· Insurance Regulatory and Development Authority (Investment)
Regulations, 2000 as amended from time to time;
· Insurance Regulatory and Development Authority (Preparation of
Financial Statements and Auditor's Report of Insurance Companies)
Regulations, 2000;
· Insurance Regulatory and Development Authority (Assets, Liabilities
and Solvency Margin of Insurance Companies) Regulations, 2000 and
· Circular(s) issued by IRDA on Investment Function, as amended from
time to time.
6
Investment Function of the Insurer and Risk Management Process
IRDA (Investment) (Fifth Amendment) Regulations, 2013
2.17. Based on the experience gained and the feedback received through
Internal / Concurrent Audit Reports and based on the periodical returns
received at IRDA, a Working Group of professionals drawn from Industry,
experts from SEBI and Ministry of Finance was set up to evaluate the need
to introduce new instruments and amend the existing regulatory framework
to enable Insurers deploy funds more prudently without sacrificing safety
parameters, keeping all such suggestions within the various legal and
regulatory requirements, as well as the developments in Financial Markets
including the emergence of Unit Linked Insurance Policies as one of the
most important product portfolios of life insurers.
2.18. Accordingly, the Working Group reviewed the statutory provisions on
the pattern of Investment, operational and policy issues of Investment
Regulations and suggested amendments that would give flexibility to the
IRDA with reference to the Regulation on Investment of Life and General
Insurance Companies. Apparently, the Group also looked into the
modifications in the formats of the prescribed Returns so as to reflect the
changes in the revised regulations.
2.19. The recommendations of the Working Group were examined by IRDA
in the light of legal provisions, keeping in view the interests of the
stakeholders.
2.20. The 4th amendment which was brought in 2008 was thus amended
based on the real time experience of audit feedback. Thus the gaps that
were identified in fully addressing the business requirement and audit
requirement were factored in the 5th amendment.
2.21. This Technical Guide is specifically meant for review and certification
of Investment risk and management systems of Insurance companies arising
out of the IRDA (Investment) Regulations, 2000 as amended from time to
time.
2.22. The current approach to evaluation of system controls is based on IT
Governance Assurance approach wherein control evaluations to be
performed by the auditor have now been re-categorized under control
process categories and additional control evaluations have been included
where ever needed.
7
Technical Guide
2.23 Scope and Coverage of this Technical Guide. The Technical Guide is
designed on the basis of the following framework
IT Governance based Assurance Framework
IT Governance Control Process Categories
Plan & Acquire & Deliver & Monitor &
Organise Implement Support Evaluate
Audit Checklist
Control Evaluation to be performed by the
Auditor
2.23. While the first Chapter of this Technical Guide provides a general
overview of the insurance sector in India, the second chapter has been
structured to present the important issues related to the investment function
of insurance companies. The third Chapter deals with the role of information
system security and audit in the investment risk management systems and
processes of insurance companies. The structural change in the format of
this Technical Guide is the preliminary step towards taking this exercise
towards an enterprise wide risk management.
Fourth Chapter provides detailed guidance on the review and certification of
the Systems / Processes of investment in the context of Risk Management
requirements as provided in the Circulars / Guidelines issued by IRDA. The
Format of the Auditor's Certificate, after reviewing the Systems / Processes
of investment of insurance companies in the context of Risk Management,
has been given in the Fifth Chapter.
2.24. Annexures to this Technical Guide contains four different checklists/
templates, the purposes of which are as under:
Annexure A - Checklist template covering key Regulatory issues at the time
of R1/R2 application (Compliance with pending matters, if any, shall be
reviewed during subsequent audit of Investment systems and processes)
Annexure B - contains the key issues to be addressed while reviewing the
Standard Operating Procedures (SOPs) of existing insurance companies
8
Investment Function of the Insurer and Risk Management Process
with regard to the investment Operations and risk management systems and
processes envisaged by IRDA
Annexure C - covers the review of Information Technology (IT) Systems
and Processes supporting Investment Operations as envisaged by
Regulations
Annexure D - covers the review of Application controls and interface
systems as envisaged by Regulations and Guidelines issued by IRDA
2.25. Insurance Regulatory and Development Authority (Investment) (5th
Amendment) Regulations, 2013 has been given as an Appendix to this
Guide.
9
3
Information System Security and Audit
Introduction
3.1. Information systems (IS) play a key role in the operations of a
business organization. In fact, information is the life blood of business
and this is equally true in Insurance sector. A proper framework that
addresses governance, risk and compliance depends on the support
of robust IS that ensure confidentiality, integrity and availability of
information. Similarly, the IS facilities in turn need to be governed by
appropriate policies and best practices, guided by specific procedures
and supported and manned by trained people. Information Security
has assumed great importance due to the growing incidents and
threats causing huge losses to business over the years, bringing
about legislative and procedural changes in its wake.
3.2. The position of the Insurance sector is unique in as much as it
has a dual role to play. One, that of protecting and securing its own
information and infrastructure to realize its business objectives
including managing its investments for security, wealth / value
maximization, solvency, liquidity and profitability, and the other, of
promoting better information security through positive reinforcement
and reward by providing insurance cover and lower premium for cyber
risks of entities that have information security systems in place.
3.3. The increasing dependence of Insurance Companies on
Information systems brings up issues like data storage, retrieval,
access and processing that is opaque and unintelligible to laymen,
loss of audit trail, adverse effect on controls especially segregation
of duties, and a lot more.
3.4. However, they also provide greater computing power that
enables automation of processes and implementation of systems that
streamline front, mid and back office operations, enable policy
servicing, transparent accounting and customer communication and
reporting, market information, valuation, NAV computation, and
provide support for other compliance/regulatory requirements.
Information System Security and Audit
3.5. The important aspects and issues that necessitate inclusion of
Information system controls, checks and balances for proper
functioning of investment function and management of the risks are
outlined below. These will set the tone for and provide proper
perspective to the guidelines.
SECURING AND USING CUSTOMER INFORMATION AND
DATA
3.6. Insurance business essentially deals with risk management and
by its very nature, is privy to sensitive information about customers.
Information about their vulnerabilities and risks, their short comings
and exposures ranging from business risks and exposures in loss of
profits, policies relating to diseases, handicaps and family histories in
case of health insurance.
3.7. It is not just the ethical and moral duty of the insurer to protect
the client data and store it securely but also a good business practice
to secure it and share it only with authorized partners for permitted
purposes.
3.8. In the years to come, as the Indian Insurance industry expands,
goes global, and matures, the impact will bring about sweeping
changes across the insurance Industry in the way information is
collected, stored, sent and accessed both internally and externally.
3.9. This will result in growth in staffing in the information security
sector/segment, greater surveillance and monitoring mechanisms
being put in place, and growing expenditure on information security.
Insurance companies will have to start putting information security
policies, procedures and best practices in place and will have to
implement information security solutions and audit those at regular
intervals.
3.10. This will also mean placing restrictions on indiscriminate access
and use of customer data for cross-selling purposes, and also of
selling customer lists and data bases for a price.
PREVENTING INSIDER ABUSE
3.11. Insurance companies by their very nature deal with a
substantially large client base, their transactions span over a long time
11
Technical Guide
period (typically twenty plus years in the case of a life policy), are
open to abuse and misuse by unscrupulous clients and
employees/agents (insurance frauds) and are also exposed to
management frauds through misrepresenting accounting estimates
and window dressing.
3.12. The emergence of corporate governance and the responsibility
of quick, timely and accurate reporting of information, now places an
extra burden of maintaining confidentiality, integrity and availability of
information on insurance companies.
PROTECTING DECENTRALIZED DATA
3.13. With the advent of networks, remote and tele-computing and
spread of insurance services over geographical area, distributed data
processing and multi-user computing has become the order of the
day.
3.14. Data bases are no longer unified or centralized as in the past.
Data is stored on different servers at different locations, needing
broader security measures, which will ensure that protection levels are
maintained across different networks and platforms.
MANAGING LEGACY SYSTEMS AND INTEGRATING
SECURITY INFRASTRUCTURE
3.15. Insurers were one of the early users of data processing
systems. Electronic Data Processing (EDP) has today grown into
Information Technology (IT), but most insurance companies are still
flogging the earlier legacy systems and programs which can be seen
being used with the latest technology. Given this diversity of systems,
using different operating platforms, different network architectures,
different types and differing versions of software, ensuring
compatibility of security tools and integration of security infrastructure
has become a Herculean task, not to mention the challenge of
maintaining and ensuring effective and efficient functionality of the
entire process.
12
Information System Security and Audit
INTERNET/WEB ACCESS TO DATA BASES AND
APPLICATIONS
3.16. Most insurance companies, in an attempt to reach a larger
number of customers and providing better service and lower cost, are
web-enabling their businesses especially the delivery systems and
interfaces. This has brought the security issues associated with the
internet especially unauthorized access, data modification and
analysis, spoofing, passing off, identity theft, denial of service and
hacking attacks, web vandalism, mistrust, privacy loss and repudiation
into sharp focus.
BALANCING SECURITY AND OPENNESS
3.17. Insurance companies require an open environment where
customers and agents get maximum access to the required data in an
easy, convenient way. Security features, which restrict or affect
accessibility and ease of use, are bound to turn away customers from
the most secure insurance company sites and portals. This is perhaps
the biggest quandary in which insurers find themselves today. Ease of
use, user-friendly interface and efficiency and innovation leading to
fast processing speed and better customer service cannot be
compromised by information security applications.
KEY ISSUES IN INSURANCE SECTOR
3.18. The key issues for information security in the insurance sector
today, apart from putting in place necessary Investment Risk
Management Systems and Process, are maintaining privacy and
confidentiality of customer information and data, providing authenticity
and integrity of data and transactions, identification of users, non
repudiation and preventing unauthorized access, insider abuse and
cyber attacks and threats. It also revolves around ensuring efficiency
and effectiveness of information systems and ensuring compliance
with laws and building reliable systems.
THE ROLE OF IS AUDIT IN INSURANCE SECTOR
3.19. Information System Audit has a significant role to play in the
Insurance Sector. Information System Audit aims at providing
13
Technical Guide
assurance in respect of Confidentiality, Availability and Integrity for
Information systems. It also looks at their efficiency, effectiveness and
responsiveness. It focuses on compliance with laws and regulations.
3.20. In the context of the growing dependence of Insurance Sector
on Information Systems for record keeping, transacting business,
reporting, as well as regulatory compliance and providing information
and results to stakeholders, Information System Audit has assumed a
very significant role. In fact it would not be wrong to say that without
an effective IS Audit system in place, corporate governance,
compliance and effective regulation and risk management of the
insurance sector would be a difficult proposition.
THE SOLUTION A PROACTIVE APPROACH
3.21. It is always wise to put in place a proactive approach to security
that is based on education, awareness, exchange of information,
policies, practices, procedures, cooperation and motivation of all
concerned that will enable insurers to meet the information security
challenges faced, as there will be no wastage of time to take control of
adverse situation in the long run. In order to protect the huge
Investments of Insurers, the IRDA has recently issued clear guidelines
on Investment Risk Management Systems and Process.
THE SCOPE
3.22. With a view to addressing the concerns of the Regulator and
other stakeholders, the review of investment risk and management
system should include within its scope the following minimum areas of
information system security and audit:
i. Risk Management: Ensure that the features and system parameters
implemented in the system are in accordance with the policies and
procedures covered in IRDA Investment Regulations and applicable
Guidelines / Circulars.
ii. Application Review: Review and ensure that the software used by
the insurance companies is in accordance with the security standards
and policies and guidelines as prescribed by IRDA.
iii. Security Policy and Implementation: Review the security policy and
implementation procedures with special reference to the Hardware
14
Information System Security and Audit
Platform, Network, Operating System, Physical Perimeter, Backups
and databases.
iv. Capacity Management: Assess the existing and planned capacity for
growth and adequacy of the current capacity to handle the existing and
future business.
v. Disaster Recovery, Back-up and Contingency Planning: Review
the existing disaster recovery, back-up and contingency plans and
policies of the insurance companies and verify and assess the
compliance to current policies.
vi. Customer Services: Review the procedures for providing services
and communicating with clients / investors.
vii. Internal Vulnerability Assessment: Ascertain the data integrity,
availability and security of the key information present in the network
and the efficiency, effectiveness, responsiveness and compliance of
the IS processing facilities.
THE APPROACH
3.23. The checklist-based review should address and cover the
following key activities of an Insurance Company:
i. Understanding the Information Technology Infrastructure of the
insurance company as it exists at the location.
ii. Understanding the business process, related to the Investment
function and risk management system.
iii. Understanding the transaction mechanism and data flow with respect
to investment management function.
iv. Inspection and review of the documented policies and procedures,
infrastructure and network diagram.
v. Collection of evidence in the form of documents, test results,
screenshots, confirmations, logs, third party evidence.
vi. Conducting a risk analysis in the environment to evaluate and test the
existing risk management processes and available controls, both
system- based and manual.
vii. Vulnerability analysis and audit of host servers.
15
Technical Guide
viii. Discussing critical observations / findings with the Insurance Company
and generating a report to be submitted to IRDA.
3.24. Structure of systems & applications in investment process of an
Insurance Company is depicted below
16
Information System Security and Audit
3.25 Before commencing the review, the auditor is expected to
obtain the following information at the location.
Sl. PARTICULARS DETAILS /
No. REMARKS
i Location(s) from where Investment activity is
carried out
Ii IT Applications used to manage the Insurer's
Investment Portfolio Distributed applications
Iii System layout of the IT and network
infrastructure including:
a. Server details,
b. database details,
c. type of network connectivity, firewalls, UTM, etc
d. Other facilities / utilities (describe)
iv Location of systems and applications i.e.
whether hosted at a central location or at
different offices
v Previous Audit reports and issues / details of
unresolved issues from:
a. Internal audit
b. Statutory audit
c. IRDA Inspection / Internal and Concurrent
audit
d. Security Incidents IS Audits.
vi Internal circulars and guidelines of the Insurer
relating to investment functions.
vii Standard Operating Procedures (SOPs)with
reference to workflow, documentation of each
activity/or activity cycle
Viii List of new Products / funds introduced during
the period under review along with IRDA
approvals for the same.
ix Scrip-wise list of all investments, fund wise,
classified as per IRDA Guidelines, held on date
(including investments held under a Group,
Promoter Group of the Insurer)
17
Technical Guide
Sl. PARTICULARS DETAILS /
No. REMARKS
x IRDA Correspondence files related to
investments
xi IT Security Policy
xii Business Continuity Plans (BCP) and Disaster
Recovery (DR) relevant to Investment functions
xiii Network Security Reports pertaining to IT Assets
xiv Appointment / Engagement Letter for the
assignment with clearly defined scope and
coverage
18
4
Coverage and Review Methodology
Introduction
4.1. Insurance Regulatory and Development Authority of India (IRDA) has
amended its Investment Regulations vide notification dated 16th February,
2013 and issued IRDA (Investment) (Fifth Amendment) Regulations, 2013
which requires specific minimum requirements on the Systems / Process of
investment in the context of Risk Management viz. Investment Risk
Management Systems.
4.2. All Insurance Companies seeking registration with IRDA need to
comply with Investment Risk Management Systems and Processes as a part
of registration process. All Life and General Insurance Companies are
required to have their Investment Risk Management Systems reviewed and
certified by a Chartered Accountant who is not the Statutory / Internal /
Concurrent Auditor of the concerned Insurer. Such review should be
conducted once in 2 years and the insurer shall file the certificate issued by
the Chartered Accountant along with the first quarter periodical Investment
returns with IRDA.
4.3. The Audit firm, as required under IRDA directives, should satisfy the
following norms to undertake the Investment Risk Management Systems and
Process Audit
(a) The Chartered Accountant firm shall be a firm, registered with the
Institute of Chartered Accountants of India (ICAI).
(b) The Audit firm should have experience, for at least four years, in
conducting reviews of Risk Management Systems and Process of
either Banks or Mutual Funds or Insurance Companies or have, on
behalf of IRDA conducted Investment Inspection of Insurance
Companies.
(c) On the date of appointment as an Auditor for certifying Investment
Risk Management Systems and Process, the Auditor must not hold
more than two audits of Internal, Concurrent and Risk Management
Systems Audit, all taken together. Hence, the Audit firm, can at the
Technical Guide
maximum hold not more than three Audits (i.e., Investment Risk
Management Systems and Process Audit, Internal Audit, Concurrent
Audit all taken together), apart from Statutory Audits at any point of
time. For this purpose, at the time of appointment, the insurer shall
obtain a declaration to this effect from the firm of Chartered
Accountants. The Insurer shall, file with IRDA, the confirmation
obtained from the Chartered Accountant firm, within 7 days of such
appointment.
(d) The Auditor should not have been prohibited/debarred by any
regulating agency including IRDA, RBI, SEBI, ICAI etc.,
(e) The Auditor appointed for certifying the Investment Risk Management
Systems and Process, should not have conducted the following
assignments for the same Insurer proposing to be appointed as
Systems Auditor, for a period of two years immediately preceding his
appointment.
(i) Statutory Audit
(ii) Any Internal Audit
(iii) Any Concurrent Audit
(iv) Any Consulting assignment, whether or not related to Audit
functions
MATTERS TO BE INCLUDED IN THE AUDITOR'S REVIEW
4.4 GENERAL
An Auditor entrusted with the responsibility of certification of
Investment Risk and Management System is expected to have good
understanding of the Investment Management System (IMS) of the
insurer as this is the backbone of the investment department of
Insurer.
4.4.1. FRONT & BACK OFFICE OPERATIONS:
Investment Management System (IMS) has the following generic modules:
· Front Office
· MID Office
20
Coverage and Review Methodology
· Back Office
BRIEF FEATURES OF IMS MODULES
The IRDA (Investment) (5th Amendment) Regulations, 2013 mandate the
need for clear segregation to be built between Front, Mid and Back Office
Systems. The various functions that fall under Front, Mid and Back Office are
provided in the Technical Guide on Internal / Concurrent Audit of Investment
functions of Insurance Companies, issued by ICAI. The Auditor shall report
on the compliance of these requirements by the Insurer.
Front Office System (FOS)
FOS is further divided into Fund Manager module and Dealer module.
Generic features of FOS are:
It facilitates authorization of deals, order placement and entry of executed
deals. The cash and securities position can be uploaded in the FOS to
facilitate adherence to internal and regulatory limits. Research activity would
fall under FOS
MID Office System (MOS)
All investment deals flow from FOS to MOS. Risk Analysis, risk
measurement and Risk Management are a function of MID Office. It
provides analytical tools, facilitates monitoring of investment restrictions,
exposure limits and has risk management tools. Various risk measurement
and management tools are applied to the trades and portfolio in the mid
office module.
Back Office Module (BOS)
All investment deals flow to BOS from MOS, where the same are settled. In
case of equity securities, deals forwarded by dealer are matched with the
data of executed deals received from the brokers through Straight Through
Process (STP) gate in BOS and confirmation is sent to broker and custodian.
In case of debt securities, BOS generates the Counter party confirmation and
custody letter for settlement of deals. The deals are pushed for accounting in
the form of deal summary or trade blotter from the BOS to Fund Accounting
System.
21
Technical Guide
4.4.2 REPORTING ON RISK MANAGEMENT SYSTEMS
Compliance with Key regulations required to be reviewed and reported
includes:
(a) Insurer having Assets under Management (AUM) in excess of
Rs.500 Crores shall ensure separate personnel acting as fund
manager and dealer
This clause requires the auditor to ensure that the insurer having asset under
management (both Shareholders' and Policyholders' investment taken
together) in excess of Rs. 500 Crores has separate Fund Managers and
Dealers, for both Equity and Debt portfolio.
The auditor has to confirm if:
· There are separate Fund Managers and dealers for equity as well as
debt segment by reviewing the organization chart of the company.
· Functional responsibilities of Fund Managers and dealers are defined
in the Standard Operating Process (SOP) /Operations Manual or
Investment Policy.
The auditor should review sample deals, either in software application or
hard copies to confirm that all the deals are authorized by Fund Manager and
executed by Dealer.
(b) The Investment System should have separate modules for Front
and Back Office.
This clause requires the auditor to verify that the investment system has
Front Office and Back Office Modules
The auditor should review the software system to confirm that it has separate
modules for dealing and settlement. The auditor should confirm that these
activities are carried out by separate officials with separate logins and
passwords. The auditor can confirm this aspect through review of system and
observing the process of trade execution and settlement.
(c) Transfer of data from Front Office to Back Office should be
electronic on Real time basis without Manual intervention i.e.,
without re-entering data at Back Office.
22
Coverage and Review Methodology
This clause requires the auditor to verify that there is no manual intervention
for transfer of data from Front Office/MID Office to Back Office.
The auditor should review the software system to confirm that deals for all
types of securities captured and authorized in FOS, automatically flow to
BOS.
The auditor can review this aspect by entering different types of investment
transactions in FOS and confirm that there is seamless flow of deals from
FOS to BOS and in turn from Front Office to Back Office.
(d) The Insurer may have multiple Data Entry Systems, but all such
Systems should be seamlessly integrated without manual
intervention.
This clause requires the auditor to report whether manual intervention is
required for integration of data entered through multiple data entry systems.
In the case of integrated system, usually seamless integration between front
office, mid office and back office would exist. The auditor can review this by
carrying out the limited review of the system to confirm that Front Office, MID
Office and Back Office systems is separate, the auditor would have to
ascertain that,
· These systems facilitate upload between systems with due
authentication/validation process (as provided in STRUCTURE OF
SYSTEMS & APPLICATIONS IN INVESTMENT PROCESS) duly
approved by the Investment Committee of the Insurer.
The auditor has to review the live operations of the investment department in
real time to ascertain the integration of these systems and to verify the
approval of the Investment Committee for such integration through upload of
data from one system to another system.
(e) The Front Office shall report through the Chief Investment Officer
(CIO) to the Chief Executive Officer (CEO). The Mid Office and
Back Office, to be headed by independent personnel, shall be
under the overall responsibility of Chief Financial Officer (CFO)
who shall in turn, independently report to the CEO.
This clause requires the auditors to ascertain the separation of investment
and settlement function.
23
Technical Guide
The auditor should review the following aspects with particular attention to
whether `investment', `review `& Monitoring' and `settlement' functions are
clearly separated as per SOP as well as through lines of `internal reporting':
· Organization Chart
· SOPs / Operations Manual / Investment Policy to understand the roles
of officials of Front office, Mid office and Back office, CEO, CFO and
CIO
· Reporting lines
4.4.3. EMPLOYEE DEALING GUIDELINES
(a) The Standard Operating Procedure (SOP) followed by the Insurer
shall clearly specify the Guidelines to be adhered to by the
Dealer, that is, the Insurer shall clearly specify the Trading
guidelines for Personal Investments of the dealer. The
compliance of this requirement shall be commented upon by the
Internal / Concurrent Auditor. Reference to Model code of conduct
and the SEBI Prohibition of Fraudulent and Unfair Trade
Practices Regulations, 2003, as amended from time to time, will
be useful to check on "front-running by employees, Brokers and
others connected with the Insurance Company.
This clause requires the auditors to comment on employee dealing policy of
the Company and adherence to the guidelines laid down in this regard..
The auditor has to confirm that the company has framed Employee Dealing
Policy for dealing in securities by:
· Fund Manager
· Dealer
· Research personnel &
· Head of all departments
· Others at Management level, who are responsible for Investment
Operations
who possess/are likely to possess insider information (termed as `Key
personnel'). The auditor may also check if such policy framework is made
applicable to Brokers and others connected with the Investment function
24
Coverage and Review Methodology
The Auditor has to verify that the Employee Dealing Policy inter alia contains
the following minimum criteria:
(i) List of key personnel covered under the employee dealing policy;
(ii) Type of Investments covered such as equity, derivatives, investments
in IPO etc.;
(iii) Type of investments which would not be covered by these guidelines;
(iv) Prior approval for dealing in securities from Compliance Officer for any
trade;
(v) Validity period of the approval i.e. the period within which a deal needs
to be carried out after approval. If the transaction does not take place
within the validity period, new approval needs to be obtained.
(vi) Intimation of investment to be filed with Compliance Officer within
specified time, say, within 7 days, along with the proof of investment;
(vii) Holding period of securities i.e. securities purchased should not be
sold for specified period, say, within 30 days of purchase;
(viii) Cooling-off period i.e. the period for the key personnel mentioned
above during which they are not allowed to purchase/sell a particular
security post transaction by the insurer;
(ix) Restriction on short sale or square-off of the trades during the day.
(x) Obtaining declaration relating to no self-dealing and Front running
from key personnel;
(xi) Periodic disclosures of portfolios and transactions, say, quarterly;
(xii) Record keeping by Compliance Officer;
(xiii) Details of penalty or Disciplinary Action for non-adherence;
(xiv) Exceptions to the guidelines;
(xv) Reporting to Board of Directors
The auditor shall review sample transactions to confirm that the Company
complies with the policy and cover the same in his report.
25
Technical Guide
4.4.4. MAKER/ CHECKER PROCESS/ SEGREGATION OF DUTIES
(a) Insurer should have the procedure of Maker / Checker mapped in
their Standard Operating Procedure / Operations Manual of
Investment Operations. The Internal / Concurrent Auditor shall
comment on such practice in his report.
This clause requires the auditors to comment upon whether maker/checker
process is covered in SOP / operations manual of investment operations and
whether adherence of maker /checker system is commented on by the
internal/concurrent auditor.
The auditor has to confirm that the insurer has SOP / Operations Manuals
covering:
· Investment operations for ALL types of investments such as equity,
derivatives, Government Securities, debt and money market
instruments
· Cash Management/Treasury operations
· NAV computation,
· Fund Accounting Valuation of investments, under both Traditional and
ULIP funds
· Empanelment of brokers
Review needs to be carried on the basis of the manuals to ascertain the
maker/ checker principles are embedded in the application. The Auditor
should verify whether SOPs/Manuals provide for maker/checker control for
all the important functions (particularly where manual intervention is
required).
The auditor should also look at the processes which need to be carried out
manually or require manual intervention such as deal entry, uploading prices
for valuation, creation of masters etc. and confirm that the system has in-built
maker/checker controls for such processes that are clearly documented and
audited periodically for changes recorded.
The auditor should ascertain the inclusion of verification of maker/ checker
compliance. He should also go through the internal / concurrent audit reports
to ascertain /concurrent comments on this aspect.
26
Coverage and Review Methodology
4.4.5. AUDIT TRAIL AT DATA ENTRY POINTS
(a) The Audit trail should be available for all data entry points
including at the Checker / Authorizer level
This clause requires the auditor to comment on the audit trail maintained in
the system for various activities.
The auditor should review the FOS, MOS and BOS and confirm that the
system maintains audit trail for data entry, authorization, cancellation and
any subsequent modifications. Further, the auditor shall also ascertain that
the system has separate logins for each user and maintains trail of every
transaction w.r.t. login ID, date and time for each data entry, authorization
and modifications.
To gather information, the auditor can interact with the system administrator
and see the log maintained in the back-end of the system for deal entry,
authorization, modification and the period for which this log is maintained.
The auditor may do a walk through and audit samples to see if transactions
are reflected in the log
4.4.6. BUSINESS CONTINUITY PROCESS
(a) To ensure Business continuity, the Insurer should have a clear
Off-site Back-up of Data and the corresponding applications
system in a City falling under a different Seismic Zone, either on
his own or through a Service Provider. Further, the Insurer /
service provider (if outsourced) is required to have the necessary
infrastructure for Mission Critical Systems to address at least the
following:
1. Calculation of daily NAV (Fund- wise)
2. Redemption processing
This clause requires the auditor to comment on the adequacy of Business
Continuity Plan of the company.
The auditor has to cover the following aspects in his review:
1. Back-up procedure (BCP) / Disaster Recovery Policy/ Manual of the
company to ascertain if it covers the details of:
(i) Detailed back-up policy for various data bases of the
Insurer
27
Technical Guide
(ii) Various scenarios in which Disaster Recovery site needs to be
activated and actions to be taken in such cases
(iii) Details of crisis management team and Business Recovery
team, roles and responsibilities of team members
(iv) Processes to be carried out in case of disaster including
activation of call tree
(v) Contact numbers of ALL service providers and people in the
organization responsible for/expected to be involved in the
business continuity plan
(vi) Critical functions for EACH DEPARTMENT, resources required
for the same, and processes to carry out these functions
(vii) Disaster Recovery measures
2. To ascertain whether the Insurer has their own Disaster Recovery site
or an arrangement with service provider for Disaster Recovery site, at
a seismic zone other than the one where Investment department is
located and from where all operations relating to investment, risk
management, settlement, Cash Flow preparation, NAV computation,
funding for redemption processing can be carried out. The auditor
should visit BCP/DR site of the insurer and ensure that the site has
the following features:
(i) Front Office/Back Office software;
(ii) Policy servicing software (for ascertaining the units to be
redeemed)
(iii) NAV computation software;
(iv) Bloomberg/Reuters/Television for market information;
(v) NDS/NDS OM;
(vi) Bond Valuer or any other software used for valuation;
(vii) STP gate;
(viii) Mail Back-up;
(ix) Back-up of server data to access the contact details of custody,
counter parties, brokers etc.;
28
Coverage and Review Methodology
(x) Telephones / fax machine / printer etc.;
(xi) Soft and Hard copy of Standard Operating Procedures (SOP)
available at the site
3. That the insurer has carried out BCP testing at least once in a year
and has prepared BCP testing report. Verify the adequacy of the
coverage and whether report was placed before the Audit committee
and/or Board of Directors.
4. Review confirmation obtained by the insurer for successful testing of
BCP/DRP from the custodian.
5. In case the insurer has outsourced NAV computation activity, report /
confirmation on BCP/DRP testing having been obtained from Fund
Accountant. The auditor should comment on whether such testing is
satisfactory.
4.5 FRONT OFFICE
4.5.1. Segregation of Fund Manager / Dealer
(a) Investment Department should have documented the segregation
of Fund Managers and Dealers through Authority Matrix as a part
of its `Standard Operating Procedure'.
This clause requires the auditor to confirm that the functions of the Fund
Manager and Dealer are separated and clearly defined.
The auditor has to verify that the insurer has investment policy/ SOP clearly
defining the roles and functions of Fund Managers and Dealers.
The auditor should peruse the SOP /operations manuals pertaining to
Investment operations covering ALL types of investments such as equity,
derivatives, Government Securities, debt and money market instruments and
confirm that SOPs clearly state the activities to be carried out by Dealer and
Fund Manager.
(b) The Insurer should have documented the Access Controls and
Authorization process for Orders and Deal execution.
This clause requires the auditors to comment on Access control and
authorization process in FOS.
The auditor has to undertake the following tasks to comment on this aspect:
29
Technical Guide
· Review the data access and data security policy of the company to
confirm that it covers access controls.
· Confirm that the Company has approved and updated data access
policy which states the access controls for each login ID.
· Review the system to confirm access controls have been defined in
the software system for each login such as view, write, modify, and
authorization rights are defined user wise.
(c) The Dealing Room should have a Voice Recorder and procedure
for maintaining the recorded conversation and their disposal
including procedure like no mobile phone usage in dealing
rooms, and other best practices.
This clause requires the auditors to comment upon voice recording system in
the investment operations of the company. The auditor has to undertake the
following tasks to comment on this aspect:
· Confirm that the Company has a voice recorder in the dealing room,
and all the dealing room phone lines are connected to the voice
recorder.
· Verify that voice recorder is in working condition and has been tested
at regular intervals by IT team. That there exists a process to retrieve
the recorded voice and listen to the conversation.
· Confirm that tapes/records on which conversations have been
recorded are preserved in fireproof cabins.
· Confirm that either mobile jammer is installed in dealing room or
mobile phones are not allowed in the dealing room.
· The Auditor should also confirm the above aspects by surprise visits to
dealing room.
4.5.2. INVESTMENT IN INVESTEE / GROUP COMPANY / INDUSTRY
SECTOR
(a) System based checks should be in place for investments in an
Investee Company, Group and Industry Sector. The system
should signal when the Internal / Regulatory limits are nearly
reached PRIOR to taking such exposure and making actual
investment.
30
Coverage and Review Methodology
This clause requires the auditor to comment on in-built controls in FOS or
MOS to monitor investment restrictions prescribed in the Insurer's Investment
Policy and under IRDA (Investment) Regulations.
For this purpose the auditor will undertake the following tasks:
(i) Review the system to check if investment limits have been set w.r.t.
Investee company, Group, Industry sector, rating, other investment
etc. as prescribed under IRDA Regulations and internal limits adopted,
if any, by the company.
(ii) Verify whether a report could be generated from the system enlisting
these limits.
(iii) Check if soft limits can be set in the system or that the system sends
out alerts on nearing the set limit.
(iv) Confirm that the system gives alert or sends exception report to
Compliance Officer/CIO on breach of soft limit1 on real time basis.
(v) Verify that the system does not accept trade which would exceed the
hard limit i.e. regulatory limit.
· In case of internal limits, check these aspects by carrying out
review of the system and also by entering a few sample deals in
FOS to verify that the rules are in-built in the system and they
cannot be breached.
· Review the exception reports generated, if any.
4.5.3. INTER- FUND TRANSFER
(a) The System should handle Inter-Fund transfer as per Circular
IRDA-FA-02-10-2003-04. The Investment Committee may fix the
Cut- Off time, for such transfer within the fund. (The inter- fund
transfer should be like any other Market deal and the same needs
to be carried out during the Market hours only)
This clause requires the auditor to assess system's capability for carrying out
inter-fund transfers in accordance with the regulation.
IRDA Circular No. IRDA-FA-02-10-2003-04 states that:
1 Soft limits means limits set in the system which are more stringent than the actual limits
to be adhered to.
31
Technical Guide
(a) Transfer from shareholder's fund to Policyholder's fund should be at
cost or market price whichever is lower. Debt securities should be
transferred at amortized cost.
(b) Transfer between policyholders' funds:
· In case of non-linked business, inter-fund transfer is not
allowed.
· In case of unit linked business, inter-fund transfer is allowed at
market price of the investment.
(c) In case of small sized funds i.e. where policyholders' funds are less
than Rs. 50 crores, sale of security at market price is allowed from
shareholders' funds to policyholders' funds (and not vice versa)
subject to certain conditions stated in the circular.
The auditor should review whether the system is capable of ensuring
adherence to the aforesaid restrictions on inter-fund transfer. He has also to
verify whether the system can prevent processing of inter-fund trade if
carried out beyond market hours set as per the nature of security. For this,
the auditor has to understand and check the controls set in the system. The
auditor can use dummy trades of inter-fund by which system controls could
be confirmed.
4.6 MID OFFICE
4.6.1. MARKET RISK
(a) The system should be capable of computing various portfolio
returns
This clause requires the auditor to comment on system's capability in
computing risk- adjusted portfolio returns
Various ratios are used to measure the risk associated with the portfolio and
the return, such as Sharp ratio, Tenor ratio, Sortino ratio, Stress testing,
Back testing. The auditor should verify whether MOS or FOS or any other
software acquired by the company is capable of computing these ratios.
The auditor should verify whether the process of computing Portfolio return
analysis, if any, has been stated in the SOP or Operations Manual.
32
Coverage and Review Methodology
(b) Regular limits monitoring and Exception Reporting. Also
reporting on movement of prices
This clause requires the auditor to comment on the process of monitoring
regulatory limits and movement in prices. The auditor should
· Verify that FOS or MOS monitors all the Regulatory limits on Exposure
and Rating. FOS/MOS would have list of regulatory limits set in it. The
auditor can confirm the function of limit monitoring by entering the
sample/dummy deals in the system for various types of securities.
· The auditor has to ensure that regulatory limits set in the system are
hard limits which cannot be breached.
· He should confirm that the right to set and modify such limits does not
rest with front office or back office officials. (This authority should be
with Compliance Officer / Risk Officer.)
· The auditor has to ascertain if the system generates exception reports
for breach of limits prescribed in the system.
· He should also ascertain whether the system has the capability to
monitor price movement of securities held in the portfolio and
parameterized reporting of exceptional price movement and its impact
on the overall portfolio values.
4.6.2. LIQUIDITY RISK
(a) The Insurer should have a Cash Management System to provide
the funds available for Investment considering the settlement
obligations and subscription and redemption of units etc, to pre-
empt any leveraged position or liquidity risk.
This clause requires the auditors to comment on robustness of cash
management system to pre-empt leveraged positions or liquidity risk.
Robust cash management system provides current and projected fund- wise
cash flow, without manual intervention, which facilitates accurate deployment
of funds. With the help of integrated cash management system, funds
availability serves as additional precondition to comply within the FOS,
before accepting any trade. To comment on the adherence to this
requirement the Auditor
33
Technical Guide
· should ensure that Cash Management System is not managed using
just Spread Sheets.
· needs to verify that there exists an efficient cash flow management
system through software, which would provide the exact cash position
to Fund Manager from time to time to avoid any leveraged position,
illiquidity risk as well as idle cash balances.
· should verify on sample basis the bank balances and ensure that there
are NO instances of idle bank balances as well as over-drawn bank
balances and cash management system is indeed implemented.
· should report the software / systems used for cash management.
(b) The System should be validated not to accept any commitment
beyond availability of funds.
This clause requires the auditor to comment on the capability of the system
to prevent dealing beyond funds available.
The auditor should confirm that the FOS has `in-built' controls for not allowing
any trade beyond the available cash except in case of trades for settlement
date other than T date.
4.6.3. CREDIT RISK
(a) The Investment System should capture Instrument Ratings to
enable it to automatically generate FORM 2 (Statement of
Downgraded Investments) through the System.
This clause requires the auditor to comment on whether Form 2 can be
generated from IMS or any other software used by the insurer.
The auditor should understand the process of generating Form 2 and
ascertain if it is generated using system support. The auditor should verify on
sample basis that downgrade in the rating is properly reflected in the Form 2
prepared through system.
The auditor should also verify that the security master contains the
mandatory field as rating of the security and that the insurer has put in place
a system to review the investment ratings of the securities and make
amendments to rating in security master, if there is a downgrade in the
instrument rating.
34
Coverage and Review Methodology
(b) The System should automatically monitor various Regulatory
limits on Exposure & Rating
This clause requires the auditor to comment on the ability of the IMS to
monitor adherence to regulatory limits on exposure and rating on a regular
and ongoing basis.
The auditor should review the FOS or MOS to check if various exposure and
rating wise investment limits set in the system are mapped with the actual
exposure of the fund-wise portfolio on periodical basis (daily in the case of
Unit-linked portfolio), and a report is generated by the system.
To ascertain the System's capability, the auditor should verify the reports
generated by the system in this regard; dummy deals may be entered to
check the system's functionality.
(c) The System should have the ability to track changes in ratings
over a period and generate appropriate alerts, along with the
ability to classify investment between Approved and Other
Investments
This clause requires the auditor to comment on the system/procedure at the
insurer's for tracking the changes in the ratings of the security and
classification of the investments.
The auditor should verify whether there is a system in place to ensure that
instruments downgraded below the minimum rating requirement for
classification under `Approved Investment' category as per Investment
Regulations, are listed under `Other Instruments' Investment category. To
this end, the Auditor should verify that:
· The Security master of FOS contains the mandatory field of rating and
classification of security as approved and other investments. The
System should not allow creation of master without entering these
details.
· The insurer has a system to monitor the ratings of the security. For
that, check if the insurer has any sort of arrangement to receive
update on rating of the security. It may be specifically noted that the
credit Rating should always be security-wise and NOT issuer- wise.
· The security-wise rating received can be uploaded in the securities
master to pick-up the revised rating that would be ideal. Alternatively,
35
Technical Guide
check whether a particular official is assigned the job of tracking the
changes in the rating of the securities in the portfolio and updating the
security master which would update the classification of securities
accordingly. (The User rights assigned to the Officer updating the
Security Master for rating changes should be specifically commented
on by the Concurrent Auditor as to whether the same is properly
documented and periodically audited).
Verify whether the system automatically changes the classification of the
security on change of rating wherever necessary in accordance with the
IRDA (Investment) Regulations. Also verify on such changes, whether
exception report is generated by the system for the use of compliance
officer/risk officer and chief of Investments.
Regarding system ability to classify investment in `Approved' and `Other
investment', the auditor has to verify whether the system has the ability to
classify the asset as approved or otherwise based on various parameters of
classification prescribed under Regulations such as dividend track record,
rating, secured, investment more than the limit prescribed.
Verify that the process followed by the company in monitoring of changes in
the rating and classification of asset is properly covered in the SOPs of the
Company.
(d) The Insurer should conduct periodic credit reviews for all
companies in the portfolio. The periodicity should be clearly
mentioned in the Investment Policy.
This clause requires the auditors to comment on system/procedure of the
insurer for carrying out periodic credit reviews of all the companies in the
portfolio.
The auditor has to understand the process followed by the company for
periodic credit review of the companies in whose debt securities, the insurer
has made investments. The reviews are carried out by a separate team such
as a research team. The auditor has to ascertain and comment on the
adequacy of credit reviews carried out by the insurer during the last one year
and of the system support, if any, available for such review.
The auditor should review the Investment Policy to ascertain the mandate
given by the Investment Policy for credit rating along with the periodicity.
36
Coverage and Review Methodology
(e) The Insurer is required to keep a track of movement of Securities
between Approved and Other Investments Status, as a part of
Audit trail, at individual security level
This clause requires the auditor to comment on the process of the insurer for
tracking the change in the status of the securities from Approved to other
investments and vice versa.
The auditor has to review the process followed by the company to track the
change in the investment status of the investment. For this, review the
change in the classification of asset made by the Company. Peruse the
SOPs to understand the process specified by the Company for such
monitoring and re-classification.
Ascertain audit trail i.e. date of change, reason for the change, that is
maintained for any change in the asset classification ideally through the
system. Review MIS reports prepared for re-classification of investment, if
any. The auditor should obtain a trail from the system or otherwise, for any
such changes and confirm that audit trail of all such changes has been
maintained at security level.
4.6.4. TRACKING OF REGULATORY LIMITS
(a) The System should have key limits pre-set for ensuring
compliance with all Regulatory requirements and should be
supported by work-flow through the System ( real time basis) for
such approval, if Regulatory limit is close to be breached.
For Guidance on how to confirm the adherence by the Insurer to this
requirement, please refer to guidelines given for clause No. 4.4.2.a and
4.5.3.b.
(b) The System should have the capability of generating Exception
reports for Audit by Internal / Concurrent Auditor
This clause requires the auditor to comment on the systems of the insurer to
generate exception reports pertaining to investments.
Exception reports relating to investment function should, inter alia, include
Change in the rating of the debt security, change in the status of investment
from approved to other investment or vice versa, non-receipt of interest or
redemption amount, non-compliance of various prudential norms prescribed
under IRDA (Investment) Regulations and various circulars and guidelines
37
Technical Guide
issued under the Regulation, and non-compliance of various internal limits
set by the insurer.
The auditor has to review capability of IMS in generating such exception
reports. For ascertaining this aspect, the auditor may feed dummy deals in
the IMS.
4.6.5. REVIEW, MONITORING AND REPORTING
(a) The System should automatically track and report all internal limit
breaches. All such breaches should be audited by Internal /
Concurrent Auditor.
This is similar to clause 4.5.4.b above. Further, the auditor is required to
comment whether software system (IMS) could track and report
independently internal limit breaches (i.e., without manual invention).
(b) Implementation and Review of Asset & Liability Matching and
other Investment Policy Guidelines
This clause requires the auditor to comment on the implementation and
review of guidelines prescribed in the Investment Policy adopted by the
insurer.
The auditor has to ascertain that the insurer has prepared an Investment
Policy in accordance with the Regulation of the IRDA (Investment)
Regulations, and it has been approved by the Board of Directors.
Investment Policy prescribes various guidelines for conducting the
investment operations including Asset Liability Management.
The auditor also needs to confirm that the insurer has:
(a) A mechanism to address the Asset Liability Management
(b) Reviewed implementation of Asset Liability Matching mentioned in the
Investment Policy and the same has been presented to Board on
periodic basis at a frequency of not later than six months.
(c) Carried out corrective actions, if any, as directed by the Board of
Directors (BoD).
38
Coverage and Review Methodology
4.7. BACK OFFICE
4.7.1. DATA INPUT ERROR
(a) The system should be validated in such a way that the Deal can
only be rejected by the Back Office and not edited
This clause requires the auditor to comment on the access rights defined in
the system for deal entry and modification.
Once a deal is concluded by the front office it flows to back office for
settlement. The creator of the trade is front office and the job of the back
office is restricted to verification of trade and then settlement. In view of this,
back office should not have access rights to modify the terms and if any
discrepancy is noticed, ideally, the deal needs to be rejected and pushed
back to front office.
The auditor will verify if access rights are defined for each user and back
office officials have only view rights and not the edit rights for deal entry.
The auditor should verify this aspect through system review as well as by
actually trying to modify the deal in the BOS.
4.7.2. SETTLEMENT RISK
(a) The System should be validated to restrict Short Sales at the time
of placing the order
This clause requires the auditor to ascertain that FOS has in-built controls to
prohibit sale of securities not held in the portfolio.
The auditor should ascertain whether there is a process to receive the data
from the custodian for saleable quantity and upload it in FOS. The auditor
should confirm that FOS contains a restriction for sale of security beyond
saleable quantity. The auditor may do a walk through and audit samples to
see if transactions are reflected in the log
4.7.3. COMPUTATION OF `NAV'
(a) The System should be capable of computing NAV and comparing
it with the NAV computed by the Service provider, if it is
outsourced.
39
Technical Guide
This clause requires the auditor to comment on the capability of IMS or Fund
Accounting System to compute NAV. The auditor is also required to comment
on the process of verification of NAV in case NAV function is outsourced.
In case, NAV computation is carried out in-house, the auditor should confirm
that the system computes the NAV for each fund and plan without any
manual intervention. (Manual uploads of valuation inputs received, if any,
from the external sources should be considered as manual
intervention). This could be verified by reviewing the process of NAV
computation in its entirety.
In case NAV has been outsourced, the auditor has to verify that the
Company has a system in place to verify the NAV computed by service
provider with the use of analytical techniques. This could be checked by
review of working notes prepared/maintained by the insurer for NAV
verification.
(b) The Insurer should maintain NAV history (Fund-wise) in his Public
Domain from the Start of the Fund to Current Date
The auditor should visit the website of the insurer to ascertain if fund-wise
and plan-wise data of daily NAV is available since the beginning on the
website of the company and is easily accessible to the user.
(c) `NAV' error Computation and Compensation
1. All expenses and incomes accrued up to the Valuation date shall
be considered for computation of NAV. For this purpose, while
major expenses like management fees and other periodic
expenses should be accrued on a day- to- day basis, other minor
expenses and income can be accrued on a weekly basis, provided
the non-accrual does not affect the NAV calculations by more
than 1%.
This clause requires the auditor to comment on the process of NAV
computation, particularly with focus on accruing income and expenses on
daily basis.
The auditor is required to
· Review SOP prepared for NAV computation and ascertain the
appropriateness of the method prescribed for deal booking, valuation,
40
Coverage and Review Methodology
corporate action, interest accrual, amortization, unit capital
accounting, expenses accrual etc. Verify on sample basis, NAV
computation for different funds to ascertain that correct method is
followed for NAV computation.
In case NAV computation is outsourced, then the auditor has to examine the
NAV computation process followed at service provider to ascertain its
appropriateness. The auditor has to verify that all major expenses are
accrued on daily basis and other expenses at least on weekly basis only if
non-accrual on daily basis does not impact NAV by 1% or more.
2. Any changes in Securities and in the number of Units should be
recorded in the books not later than the first valuation date
following the date of transaction. If this is not possible, the
recording may be delayed up to a period of seven days following
the date of the transaction, provided that the non-recording does
not affect the NAV calculations by more than 1%.
This clause requires the auditor to comment on promptness in recording of
investment and unit related transactions.
The auditor has to
· Verify that all the investment deals and unit capital related transactions
are accounted on a daily basis. He should peruse the SOP to
understand the process defined for recording of investment
transactions and particularly for unit capital transactions.
· Understand the process of recording missed transactions, if any, and
whether there exists a mechanism to ascertain the impact of such
omission and corrective action taken on the same.
If the insurer's accounting process is such that the transactions are not
recorded on the same day, then the impact of non- recording of transactions
on daily basis on the NAV, and whether the delay in accounting is beyond
seven days, needs to be ascertained and commented upon.
3. In case the NAV of a Plan differs by more than 1% due to non -
recording of the transactions, or any other errors / mistakes, the
investors or fund(s), as the case may be, shall be paid the
difference in amount as follows:-
Such as Stock Splits, Dividend, Rights Issues, Buy Back, Bonus Issues etc.
41
Technical Guide
(a) NAV' error Computation & Compensation
1. All expenses and incomes accrued up to the Valuation date shall be
considered for computation of NAV.
2. In case the NAV of a Plan differs by more than 1% due to non -
recording of the transactions or any other errors / mistakes, the
investors or fund(s) as the case may be, shall be paid the difference in
amount as follows:-
(i) If the investors are allotted units at a price higher than NAV or
are given a price lower than NAV at the time of sale of their
Units, they shall be paid the difference in amount by the plan.
(ii) If the investors are charged lower NAV at the time of purchase
of their units or are given higher NAV at the time of sale of their
units, the Insurer shall pay the difference in amount to the Plan
and shall be compensated by non-unit reserve of the ULIP
funds.
(iii) The Internal / Concurrent Auditor shall look into the above
issues and specifically report on it and comment on the Systems
in place to take care of such issues on an ongoing basis.
(iv) A log of NAV errors and the management action taken on those
errors shall be maintained in the System and be forwarded to
Internal / Concurrent Auditors.
4.7.4. ERRORS DURING BROKER EXECUTION LEG
(a) All Equity deals should be through STP gateway for all broker
transactions
This clause requires the auditor to comment on whether all equity deals are
settled by Straight Through Process (STP).
All mutual funds, financial institutions, banks, insurance companies tie up
with the service provider for STP. All deals entered in FOS by dealer are
matched with STP files received from the broker in the BOS. BOS matches
the deals and generates the files to be sent to custodian for settlement.
These files are sent to custodian without any manual intervention.
42
Coverage and Review Methodology
The auditor should confirm that deal-matching and settlement take place
through STP as stated above. This could be checked by actually reviewing
the day-end process at investment department.
4.7.5. UPLOADING OF VALUATION PRICE FILES
(a) System to have capability to upload Corporate Actions such as
Stock Splits, Dividend, Rights Issue, Buy Back, Bonus issues etc.,
for computation of NAV / Portfolio valuation
This clause requires the auditor to comment on the capability of the Fund
Accounting system to compute NAV with least manual intervention.
The auditor has to verify that Fund Accounting system supports upload of:
· Deals from BOS
· Corporate actions data received from custodian
· Valuations received from Gilt Valuer, Bond Valuer, FIMMDA, BSE/NSE
etc.
· Units data received from Policy Admin System
The auditor should also confirm that Fund Accounting system computes
interest, amortization, expenses etc. and there is no manual intervention
needed.
The auditor has to review the whole process of NAV computation and confirm
it.
4.7.6. RECONCILIATION
(a) Fund-wise, in the case of Life Insurers, reconciliation with
Investment Accounts, Bank, and Custodian records should be
done on a day-to-day basis for all types of products. In the case
of ULIP products, Unit reconciliation with Policy Admin. Systems
should be ensured on a day- to- day basis for each (SFIN).
This clause requires the auditor to comment on reconciliation process of the
insurer.
Such as Stock Splits, Dividend, Right Issue, Buy back, Bonus Issues etc.
43
Technical Guide
The auditor must review the SOPs to understand the process and
responsibilities specified for various reconciliations. They also have to review
the process of fund-wise, plan-wise reconciliation on sample basis for:
· Securities balance as per the books of account with the custodian
records
· Bank Accounts
· Units Capital reconciliation
o Subscription reconciliation i.e. balances as per books of
accounts, balance as per Policy Admin records, and funds
received for subscription
o Redemption reconciliation i.e. balance as per books of
accounts, balance as per Policy Admin System, and funds paid
for redemption
o Switch reconciliation i.e. balance as per books of accounts,
balance as per Policy Admin System, and funds transferred for
switch
and specifically comment on whether the above are done on a day-
to-day basis.
(b) In the case of General Insurer / Re-insurer, reconciliation with
Investment Accounts, Bank and Custodian records should be
done on a day-to-day basis.
The auditor has to review the process as explained in para 6 (a) except for
unit capital reconciliation.
4.8. INTERNAL / CONCURRENT AUDIT
(a) An Insurer having Assets under Management (AUM) of not more than
Rs.1000 Crores shall conduct a Quarterly Internal Audit to cover both
Transactions and related Systems. Insurers having AUM above
Rs.1000 Crores should appoint a Chartered Accountant firm for
Concurrent Audit to have the transactions and related Systems
audited.
(b) The Audit Report shall clearly state the observation at transaction level
and its impact, if any at System level. The Audit Report shall be based
on Exception Reporting.
44
Coverage and Review Methodology
(c) The Auditor shall clearly state that the Insurer had done the
reconciliations as required under point 4.7.6.a and 4.7.6.b
(d) Segregation of Shareholders & Policyholders' funds:
1. In the case of a Life Insurer, each individual fund, both falling
under Shareholders' / Policyholders', under any class of
business, has `scrip' level investments to comply with the
provisions of Section 11(1B) of Insurance Act, 1938
2. Furthermore, the Shareholders' funds beyond Solvency Margin,
to which the pattern of Investment will not apply, shall have a
separate custody account with identified scrips for both Life and
General Insurance Companies.
(e) The Insurer is required to place the Audit Report before the Audit
Committee and implement all its recommendations.
(f) The Insurer shall, along with Quarterly Investment Returns to be filed
with the Authority, confirm in FORM 4, that the Internal / Concurrent
Audit observations, up to the Quarter preceding the Quarter to which
the Returns are filed, were placed before the Audit Committee for its
recommendations, and action taken.
Note: Points 4.3.5.a.1 and 4.6.3 are specific to ULIP Business.
The auditor has to report on the scope and coverage of the internal audit in
line with the areas stated under this clause.
As IRDA has prescribed requirement of concurrent audit, beyond Rs. 1000
Crores of AUM (Shareholders' and Policyholders' funds taken together) for
investment operations to be carried out by the independent chartered
accountant, if the insurer has not appointed the concurrent auditor, then the
auditor has to state the plan of action of the insurer.
45
5
Format of Certificate
Certificate on Investment Risk Management Systems and Processes
To
The Audit Committee of the Board
[Insert name of the insurance company]
We have examined the compliance of conditions of Investment Risk
Management Systems & Processes of M/s ......................("the company")
for the period from ------ to ------------, as stipulated in Regulation 13 (E) (1)
of IRDA (Investment) (Fifth Amendment) Regulations, 2013 notified by
the Insurance Regulatory and Development Authority (`IRDA') on the 16th
February, 2013, as amended from time to time.
The design of the IT Governance Architecture, implementation of the
Investment Risk Management Systems and Processes in accordance with
the Regulations , Guidelines, and Circulars issued by IRDA from time to time,
and compliance thereto, is the responsibility of the Company's management.
Our responsibility is to examine the procedures and implementation thereof
by the Company and issue a certificate thereon.
An examination of the Company's implementation of the Investment Risk
Management Systems and Processes includes examining evidence
supporting the management's compliance with the Regulations , Guidelines,
and Circulars of IRDA. Our examination was performed in accordance with
the Guidance Note on Audit Reports and Certificates for Special Purposes
and as per the procedure laid down in the Technical Guide on Review and
Certification of Investment Risk Management Systems and Processes of
Insurance Companies issued by the Institute of Chartered Accountants of
India ("ICAI"). We believe that our examination provides a reasonable basis
for our certificate.
The above format is not applicable to an insurance company at the R1/R2
stage (for which only checklist in Annexure A is applicable).
Format of Certificate
We have examined the relevant records and information systems of the
Company and obtained all the information, explanations and representations
from the Chief Executive Officer/ the Chief Investment Officer/ Chief
Technology Officer/ Chief Information Officer , which to the best of our
knowledge and belief were necessary for the purpose of our examination.
Based on our examination and according to the information and explanations
given to us, we hereby certify that the Company has complied with the
conditions of Investment Risk Management Systems & Processes prescribed
under the IRDA (Investment) [5th Amendment] Regulations, 2013 except as
under:
(a)
(b)
(c)
The areas of non-mitigated/residual risk resulting from deficient investment
risk management systems and processes as identified by us during our
examination are given in Annexure 1 appended herewith.
This Certificate is issued solely for use of the Insurer for submission to IRDA
pursuant to Regulation 13(E) of IRDA (Investment)(Fifth Amendment)
Regulations, 2013.
For...............................................
Chartered Accountants
(Firm Registration No. .........................)
Place:
Date:
.....................................
Partner
[ICAI membership number]
47
Technical Guide
Annexure 1 to Auditor's Certificate
(FORMING PART OF certificate on investment risk management systems
and processes Dated __/__/____)
.Name of Insurer : _______________________________
Period covered under review : _______________________________
SUMMARY (AS PER THE RISK RATING WITHOUT CONSIDERING
MITIGATING CONTROLS)
RISK CATEGORY NO. OF OBSERVATIONS
INVESTMENT OPERATIONS (IO)
Very Serious non-compliances (VSI)
Serious Non-compliances (SI)
Procedural Non-compliances (PI)
IT APPLICATIONS & SYSTEMS (ITAS)
Very Serious Non-compliances (VSI)
Serious Non-compliances (SI)
Procedural Non-compliances (PI)
KEY FINDINGS
No Annexure REVIEW REVIEW AUDITOR'S Risk Mitigating Residual
ref OBJECTIVE OBJECTIVE OBSERVATIONS category controls* risk
HEADING CHECKLIST category
QUESTION **
Y N Comments
* The auditor can consider and record other controls that mitigate the risk
** Opinion of the auditor
For...............................................
Chartered Accountants
(Firm Registration No. .......................)
Place:
Date:
.........................................
Partner
[ICAI membership number]
Encl: As above
48
ANNEXURE A/B/C/D
(Forming Part of Certificate on Investment Risk Management Systems and
Processes Dated __/__/____)
The prescribed checklist formats are enclosed as Annexure A/B/C/D.
ANNEXURE `A'
COMPLIANCE CHECKLIST TO BE
SUBMITTED ALONG WITH
APPLICATION UNDER `R2'
BACKGROUND AND SCOPE
On issuance of an R1 certificate, an Insurer has to comply with certain
requirements (conditions precedent) to obtain R2 and R3. IRDA vide Circular
INV/CIR/008/2008-09 dated 22nd Aug, 2008 had directed all insurers to
obtain a certificate from a Chartered Accountant for complying with the
requirements on Investment Systems and Process before filing for R2/R3.
The following is a checklist template prepared to cover all the Regulatory
issues that IRDA had in the past identified through periodical Investment
Inspections engaging Chartered Accountant.
Note : The auditor of a new company shall carry out a full-fledged
review of this area and in subsequent reviews, it will suffice if
the pending issues are reviewed and reported.
S.NO ISSUE / POLICY AUDITOR'S COMMENTS
GENERAL CONTROLS:
1. If there are any conditions specified in
the R1 certificate by IRDA, have these
been complied with by the Insurer?
2. Has a CEO and CFO been appointed
for the Insurer?
3. Has an Investment Committee (IC)
been constituted?
4. Is the insurer's paid up equity capital in
excess of Rs. 100 crores in case of
General insurer and Re-insurer and
Rs. 200 crores in case of Life
Companies?
5. Have shares been allotted to all
shareholders?
6. In case where the insurer has foreign
entities as its shareholders, is the
equity capital held by such foreign
entities in accordance with Regulation
11 of IRDA (Registration of Indian
Insurance Companies) Regulations
2000?
Technical Guide
S.NO ISSUE / POLICY AUDITOR'S COMMENTS
7. Has the Deposit under Section 7 of
Insurance Act, 1938 complied with?
8. Has the Insurer opened two separate
gilt accounts, one specifically for
Section 7 deposit (with a clear
direction to the Banker that it could be
operated only after taking the prior
permission of IRDA in writing) and the
other for transactions as per Circular
on Section 7: Deposit?
9. Has the insurer framed an Investment
Policy (IP) to comply with IRDA
regulations?
10. Whether the insurer had briefly
described its self-established
investment philosophy?
11. In addition to 10) above, other
information like,
· Investment Personnel,
· Investment advisor (if outsourced),
· location of the investment
operations,
· Investment brokers to be used
etc., are included?
12. Were other regulations regarding
investment, valuation, exposure on
prudential and provisioning norms for
life and non-life insurance companies
issued by the authority taken into
consideration?
13. The IP should cover the following:
· Organisational structure relating to
investment department and
authorization matrix
52
Compliance Checklist to be Submitted along with Application...
S.NO ISSUE / POLICY AUDITOR'S COMMENTS
· IP should be applicable fund wise,
including ULIP funds.
· All risks should be addressed in IP
· Internal / Concurrent Audit to
review compliance with the
provisions of IRDA provisions & IP
· Segregation of Investment
Operations / functions between
Front, Mid & Back Office
mandated along with reporting
matrix
· Fund wise performance, to be
placed before Board on a
Quarterly basis
14. All applicable returns to be filed with
IRDA should have been identified and
there are clear assignment of
responsibilities and procedures to
ensure that these are filed within the
due dates
15. Has a custodian been identified? Is
there an agreement with the custodian
clearly specifying the terms and
conditions of the arrangements?
16. If the custodian has been appointed, is
the custodian part of the `Promoter
Group'?
17. Is there a process in place for
investment reconciliation with
custodian certificates?
18. Has Delegation of Financial Authority
and reporting to Investment Committee
/ Board been determined?
19. Have guidelines for internal reporting
to the Board, IC been framed?
53
Technical Guide
S.NO ISSUE / POLICY AUDITOR'S COMMENTS
20. Has all fees to IRDA been paid based
on the class of business of the
insurer?
INFORMATION TECHNOLOGY CONTROLS
21. Are full descriptions on the different
areas where the computer systems will
be deployed provided?
22. Were the computer systems bought off
the shelf (with/without customisation)
developed locally or imported into
India by the foreign promoter (with /
without customisation)?
23. Is there a brief description on the
magnitude of its usage for servicing the
policy holders and the degree of
interconnectivity of the computer
systems ?
24. Is there a brief description on how the
IT systems will be used to develop the
required management systems?
25. Is the extent of manual procedures
and operations that are going to be
retained as such defined and
provided?
54
Compliance Checklist to be Submitted along with Application...
Requirements at the R1 / R2 Stage of Registration of
Insurance Companies
1. Consideration of requisition for registration application:1
The Authority on being satisfied that
(a) The requisition in Form IRDA/R1 is complete in all respects and is
accompanied by all documents required therein,
(b) All information given in the Form IRDA/R1 is correct,
(c) The applicant will carry on all functions in respect of the insurance
business including management of investments within its own
organization,
(d) The applicant submitting requisition for registration application
(i) Is a bona fide applicant for registration under section 3 of the
Act,
(ii) Will be in a position to comply with the requirements for grant of
certificate,
may accept the requisition and direct supply of the application for registration
to the applicant.
2. The following point is to be taken into consideration while
applying for R1 Registration procedure2:
Investments:
Each company will have established its investment philosophy that will be
appropriate for the products it intends to market. This should be described.
Other information should include the investment personnel, investment
adviser (if outsourced), location of the investment operations, investment
brokers to be used, etc. Regulations regarding Investment, Valuation,
Exposure Prudential Provisioning Norms Life and Non Life issued by
the Authority may be taken into account.
1
Based on Insurance Regulatory and Development Authority (Registration of
Indian Insurance Companies) Regulation, 2000, as amended from time to time.
2 As per the requirements of Circular No. INV/CIR/008/2008-09, Dated 22nd Aug, 2008
55
Technical Guide
3. The following point is to be taken into consideration while
applying for R2 Registration procedure:
Information Technology:
Insurance industry is very much dependent on computer technology. Full
description should be provided for the following:
· The different areas where computer systems will be employed
· Whether the systems will be bought off the shelf (with some
customization), developed locally or imported into India by the foreign
promoter (with some customization)
· The degree to which the systems will be used for policyholder
servicing
· The degree of inter-connectivity of the systems
· A description of how the I/T systems will be used to develop the
required Management Information Systems
· Extent of procedures and operations which will remain manual
56
ANNEXURE B
REVIEW OF STANDARD OPERATING
PROCEDURE COVERING `SYSTEMS
AND PROCESSES'
Technical Guide
Review of SOP
· Check through interviews, review of documentation, reports and
substantial checks, if the following are covered in SOP and whether
they have been adhered to:
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
1. Are the responsibilities Very
of CIO, CFO, CEO Serious
clearly laid down and
is it ensured that the
CIO is not in charge of
mid office and back
office functions ?
2. Does the SOP must Very
have Clear guidelines Serious
to be adhered by the
Dealer?
3. Are there Clear Very
guidelines to be Serious
followed while dealing
with iJntermediaries
(brokers,
counterparties etc.)?
4. Are Clear Trading Serious
guidelines for
Personal Investments
laid down by the
Investment Team ?
5. Has the Investment Very
Department Serious
documented the
segregation of Fund
Managers and Dealers
through Authority
Matrix as a part of its
58
Review of Standard Operating Procedure Covering...
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
`Standard Operating
Procedure'? Such
segregation should
also include
segregation of front
office, mid office and
back office functions.
Reporting and
compliance should be
independent of
investment activities .
6. Has The Insurer Very
documented the Serious
Access Controls and
Authorization process
for Orders and Deal
execution?
7. Is there a Provision for Very
conducting periodic Serious
credit reviews for all
companies in the
portfolio. The
periodicity should be
clearly mentioned in
the Investment
Policy ?
COMPLIANCE
8. Is there a Clear Very
statement that there Serious
cannot be any short
sales by insurer ?
9. Are there procedures Very
for Cover age of the Serious
Dealing Room as well
59
Technical Guide
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
as the availability of a
Voice Recorder and
procedure for
maintaining the
recorded conversation
and their disposal?
10. Is it ensured that Very
Investments in an Serious
Investee Company,
Group and Industry
Sector signal when
both Internal /
Regulatory limits are
nearly reached PRIOR
to taking such
exposure and making
actual investment?
11. Are procedures to Very
ensure that circulars Serious
and notices received
from IRDA adhered
to?
12. Are there Procedures Very
to ensure that Serious
exposure norms
determined by IRDA
from time to time are
appropriately
communicated within
the organization, and
adhered to?
13. Does the SOP cover Very
the yearly compliance Serious
60
Review of Standard Operating Procedure Covering...
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
certificate with regard
to section 7 deposit
issued to IRDA. Are
there procedures on
the part of the insurer
governing the deposits
made under section
7?
14. Are there Procedures Very
to be followed by the Serious
Insurer to ensure that
when corpus size or
fund size crosses
certain threshold limits
defined by IRDA,
applicable regulations,
circulars and exposure
limits are identified
and acted upon?
15. Are there Procedures Very
within the insurer for Serious
identifying and
assigning outsourcing
activities? These
should comply with
IRDA regulations on
outsourcing for
insurance companies?
16. Are there Procedures Serious
for empanelment of
brokers / agents /
others for investment
activities. Do uch
procedures also
61
Technical Guide
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
specify the limit for
each broker / agent
and others including
the compliance with
SEBI ( Prevention of
fraudulent and unfair
trade practices)
Regulations as
applicable from time to
time ?
17. Has there been an Serious
audit of the custodial
services to ensure that
the service provider
· Is a regulated
custodial service
provider with
experience and
expertise in NAV
computation?
· Is not part of a
`Group' as defined
under Regulation
2 (ca) of IRDA
(Investment)
Regulations, 2000
as amended from
time to time and
Guidelines issued
there under?
· Complies with all
consumer laws
and regulations?
62
Review of Standard Operating Procedure Covering...
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
· Maintains
confidentiality and
protects data from
intentional or
inadvertent
disclosure to
unauthorized
persons?
· Has a
comprehensive
and effective
system for
disaster recovery
and periodic
testing of backup
facilities?
· Has an adequate
system to address
all Operational
Risks arising out
of technology,
errors and frauds
been put in place?
· Provides full
access to all
records and other
material to the
IRDA or its
authorised
representatives to
the same extent
as if it were a
department of the
insurer?
63
Technical Guide
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
18. Does the outsourcing Serious
agreement with
custodian contain an
exit clause providing
for smooth transfer of
records and functions
to the insurer or its
nominated contractor
in the event of the
outsourcing
agreement being
terminated, without
imposing onerous
penalties for
termination?
19. Are there procedures Serious
and assignment of
responsibilities to
ensure that when
changes need to be
made to system /
application parameters
consequent to
circulars and notices
of IRDA, these are
communicated to the
respective teams, and
it is ensured that they
are carried out?
64
Review of Standard Operating Procedure Covering...
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
OPERATIONS &
PROCESSES
20. Is there a Procedure Very
of Maker / Checker Serious
mapped in Standard
Operating Procedure /
Operations Manual of
Investment
Operations?
21. Does such maker Very
checker process also Serious
cover activities in NDS
system which are
available and
integrated with SOP
covering investment
procedures ?
22. Are there Procedures Very
to ascertain cash Serious
positions and make
investment decisions
within available cash
positions?
23. Is there adequate Very
process to identify all Serious
corporate actions?
24. Is there adequate Very
process to ensure that Serious
all the corporate
actions have been
accounted for?
65
Technical Guide
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
25. Is there a process for Very
investment Serious
reconciliation with
custodian certificates?
Alternate Processing
26. To ensure Business Very
continuity, the Insurer Serious
should have a clear
Off-site back-up of
data in a city falling
under a different
Seismic Zone, either
on his own or through
a Service Provider.
Further, the Insurer /
service provider (if
outsourced) is
required to have the
necessary
infrastructure for
Mission Critical
Systems to address at
least the following:
1. Calculation of
daily NAV (Fund
wise)
2. Redemption
processing.
Internal / Concurrent
Audit
27. An Insurer having Very
66
Review of Standard Operating Procedure Covering...
S. ISSUE/POLICY AUDITOR'S RISK
NO. OBSERVATION CATEGORY
YES NO COMMENTS
Assets under Serious
Management (AUM) of
not more than
Rs.1000 Crores shall
conduct a Quarterly
Internal Audit to cover
both Transactions and
related Systems.
Insurers having AUM
above Rs.1000 Crores
should appoint a
Chartered Accountant
firm for Concurrent
Audit to have the
transactions and
related Systems
audited.
Has there been
compliance with the
above regulations
during the period
under review?
67
Annexure C
REVIEW OF INFORMATION
TECHNOLOGY (IT) SYSTEMS AND
PROCESSES SUPPORTING
INVESTMENT OPERATIONS
Review of Information Technology (IT) Systems and Processes...
Review of Information Technology (IT) Systems and Processes
supporting Investment Operations
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A Planning the IT Function
IT Plan and Strategy Very
Serious
A.1. Does the Organization have an
IT strategy / IT plan approved
by Management
A.2. Is there a process of minimum
of annual review of the IT
strategy / Plan
A.3. Is there a periodic review
(minimum annual) of IT
performance - covering key
parameters in IT strategy such
as Data Sizing, Network
Performance?
Information Architecture
Policy and Procedure Review
INFORMATION SECURITY Very
POLICY DOCUMENT Serious
A.4. Is there an Information security
policy, approved by the
management and adopted by
the Board?
A.5. Does it state the management
commitment and set out the
organisational approach in
managing information security?
69
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.6. Does the Information Security
Policy cover the following key
areas of IT Security
· Detailed IT Security Policy
and Procedures
· Organisa0tion and security
· Asset Classification and
Control
· Personnel Security
· Physical and
Environmental Security
· Communications and
Operations Management
· Access Control
· Systems Development and
Maintenance
· Information Security
Incident Management
· Business Continuity
Management
· Compliance requirements
to Policies and Procedures
IT Risk Management Process?
A.7. Has the Security Policy been
published and communicated as
appropriate to all employees
and vendors?
A.8. Are new members of staff and
vendors made aware of
Information Security Policy?
A.9. Are continuous awareness
programmes conducted for
security awareness?
70
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.10. Has the role of Information
Security Officer with
responsibilities for
implementation of the Security
Policy been assigned?
A.11. Whether detailed procedures for
each policy statement
developed?
A.12. Is the Information Security
Officer made responsible for:
· Reporting non-
compliance with the
approved policy
· Incidents of security
breaches to the Top
Management,
· Initiating and effecting
corrective action?
INCIDENT MANAGEMENT
PROCEDURES
A.13. Whether an Incident
Management procedure exists
to handle security incidents.
A.14. Whether there are clearly
defined procedures and rules
covering the different types of
security incidents.
A.15. Whether the procedure
addresses the incident
management responsibilities,
orderly and quick response to
security incidents.
71
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.16. Whether the procedure
addresses different types of
incidents ranging from denial of
service to breach of
confidentiality etc., and ways to
handle them.
INVENTORY OF ASSETS
A.17. Whether an inventory or register
is maintained with the important
assets associated with each
information system.
A.18. Whether each asset identified
has an owner, the security
classification defined and
agreed and the location
identified.
A.19. Is there an up-to-date network
diagram?
A.20. Is the inventory schedule and
networking plan reviewed at
regular intervals to ensure that
they are complete and up-
dated?
A.21. Are all the system
configurations properly
documented?
A.22. Is the configuration document
regularly updated as per a fixed
schedule?
INFORMATION LABELING
AND HANDLING
72
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.23. Whether an appropriate set of
procedures are defined for
information labeling and
handling in accordance with the
classification scheme adopted
by the organization.
CORRECT DISPOSAL OF
RESOURCES REQUIRING
PROTECTION
A.24. Is there a policy of identifying
resources and media based on
their level of sensitivity
A.25. Is there a disposal process
commensurate with each level
of sensitivity
A.26. Are the specified disposal
provisions complied with
A.27. Is the disposal procedure
reliable
ACCESS CONTROL POLICY
A.28. Whether the business
requirements for access control
have been defined and
documented.
A.29. Whether the Access control
policy does address the rules
and rights for each user or a
group of user.
A.30. Whether the users and service
providers were given a clear
statement of the business
requirement to be met by
access controls.
73
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
CLASSIFICATION
GUIDELINES
A.31. Whether there is an Information
classification scheme or
guideline in place; which will
assist in determining how the
information is to be handled and
protected.
MANAGEMENT OF
REMOVABLE COMPUTER
MEDIA
A.32. Whether there exists a
procedure for management of
removable computer media
such as tapes, disks, cassettes,
memory cards and reports.
OTHER FORMS OF Serious
INFORMATION EXCHANGE
A.33. Whether there are any policies,
procedures or controls in place
to protect the exchange of
information through the use of
voice, facsimile and video
communication facilities.
A.34. Whether staffs are reminded to
maintain the confidentiality of
sensitive information while using
such forms of information
exchange facility.
INFORMATION AND Serious
SOFTWARE EXCHANGE
AGREEMENT
74
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.35. Whether there exists any formal
or informal agreement between
the organisations for exchange
of information and software.
A.36. Whether the agreement does
address the security issues
based on the sensitivity of the
business information involved.
Determine technological
direction.
INDEPENDENT REVIEW OF Very
INFORMATION SECURITY Serious
A.37. Whether the implementation of
security policy is reviewed
independently on regular basis.
This is to provide assurance
that organisational practices
properly reflect the policy, and
that it is feasible and effective.
TESTING, MAINTAINING AND Very
RE-ASSESSING BUSINESS Serious
CONTINUITY PLAN
A.38. Whether Business continuity
plans are tested regularly to
ensure that they are up to date
and effective.
A.39. Whether Business continuity
plans were maintained by
regular reviews and updates to
ensure their continuing
effectiveness.
75
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.40. Whether procedures were
included within the
organisations change
management programme to
ensure that Business continuity
matters are appropriately
addressed.
MOBILE COMPUTING Serious
A.41. Whether a formal policy is
adopted that takes into account
the risks of working with
computing facilities such as
notebooks, palmtops etc.,
especially in unprotected
environments.
WORKING FROM OFFSITE Very
Serious
A.42. · Whether policy, operational
plan and procedures are
developed and implemented
for working from offsite. This
should cover both employees
and partners.
· Whether such activity is
authorized and controlled by
management and does it
ensure that suitable
arrangements are in place for
this way of working.
Define the IT Processes,
Organization and
Relationships
AUTHORISATION PROCESS Very
FOR INFORMATION Serious
PROCESSING FACILITIES
76
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.43. · Whether there is a
management authorisation
process in place for any new
facilities such as
· Hardware
· Software incl. applications
· information processing
facility like data centers,
offices etc
· changes to configurations in
existing Assets.
A.44. Are log-books kept of system
changes
A.45. Are there any guidelines for
implementing changes to IT
components, software or
configuration data?
A.46. Are all changes documented?
INFORMATION SECURITY Procedural
COORDINATION
A.47. Whether there is a cross-
functional forum of management
representatives from relevant
parts of the organization to
coordinate the implementation
of information security controls.
ALLOCATION OF Very
INFORMATION SECURITY Serious
RESPONSIBILITIES
A.48. Has an IT Security Officer been
appointed?
77
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.49. Whether responsibilities for the
protection of individual assets
and for carrying out specific
security processes are clearly
defined.
A.50. Is there an establishment of a
suitable organisational structure
for IT security
CONFIDENTIALITY Very
AGREEMENTS Serious
A.51. Whether employees are asked
to sign confidentiality or non-
disclosure agreement as a part
of their initial terms and
conditions of the employment.
A.52. Whether this agreement covers
the security of the information
processing facility and
organisation assets.
INCLUDING SECURITY IN JOB Procedural
RESPONSIBILITIES
A.53. Whether security roles and
responsibilities as laid down in
Organization's information
security policy documented
were appropriate.
A.54. Does it include general
responsibilities for:
implementing or maintaining
security policy,
specific responsibilities for
protection of particular assets,
extension of particular security
processes or activities.
78
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
PERSONNEL SCREENING Very
AND POLICY Serious
A.55. Whether verification checks on
permanent staff were carried
out at the time of job
applications.
This should include:
· character reference,
· confirmation of claimed
academic
· professional qualifications
· independent identity checks.
TERMS AND CONDITIONS OF Procedural
EMPLOYMENT
A.56. Whether terms and conditions of
the employment covers the
employee's responsibility for
information security. Where
appropriate:
· At the joining date
· At time of internal transfers
· On termination/end of the
employment.
INFORMATION SECURITY Procedural
EDUCATION AND TRAINING
A.57. Whether all employees of the
organization and third party
users (where relevant) receive
appropriate Information Security
training and regular updates in
organisational policies and
procedures.
79
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.58. Is the IT Security Management
Team involved in the planning
and delivery of IT training?
DATA PROTECTION AND Serious
PRIVACY OF PERSONAL
INFORMATION
A.59. Whether there is a management
structure and control in place to
protect data and privacy of
personal information.
IDENTIFICATION OF Serious
APPLICABLE LEGISLATION
A.60. Whether all relevant statutory,
regulatory and contractual
requirements were explicitly
defined and documented for
each information system.
INTELLECTUAL PROPERTY Very
RIGHTS Serious
A.61. Whether there exist any
procedures to ensure
compliance with legal
restrictions on use of material in
respect of which there may be
intellectual property (IPR) rights
such as copyright, design rights,
trade marks.
A.62. Whether the procedures are
well implemented.
A.63. Whether proprietary software
products are supplied under a
licence agreement that limits the
use of the products to specified
machines. The only exception
might be for making own back-
up copies of the software.
80
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
SAFEGUARDING OF Very
ORGANISATIONAL RECORDS Serious
A.64. Whether important records of
the organisation are protected
from loss destruction and
falsification.
SECURING OF EQUIPMENT Very
OFF-PREMISES Serious
A.65. Whether any equipment usage
outside an organisation's
premises for information
processing has to be authorized
by the management..
A.66. Whether the security provided
for these equipments while
outside the premises is at par
with or more than the security
provided inside the premises.
SEGREGATION OF DUTIES Very
Serious
A.67. Whether duties and areas of
responsibility are separated in
order to reduce opportunities for
unauthorized modification or
misuse of information or
services. This should include.
Distinction between IT and
Business Development and
Production.
SEPARATION OF Very
DEVELOPMENT AND Serious
OPERATIONAL FACILITIES
81
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.68. Whether the development and
testing facilities are isolated
from operational facilities. For
example, development software
should run on a computer
different from the computer with
production software. Where
necessary development and
production network should be
separated from each other.
NETWORK CONTROLS Very
Serious
A.69. Whether effective operational
controls such as separate
network and system
administration facilities were
established where necessary.
A.70. Whether responsibilities and
procedures for management of
remote equipment, including
equipment in user areas are
established.
A.71. Whether there exist any special
controls to safeguard
confidentiality and integrity of
data processing over the public
network and to protect the
connected systems.
A.72. Whether access attempts via
telnet, ftp are logged and
reviewed.
IDENTIFICATION OF RISKS Very
FROM THIRD PARTY Serious
A.73. Whether risks from third party
access are identified and
appropriate security controls
implemented.
82
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.74. Whether security risks with third
party contractors working onsite
are identified and appropriate
controls are implemented.
SECURITY REQUIREMENTS Very
IN THIRD PARTY CONTRACTS Serious
A.75. Whether there is a formal
contract containing, or referring
to, all the security requirements
to ensure compliance with the
organization's security policies
and standards.
WORKING IN SECURE AREAS Very
Serious
A.76. Whether there exists any
security control for third parties
or for personnel working in
secure area.
PREVENTION OF MISUSE OF Very
INFORMATION PROCESSING Serious
A.77. Whether use of information
processing facilities for any non-
business or unauthorised
purpose, without management
approval is treated as improper
use of the facility.
A.78. Whether at the log-on a warning
message is presented on the
computer screen indicating that
the system facility being entered
is private and that unauthorised
access is not permitted.
83
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
REGULATION OF Procedural
CRYPTOGRAPHIC
CONTROLS
A.79. Whether the cryptographic
controls are used in compliance
with all relevant agreements,
laws, and regulations.
ACCEPTABLE USE OF Very
ASSETS Serious
A.80. Whether regulations for
acceptable use of information
and assets associated with an
information processing facility
were identified, documented
and implemented. The auditor is
required to understand the
policies with respect to use of
Information Assets and controls
available to prevent their
misuse.
MANAGEMENT Procedural
RESPONSIBILITIES
A.81. Whether the management
requires employees, contractors
and third party users to apply
security in accordance with the
established policies and
procedures of the organization.
Manage the IT investment
REVIEW AND EVALUATION Procedural
84
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.82. Whether the IT Security process
ensures that a review takes
place in response to any
changes affecting the basis of
the original assessment, for
example: significant security
incidents, new vulnerabilities or
changes to organisational or
technical infrastructure.
LEARNING FROM INCIDENTS Procedural
A.83. Whether there are mechanisms
in place to enable the types,
volumes and costs of incidents
and malfunctions to be
quantified and monitored.
REPORTING SECURITY Procedural
INCIDENTS
A.84. Are steps taken to ensure that
anything unusual in the log files
gets reported?
A.85. Are the users regularly advised
of the requirement to inform the
administrator at once in case of
irregularities?
Communicate management
aims and direction
PUBLICLY AVAILABLE Procedural
SYSTEMS
A.86. Whether there is any formal
authorisation process in place
for the information to be made
publicly available. Such as
approval from Change Control
which includes Business,
Application owner etc., Auditor
may also evaluate the control to
disclose NAV on the website.
85
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.87. Whether there are any controls
in place to protect the integrity
of such information publicly
available from any unauthorised
access. The auditor may obtain
VA and PT reports of the
website and other web
applications where investment
related data is hosted.
SECURITY REQUIREMENTS Serious
IN OUTSOURCING
CONTRACTS
A.88. · Whether security
requirements are addressed
in the contract with the third
party, when the organization
has outsourced the
management and control of
all or some of its information
systems, networks and/ or
desktop environments.
· The contract should address
how the legal requirements
are to be met, how the
security of the organization's
assets are maintained and
tested, and the right of audit,
physical security issues and
how the availability of the
services is to be maintained
in the event of disaster.
INFORMATION ACCESS Serious
RESTRICTION
86
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.89. Whether access to application
by various groups/ personnel
within the organisation has been
defined in the access control
policy as per the individual
business application
requirement and whether it is
consistent with the
organisation's Information
access policy.
PASSWORD USE Very
Serious
A.90. Whether there are any
guidelines in place to guide
users in selecting and
maintaining secure passwords.
UNATTENDED USER Procedural
EQUIPMENT
A.91. Whether the users and
contractors are made aware of
the security requirements and
procedures for protecting
unattended equipment, as well
as their responsibility to
implement such protection.
CLEAR DESK AND CLEAR Procedural
SCREEN POLICY
A.92. Whether automatic computer
screen locking facility is
enabled. This would lock the
screen when the computer is
left unattended for a period.
87
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.93. Whether employees are advised
not to leave any confidential
material in the form of paper
documents, media, etc., in a
locked place while unattended.
RETURN OF ASSETS Very
Serious
A.94. Whether there is a process in
place that ensures all
employees, contractors and
third party users surrender all of
the organization's assets in their
possession upon termination of
their employment, contract or
agreement.
MANAGEMENT COMMITMENT Serious
TO INFORMATION SECURITY
A.95. Whether management
demonstrates active support for
security measures within the
organization. This can be done
via clear direction,
demonstrated commitment,
explicit assignment and
acknowledgement of information
security responsibilities.
ROLES AND Procedural
RESPONSIBILITIES
A.96. · Whether employee security
roles and responsibilities,
contractors and third party
users were defined and
documented in accordance
with the organization's
information security policy.
88
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· Were the roles and
responsibilities defined and
clearly communicated to job
candidates during the pre-
employment process
Manage IT human resources
USER DELETION Very
Serious
A.97. Is there a well defined process
for revoking user rights on
termination of employment?
A.98. Is the IS Team promptly
informed of the termination of
service by a staff member?
A.99. Are there any former staff
members who still hold
previously issued passes or
user ID?
A.100. Is it ensured that all entry and
access rights of a staff member
whose services have been
terminated are revoked and
deleted, and is the process
adequate?
A.101. When the contractual
relationship with outside staff is
terminated, are all access
authorisations revoked or
deleted?
TERMINATION Very
RESPONSIBILITIES Serious
A.102. Whether responsibilities for
performing employment
termination, or change of
employment, are clearly defined
and assigned.
89
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
Manage quality
EXTERNAL FACILITIES Serious
MANAGEMENT
A.103. Whether any of the Information
processing facility is managed
by external company or
contractor (third party).
A.104. Whether the risks associated
with such management were
identified in advance, discussed
with the third party, and
appropriate controls were
incorporated into the contract.
OUTSOURCED SOFTWARE Serious
DEVELOPMENT
A.105. · Whether the outsourced
software development is
supervised and monitored
by the organization.
· Whether points such as:
Licensing arrangements,
escrow arrangements,
contractual requirement for
quality assurance, testing
before installation to detect
Trojan code etc., are
considered.
Manage Projects
EMERGENCY PROCEDURES Serious
A.106. Is there an authorized person to
determine the existence of an
emergency?
A.107. Is there an Emergency
Procedure Manual?
90
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.108. Is a description of the
emergency organisation
available?
A.109. Is consideration given to all
possible emergencies?
A.110. Are all persons and
organisational units stated in the
Manual aware of the emergency
organization?
A.111. Has configuration back-up been
produced for every employed
computer type and/or every
employed operating system and
easily accessible in case of
emergency?
A.112. Is a startup disk available for
each configuration PC which
can be used to boot the system
in the event of a boot failure?
NETWORK PERFORMANCE Procedural
MEASUREMENT
A.113. Are performance measurements
and traffic-flow analyses
conducted regularly?
Is it within the SLA agreed to
with the vendor?
A.114. Has a security analysis of the
network environment been
conducted?
SENSITIVE SYSTEM Procedural
ISOLATION
91
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.115. Whether sensitive systems are
provided with isolated
computing environment such as
running on a dedicated
computer, sharing resources
only with trusted application
systems, etc.
ALTERNATE PROCESSING Procedural
A.116. Is there a specification of
internal and external
alternatives?
A.117. Are these available and
effective?
A.118. Are the configuration, capacity
and compatibility of internal and
external alternatives being
adapted to the current status of
procedures?
A.119. Are the integrity and
confidentiality of IT application
and data moved to external
resources ensured in the case
of recourse to external
alternatives?
A.120. Are there any contingency plans
for failure of individual assets?
A.121. Are there contingency plans in
case of breakdown of data
transmission?
A.122. Has the data transmission
capacity required for the use of
alternative resources been
adequately assessed?
A.123. Are there any alternative
solutions for important
communication links?
92
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
A.124. Is there a provision of redundant
communication lines?
A.125. Is there a sufficient redundant
arrangement for network
components?
A.126. Is there any point of failure in
the current infrastructure?
B Implement IT Plan
Acquire and maintain
application software
OPERATIONAL CHANGE Very
CONTROL Serious
B.1 Whether all programs running
on production systems are
subject to strict change control
i.e., whether any change to be
made to those production
programs needs to go through
the change control
authorisation.
B.2 Whether audit logs are
maintained for any change
made to the production
programs.
AUDIT LOGGING Procedural
B.3 · Whether audit logs recording
user activities, exceptions,
and information security
events are produced and
kept for an agreed period to
assist in future
investigations and access
control monitoring.
· Whether appropriate Privacy
protection measures are
considered in Audit log
maintenance
93
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
FAULT LOGGING Procedural
B.4 · Whether faults are logged
analysed and appropriate
action taken.
· Whether level of logging
required for individual
system are determined by a
risk assessment, taking
performance degradation
into account.
APPLICATION ACCEPTANCE Procedural
CRITERIA AND TESTS
B.5 INPUT DATA VALIDATION
· Whether data input to
application system is
validated to ensure that it is
correct and appropriate.
· Whether the controls such
as: Different types of inputs
to check for error messages,
Procedures for responding
to validation errors, defining
responsibilities of all
personnel involved in data
input process etc., are
considered.
B.6 CONTROL OF INTERNAL
PROCESSING
· Whether validation checks
are incorporated into
applications to detect any
corruption of information
through processing errors or
deliberate acts.
94
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· Whether the design and
implementation of
applications ensure that the
risks of processing failures
leading to a loss of integrity
are minimized.
· Auditor needs to review the
tests performed on the
application at the time of
acquisition and during any
change
B.7 MESSAGE INTEGRITY
· Whether requirements for
ensuring and protecting
message integrity in
applications are identified,
and appropriate controls
identified and implemented.
· Whether a security risk
assessment was carried out
to determine if message
integrity is required, and to
identify the most appropriate
method of implementation.
B.8 OUTPUT DATA VALIDATION
Whether the data output of
application system is validated
to ensure that the processing of
stored information is correct and
appropriate to circumstances.
95
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
B.9 ACCESS CONTROL TO
PROGRAM SOURCE CODE
Whether strict controls are in
place to restrict access to
program source libraries.
(This is to avoid the potential for
unauthorized, unintentional
changes.)
B.10 RESTRICTION ON CHANGES
TO SOFTWARE PACKAGES
Whether modifications to
software package is
discouraged and/ or limited to
necessary changes.
Whether all changes are strictly
controlled
Acquire and maintain
technology infrastructure
EQUIPMENT MAINTENANCE Procedural
B.11 Whether the equipment is
maintained as per the supplier's
recommended service intervals
and specifications.
B.12 Whether the maintenance is
carried out only by authorized
personnel.
B.13 Whether appropriate controls
are implemented while sending
equipment off premises.
B.14 If the equipment is covered by
insurance, whether the
insurance requirements are
satisfied.
LAPTOPS Procedural
96
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
B.15 Are laptop users instructed as
regards safe keeping of their
computers during mobile use?
B.16 Is there use of an encryption
product for laptop PCs?
AUTOMATIC TERMINAL Procedural
IDENTIFICATION
B.17 Whether automatic terminal
identification mechanism is
used to authenticate
connections.
PLANNING OF A
WINDOWS `OS' NETWORK
B.18 Is there any documentation
indicating which directories on
which computers have been
shared for network access?
CONFIGURATION OF `OS' Procedural
SERVERS
B.19 Is there a document detailing
the settings of various
parameters in the OS Server?
B.20 Are these settings adhered to?
B.21 Is protection of the registry
under Windows in place?
B.22 Have the default passwords for
local access been replaced by
secure ones?
PROTECTION OF SYSTEM Procedural
TEST
97
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
B.23 Whether system test data is
protected and controlled.
Whether use of personal
information or any sensitive
information for testing
operational database is
shunned.
Enable operation and use
DOCUMENTED OPERATING Very
PROCEDURES Serious
B.24 Whether the Security Policy has
identified any Operating
procedures such as Back-up,
Equipment maintenance etc.
B.25 Whether such procedures are
documented and used.
SECURITY OF SYSTEM Very
DOCUMENTATION Serious
B.26 Whether the system
documentation is protected from
unauthorised access.
B. 27 Whether the access list for the
system documentation is kept to
the minimum and authorized by
the application owner (for use
by a limited number of users.)
Manage Changes
USE OF SYSTEM UTILITIES Very
Serious
B.28 Whether system utilities that
come with computer
installations, but may override
system and application control
are tightly controlled.
98
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
CHANGE MANAGEMENT Very
Serious
B.29 Whether all changes to
information processing facilities
and systems are controlled.
B.30 Is there a written SOP covering
the change control program that
has been approved?
TECHNICAL REVIEW OF Very
APPLICATIONS AFTER Serious
OPERATING SYSTEM
CHANGES
B.31 Whether there is process or
procedure in place to review
and test business critical
applications for adverse impact
on organizational operations or
security after the change to
Operating Systems.
Periodically it is necessary to
upgrade operating system i.e.,
to install service packs, patches,
hot fixes etc.
C Management of IT
Service delivery Procedural
C.1 Whether measures are taken to
ensure that the security
controls, service definitions and
delivery levels, included in the
third party service delivery
agreement, are implemented,
operated and maintained by a
third party.
Manage third party services
99
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
MONITORING AND REVIEW Serious
OF THIRD PARTY SERVICES
C.2 · Whether the services,
reports and records provided
by third party are regularly
monitored and reviewed.
· Whether audits are
conducted on the above
third party services, reports
and records, on regular
interval.
MANAGING CHANGES TO Serious
THIRD PARTY SERVICES
C.3 · Whether changes to
provision of services,
including maintaining and
improving existing
information security policies,
procedures and controls, are
managed.
· Does this take into account
criticality of business
systems, processes involved
and re-assessment of risks?
Manage Performance and
capacity
PATCH MANAGEMENT Serious
C.4 Are steps taken to ensure that
information about the latest
patches is always available?
How is the patch level status of
systems verified?
CAPACITY PLANNING Serious
100
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.5 Whether the capacity demands
are monitored and projections of
future capacity requirements are
made.
This is to ensure that adequate
processing power and storage
are available. Example:
Monitoring Hard disk space,
RAM, CPU on critical servers.
Ensure continuous service
BUSINESS CONTINUITY Very
PLANNING FRAMEWORK Serious
C.6 Whether there is a single
framework of Business
continuity plan.
C.7 Whether this framework is
maintained to ensure that all
plans are consistent and identify
priorities for testing and
maintenance.
C.8 Whether this identifies
conditions for activation and
individuals responsible for
executing each component of
the plan.
WRITING AND Very
IMPLEMENTING CONTINUITY Serious
PLAN
C.9 Whether plans were developed
to restore business operations
within the required time frame
following an interruption in or
failure of business process.
C.10 Whether the plan is regularly
tested and updated.
101
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.11 Review the written BCP / DRP
(s) and verify whether the BCP /
DRP(s):
· Address(es) the recovery of
each business
unit/department/ function,
· According to its priority
ranking in the Risk
Assessment; and
· Considering
interdependencies among
systems.
C.12 Whether it take(s) into account:
· Personnel;
· Facilities;
· Technology (hardware,
software, operational
equipment);
· Telecommunications/networks;
· Vendors;
· Utilities;
· Documentation (data and
records);
· Law enforcement;
· Security;
· Media; and
· Shareholders
C.13 Whether it include(s) emergency
preparedness and crisis
management aspects:
· Has an accurate employee/
manager contact tree;
102
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· Clearly defines
responsibilities and decision-
making authorities for
designated teams and/or staff
members, including those
who have authority to declare
a disaster;
· Explains actions to be taken
in specific emergency
situations;
· Defines the conditions under
which the back-up site would
be used;
· Has procedures in place for
notifying the back-up site;
· Designates a public relations
spokesperson; and
· Identifies sources of needed
office space and equipment
and list of key vendors
(hardware/ software/
communications, etc.)
C.14 Whether the BCP / DRP
establishes processing priorities
to be followed in the event not
all applications can be
processed.
C.15 Whether adequate procedures
are in place to ensure the BCP /
DRP (s) is (are) maintained in a
current fashion and updated
regularly.
103
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.16 Whether a senior manager has
been assigned responsibility to
oversee the development,
implementation, testing, and
maintenance of the BCP / DRP.
C.17 Whether the board reviews and
approves the written BCP /
DRP(s) and testing results at
least annually and documents
these reviews in the board
minutes.
C.18 Whether senior management
periodically reviews and
prioritizes each business unit,
business process, department,
and subsidiary for its critical
importance and recovery
prioritization. If so, determine
how often reviews are
conducted.
C.19 If applicable, determine whether
the senior management has
evaluated the adequacy of the
BCP/DRPs for its service
providers, and ensured the
organization's BCP/DRP is
compatible with those service
provider plans, commensurate
with adequate recovery
priorities.
104
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
BUSINESS IMPACT ANALYSIS Very
Serious
C.20 Are all functions and
departments included in the
BIA?
C.21 Review the BIA to determine
whether the identification and
prioritization of business
functions are adequate.
C.22 Does the BIA identifies
maximum allowable downtime
for critical business functions,
acceptable levels of data loss
and backlogged transactions,
and the cost and recovery time
objectives associated with
downtime?
C.23 Review the risk assessment and
determine if it includes scenarios
and probability of occurrence of
disruptions of information
services, technology, personnel,
facilities, and service providers
from internal and external
sources, including:
· Natural events such as
fires, floods, and severe
weather;
· Technical events such as
communication failure,
power outages, and
equipment and software
failure; and
· Malicious activity including
network security attacks,
fraud, and terrorism.
105
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.24 Whether the risk assessment
and BIA have been reviewed
and approved by senior
management and the board.
C.25 Are reputation, operational,
compliance, and other risks
considered in plan(s).
RISK MITIGATION Procedur
STRATEGIES al
C.26 Whether adequate risk
mitigation strategies have been
considered for:
· Alternate locations and
capacity for:
· Data centers and computer
operations;
· Back-room operations;
· Work locations for business
functions; and
· Telecommunications.
C.27 Is there a policy for Back-up of:
· Data;
· Operating systems;
· Applications;
· Utility programs; and
· Telecommunications?
106
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.28 Is there a policy for Off-site
storage of:
· Back-up media;
· Supplies; and
· Documentation, e.g.,
BCP(s), DRP, operating and
other procedures, inventory
listings, etc?
C.29 Is there a provision for Alternate
power supplies such as
Uninterruptible power supplies
(UPS); and Back-up generators.
107
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.30 Whether there are procedures
for,
· Duplicates of the operating
systems are available both
on- and off-site.
· Duplicates of the production
programs are available both
on- and off-site, including
both source (if applicable)
and object versions.
· All programming and
system software changes
are included in the back up.
· Back-up media is stored off-
site in a place from which it
can be retrieved quickly at
any time.
· Frequency and number of
back-up generations is
adequate in view of the
volume of transactions
being processed and the
frequency of system
updates.
· Duplicates of transaction
files are maintained on- and
off-site.
· Data file back-ups are taken
off-site in a timely manner
and not brought back until a
more current back-up is off-
site.
108
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.31 Review the written IT continuity
plan(s) and determine whether
the plan(s) addresses the back-
up of the systems and
programming function (if
applicable), including,
Back-up of programming tools
and software; and
Off-site copies of program and
system documentation.
C.32 Does the plan deal with how
backlogged transactions and
other activity will be brought
current.
C.33 Whether adequate physical
security and access controls
exist over data back-ups and
program libraries throughout
their life cycle, including when
they are created,
transmitted/delivered to storage,
stored, retrieved and loaded,
and destroyed.
C.34 Do appropriate policies,
standards, and processes
address business continuity
planning issues including:
· Systems Development Life
Cycle, including project
management;
· The change control
process;
· Data synchronization, back
up, and recovery;
109
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· Employee training and
communication planning;
· Insurance; and
· Government and community
coordination?
C.35 Whether personnel are
adequately trained as to their
specific responsibilities under
the plan(s) and whether
emergency procedures are
posted in prominent locations
throughout the facility.
C.36 Does the continuity strategy
include alternatives for
interdependent components and
stakeholders, including:
· Utilities;
· Telecommunications;
· Third-party technology
providers;
· Key suppliers/business
partners; and
· Customers/members?
C.37 · Are there adequate
processes in place to
ensure the plan(s) are
maintained to remain
accurate and current?
· Designated personnel are
responsible for maintaining
changes in processes,
personnel, and
environment(s)?
110
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· The board of directors
reviews and approves the
plan(s) annually and after
significant changes and
updates?
· Process includes
notification and distribution
of revised plans to
personnel and recovery
locations?
DISASTER RECOVERY SITE / Very
ALTERNATE PROCESSING Serious
SITE
C.38 Does the Insurer have a clear
Off-site Back-up of Data in a
City falling under a different
Seismic Zone, either on its own
or through a Service Provider?
C.39 Does the Insurer have, in
addition to above, the necessary
infrastructure for Mission Critical
Systems to address at least the
following:
· Calculation of daily NAV
(Fund wise) Redemption
processing?
C.40 · Whether satisfactory
consideration has been
given to geographic
diversity for:
· Alternate processing
locations;
111
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· Alternate locations for
business processes and
functions; and
· Off-site storage.
C.41 Are there arrangements for
alternative processing capability
in the event any specific
hardware, the data center, or
any portion of the network
becomes disabled or
inaccessible, and determine if
those arrangements are in
writing?
C.42 If the organization is relying on
in-house systems at separate
physical locations for recovery,
whether the equipment is
capable of independently
processing all critical
applications.
C.43 · If the organization is relying
on outside facilities for
recovery, whether the
recovery site,
· Has the ability to process
the required volume;
· Provides sufficient
processing time for the
anticipated workload based
on emergency priorities;
and,
112
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· Allows the organization to
use the facility until it
achieves a full recovery
from the disaster and
resumes activity at the
organization's own facilities.
C.44 Review the contract between
applicable parties, such as
recovery vendors if any.
Determine if the terms and
conditions of the contract relate
to the BCP/DRP
C.45 Whether the organization
ensures that when any changes
(e.g. hardware or software
upgrades or modifications) in the
production environment occur
that a process is in place to
make or verify a similar change
in each alternate recovery
location.
C.46 Whether the organization is kept
informed of any changes at the
recovery site that might require
adjustments to the
organization's software or its
recovery plan(s).
C.47 Whether there are plans in place
that address the return to normal
operations and original business
locations once the situation has
been resolved and permanent
facilities are again available.
113
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.48 Whether adequate
documentation is housed at the
alternate recovery location
including:
· Copies of each BCP / DRP;
· Copies of necessary system
documentation
C.49 Whether appropriate physical
and logical access controls have
been considered and planned
for the inactive production
system when processing is
temporarily transferred to an
alternate facility.
C.50 · Whether the methods by
which personnel are
granted temporary access
(physical and logical) during
continuity planning
implementation periods are
reasonable.
· Evaluate the extent to which
back-up personnel have
been reassigned different
responsibilities and tasks
when business continuity
planning scenarios are in
effect and if these changes
require a revision to the
levels of systems,
operational, data, and
facilities access.
114
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· Review the assignment of
authentication and
authorization credentials to
determine if they are based
upon primary job
responsibilities and if they
also include business
continuity planning
responsibilities.
C.51 Whether the intrusion detection
and incident response plan
considers resource availability,
and facility and systems
changes that may exist when
alternate facilities are placed in
use.
TESTING Very
Serious
C.52 Whether the BCP / DRP(s) is
tested periodically
C.53 Whether all critical business
units/departments/functions are
included in the testing.
C. 54 Whether the tests include:
· Setting goals and objectives
in advance;
· Realistic conditions and
activity volumes;
· Use of actual back-up
system and data files while
maintaining off-site back-up
copies for use in case of an
event concurrent with the
testing;
115
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· Participation and review by
internal audit;
· A post-test analysis report
and review process that
includes a comparison of
test results to the original
goals;
· Development of a corrective
action plan(s) for all
problems encountered; and
· Board of Directors' review.
C.55 Whether interdependent
departments, vendors, and key
market providers have been
involved in testing at the same
time to uncover potential
conflicts and/or inconsistencies.
C.56 Whether the level of testing is
adequate for the size and
complexity of the organization.
Determine if the testing includes:
· Testing the operating
systems and utilities
(infrastructure);
· Testing of all critical
applications (application
level);
· Data transfer between
applications (integrated
testing); and
· Testing the complete
environment and workload
(stress test).
116
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.57 Whether testing at an alternative
location includes:
· Network connectivity;
· Items processing and
backroom operations
connectivity and
information; and
· Other critical data feed
connections/interfaces.
C.58 Whether testing of the
information technology
infrastructure includes:
· Rotation of personnel
involved; and
· Business unit personnel
involvement.
C.59 Whether management
considered testing with:
· Critical service providers;
· Customers;
· Affiliates;
· Correspondent institutions;
and
· Payment systems and
major financial market
participants.
C.60 When testing with the critical
service providers, determine
whether management
considered testing,
· From the institution's
primary location to the
TSPs' alternative location;
117
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
· From the institution's
alternative location to the
TSPs' primary location; and
· From the institution's
alternative location to the
TSPs' alternative location.
INFORMATION BACK-UP Very
Serious
C.61 Whether Back-up of essential
business information such as
production server, critical
network components,
configuration backup etc., were
taken regularly.
C.62 Whether the backup media along
with the procedure to restore the
backup are stored securely and
well away from the actual site.
C.63 Can data restoration be
performed with the help of the
documentation even by a person
other than the one who backed
up the data?
C.64 Are the persons responsible for
data backup and restoration
sufficiently trained?
C.65 Are data restoration exercises
carried out periodically?
C.66 Whether the backup media are
regularly tested to ensure that
they could be restored within the
time frame allotted in the
operational procedure for
recovery.
118
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
Ensure systems security
MANAGEMENT INFORMATION Very
SECURITY FORUM Serious
C.67 Whether there is a management
forum to ensure there is a clear
direction and visible management
support for security initiatives
within the organisation.
IT SECURITY GUIDELINES AND Very
PROCEDURES Serious
C.68 Does the organization have a
detailed IT Security Guidelines
and procedures manual?
C.69 Is there a process of reviewing
and updating these manuals at
periodic intervals?
ENDPOINT USAGE Very
GUIDELINES Serious
C.70 Have Endpoint Use Guidelines
been established?
C.71 How is compliance with the
Endpoint Use Guidelines
monitored?
C.72 Does every user have a copy of
these Endpoint Use Guidelines?
SECURITY OF ELECTRONIC Very
OFFICE SYSTEMS Serious
C.73 Whether there is an acceptable
use policy to address the use of
Electronic office systems.
119
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.74 Whether there are any guidelines
in place to effectively control the
business and security risks
associated with the electronic
office systems.
DISABLING REMOVABLE Very
DRIVES Serious
C.75 Has it been ensured that floppy
disk / USB drives will generally
be locked and can be accessed
only through authorized use?
POWER SUPPLIES / UPS Very
Serious
C.76 Is the equipment protected from
power failures by multiple feeds,
through uninterruptible power
supply (UPS), backup generator
etc.?
C.77 Are the required intervals for
UPS maintenance being
observed?
C.78 Is the effectiveness of the UPS
system being tested on a regular
basis?
C.79 If any failures due to the location
occurred in the past, had
remedial action been taken for
the same?
C.80 Are generators available to
protect against prolonged power
loss and are they in working
condition?
120
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
GRANTING OF Very
(SYSTEM/NETWORK) ACCESS Serious
RIGHTS
C.81 Are the issue and the retrieval of
access authorizations and
access-granting means
documented?
C.82 Is separation of functions being
observed in the granting of
access rights?
C.83 Are users being trained in the
correct handling of access-
granting means?
C.84 If use of access-granting means
is logged, are such logs also
analysed?
USER PASSWORD Very
MANAGEMENT Serious
C.85 Is the allocation and reallocation
of passwords controlled through
a formal management process?
C.86 Are the users asked to sign a
statement to keep the password
confidential?
C.87 Have users been informed on
how to handle passwords
correctly?
C.88 Is the password quality
controlled?
C.89 Are password changes
mandatory?
121
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.90 Has every user been provided
with a password?
C.91 Are there any fixed procedures
relating to the escrow of
passwords?
C.92 If Yes, are the escrowed
passwords complete and up-to-
date?
C.93 Have provisions been made to
ensure proper handling of
escrowed passwords?
C.94 Is the system of password
changes controlled on the basis
of updating entries for escrowed
passwords?
PASSWORD USE Very
Serious
C.95 Are there any guidelines in place
to guide users in selecting and
maintaining secure passwords?
POLICY ON USE OF NETWORK Very
SERVICES Serious
C.96 Does a policy exist that does
address concerns relating to
networks and network services
such as:
Parts of network to be accessed,
Authorisation services to
determine who is allowed to do
what, Procedures to protect the
access to network connections
and network services?
122
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.97 Are users provided with standard
configuration of work stations? If
not, are deviations authorized
and documented?
TERMINAL LOGON Very
PROCEDURES Serious
C.98 Has it been ensured that access
to information system is
attainable only via a secure log-
on process?
C.99 Are machines configured to boot
from hard drives?
C.100 Is there a BIOS password set for
PC to disable users from booting
through CD drives?
C.101 Is the number of unsuccessful
log-in attempts restricted?
C.102 Whether After each unsuccessful
log-in attempt, the waiting time
until the next log-in prompt
increases.
C.103 Are unsuccessful log-in attempts
reported to the user?
C.104 Is access to the console
protected by passwords or other
means?
USER IDENTIFICATION AND Very
AUTHORISATION Serious
123
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.105 Whether unique identifier is
provided to every user such as
operators, system administrators
and all other staff including
technical.
C.106 Whether the generic user
accounts are supplied under
exceptional circumstances only
where there is a clear business
benefit. Additional controls may
be necessary to maintain
accountability.
C.107 Whether the authentication
method used does substantiate
the claimed identity of the user.
Commonly used method:
Password that only the user
knows.
PASSWORD MANAGEMENT Very
SYSTEM Serious
C.108 Whether there exists a password
management system that
enforces various password
controls such as individual
password for accountability,
enforcing password changes,
storing passwords in encrypted
form, not displaying passwords
on screen etc.
TERMINAL TIMEOUT Very
Serious
124
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.109 Whether Inactive terminal in
public areas are configured to
clear the screen or shut down
automatically after a defined
period of inactivity.
LIMITATION OF CONNECTION Very
TIME Serious
C.110 Whether there exists any
restriction on connection time for
high-risk applications. This type
of set up should be considered
for sensitive applications for
which the terminals are installed
in high-risk locations.
USER REGISTRATION Very
Serious
C.111 Whether there is any formal user
registration and deregistration
procedure for granting access to
multi-user information systems
and services.
The creation of a user account
must be approved by the
business owner of the application
in question or their nominee.
C.112 Are there standard rights profiles
for different functions or tasks?
PRIVILEGE MANAGEMENT Very
Serious
125
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.113 Whether the allocation and use
of any privileges in multi-user
information system environment
is restricted and controlled i.e.,
privileges are allocated on need-
to-use basis; privileges are
allocated only after formal
authorisation process.
C.114 Are there any organisational
procedures governing the
designation of users or user
groups?
C.115 Is there any program for the
configuration of users or user
groups?
C.116 Are there records of the
authorized users and groups and
their authorisation profiles?
REVIEW OF USER ACCESS Very
RIGHTS Serious
C.117 Whether there exists a process
to review user access rights at
regular intervals. Example:
Special privilege review every 3
months, normal privileges every
6 months.
INFORMATION ACCESS Very
RESTRICTION Serious
126
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.118 Whether access to application by
various groups/ personnel within
the organisation has been
defined in the access control
policy as per the individual
business application requirement
and whether it is consistent with
the organisation's Information
access policy.
MONITORING SYSTEM USE Very
Serious
C.119 Whether procedures are set up
for monitoring the use of
information processing facility.
The procedure should ensure
that the users are performing
only the activities that are
explicitly authorized.
C.120 Whether the results of the
monitoring activities are reviewed
regularly.
UNAUTHORISED SOFTWARE Very
Serious
C.121 Has a procedure for the
authorisation and registration of
software been laid down?
C.122 Has the ban on use of non-
approved software been put in
writing?
C.123 Have all staff members been
informed of the ban?
127
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.124 What possibilities happen to be
there for installation or use of
unauthorised software?
C.125 Are checks carried out
periodically on the software
inventory?
ADMINISTRATOR FUNCTIONS Very
Serious
C.126 To which persons is the
supervisor password known?
C.127 Have administrator roles been
divided up?
C.128 Are the authorisations assigned
by the administrator randomly
checked?
C.129 How frequently are logins and
logouts using administrator ID
checked?
EVENT LOGGING Very
Serious
C.130 Whether audit logs recording
exceptions and other security
relevant events are produced and
kept for an agreed period to
assist in future investigations and
access control monitoring.
REPORTING SECURITY Very
WEAKNESSES Serious
C.131 Whether a formal reporting
procedure or guideline exists for
users, to report security
weakness in, or threats to,
systems or services.
128
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.132 Are staff members informed in a
suitable form of IT security
incidents which have occurred
either within the organisation or
which have become public
knowledge, and are they told how
to avoid them?
DISCIPLINARY PROCESS Very
Serious
C.133 Whether there is a formal
disciplinary process in place for
employees who have violated
organisational security policies
and procedures. Such a process
can act as a deterrent to
employees who might otherwise
be inclined to disregard security
procedures.
EQUIPMENT SITING Very
PROTECTION Serious
C.134 Whether critical equipment is
located in appropriate place to
minimize unnecessary access
into work areas.
C.135 Whether the items requiring
special protection were isolated
to reduce the general level of
protection required.
C.136 Whether controls were adopted
to minimize risk from potential
threats such as theft, fire,
explosives, smoke, water, dust,
vibration, chemical effects,
electrical supply interfaces,
electromagnetic radiation, flood.
129
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.137 Whether there is a policy towards
eating, drinking and smoking in
proximity to information
processing services.
C.138 Whether environmental
conditions, which would
adversely affect the information
processing facilities, are
monitored.
C.139 Verify that heating, ventilation
and air-conditioning systems
maintain constant temperatures
within the data center.
C.140 Verify that ground earthing exists
to protect the computer systems.
Ensure that power is conditioned
to prevent data loss.
C.141 Is the Server Room designed as
a closed secure area?
CABLING SECURITY Procedural
C.142 Whether the power and
telecommunications cable
carrying data or supporting
information services are
protected from interception or
damage.
C.143 Whether there are any additional
security controls in place for
sensitive or critical information.
SECURITY OF NETWORK Very
SERVICES Serious
130
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.144 Whether the organisation, using
public or private network service
does ensure that a clear
description of security attributes
of all services used is provided.
C.145 Are all Internet connections
routed through a Firewall? Does
a dedicated team manage the
Firewall? Are the ports opened
only on a "need to have" basis?
C.146 Is there an Intruder Detection
System (IDS) implemented?
C.147 Are the application and database
servers kept separated from the
web server in the de-militarized
zone?
C.148 Is the de-militarized zone
separated from the Internet cloud
by means of a Firewall?
C.149 If the de-militarized zone is
connected to the Intranet, is it
separated by a Firewall?
C.150 Is the Firewall rule base treated
as a sensitive information and is
knowledge of the same restricted
to only authorized officials in the
IT / Computer operations
department?
131
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.151 Is the decision to open specific
firewall ports/rule base approved
in accordance with IT Security
Policy (IT Security Policy should
list out such ports) e.g. firewalls
should block unwanted ports
running services such as ftp,
telnet, SMTP, etc. into the de-
militarized zone?
CLOCK SYNCHRONISATION Procedural
C.152 Whether the computer or
communication device has the
capability of operating a real time
clock. If yes, has it been set to an
agreed standard such as
Universal Coordinated Time or
local standard time? The correct
setting of the computer clock is
important to ensure the accuracy
of the audit logs.
UNATTENDED USER Procedural
EQUIPMENT
C.153 Whether the users and
contractors are made aware of
the security requirements and
procedures for protecting
unattended equipment, as well as
their responsibility to implement
such protection.
SENSITIVE SYSTEM Procedural
ISOLATION
132
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.154 Whether sensitive systems are
provided with isolated computing
environment such as running on
a dedicated computer, sharing
resources only with trusted
application systems, etc.
SECURITY OF ELECTRONIC Procedural
EMAIL
C.155 Whether there is a policy in place
for the acceptable use of
electronic mail or does security
policy address the issues with
regards to use of electronic mail.
C.156 Whether there are adequate
procedures, which require that all
the incoming e-mail messages be
scanned for virus to prevent virus
infection to the network
C.157 Have regulations governing file
transfer and exchange of
messages with external parties
been established?
C.158 Are there formal rules based on
which e-mail addresses are
assigned?
C.159 Are security measures such as
filtering and text search in emails
implemented?
C.160 Is the criterion for e-mail filtering
adequate? What are the
procedures for changes in
filtering parameters?
133
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.161 Have controls such as anti-virus
checking, isolating potentially
unsafe attachments, spam
control, anti relaying etc., been
put in place to reduce the risks
created by electronic mail?
CONTROL AGAINST Serious
MALICIOUS SOFTWARE
C.162 Whether there exists any control
against malicious software
usage.
C.163 Whether the security policy does
address software licensing issues
such as prohibiting usage of
unauthorized software.
C.164 Whether there exists any
Procedure to verify that all
warning bulletins are accurate
and informative with regards to
the malicious software usage.
C.165 Whether Antivirus software is
installed on the computers to
check and isolate or remove any
viruses from computer and
media.
C.166 Whether this software signature
is updated on a regular basis to
check any latest viruses.
134
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.167 Whether all the traffic originating
from un-trusted network into the
organisation is checked for
viruses. Example: Checking for
viruses on email, email
attachments and on the web,
FTP traffic.
C.168 Are periodic runs of a virus
detection program configured?
C.169 Are there occasional checks as
to whether updates have been
performed? Have the results
been documented?
C.170 Use of a virus scanning program
when exchanging of data media
and data transmission Is Anti
Virus auto enabled to check CDs
and floppies?
C.171 Are received files and data media
checked for virus infection before
being imported?
REMOTE DIAGNOSTIC PORT Procedural
PROTECTION
C.172 Whether accesses to diagnostic
ports are securely controlled i.e.,
protected by a security
mechanism.
SEGREGATION IN NETWORKS Very
Serious
135
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.173 Whether the network (where
business partner's and/ or third
parties need access to
information system) is
segregated using perimeter
security mechanisms such as
firewalls.
NETWORK CONNECTION Very
PROTOCOLS Serious
C.174 Whether there exists any network
connection control for shared
networks that extend beyond the
organisational boundaries.
Example: electronic mail, web
access, file transfers, etc.,
NETWORK ROUTING Procedural
CONTROL
C.175 Are changes to network
configuration documented?
C.176 Is the system administrator the
only person who is able to
change the configuration
C.177 Is the system administrator the
only person who is able to read
the network log files
SECURITY OF MEDIA IN Procedural
TRANSIT
C.178 Whether security of media while
in transit has been taken into
account.
136
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.179 Whether the media is well
protected from unauthorised
access, misuse or corruption.
ELECTRONIC COMMERCE Procedural
SECURITY
C.180 Whether Electronic commerce is
well protected and controls
implemented to protect against
fraudulent activity, contract
dispute and disclosure or
modification of information.
C.181 Whether Security controls such
as Authentication, Authorisation
are considered in the E-
Commerce environment.
C.182 Whether electronic commerce
arrangements between trading
partners include a documented
agreement, which commits both
parties to the agreed terms of
trading, including details of
security issues.
USER AUTHENTICATION FOR Procedural
EXTERNAL CONNECTIONS
C.183 Whether there exists any
authentication mechanism for
challenging external connections.
Examples: Cryptography based
technique, hardware tokens,
software tokens, challenge/
response protocol etc.,
137
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
FIRE DETECTION AND Serious
PREVENTION CONTROLS
C.184 Are Fire detection measures
adequate such as fire alarms
available?
C.185 Has staff been informed of the
location of hand-held fire
extinguishers?
C.186 Can the hand-held fire
extinguishers actually be
accessed in case of a fire?
C.187 Is training provided for the use of
hand-held fire extinguishers?
C.188 Are hand-held fire extinguishers
regularly inspected and
maintained?
C.189 Is the fire alarm system checked
periodically to ensure that it is
working properly?
C.190 Has all the staff been informed of
the steps to be taken in the event
that an alarm goes off?
C.191 Is there an adequate number of
fire extinguishers (generally one
for every 50 sqft of area)?
C.192 · Is a fire suppression system
in place consisting of Fire
extinguishers and
Sprinklers?
· Are they in working order
and being monitored?
138
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
Manage the configuration
CONTROL OF TECHNICAL
VULNERABILITIES
C.193 · Whether timely information
about technical
vulnerabilities of information
systems being used is
obtained.
· Whether the organization's
exposure to such
vulnerabilities evaluated and
appropriate measures taken
to mitigate the associated
risk.
SAFEGUARDING OF Very
ORGANISATIONAL RECORDS Serious
C.194 Whether important records of the
organisation are protected from
loss destruction and falsification.
DISPOSAL OF MEDIA Very
Serious
C.195 Whether the media that are no
longer required are disposed off
securely and safely.
C.196 Whether disposal of sensitive
items is logged where necessary
in order to maintain an audit trail.
SECURE DISPOSAL OR RE- Very
USE OF EQUIPMENT Serious
139
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.197 Whether storage device
containing sensitive information
is physically destroyed or
securely over- written.
INFORMATION HANDLING Procedural
PROCEDURES
C.198 Whether there exists a procedure
for handling the storage of
information. Does this procedure
address issues such as
information protection from
unauthorised disclosure or
misuse?
DATA MANAGEMENT Procedural
C.199 Are the persons responsible for
the exchange of data media
familiar with the process of
physical erasure?
MANAGEMENT OF Procedural
REMOVABLE MEDIA
C.200 · Whether procedures exist
for management of
removable media, such as
tapes, disks, cassettes,
memory cards, and reports.
· Whether all procedures and
authorization levels are
clearly defined and
documented.
BUSINESS INFORMATION Procedural
SYSTEMS
140
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.201 Whether policies and procedures
have been developed and
enforced to protect information
associated with the
interconnection of business
information systems.
Manage the physical
environment
PHYSICAL SECURITY Serious
PERIMETER
C.202 · Are physical border security
facilities implemented
adequate to protect the
Information processing
service? Some examples of
such security facilities are:
card control for entry gate,
walls, manned reception
etc.?
· Are visitors required to
record their entry inside the
premises in a separate
register?
· Are details of their
possessions recorded and
verified at the time of their
exit from the premises
· Are cameras disallowed
inside the premises?
141
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.203 · Does Data Center exterior
Lighting, building orientation
provide a secure
environment?
· Data Centers should be
anonymous. Ensure that
there is no signage or
listings in directories?
SECURING OFFICES, ROOMS Serious
AND FACILITIES
C.204 Whether the rooms, which have
the Information processing
service, are:
· locked
· have lockable cabinets
· safes.
C.205 Whether the Information
processing service is protected
from natural and man-made
disaster such as raised floors,
good exterior walls /or other
suitable acceptable infrastructure
C.206 Whether there is any potential
threat from neighboring
premises.
C.207 Ensure that water alarm system
is configured to detect water in
high risk areas of the data center
C.208 Ensure that burglar alarm is
protecting the data center from
physical intrusion.
142
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
C.209 Are there adequate controls over
modems and other dial up
devices for employees and
visitors (data cards, etc)?
C.210 Ensure that surveillance systems
(CCTV) are designed and
operating properly?
PHYSICAL ENTRY CONTROLS Serious
C.211 Are entry controls in place to
allow only authorised personnel
into various areas within
organisation?
C.212 Is there a practice of Supervising
or escorting outside
staff/visitors?
REMOVAL OF PROPERTY Serious
C.213 Whether equipment, information
or software can be taken off-site
without appropriate authorisation.
PROTECTING AGAINST Serious
EXTERNAL AND
ENVIRONMENTAL THREATS
C.214 Whether physical protection
against damage from fire, flood,
earthquake, explosion, civil
unrest and other forms of natural
or man-made disaster has been
designed and applied.
D Maintain IT
Monitoring and Compliance
143
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
COMPLIANCE WITH SECURITY Serious
POLICIES AND STANDARDS
D.1 · Whether managers ensure
that all security procedures
within their area of
responsibility are carried out
correctly to achieve
compliance with security
policies and standards.
· Do managers regularly
review the compliance of
information processing
facility within their area of
responsibility for compliance
with appropriate security
policy and procedure?
ADMINISTRATOR AND Serious
OPERATOR LOGS
D.2 · Whether system
administrator and system
operator activities are
logged.
· Whether the logged
activities are reviewed on
regular basis.
TECHNICAL COMPLIANCE Serious
CHECKING
144
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
D.3 · Whether information
systems are regularly
checked for compliance with
security implementation
standards.
· Whether the technical
compliance check is carried
out by, or under the
supervision of, competent,
authorized personnel.
INFORMATION SYSTEMS Serious
AUDIT CONTROLS
D.4 · Whether audit requirements
and activities involving
checks on operational
systems have been carefully
planned and agreed to
minimise the risk of
disruptions to business
process.
· Whether the audit
requirements, scope are
agreed with appropriate
management.
Application and logical access Very
controls Serious
Name of the application used for
investment operations:
145
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
D.5 Obtain a list of valid user IDs at
the location and,
· Reconcile Active users to
those present in the location
as per attendance roles
· Validate User Work Class
with the designation of the
users at the location
· Verify if concurrent auditors
have been provided with
only view access
· Check for user with
maximum inactive time
greater than 10 minutes
· Check for user with
password expiry date
greater than 40 days from
the current day.
· For user ID disabled, check
whether these have been
done immediately after their
names have been removed
from the attendance register.
In case any delays are
noticed from the time of
removal from attendance
register to the actual date of
disabling the user Id report
the same.
Are there any discrepancies in
the above?
146
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
D.6 Are Access privileges defined for
each user as per the
designation?
D.7 Whether the User Ids of
employees who have been
transferred, or have retired/
resigned are deleted from
application.
D.8 · Whether the application
logs out the user after 5
minutes of inactivity.
· Whether the system forces
the user to change the
initial password given by
system manager.
· Users acknowledge receipt
of the password on the
register maintained for the
purpose
D.9 Whether the user log-off the
application whenever they leave
the work place for break.
D.10 · Check that all user
accounts are identifiable to
a user and generic user-
ids, which cannot be
attributed to any individual,
are not allowed.
· Check that all default
vendor accounts shipped
with the application have
been disabled.
147
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
D.11 Is the user ID temporarily
suspended when the staff
members are out on
training/outstation assignment
and the user ID will remain
inactive for certain days?
D.12 Whether an undertaking for
maintaining secrecy and
confidentiality of password has
been obtained from every user
and preserved.
D.13 Whether super user passwords
are changed immediately after
those are used by support
persons for rectification of
problems and this usage is
documented.
D.14 Whether every user has only
one identifiable user ID and not
more than one user id has been
given to any user.
D.15 Whether Super user passwords
(for applications hosted at the
location) are confined to
systems manager only and the
same are kept with the location
in charge in a sealed cover.
148
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
D.16 Password Security:-
· Whether the users change
their password periodically.
· Does the application force
the user to set an alpha
numeric password/
· Is the minimum length of
the password set to 8
characters?
· Whether password entry is
disabled after three
unsuccessful log-on
attempts?
· Whether the system forces
the users to change their
password after 40 days
from the date of last
creation / modification.
· Whether password history
is maintained by the
application. From
Transaction records, day
end reports or audit trails,
perform a sample check to
verify if user ID has been
used on any day when the
user is on leave.
ENFORCED PATH Procedural
D.17 Whether there is any control that
restricts the route between the
user terminal and the designated
computer services the user is
authorised to access, for
example, enforced path to reduce
the risk.
149
Technical Guide
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
NODE AUTHENTICATION Procedural
D.18 Whether connections to remote
computer systems that are
outside organisations security
management are authenticated.
Node authentication can serve as
an alternate means of
authenticating groups of remote
users where they are connected
to a secure, shared computer
facility.
NETWORK TESTS Serious
D.19 Is it ensured that
products/services that use the
Internet for connectivity or
communications have undergone
a successful penetration test
prior to production
implementation?
D.20 Is there a penetration test
process that ensures that
modifications to the
product/service that uses the
Internet for connectivity or
communication have been
reviewed to determine whether a
subsequent penetration test is
warranted?
D.21 Is there an intrusion detection
system in place for all the
external IP connections?
ON-LINE TRANSACTIONS Serious
150
Review of Information Technology (IT) Systems and Processes...
S. No Audit Objective Auditor's Risk
Observation Category
Y N Comments
D.22 Whether information involved in
online transactions is protected
to prevent incomplete
transmission, mis-routing,
unauthorized message alteration,
unauthorized disclosure,
unauthorized message
duplication or replay.
151
Annexure D
APPLICATION CONTROLS CHECKLIST
Application Controls Checklist
IRDA Regulations
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
1 Functional The Investment
Overall System should have
separate modules for
Front, Mid and Back
Office with separate
login
2 Segregation (1) In the case of a
of Life Insurer, (SFIN In
Shareholders the case of ULIP) each
& individual fund, both
Policyholders falling under
' funds Shareholder /
Policyholders', under
any class of business,
has `scrip' level
investments (except in
the case of General
Insurance Companies)
to comply with the
provisions of Section
11(1B) of Insurance
Act, 1938
(2) Furthermore the
Shareholders funds
beyond Solvency
Margin, to which the
pattern of Investment
will not apply, shall
have a separate
custody account with
Please check the parameterisation and configuration of the application
related to these. Screen shots may be taken as evidence. Any non compliance
is treated as "Very Serious".
153
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
identified scrip for both
Life and General
Insurance Companies.
3 To ensure Business
continuity, the Insurer
should have a clear
Off-site Backup of
Data in a City falling
under a different
Seismic Zone, either
on his own or through
a Service Provider.
Further, the Insurer /
service provider (if
outsourced) is required
to have the necessary
infrastructure for
Mission. Critical
Systems to address at
least the following:
1. Calculation of
daily NAV (Fund
wise)
2. Redemption
processing
4 System based checks
should be in place for
investments in an
Investee Company,
Group, Promoter
Group and Industry
Sector. The system
should signal when the
Internal / Regulatory
154
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
limits are nearly
reached PRIOR to
taking such exposure
and making actual
investment.
5 Functional Transfer of data from
Overall Front Office to Back
Office should be
electronic without
Manual intervention
(Real time basis) i.e.,
without re-entering
data at Back Office.
6 Functional All Investment
Overall Systems to be
seamlessly integrated
without manual
intervention.
7 The Insurer may have
multiple Data Entry
Systems, but all such
Systems should be
seamlessly integrated
without manual
intervention.
8 Functional - Audit trail to be
Overall available for all data
entry points including
at the Checker /
Authorizer level
9 Functional - Maker Checker
Overall process to be enforced
10 Functional - System based checks
Overall to be in place for
155
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
investments as per
Internal / Regulatory
limits PRIOR to taking
such exposure and
making actual
investment.
11 Inter-Fund transfer
capability
12 Inter-Fund transfer
capability - Non
Switching between
Traditional and Unit
Linked Funds
13 Functional - The system to be
Overall capable of computing
various portfolio
returns
14 The System should
handle Inter Fund
transfer as per Circular
IRDA-FA-02-10-2003-
04. The Investment
Committee may fix the
Cut Off time as per
Market practice, for
such transfer within
the fund. (The inter
fund transfer should be
like any other Market
deal and the same
needs to be carried out
with in the Market
hours only)
156
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
15 Functional - System to perform
Overall regular limits
monitoring and
Exception Reporting.
Also reporting on
movement of prices.
16 Functional - Cash Management
Overall System should provide
the funds available for
Investment considering
the settlement
obligations and
subscription and
redemption of units
17 Functional - The System to be
Overall validated not to accept
any commitment
beyond availability of
funds.
18 Functional - The System to be
Overall validated to restrict
Short Sales at the time
of placing the order
19 Functional - The Investment
Overall System to capture
Instrument Ratings to
enable it to
automatically generate
FORM 2 (Statement of
Downgraded
Investments) through
the System.
20 Functional - The Investment
Overall System to capture
157
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
Instrument Ratings to
enable it to
automatically generate
FORM 2 (Statement of
Downgraded
Investments) through
the System.
21 Functional - The System to have
Overall the ability to track
changes in ratings
over a period &
generate appropriate
alerts, along with
ability to classify
investment between
Approved and Other
Investments
22 Functional - Track of movement of
Overall Securities between
Approved and Other
Investments Status, as
a part of Audit trail, at
individual security
level
23 Functional - The System should
Overall have key limits preset
for ensuring
compliance with all
Regulatory
requirements and
should be supported
by workflow through
the System, (Real time
basis) for such
approval, if Regulatory
158
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
limit is close to be
breached
24 Functional - The System to have
Overall capability of
generating Exception
reports for Audit by
Internal / Concurrent
Auditor The System
should have capability
of generating
Exception reports for
Audit by Internal /
Concurrent Auditor
25 Functional - System to
Overall automatically track and
report all internal limits
breaches. All such
breaches should be
audited by Internal /
Concurrent Auditor.
26 Functional - The system to be
Overall validated in such a
way, that the Deal can
only be rejected by the
Back Office & NOT
edited
27 The System to be
capable of computing
NAV
28 The System should be
capable of computing
NAV and compare it
with the NAV
computed by the
Service provider, if
159
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
outsourced.
29 The Insurer should
maintain NAV history
(Fund wise) in his
Public Domain from
the Start of the Fund to
Current Date.
30 Functional - Method of computing
Overall NAV should be in line
with IRDA regulations
31 Methodology Every Purchase, Sale
of Operating of Investment, Income
Segregated on Investment
Fund' (including Corporate
Action) shall be
identified with
reference to the
particular `Segregated
Fund' and accounted
for.
32 Methodology Every `Deal Slip' shall
of Operating be identified with
Segregated reference to the
Fund' `segregated fund'
along with `Segregated
Fund Identification
Number "SFIN" for
such Segregated Fund
and the respective
`sub-code' of Custody
and the respective
Bank Account.
33 Units Unit Report shall be
Creation / reconciled with the
Investment Accounting
160
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
Redemption System's Creation /
Redemption Report,
after booking of unit
capital entries
34 Units Units created on a
Creation / `day-to-day' basis
Redemption (including switches),
shall be backed by
`segregated fund wise'
Investment assets. In
other words, the value
/ amount for which
Units are created for
the particular day (at
the prevailing NAV, at
the opening of the day,
of the respective fund),
should be equivalent
to the premium receipt
(net of switches) less
applicable charges and
other outflows such as
benefits paid,
surrenders and
foreclosures in
excluding applicable
charges of the
`respective segregated
fund'.
35 Security 1. Equity Investments
Master Based on the inputs
Creation from treasury: the
investment back-office
shall create Security
Masters in the system
(linked via NSE/BSE
161
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
codes) and the same
shall be validated by
the Mid-Office. The
procedure includes
documentation of
supporting and
supervisory sign off.
36 Security 2. Debt Investments:
Master Security masters for
Creation debt Instruments are
prepared on the basis
of Information
memorandum in case
of primary and
secondary market
deals by the Back
Office. The procedure
includes
documentation of
supporting and
supervisory sign off.
37 Primary 1. Booking of Primary
Market Deals Market Deals:Debt
/ IPO Primary Market Deals
shall be booked on the
date of application,
and on the date of
allotment the
Securities will be
reflected in the
Investment Accounts
38 Primary 2. Booking of Equity
Market Deals IPO:
/ IPO Equity Investments
shall be accounted on
162
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
the date of application
for IPO Issue as
`Application Money'
and on the date of
allotment the allotted
Shares shall be
reflected in the
Investment accounts.
39 Secondary 1. Debt DealsAll Debt
Market Debt / securities as
Equity Deal categorised in
Authorization IRDA/GLN/001/2003-
04 Categories of
Investments, as
amended from time to
time, shall be executed
with counterparties
and reported on NSE /
BSE / FIMMDA
reporting platform and
the same shall be
confirmed with
counterparties. The
deals shall be
authorised in the
investment system and
the trade files /
information shall be
sent to custodian /
other online settlement
systems as recognised
by any financial
regulator for
settlement.
40 Secondary 2. Equity Deals - STP
Market Debt / (Straight Through
163
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
Equity Deal Process)
Authorization Reconciliation:
All Secondary Market
equity deals shall be
put through the STP
module in the
investment system.
The dealer shall put
though the deal in the
investment system
after concluding the
transaction. The deal
would then flow to the
back office which
would be compared
with the input details
and the STP file
received from broker.
If all details match, the
transaction would be
authorised in the
system for settlement.
41 Secondary 2. Equity Deals - STP
Market Debt / (Straight Through
Equity Deal Process)
Authorization Reconciliation
Custodian /Broker
settlement:
After STP
reconciliation the
equity trade files ISO
files shall be sent to
custodian and broker
houses through STP.
42 Secondary All deals shall be
Market Debt / recorded on trade date
164
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
Equity Deal accounting basis.
Authorization
43 Settlement 1. Equity (Sale) - (as
Process per Exchange
Compliance Norms,
Currently T+2):
Bank settlement (trade
receivables) entries
shall be passed for
trades settling on
current day.
44 Settlement 2. Equity (Purchase) -
Process (as per Exchange
Compliance Norms,
Currently T+1):
Bank settlement (trade
payables) entries shall
be passed for trades
settling on current day.
It may also be settled
on T+2 basis, if the
company had
deposited margin
money with the
exchanges as required
for equity settlement.
45 Settlement 3. Debt (purchase/
Process Sale) - (as per
Exchange Compliance
Norms, Currently T+1):
Bank settlement (trade
payables/receivables)
entries shall be passed
for trades settling on
current day. Corporate
165
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
Debt deals dealt on
T+0 basis shall be
settled on T+0 basis.
46 Settlement 4. Money market
Process transactions & Non-
SLR - (as per
Exchange Compliance
Norms, Currently T+1):
Bank settlement (trade
payables/receivables)
entries shall be passed
for trades settling on
current day. Money
market transactions
excluding treasury bills
could also be dealt
and settled on T+O
basis.
47 Settlement 5. Reverse Repo
Process withdrawal:
Reverse Repo
maturities shall be
posted in bank
accounts
48 Settlement 6. Brokerage
Process Payments:
Brokerage Payment
shall be settled in
Bank
49 Corporate 2. Debt: The insurer
Action shall configure their
Investment System for
details of interest
receivable and
166
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
redemption dates.
Further, details of
interest receivable and
redemption can also
be obtained from the
custodian / other
online settlement
systems as recognised
by any financial
regulator.
50 Valuation Valuation of securities
Process shall be in line with the
INV/CIR/020/2008-09
Point. G Statement
of Investment
Reconciliation -
Annexure 2.
51 Valuation The Insurer shall close
Process the Investment Front
Office system for
transactions at 5.30
PM. The Concurrent
Auditor shall confirm
the compliance of this
requirement in their
quarterly report to the
Board of Directors .
52 Charges - Fund Management
Fund Charges (FMC)
Management including service tax
Charges shall be `accounted' for
on a day-to-day basis
in the investment
accounting system.
The actual transfer of
167
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
accumulated FMC
shall be done at the
end of the month.
53 Charges - Dealing costs including
Dealing brokerage, securities
costs transaction tax and
service tax shall be
adjusted in the cost of
investments.
54 NAV The NAV of the
Computation Segregated FUND
shall be computed as
Market Value of
investment held by the
fund + Value of
Current Assets Value
of Current Liabilities &
Provisions, if any
DIVIDED BY Number
of Units existing on
Valuation Date
55 NAV Number of units
Computation derived from the
investment accounting
system shall be
reconciled on a day to
day basis with the
policy admin system
56 `NAV' error All expenses and
Computation incomes accrued up to
& the Valuation date
Compensation shall be considered for
computation of NAV.
For this purpose, while
major expenses like
168
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
management fees and
other periodic
expenses should be
accrued on a day to
day basis, other minor
expenses and income
can be accrued on a
weekly basis, provided
the non-accrual does
not affect the NAV
calculations by more
than 1%.
57 Functional - System to have
Overall capability to upload
Corporate Actions
such as Stock Splits,
Dividend, Rights Issue,
Buy Back, Bonus
issues etc., for
computation of NAV /
Portfolio valuation
58 Functional - Ability to have
Overall Segregation of
Shareholders &
Policyholders' funds
59 Ability to maintain
Fund wise
60 Functional - The Systems to have
Overall the capability of
providing alerts on
transaction to
transaction basis, its
"current" level of
exposure BEFORE
taking further
169
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
exposure.
61 Functional - Investment valuation
Overall methodology as per
IRDA circular for
different asset
categories
62 Functional - Investment Category
Overall Handling for different
categories
63 Functional - NAV Error handling
Overall
64 Functional - IRDA forms to be
Overall directly generated from
the system
65 Functional - Capability to compute
Overall Yield on investment for
quarter / yearly basis
66 Functional - NPA computation and
Overall classification
67 Security Access to information
Issues - system should be only
Application via a secure log-on
security process.
controls
68 ULIP `Deal Slip' to be
Business identified with
reference to the
`segregated fund'
along with `Segregated
Fund Identification
Number "SFIN" for
such Segregated
Fund(s) and the
respective `sub-code'
170
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
of Custodian and the
respective Bank
Account
69 ULIP Every Purchase, Sale
Business of Investment, Income
on Investment
(including Corporate
Action) shall be
identified with
reference to the
particular `Segregated
Fund'
70 ULIP Daily Report of
Business `Subscription &
Redemptions' received
from the Policy Admin
System (PAS) to be
uploaded [without
manual intervention
through process
integration] in the
Investment Accounting
System
71 ULIP Units created on a
Business 'day-to-day' basis
(including switches),
shall be backed by
'segregated fund wise'
Investment assets. In
other words, the value
/ amount for which
Units are created for
the particular day (at
the prevailing NAV,
applicable for the day,
171
Technical Guide
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
of the respective fund),
should be equivalent
to the premium receipt
(net of switches) less
applicable charges and
other outflows such as
benefits paid,
surrenders and
foreclosures in
excluding applicable
charges of the
'respective segregated
fund'.
72 ULIP All Debt securities as
Business categorized shall be
executed with
counterparties and
reported on NSE / BSE
/ FIMMDA reporting
platform and the same
shall be confirmed with
counterparties.
The deals to be
authorized in the
investment system and
the trade files /
information shall be
sent to custodian /
other online settlement
systems as recognized
by any financial
regulator for
settlement
73 ULIP All Secondary Market
Business equity deals shall be
put through the STP
172
Application Controls Checklist
S. Area or Sub IRDA Requirement Auditor's Observation
No. Area (Extracted from its Yes- No Comments
Circulars) (refer Complies
columns 2 and 3) with the
regulation
module in the
investment system.
74 All Equity deals should
be through STP
gateway for all broker
transactions.
75 ULIP The insurer to
Business configure their
Investment System for
details of interest
receivable and
redemption dates.
76 ULIP Accounting of coupon
Business payments,
redemption/maturities
for debt investments
shall be automatically
triggered by the
system, based on the
interest payment dates
and maturity dates
defined in the security
masters created for
'each' security.
77 ULIP Investment Front
Business Office system should
close for transactions
at 6.00 PM.
78 ULIP The Investment Trial
Business Balance, in respect of
each `Segregated
Fund' with clear link to
SFI + is generated
through the system.
173
APPENDICES
Appendix `A'
INSURANCE REGULATORY AND DEVELOPMENT AUTHORITY
NOTIFICATION
Hyderabad, the 16th February, 2013
Insurance Regulatory and Development Authority
(Investment) (Fifth Amendment) Regulations, 2013
F. No. IRDA/Reg./16/74/2013 In exercise of the powers conferred by
Sections 27A, 27B, 27D and 114A of the Insurance Act, 1938 (4 of 1938), the
Authority, in consultation with the Insurance Advisory Committee, hereby
makes the following regulations to further amend the Insurance Regulatory
and Development Authority (Investment) Regulations, 2000, notified on 16th
August, 2000 in the Gazette of India and amended on 31st May 2001 in the
Gazette of India, further amended on 2nd April, 2002 in the Gazette of India
and further amended on 5th January 2004 and further amended on 31st Jul,
2008 and further amended on 8th Feb, 2013 namely:-
1. Short title and commencement:
1. (1) These regulations may be called the Insurance Regulatory and
Development Authority (Investment) (Fifth Amendment)
Regulations, 2013
(2) They shall come into force on the date of their publication in the
Official Gazette
2. Amendment to Regulation 2:
Regulation 2 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000 shall be substituted with the following:-
"Definitions
2. In these regulations, unless the context otherwise requires,--
(a) "Act" means the Insurance Act, 1938 (4 of 1938)
(b) "Accretion of funds" means investment income, gains on
sale/redemption of existing investment and operating surplus
Technical Guide
(c) "Accounting Standard" (AS) means: Accounting Standard as
recommended by the Institute of Chartered Accountants of India and notified
by the Central Government under the Companies Act, 1956 or any
successor enactment thereunder
(d) "Authority" means the Insurance Regulatory and Development
Authority established under sub-section (1) of section 3 of the Insurance
Regulatory and Development Authority Act, 1999 (41 of 1999)
(e) "Financial Derivatives" means a derivative as defined under clause
(aa) of section 2 of the Securities Contracts (Regulation) Act, 1956, and
includes a contract which derives its value from interest rates of underlying
debt securities and such other derivative contracts as may be stipulated by
the Authority, from time to time
(f) "Group" means: two or more individuals, association of individuals,
firms, trusts, trustees or bodies corporate, or any combination thereof, which
exercises, or is established to be in a position to exercise, significant
influence and / or control, use of common brand names, directly or indirectly,
over any associate as defined in AS 23, body corporate, firm or trust, or (ii)
Associated persons, as may be stipulated by the Authority, from time to time,
by issuance of guidelines under these regulations.
(g) "Investment Assets" mean all investments made out of:
(1) in the case of a Life Insurer
(a) shareholders' funds representing solvency margin, non-
unit reserves of unit linked insurance business,
participating and non-participating funds of policyholders
at their carrying value
(b) policyholders' funds of Pension, Annuity business and
Group business at their carrying value
(c) policyholders' unit reserves of unit linked insurance
business at their market value as per guidelines issued
under these regulations, from time to time
(2) in the case of a General Insurer
(a) shareholders' funds representing solvency margin and
policyholders funds at their carrying value
178
Appendix `A'
as shown in its balance sheet drawn as per the Insurance Regulatory and
Development Authority (Preparation of Financial Statements and Auditors'
Report of Insurance Companies) Regulations, 2000, but excluding items
under the head `Miscellaneous Expenditure'
(h) Money Market Instruments
Money Market Instruments shall comprise of Short term funds with maturity
not more than one year comprising of the following instruments:
1. Certificate of deposit rated by a credit rating agency registered under
SEBI (Credit Rating Agencies) Regulations, 1999
2. Commercial paper rated by a credit rating agency registered under
SEBI (Credit Rating Agencies) Regulations, 1999
3. Repos, Reverse Repo
4. Treasury Bills
5. Call, Notice, Term Money
6. CBLO as per Schedules I and II of these Regulations.
7. Any other instrument as may be prescribed by the Authority
(i) "Promoter" means a promoter as defined under Regulation 2 (m) of
IRDA (Issuance of Capital by Life Insurance Companies) Regulations, 2011
(j) "Principal Officer" means any person connected with the
management of an insurer or any other person upon whom the Authority has
served notice of its intention of treating him as the principal officer thereof.
(k) All words and expressions used herein and not defined but defined in
the Insurance Act, 1938 (4 of 1938), or in the Insurance Regulatory and
Development Act, 1999 (41 of 1999), or in any Rules or Regulations made
thereunder, shall have the meanings respectively assigned to them in those
Acts or Rules or Regulations"
3. Amendment of Regulation 3:
Regulation 3 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000 shall be substituted with the following:-
179
Technical Guide
"Regulation of Investments
3. A life insurer, for the purpose of these Regulations, shall invest and at
all times keep invested, the Investment Assets forming part of the Controlled
Fund as defined in Section 27A of the Act as under:
(a) all funds of Life insurance business and One Year Renewable pure
Group Term Assurance Business (OYRGTA), and non-unit reserves of
all categories of Unit linked life insurance business, as per Regulation 4
(b) all funds of Pension, Annuity and Group Business [as defined under
Regulation 2 (d) of IRDA (Actuarial Report and Abstract) Regulations,
2000] as per Regulation 5; and
(c) the unit reserves portion of all categories of Unit linked funds, as per
Regulation 6"
4. Insert New Regulation 4:
Insert the following New Regulation 4 to the Insurance Regulatory and
Development Authority (Investment) Regulations, 2000:-
"4. Without prejudice to Sections 27 or 27A of the Act, every insurer
carrying on the business of Life Insurance, shall invest and at all times keep
invested his Investment Assets as defined in Regulation 3 (a) (other than
funds relating to Pension & General Annuity and Group Business and unit
reserves of all categories of Unit Linked Business) in the following manner:
No Type of Investment Percentage to
funds as under
Regulation 3(a)
(i) Central Government Securities Not less than
25%
(ii) Central Government Securities, State Not less than
Government Securities or Other Approved 50% (incl (i)
Securities above)
(iii) Approved Investments as specified in Section Not exceeding
27A of the Act and Other Investments as 50%
specified in Section 27A(2) of the Act and
Schedule I to these Regulations, (all taken
together) subject to Exposure / Prudential Norms
as specified in Regulation 9:
180
Appendix `A'
No Type of Investment Percentage to
funds as under
Regulation 3(a)
(iv) Other Investments as specified under Section Not exceeding
27A (2) of the Act, subject to Exposure / 15%
Prudential Norms as specified in Regulation 9:
(v) Investment in housing and infrastructure by way
of subscription or purchase of:
A. Investment in Housing Total Investment
(a) Bonds / debentures of HUDCO and National in housing and
Housing Bank infrastructure
(b) Bonds / debentures of Housing Finance (i.e.,) investment
Companies either duly accredited by in categories (i),
National Housing Banks, for house building (ii), (iii) and (iv)
activities, or duly guaranteed by above taken
Government or carrying current rating of not together shall not
less than `AA' by a credit rating agency be less than 15%
registered under SEBI (Credit Rating of the fund under
Agencies) Regulations, 1999 Regulation 3(a)
(c) Asset Backed Securities with underlying
housing loans, satisfying the norms
specified in the guidelines issued under
these regulations from time to time.
B. Investment in Infrastructure
(Explanation: Subscription or purchase of Bonds /
Debentures, Equity and Asset Backed Securities
with underlying infrastructure assets would qualify
for the purpose of this requirement.
`Infrastructure facility' shall have the meaning as
given in clause (h) of regulation 2 of Insurance
Regulatory and Development Authority
(Registration of Indian Insurance Companies)
Amendment Regulations, 2008 as amended from
time to time
Note: Investments made under category (i) and
(ii) above may be considered as
investment in housing and infrastructure,
181
Technical Guide
No Type of Investment Percentage to
funds as under
Regulation 3(a)
provided the respective government
issues such a security specifically to meet
the needs of any of the sectors specified
as `infrastructure facility'
5. Insert New Regulation 5:
Insert the following New Regulation 5 to the Insurance Regulatory and
Development Authority (Investment) Regulations, 2000:-
"5. Without prejudice to Sections 27 or 27A of the Act, every insurer carrying
on Pension, Annuity and Group Business [as defined under Regulation 2 (d)
of IRDA (Actuarial Report and Abstract) Regulations, 2000] shall invest and
at all times keep invested his Investment Assets of Pension, Annuity and
Group business in the following manner:
No Type of Investment Percentage to
funds under
Regulation 3(b)
(i) Central Government Securities Not less than 20%
(ii) Central Government Securities, State Government Not less than 40%
Securities or Other Approved Securities (incl (i) above)
(iii)Balance to be invested in Approved Investments, Not exceeding
as specified in Schedule I, subject to Exposure / 60%
Prudential norms as specified in Regulation 9.
Note: For the purposes of this regulation no investment falling under `Other
Investments' as specified under 27A (2) of the Act shall be made"
6. Insert New Regulation 6:
Insert the following New Regulation 6 to the Insurance Regulatory and
Development Authority (Investment) Regulations, 2000:-
"6. Unit Linked Insurance Business: - Every insurer shall invest and at all
times keep invested his segregated fund(s) under Regulation 3(c) (with
underlying securities at custodian level) of Unit linked business as per
pattern of investment offered to and approved by the policy-holders where
the units are linked to categories of assets which are both marketable and
182
Appendix `A'
easily realizable. However the investment in Approved Investments shall not
be less than 75% of such fund(s) in each such segregated fund"
7. Amendment to Regulation 4:
Regulation 4 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000, shall be substituted with the following:-
"Regulation of Investments
7. General Insurance Business without prejudice section 27B of the
Act, every General insurer (including Health insurer) shall invest and at
all times keep invested his investment assets in the manner set out
below:
No Type of Investment Percentage of
Investment
Assets
(i) Central Government Securities Not less than
20%
(ii) Central Government Securities, State Government Not less than
Securities or Other Approved Securities 30%
(incl (i) above)
(iii) Approved Investments as specified in Section 27B Not exceeding
of the Act and Other Investment as specified in 70%
Section 27B(3) of the Act and Schedule II to these
Regulations, (all taken together) subject to
Exposure / Prudential Norms as specified in
Regulation 9:
(iv) Other investments as specified under Section 27B Not more than
(3) of the Act, subject to Exposure / Prudential 25%
Norms as specified in Regulation 9:
(v) Housing and loans to State Government for Total Investment
Housing and Fire Fighting equipment, by way of in housing (i.e.,)
subscription or purchase of: investment in
A. Investments in Housing categories (i), (ii),
(a) Bonds / Debentures issued by HUDCO, (iii) and (iv)
National Housing Bank above taken
(b) Bonds / debentures of Housing Finance together shall not
Companies either duly accredited by National be less than 5%
183
Technical Guide
No Type of Investment Percentage of
Investment
Assets
Housing Banks, for house building activities, of the Investment
or duly guaranteed by Government or carrying Assets.
current rating of not less than `AA' by a credit
rating agency registered under SEBI (Credit
Rating Agencies) Regulations, 1999
(c) Asset Backed Securities with underlying
Housing loans, satisfying the norms specified
in the Guidelines issued under these
regulations from time to time.
B. Investment in Infrastructure
Total Investment
(Explanation: Subscription or purchase of Bonds/ in Infrastructure
Debentures, Equity and Asset Backed Securities (i.e.,) investment
with underlying infrastructure assets would qualify in categories (i),
for the purpose of this requirement. (ii), (iii) and (iv)
`Infrastructure facility' shall have the meaning as above taken
given in clause (h) of regulation 2 of Insurance together shall not
Regulatory and Development Authority be less than 10%
(Registration of Indian Insurance Companies) of the Investment
(Amendment) Regulations, 2008 as amended from Assets.
time to time.
Note: Investments made under category (i) and
(ii) above may be considered as investment
in housing or infrastructure, as the case
may be, provided the respective
government issues such a security
specifically to meet the needs of any of the
sectors specified as `infrastructure facility'
8. Insert New Regulation 8:
Insert the following New Regulation 8 to the Insurance Regulatory and
Development Authority (Investment) Regulations, 2000:-
184
Appendix `A'
8. Reinsurance Business Every re-insurer carrying on re-insurance
business in India shall invest and at all times keep invested his investment
assets in the same manner as set out in Regulation 7
9. Amendment of Note appended at the end of Regulation 4:
Note appended at the end of Regulation 4 of the Insurance Regulatory and
Development Authority (Investment) Regulations, 2000, shall be substituted
with the following:-
"Note For the purpose of Regulations 3 to 8:
1. All investment in assets or instruments, which are capable of being
rated as per market practice, shall be made on the basis of credit
rating of such assets or instruments. No approved investment shall be
made in instruments, if such instruments are capable of being rated,
but are not rated.
2. The rating should be done by a credit rating agency registered under
SEBI (Credit Rating Agencies) Regulations, 199.
3. Corporate bonds or debentures rated not less than AA or its equivalent
and P1 or equivalent ratings for short term bonds, debentures,
certificate of deposit and commercial paper, by a credit rating agency,
registered under SEBI (Credit Rating Agencies) Regulations, 1999
would be considered as `Approved Investments'.
4. The rating of a debt instrument issued by All India Financial
Institutions recognized as such by RBI shall be of `AA' or equivalent
rating. In case investments of this grade are not available to meet the
requirements of the investing insurance company, and Investment
Committee of the investing insurance company is fully satisfied about
the same, then, for the reasons to be recorded in the Investment
Committee's minutes, the Investment Committee may approve
investments in instruments carrying current rating of not less than `A+'
or equivalent as rated by a credit rating agency, registered under SEBI
(Credit Rating Agencies) Regulations, 1999, would be considered as
`Approved Investments'.
5. Approved Investments under regulations 4, 5, 6, 7 and 8 which are
downgraded below the minimum rating prescribed should be
automatically re-classified under `Other Investments' category for the
purpose of pattern of investment.
185
Technical Guide
6. Investments in equity shares listed on a registered stock exchange
should be made in actively traded and liquid instruments viz., equity
shares other than those defined as thinly traded as per SEBI
Regulations and guidelines governing mutual funds issued by SEBI
from time to time.
7 (a) Not less than 75% of investment in debt instruments (including
Central Government Securities, State Government Securities or
Other Approved Securities) in the case life insurer and not less
than 65% of investment in debt instruments (including Central
Government Securities, State Government Securities or Other
Approved Securities) in the case of general insurer - shall be in
sovereign debt, AAA or equivalent rating for long term and
sovereign debt, P1+ or equivalent for short term instruments.
This shall apply at segregated fund(s) in case of Unit linked
business.
(b) Not more than 5% of funds under Regulation 3 (a) and
Regulation 3 (c) in debt instruments (including Central
Government Securities, State Government Securities or Other
Approved Securities) in the case of life insurer and not more than
8% of investment in debt instruments (including Central
Government Securities, State Government Securities or Other
Approved Securities) in the case of general insurer shall have a
rating of A or below or equivalent rating for long term.
(c) No investment can be made in other investments out of funds
under Regulation 3 (b).
(d) Investments in debt instruments rated AA - (AA minus) or below
shall form part of Other Investments.
8 Notwithstanding the above, it is emphasized that rating should not
replace appropriate risk analysis and management on the part of the
Insurer. The Insurer should conduct risk analysis commensurate with
the complexity of the product(s) and the materiality of their holding, or
could also refrain from such investments.
10. Amendment of Regulation 5:
Regulation 5 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000, shall be substituted with the following:-
186
Appendix `A'
9. Exposure / Prudential Norms
Without prejudice to anything contained in Sections 27A and 27B of the Act
every insurer shall limit his investment as per the following exposure norms:
A. Exposure norms for investment assets of:
1. (a) all funds of Life insurance business and One Year Renewable
pure Group Term Assurance Business (OYRGTA), and non-unit
reserves of all categories of Unit linked life insurance business.
(b) all funds of Pension, Annuity and Group Business [as defined
under Regulation 2 (d) of IRDA (Actuarial Report and Abstract)
Regulations, 2000].
(c) the unit reserves portion of all categories of Unit linked funds, as
per Regulation 6" Life, Pension, Annuity and Group business
and each segregated fund within Unit Linked Insurance
business (except for promoter group exposure).
2. General Insurance business,
3. Re-insurance Business
for both Approved Investments as per the Act, Schedule I and Schedule II of
these Regulations, and Other Investments as permitted under 27A(2) and
27B(3) of the Act shall be as under.
B. The maximum exposure limit for a single `investee' company (equity,
debt and other investments taken together) from all investment assets under
point (A.1.a, A.1.b, A.1.c all taken together), (A.2) and (A.3) mentioned
above, shall not exceed the lower of the following;
(i) an amount of 10% of investment assets as under Regulation 2 (g) (1),
Regulation 2 (g) (2)
(ii) an aggregate of amount calculated under point (a) and (b) of the
following table
187
Technical Guide
Type of Limit for Limit for the Limit for Industry
Investment `Investee' entire Group Sector to which
Company of the Investee
Investee Company
(1) (2) Company belongs
(3) (4)
a. Investment in 10% * of Not more than Investment by the
`Equity', Outstanding 15% of the insurer in any
Preference Equity Shares amount under industrial sector
Shares, (Face Value) point A.1.(a) or should not exceed
Convertible or A.1.(b) or 15% of the amount
Debentures 10% of the A.1.(c) or A.2 under point A.1.(a)
amount under or A.3 or 15% or A.1.(b) or
point A.1.(a) or of investment A.1.(c) or A.2 or
A.1.(b) or Assets in all A.3 or or 15% of
A.1.(c) above companies investment Asset,
considered belonging to whichever is lower
separately in the group,
the case of Life whichever isNote: Industrial
insurers / lower Sector shall be
amount under classified in the
A.2 or A.3 in Exposure to lines of National
the case of Investments Industrial
General Insurer made in Classification (All
/ Re-insurer companies Economic
belonging to Activities) - 2008
whichever is Promoter [NIC] for all
lower Group shall be sectors, except
b. Investment in 10% * of the made as per infrastructure
Debt / Loans Paid-up Share Point 7 under sector. Exposure
and any other capital, Free notes to shall be calculated
permitted reserves Regulation 9 at Division level
Investments as (excluding from A to R. For
per Act / revaluation Financial and
Regulation reserve) and Insurance
other than item Debentures / Activities sector
`a' above. Bonds of the exposure shall be
188
Appendix `A'
Type of Limit for Limit for the Limit for Industry
Investment `Investee' entire Group Sector to which
Company of the Investee
Investee Company
(1) (2) Company belongs
(3) (4)
`Investee' at Section level.
company
or Exposure to
10% amount `infrastructure'
under point investments are
A.1.(a) or subject to Note: 1,
A.1.(b) or 2, 3 and 4
A.1.(c) above mentioned below
considered
separately in
the case of Life
insurers. An
amount under
A.2 or A.3 in
the case of
General Insurer
/ Re-insurer
whichever is
lower.
* In the case of insurers having investment assets within the meaning of
Regulation 2 (g) (1) and Regulation 2 (g) (2) of the under mentioned size, the
(*) marked limit in the above table for investment in equity, preference
shares, convertible debentures, debt, loans or any other permitted
investment under the Act / Regulations, shall stand substituted as under:
Investment assets Limit for `investee' company
Equity Debt
Rs 250000 Crores or 15% of outstanding 15% of paid up share
more equity shares (face capital, free reserves
value) (excluding revaluation
reserve) & debentures /
189
Technical Guide
Investment assets Limit for `investee' company
Equity Debt
bonds
Rs. 50000 Crores 12% of outstanding 12% of paid up share
but less than Rs. equity shares (face capital, free reserves
250000 Crores value) (excluding revaluation
reserve) & debentures /
bonds
Less than Rs. 50000 10% of outstanding 10% of paid up share
Crores equity shares (face capital, free reserves
value) (excluding revaluation
reserve) & debentures /
bonds
Note:
1 Industry sector norms shall not apply for investments made in
`Infrastructure facility' sector as defined under Regulation 2(h) of IRDA
(Registration of Indian Insurance Companies) Regulations, 2000 as
amended from time to time. NIC classification shall not apply to
investments made in `Infrastructure facility'
2 Investments in Infrastructure Debt Fund (IDF), backed by Central
Government as approved by the Authority, on a case to case basis
shall be reckoned for investments in Infrastructure.
3 Exposure to a public limited `Infrastructure investee company' will be
20% of outstanding equity shares (face value) in case of equity (or)
20% of equity plus free reserves (excluding revaluation reserve) plus
debentures / bonds taken together, in the case of debt (or) amount
under Regulation 9 (B) (i), whichever is lower. The 20% mentioned
above, can be further increased by an additional 5%, in case of debt
instruments alone, with the prior approval of Board of Directors. The
outstanding tenure of debt instruments, beyond the exposure
prescribed in the above table, in an infrastructure Investee Company,
should not be less than 5 years at the time of investment. In case of
Equity investment, dividend track record as per Sec 27A (I) (I) and
27B (I) (h) of the Act, in the case of primary issuance of a wholly
owned subsidiary of a Corporate / PSU shall apply to the holding
190
Appendix `A'
company. However all investments made in an `infrastructure investee
company' shall be subject to group / promoter group exposure norms.
4 An insurer can, at the time of investing, subject to group / promoter
group exposure norms, invest a maximum of 20% of the project cost
(as decided by a competent body) of an Public Limited Special
Purpose Vehicle (SPV) engaged in infrastructure sector (or) amount
under Regulation 9 (B) (i), whichever is lower, as a part of Approved
Investments provided:
a. such investment is in Debt
b. the parent company guarantees the entire debt extended and the
interest payment of SPV
c. the principal or interest, if in default and if not paid within 90 days
of the due date, such debt shall be classified under other
investments.
d. the latest instrument of the parent company (ies) has (have)
rating of not less than AA
e. such guarantee of the parent company (ies) should not exceed
20% of net worth of parent company (ies) including the existing
guarantees, if any, given
f. the net worth of the parent company (ies), if unlisted, shall not be
less than Rs. 500 crores or where the parent company (ies) is
listed on stock exchanges having nationwide terminals, the net
worth shall not be less than Rs. 250 Crores
Investment Committee should continuously evaluate the risk of such
investments and take necessary corrective actions where the parent
company (ies) is floating more than one SPV
5 Investment in securitized assets [Mortgaged Backed Securities (MBS)
/ Asset Backed Securities (ABS) / Security Receipts (SR) both under
approved and other investment category shall not exceed 10% of
Investment Assets in case of Life companies and 5% of Investment
Asset in the case of Non-life companies. Approved Investment in MBS
/ ABS with underlying Housing or Infrastructure Assets shall not
exceed 10% of investment assets in the case of life companies and
not more than 5% of investment assets in the case of non-life
191
Technical Guide
companies. Any MBS / ABS with underlying housing or infrastructure
assets, if downgraded below AAA or equivalent, shall be reclassified
as Other Investments.
6 Investment in immovable property covered under Section 27A (I) (n) of
the Act shall not exceed, at the time of investment, 5% of (a)
Investment Assets in the case of general insurer and (b) 5% of
Investment Assets of funds relating to life funds, pension, annuity and
group funds in the case of life insurer
7 Subject to exposure limits mentioned in the table above, an insurer
shall not have investments of more than 5% in aggregate of its total
investments in all companies belonging to the promoters' groups.
Investment made in all companies belonging to the promoters' group
shall not be made by way of private placement (equity) or in unlisted
instruments (equity, debt, certificate of deposits and fixed deposits
(without prejudice to Section 27A (9) and Section 27B (10) of the Act)
held in a Scheduled Commercial Bank), except for companies formed
by Insurers under Sec 27A (4) or Sec 27B (5) of the Act.
8 The exposure limit for financial and insurance activities (as per Section
K of NIC classification 2008) shall stand at 25% of investment assets
for all insurers.
9 Investment in fixed deposit and certificate of deposit of a Scheduled
Bank shall be made in terms of the provisions of Section 27A (9) and
Section 27B (10) of the Act. Such investments would not be deemed
as exposure to financial and insurance activities (as per Section K of
NIC classification - 2008).
7. Amendment of Regulation 6:
Regulation 6 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000, shall be substituted with the following:-
"10. Returns to be submitted by an Insurer
Every insurer shall submit to the Authority the following returns within such
time, at such intervals duly verified/certified in the manner as indicated there
against.
192
No Form Description Periodicity Time limit Verified /
of Return for Certified by
submission
1 Form Statement of Quarterly Within 30 Principal Officer /
1 Investment and days of the Chief of
Income on end of the (Investments)/
Investment Quarter Chief of
(Finance)
2 Form Statement of Quarterly Within 30 Principal Officer /
2 Downgraded days of the Chief of
(Part Investments, end of the (Investments)/
A, B) Details of Rated Quarter Chief of
Instruments (Finance)
3 Form Statement of Quarterly Within 30 Principal Officer /
3A Investments days of the Chief of
(Part Assets (Life end of the (Investments)/Chi
A, B, Insurers) Quarter ef of (Finance)
C,
D,E)
4 Form Statement of Quarterly Within 30 Principal Officer /
3B Investment days of the Chief of
(Part Assets (General end of the (Investments)/
A, B) Insurance & Re- Quarter Chief of
insurer) (Finance)
5 Form Exposure / Quarterly Within 30 Principal Officer,
4 Prudential and days of the Chief of
(Part other Investment end of the (Investments),
A) Norms Quarter Chief of
Compliance (Finance)
Certificate
6 Form Internal / Quarterly Within 30 Internal /
4 Concurrent days of the Concurrent
(Part Auditor's end of the Auditor appointed
B) Certificate on Quarter under this
Investment Risk regulation
Management
Technical Guide
No Form Description Periodicity Time limit Verified /
of Return for Certified by
submission
Systems -
Implementation
Status
7 Form Statement of Quarterly Within 30 Principal Officer /
4A Investment days of the Chief of
(Part Subject to end of the (Investments)/
A, B, Exposure Norms Quarter Chief of
C) Investee (Finance)
Company,
Group, Promoter
Group, Industry
Sector
8 Form Statement of Quarterly Within 30 Principal Officer /
5 Investment days of the Chief of
Reconciliation end of the (Investments)/
Quarter Chief of
(Finance)
9 Form Statement of Quarterly Within 30 Principal Officer /
5A Investment in days of the Chief of
Mutual Funds end of the (Investments)/
Quarter Chief of
(Finance)
10 Form Certificate under Quarterly Within 30 Chairman,
6 sections 28 (2A), days of the Director 1,
28 (2B) and 28B end of the Director 2,
(3) of the Quarter Principal Officer
Insurance Act,
1938
11 Form Statement of Quarterly Within 30 Principal Officer /
7 Non-Performing days of the Chief of
Assets end of the (Investments)/
Quarter Chief of
(Finance)
194
Appendix `A'
Note:
1. The Internal / Concurrent Audit Report of the previous quarter with
comments of Audit Committee of the Board, on `very serious', `serious'
points (as per the Technical Guide on Internal / Concurrent Audit of
Investment functions of Insurance Companies, issued by the Institute
of Chartered Accountants of India) in the report, and status of
implementation of Audit committee recommendation shall be filed with
the Authority along with current quarter returns
2. All returns for the quarter ending March shall be filed within the period
stipulated above based on provisional figures and later re-submitted
with Audited figures within 15 days of adoption of accounts by the
Board of Directors.
8. Amendment of Regulation 7:
Regulation 7 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000, shall be substituted with the following:-
11. Power to call for additional information.
The authority may, by general or special order, require from the insurers
such other information in such manner, intervals and time limit as may be
specified therein.
9. Amendment of Regulation 8:
Regulation 8 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000, shall be substituted with the following:-
12. Duty to Report extraordinary events affecting the investment
portfolio.
Every insurer shall report to the Authority forthwith, the effect or the probable
effect of any event coming to his knowledge, which could have material
adverse impact on the investment portfolio and consequently on the security
of policy-holder benefits or expectations.
10. Amendment of Regulation 9:
Regulation 9 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000, shall be substituted with the following:-
"13. Provisions on Investment Management
195
Technical Guide
A. Constitution of Investment Committee
1. Every insurer shall constitute an Investment Committee which shall
consist of a minimum of two non-executive directors of the Insurer, the
Chief Executive Officer, Chief of Finance, Chief of Investment division,
and wherever an appointed actuary is employed, the Appointed
Actuary. The decisions taken by the Investment Committee shall be
recorded and be open to inspection by the officers of the Authority.
B. Investment Policy
1. Every Insurer shall draw up, an Investment Policy (fund wise IP in the
case of Unit Linked Insurance Business) and place the same before its
Board of Directors for its approval and its annual review.
2. Every insurer shall have a model code of conduct to prevent insider /
personal trading of Officers involved in various levels of Investment
Operations in compliance with SEBI (Prohibition of Insider Trading)
Regulation, 1992 as amended from time to time and place the same
before its Board of Directors for its approval.
3. While framing the Investment Policy, the Board shall ensure
compliance with the following:
(i) Issues relating to liquidity, prudential norms, exposure limits, stop
loss limits including securities trading, management of all
investment risks, management of assets liabilities mismatch,
Scope of Internal or Concurrent audit of Investments and
investment statistics and all other internal controls of investment
operations, the provisions of the Insurance Act, 1938 and
Insurance Regulatory and Development Authority (Investment)
Regulations, 2000, Guidelines and Circulars made there under.
(ii) Ensuring adequate return on policyholders and shareholders'
funds consistent with the protection, safety and liquidity of such
fund(s).
4. The investment policy of both Life and Non-Life insurers, as approved
by the Board shall be implemented by the investment committee. The
Board shall review on a quarterly basis the monitoring of fund wise
and product wise performance.
196
Appendix `A'
5. The Board shall review the investment policy and its implementation
on a half-yearly basis or at such short intervals as it may decide and
make such modification to the investment policy as is necessary to
bring it in line with the investment provisions laid down in the Act and
Regulations made there under, keeping in mind protection of
policyholders' interest and pattern of investment laid down in these
regulations or in terms of the agreement entered into with the
policyholders in the case of unit linked insurance business.
C. Investment Operations
1. The funds of the insurer shall be invested and continued to be
invested in equity shares, equity related instruments and debt
instruments rated as per Note below Regulations 3 to 8 by a credit
rating agency, registered under SEBI (Credit Rating Agencies)
Regulations, 1999. The Board shall lay down clear norms for investing
in `Other Investments' as specified under sections 27A(2) and 27B(3)
of the Insurance Act, 1938 by the investment committee, taking into
account the safety and liquidity of the policyholders' funds and
protection of their interest.
2. As required under Chapter II, Regulation 7 (c) of IRDA (Registration of
Indian Insurance Companies) Regulations, 2000, to ensure proper
internal control of investment functions and operations the insurer shall
clearly segregate the functions and operations of front, mid and back
office (as provided in the Technical Guide on Internal / Concurrent
Audit of Investment functions of Insurance Companies issued by the
Institute of Chartered Accountants of India) and no function falling
under Front, Mid and Back Office Investment function(s), shall be
outsourced. Also, the primary data server of the computer application
used for investment management shall remain within the country.
D. Processing of Unit Linked Business Applications and Declaration
of NAV
1. All applications received for premium payment, switches, redemption,
surrender, maturity claim etc., should be time stamped and dated.
2. Applications for "premium payment"
a. for applications received, with local cheques, cash or demand
draft payable at par at the place where the premium is received,
197
Technical Guide
before cut-off time (3.00 pm) on a business day, the applicable
NAV would be the closing NAV of the same day.
b. for applications received, along with local cheques, cash or
demand draft payable at par at the place where the premium is
received, after cut-off time (3.00 pm) on a business day, the
applicable NAV would be the closing NAV of the next business
day.
c. for premiums received with an outstation cheque or demand
draft, the closing NAV of the day on which the cheque / Demand
Draft is realized shall be applied.
3. Applications for "other than" premium payment
a. for applications received before the cut-off time (3.00 pm) on a
business day, the applicable NAV would be the closing NAV of
the same day.
b. for applications received, after the cut-off time (3.00 pm) on a
business day, the applicable NAV would be the closing NAV of
the next business day.
4. Daily disclosure / reconciliation of Product and Fund information
a. Every insurer doing Unit linked business shall reconcile, through
the system, the premium received (net of charges and benefits
paid) under each product (Unique Identification Number UIN)
with value of all the segregated fund(s) (Segregated Fund
Identification Number SFIN) net of fund management charges,
held under a single UIN, on a day to day basis.
b. The insurer shall disclose UIN wise reconciliation (as in point `a'
above) and the value of policy wise units held by policyholder on
the insurers website and fund wise NAV (SFIN wise) on both the
Insurer's website and life council website on the same day.
c. The internal / concurrent Auditor shall report on the automated
system and process to handle the UIN wise reconciliation (as in
point `a' above) and value of policy wise units held by
policyholder and fund wise NAV, on a quarterly basis
5. Applicable NAV for the applications received on the last business
day of the Financial Year
198
Appendix `A'
a. for applications received on the last business day of the
financial year UP TO 3.00 pm shall be processed with NAV of
the last business day (irrespective if the payment instrument is
local or outstation)
b. for applications received AFTER 3.00 pm on the last business
day, the same shall fall into the next Financial Year and NAV of
the immediate next business day would be applicable.
c. The insurer shall declare NAV for the last business day of a
Financial Year, even if it is a non business day.
6. For allotment of units, the applicable NAV shall be as per the date of
commencement of policy for new policy contracts and date of receipt
of premium for renewals.
7. All Insurers shall file a certificate, issued by Internal / Concurrent
Auditor for compliance of each of the directions issued at point 5
above, regarding the applicable NAV for applications received on the
last business day. The Statutory Auditors shall also confirm the same
in the Annual Accounts.
Note:
Business day shall mean days other than holidays where stock exchanges
with national wide terminals are open for trade (other than day on which
exchanges are open for testing) or any day declared by the Authority as
business day.
E. Risk Management Systems and its Review
1. The Board shall implement the Investment Risk Management Systems
and Process, mandated by the Authority. The implementation shall be
certified by a Chartered Accountant firm, as per the procedure laid
down in the "Technical Guide on Review and Certification of
Investment Risk Management Systems and Process of Insurance
Companies", issued by the Institute of Chartered Accountants of India,
as amended from time to time.
2. The Investment Risk Management Systems and Process shall be
reviewed at the beginning of every second financial year or such
shorter frequency as decided by the Board of the Insurer, by a
Chartered Accountant firm and file the certificate issued by such
199
Technical Guide
Chartered Accountant, with the Authority along with the first quarter
returns.
3. The appointment of Chartered Accountant firm to certify
implementation and review of Investment Risk Management Systems
and Process shall be as per the circular issued under these
regulations.
F. Audit and Reporting to Management
1. Every Insurer shall constitute an Audit Committee of the Board. The
Audit Committee shall be headed by a Chartered Accountant, if he is a
member in the Board of the Insurer.
2. The Insurer shall have the investment transactions covering both
Shareholders and Policyholders funds be audited through Internal or
Concurrent Auditor as per the circular issued under this regulation.
3. The quarterly internal / concurrent audit report, covering investments
of both shareholders as well as policyholders, shall be as per the
"Technical Guide on Internal / Concurrent Audit of Investment
functions of Insurance Companies" issued by the Institute of Chartered
Accountants of India, as amended from time to time.
4. The Details of Investment Policy, implementation status of Investment
Risk Management Systems and Process or its review shall be made
available to the internal or concurrent auditor. The auditor shall
comment on such review and its impact on the investment operations,
systems and process in their report to be placed before the Board's
Audit Committee.
G. Category of Investments
1. Every Insurer shall invest all his fund(s) only within the exhaustive
category of investments listed in the guidelines issued by the
Authority, as amended from time to time.
H. Others
1. The Authority may call for further information from time to time from
the insurer as it deems necessary and in the interest of policyholders
and issue such directions to the insurers as it thinks fit.
200
Appendix `A'
11. Amendment of Regulation 10:
Regulation 10 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000, shall be substituted with the following:-
14. Miscellaneous.
1. Accounting of Investments shall be as per the Insurance Regulatory
and Development Authority (Preparation of Financial Statements and
Auditor's Report of Insurance Companies) Regulations, 2000 and
Valuation of Assets shall be as per guidelines issued under these
regulations from time to time.
2. The Authority may, by any general or special order, modify or change
the application of sub-regulations (3), (4), (5), (6), (7), (8), (9) and (10)
to any insurer either on its own or on an application made to it.
12. Amendment of Regulation 11:
Regulation 11 of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000, shall be substituted with the following:-
"15. Dealing in Financial Derivatives
1. Every Insurer carrying on the business of life insurance or general
insurance may deal in financial derivatives only to the extent permitted
and in accordance with the guidelines issued by the Authority in this
regard from time to time.
2. Any margin or unamortized premium paid by any insurer in connection
with the financial derivatives to the extent they are reflected as asset
position in the balance sheet of the insurer in accordance with the
guidelines issued by the Authority, shall be treated as `Approved
Investment' under Schedule I and Schedule II to these Regulations,
only to the extent the derivative position constitutes a hedge for the
underlying investment or portfolio which itself is treated as an
approved investments under these regulations. All other margins or
unamortized premium paid, to the extent reflected in the balance sheet
of the insurer in accordance with the guidelines issued by the Authority
in this regard from time to time, shall be treated as `Other
Investments"
201
Technical Guide
13. Amendment of Schedule I:
Schedule I of the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000 shall be substituted with the following:-
Schedule I
(See Regulation 3 to 6)
List of Approved Investments for Life Business
`Approved Investments' for the purposes of section 27A of the Act shall
consist of the following:
(a) all investments specified in section 27A of the Act except
(i) clause (b) of sub-section (I) of section 27A of the Act;
(ii) first mortgages on immovable property situated in another
country as stated in clause (m) of sub-section (I) of section 27A
of the Act;
(iii) Immovable property situated in another country as stated in
clause (n) of sub-section (I) of section 27A of the Act.
(b) In addition the following investments shall be deemed as approved
investments by the Authority under the powers vested in it vide clause
(s) of sub-section (I) of section 27A of the Act.
(i) All loans secured as required under the Act, rated debentures
(including bonds) and other rated & secured debt instruments as
per Note appended to Regulation 3 to 8. Equity shares and
preference shares and debt instruments issued by all India
Financial Institutions recognized as such by Reserve Bank of
India investments shall be made in terms of investment policy
guidelines, benchmarks and exposure norms, limits approved by
the Board of Directors of the insurer.
(ii) Bonds or debentures issued by companies rated not less than AA
or its equivalent and P1 or equivalent ratings for short term
bonds, debentures, certificate of deposits and commercial papers
by a credit rating agency, registered under SEBI (Credit Rating
Agencies) Regulations 1999 would be considered as `Approved
Investments'.
202
Appendix `A'
(iii) Subject to norms and limits approved by the Board of Directors of
the insurers deposits (including fixed deposits as per section 27A
(9) of Insurance Act, 1938) with banks (e.g. in current account,
call deposits, notice deposits, certificate of deposits etc.)
included for the time being in the Second Schedule to Reserve
Bank of India Act, 1934 (2 of 1934) and deposits with primary
dealers duly recognized by Reserve Bank of India as such.
(iv) Collateralized Borrowing and Lending Obligations (CBLO)
created by the Clearing Corporation of India Ltd and recognized
by the Reserve Bank of India and exposure to Gilt, G Sec and
liquid mutual fund forming part of Approved Investments as per
Mutual Fund Guidelines issued under these regulations and
money market instrument / investment.
(v) Asset Backed Securities with underlying Housing loans or having
infrastructure assets as underlying as defined under
`infrastructure facility' in clause (h) of regulation 2 of Insurance
Regulatory and Development Authority (Registration of Indian
Insurance Companies) Amendment Regulations, 2008 as
amended from time to time.
(vi) Commercial papers issued by a company or All India Financial
Institution recognized as such by Reserve Bank of India having a
credit rating by a credit rating agency registered under SEBI
(Credit Rating Agencies) Regulations 1999.
(vii) Money Market instruments as defined in Regulation 2(h) of these
Regulation.
203
Technical Guide
Explanation
1. All conditions mentioned in the `note' appended to Regulation 3 to 8
shall be complied with.
14. Amendment of Schedule II:
Schedule II to the Insurance Regulatory and Development Authority
(Investment) Regulations, 2000 shall be substituted with the following:-
Schedule II
(See Regulation 7 & 8)
List of Approved Investments for General Business
`Approved Investments' for the purpose of section 27B of the Act shall
consist of the following:
(a) All investments specified in section 27B of the Act except
(i) clause (b) of sub-section (I) of section 27A of the Act;
(ii) Immovable property situated in another country as stated in
clause (n) of sub-section (I) of section 27A of the Act;
(iii) First mortgages on immovable property situated in another
country as stated in clause (i) of sub-section (I) of section 27B of
the Act.
(b) In addition the following investments shall be deemed as approved
investments by the Authority under the powers vested in it vide clause
(j) of sub-section (I) of section 27B of the Act:
(i) All loans secured as per the Act, rated debentures (including
bonds) and other rated & secured debt instruments as per Note
appended to Regulations 3 to 8. Equity shares, preference
shares and debt instruments issued by All India Financial
Institutions recognized as such by Reserve Bank of India
investments shall be made in terms of investment policy
guidelines, benchmarks and exposure norms, limits approved by
the Board of Directors of the insurer.
(ii) Bonds or debentures issued by companies rated not less than AA
or its equivalent and P1 or Equivalent ratings for short term
bonds, debentures, certificate of deposits and commercial papers
by a credit rating agency, registered under SEBI (Credit Rating
204
Appendix `A'
Agencies) Regulations 1999 would be considered as `Approved
Investments'.
(iii) Subject to norms and limits approved by the Board of Directors of
the insurers deposits (including fixed deposits as per section 27B
(10) of Insurance Act, 1938) with banks (e.g. in current account,
call deposits, notice deposits, certificate of deposits etc.)
included for the time being in the Second Schedule to Reserve
Bank of India Act, 1934 (2 of 1934) and deposits with primary
dealers duly recognized by Reserve Bank of India as such.
(iv) Collateralized Borrowing & Lending Obligations (CBLO) created
by the Clearing Corporation of India Ltd and recognized by the
Reserve Bank of India and exposure to Gilt, G Sec and liquid
mutual fund forming part of Approved Investments as per Mutual
Fund Guidelines issued under these regulations and money
market instrument / investment.
(v) Asset Backed Securities with underlying Housing loans or having
infrastructure assets as underlying as defined under
`infrastructure facility' in clause (h) of regulation 2 of Insurance
Regulatory and Development Authority (Registration of Indian
Insurance Companies) Amendment Regulations, 2008 as
amended from time to time.
(vi) Commercial papers issued by a company or All India Financial
Institution recognized as such by Reserve Bank of India having a
credit rating by a credit rating agency registered under SEBI
(Credit Rating Agencies) Regulations 1999
(vii) Money Market instruments as defined in Regulation 2(h) of this
Regulation.
Explanation:
1. All conditions mentioned in the `note' appended to Regulation 3 to 8
shall be complied with.
J. HARI NARAYAN, Chairman
[ADVT. III/4/161/12/Exty.]
205
FORM - 1
(Read with Regulation 10)
Name of the Insurer:
Technical Guide
Registration Number:
Statement as on: Name of the Fund
Statement of Investment and Income on Investment
Periodicity of Submission: Quarterly Rs Crore
3
Current Quarter Year to Date (current year) Year to Date (previous year)
Category Income on Income on Income on
No. Category of Investment Investment Gross Yield Investment Gross Yield Investment Gross Yield
Code Investment Net Yield (%)² Investment Net Yield (%)² Investment Net Yield (%)²
(Rs.)¹ (%)¹ (Rs.)¹ (%)¹ (Rs.)¹ (%)¹
(Rs.) (Rs.) (Rs.)
206
TOTAL
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Signature
Date: Full Name
Chief of Finance
Note: Category of Investment (COI) shall be as per Guidelines, as amended from time to time
1 Based on daily simple Average of Investments
2 Yield netted for Tax
3 In the previous year column, the figures of the corresponding Year to date of the previous financial year shall be shown
4 FORM-1 shall be prepared in respect of each fund. In case of ULIP FORM 1 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level.
FORM - 2
(Read with Regulation 10) PART - A
Name of the Insurer:
Registration Number:
Statement as on: Name of Fund
Statement of Down Graded Investments
Periodicity of Submission: Quarterly
Rs Crore
Date of Date of
No Name of the Security COI Amount Rating Agency Original Grade Current Grade Remarks
Purchase Downgrade
A. During the Quarter ¹
207
B. As on Date ²
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Signature
Date: Full Name and Designation
Note: Chief Finance Officer
1 Provide details of Down Graded Investments during the Quarter.
2 Investments currently upgraded, listed as Down Graded during earlier Quarter shall be deleted from the Cumulative listing.
3 FORM-2 shall be prepared in respect of each fund. In case of ULIP FORM 1 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level.
Appendix `A'
4 Category of Investmet (COI) shall be as per INV/GLN/001/2003-04
FORM - 2 PART - B
(Read with Regulation 10)
Name of the Insurer :
Technical Guide
Registration No : Name of the fund
INVESTMENT ASSETS - RATING PROFILE Rs. Cr
Investments in Equity or Equity
AA or lower upto A+ A or lower than A or
Sovereign AAA or Equivalent AA+ or Equivalent Unrated NPA Related Instruments
or Equivalent Equivalent
instruments and other Instruments
Total BV
No Type of Investments
% to Inv. % to Inv. % to Inv. % to Inv. % to Inv. % to Inv. % to Inv. % to Inv.
BV BV BV BV BV BV BV BV
Assets Assets Assets Assets Assets Assets Assets Assets
(a) (b) (c) (d) (e) (f) (g) (h) (i)
208
i Central Govt Securities
State Govt Sec. or Other
ii
Approved Securities
iii (1) Housing Sector
(a) Debt or debt related
instruments
(b) Loans
(c) Others (Specify)
(2) Infrastructure Sector
(a) Debt or debt related
instruments
(b) Equity or equity related
instruments
(c) Loans
(d) Others (Specify)
(3) Approved Investments
(a) Debt or debt related
instruments
(b) Equity or equity related
instruments
(c) Loans
(d) Investment Property -
Immovable
(e) Mutual Fund
(f) Money Market
(g) Net current assets
209
(h) Others (Specify)
iv Other Investments
(a) Debt or debt related
instruments
(b) Equity or equity related
instruments
(c) Loans
(d) Investment Property -
Immovable
(e) Mutual Fund
(f) Others (specify)
Investment Asset
Appendix `A'
Rs. Cr
Book Value (Life, Penison Fund Market Value (for
Investment in 'Debt' instruments %
and General Insurers) ULIP Funds)
Technical Guide
Investments in Sovereign instruments
APPROVED INVESTMENTS
AAA or upto AA or Equivalent
MM, Loans, Others - Approved Invt
OTHER INVESTMENTS
AA-,A, lower than A or Equivalent
Unrated, Loans, Others - Other Invt
Total Debt Investments (a to g)
210
Certified that the information given herein are correct and complete to the best of my knowledge. Also certified that the various investments made and
covered in the return are within the categories provided in Investment Guidelines as amended from time to time.
Signature :
Full Name :
Note: Chief of Finance
1 The figures in Col (i) must match (for each type of investment) with Form 3A (Part A)/Form 3B
2 Non-Perfoming investment assets shall be separately shown irrespective of the rating
3 For Linked business values of Investments shall be at Market Value
4 Equity or Equity related instruments shall be as permitted under the Insurance Act, 1938 or IRDA (Investment) Regulations, 2000 as amended from time to time
5 FORM - 2 (Part B) shall be prepared in respect of each fund. In case of ULIP Form 2 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level.
Appendix `A'
FORM - 2
(Read with Regulation 10)
Name of the Insurer: PART - C
Registration No:
INVESTMENT ASSETS & INFRA INVESTMENTS - RATING PROFILE
Name of the Fund
INVESTMENT ASSETS Rs Crore % to Inv. Assets
Central Govt. Sec + Other Approved Securities
TOTAL (1)
Approved Investments
AAA or upto AA or Equivalent
Equity - Approved Invt
MM, Loans, Others - Approved Invt
TOTAL (2)
Other Investments
AA-, A, lower than A or Equivalent
Equity - Other Invt
Unrated, NPA, Loans, Others - Other Invt
TOTAL (3)
TOTAL FUND (1+2+3)
INFRASTRUCTURE INVESTMENTS
Approved Investments
AAA or upto AA or Equivalent
Equities-Approved
MM, Loans, Others-Approved Invt
TOTAL (1)
Other Investments
AA-,A, lower than A or Equivalent
Equities-Other Investments
Loans, NPAs, Others - Other Invt
TOTAL (2)
Total Infra Investment (1+2)
TOTAL FUND 0
Certification
Certified that the information given herein are correct and complete to the best of my knowledge. Also certified that the various
investments made and covered in the return are within the categories provided in Investment Guidelines as amended from time to
time.
Signature:
Full name:
Chief of Finance
Note:
1. The figures in Col (i) must match (for each type of investment) with Form 3A (Part A)/Form 3B
2. FORM - 2 (Part C) shall be prepared in respect of life fund
211
Technical Guide
FORM - 3A
(Read with Regulation 10)
Name of the Insurer:
Registration Number: PART - A
Statement as on:
Statement of Investment Assets (Life Insurers)
(Business within India)
Periodicity of Submission: Quarterly Rs. Crore
Section I
Total Application as per Balance Sheet (A) 0 Reconciliation of Investment Assets
Add (B) Total Investment Assets (as per Balance Sheet) 0
Provisions Sch-14 Balance Sheet Value of:
Current Liabilities Sch-13 A. Life Fund
0 B. Pention & General Annuity and Group Business
Less (C ) C. Unit Linked Funds
Debit Balance in P& L A/c 0
Deferred tax asset
Loans Sch-09
Adv & Other Assets Sch-12
Cash & Bank Balance Sch-11
Fixed Assets Sch-10
Misc Exp. Not Written Off Sch-15
Funds available for Investments 0
Section II
NON - LINKED BUSINESS
SH PH
Book Value Market
UL-Non Unit NON Actual % FVC Amount Total Fund
Balance FRSM+ PAR (SH+PH) Value
Res PAR
% as per
A. LIFE FUND
Reg
(f) = (g) = [(f) -
(a) (b) (c) (d) (e) (h) (i)=(a+f+h) (j)
[a+b+c+d+e] (a)]%
Not Less
1 Central Govt. Sec
than 25%
Central Govt Sec, State Govt Sec or Other Approved Not Less
2
Securities (incl (i) above) than 50%
3 Investment subject to Exposure Norms
a. Housing & Infrastructure
Not Less
1. Approved Investments
than 15%
2. Other Investments
b. i) Approved Investments Not
exceeding
ii) Other Investments
35%
TOTAL LIFE FUND 100%
PH
FVC Market
B. PENSION & GENERAL ANNUITY AND GROUP NON Book Value Actual % Total Fund
% as per Reg PAR Amount Value
BUSINESS PAR
(a) (b) (c)= (a+b) (d) (e) (f)=(c+e) (g)
1 Central Govt. Sec Not Less than 20%
Central Govt Sec, State Govt Sec or Other Approved
2 Not Less than 40%
Securities (incl (i) above)
3 Balance in Approved investment Not Exceeding 60%
TOTAL PENSION, GENERAL ANNUITY FUND 100%
LINKED BUSINESS
PH
C. LINKED FUNDS % as per Reg NON Total Fund Actual %
PAR
PAR
1 Approved Investments Not Less than 75% (a) (b) (c)= (a+b) (d)
2 Other Investments Not More than 25%
TOTAL LINKED INSURANCE FUND 100%
CERTIFICATION:
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Signature:
Date: Full name:
Chief of Finance
Note 1 (+) FRSM refers to 'Funds representing Solvency Margin'
2 Funds beyond Solvency Margin shall have a separate Custody Account.
3 Other Investments' are as permitted under Secction 27A(2) of Insurance Act, 1938
4 Pattern of Investment is applicable to both Shareholders funds representing solvency margin and policyholders funds.
5 Exposure Norms shall apply to Funds held beyond Solvency Margin, held in a separate Custody Account
212
Appendix `A'
FORM 3A
(Read with Regulation 10)
Unit Linked Insurance Business PART - B
Name of the Insurer:
Registration Number:
Link to Item 'C' of FORM 3A (Part A)
Periodicty of Submission: Quarterly
Statement as on:
PARTICULARS SFIN 1 SFIN 2 SFIN 'n' Total of All Funds
Opening Balance (Market Value)
Add: Inflow during the Quarter
Increase / (Decrease) Value of Inv [Net]
Less: Outflow during the Quarter
TOTAL INVESTIBLE FUNDS (MKT VALUE)
SFIN 1 SFIN 2 SFIN 'n' Total of All Funds
INVESTMENT OF UNIT FUND
Actual Inv. % Actual Actual Inv. % Actual Actual Inv. % Actual Actual Inv. % Actual
Approved Investments (>=75%)
Central Govt Securities
State Governement Securities
Other Approved Securities
Corporate Bonds
Infrastructure Bonds
Equity
Money Market Investments
Mutual funds
Deposit with Banks
Sub Total (A)
Current Assets:
Accrued Interest
Dividend Recievable
Bank Balance
Receivable for Sale of Investments
Other Current Assets (for Investments)
Less: Current Liabilities
Payable for Investments
Fund Mgmt Charges Payable
Other Current Liabilities (for Investments)
Sub Total (B)
Other Investments (<=25%)
Corporate Bonds
Infrastructure Bonds
Equity
Mutual funds
Venture funds
Others
Sub Total (C)
Total (A + B + C)
Fund Carried Forward (as per LB 2)
Signature:
Date : Full name:
Chief of Finance
Note:
1. The aggregate of all the above Segregated Unit-Funds should reconcile with item C of FORM 3A (Part A), for both Par & Non Par Business
2. Details of Item 12 of FORM LB 2 which forms part of IRDA (Acturial Report) Regulation, 2000 shall be reconciled with FORM 3A (Part B).
3. Other Investments' are as permitted under Sec 27A(2)
213
FORM - 3A
Technical Guide
(Read with Regulation 10)
Name of the Insurer:
Registration Number: PART - C
Link to FORM 3A (Part B)
Statement for the period:
Periodicity of Submission: Quarterly
Statement of NAV of Segregated Funds
Rs.Crore
Assets Under Highest NAV
Date of NAV as per NAV as on the Previous Qtr 2nd Previous 3rd Previous 4th Previous 3 Year Rolling
No Fund Name SFIN Par/Non Par Management on Return/Yield since
Launch LB 2 above date* NAV Qtr NAV Qtr NAV Qtr NAV CAGR
the above date inception
1 Segregated Fund 1
214
2 Segregated Fund 2
3 Segregated Fund n
Total
CERTIFICATION
Certified that the performance of all segregated funds have been placed and reviewed by the Board. All information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my
knowledge and belief.
DATE : Signature:
Note: Full Name :
1. * NAV should reflect the published NAV on the reporting date Chief of Finance
Appendix `A'
FORM - 3A
(Read with Regulation 10) PART - D
Name of the Insurer:
Registration Number: Link to FORM 3A (Part A)
Statement as on:
Statement of Accretion of Funds
(Business within India) Rs.Crore
Periodicity of Submission : Quarterly
Opening Net Accretion
% to Total TOTAL % to Total
No Category of Investments POI Balance % to Total (A) for the Qtr.
Accretion (1+2)
(1) (2) (1+2)
A LIFE FUND
Not less than
1 Central Govt. Sec
25%
Not less than
2 Central Govt Sec, State Govt Sec or Other Approved Securities (incl (i) above)
50%
3 Investment subject to Exposure Norms
a. Housing & Infrastructure
Not less than
1. Approved Investments
15%
2. Other Investments
Not
b. (i) Approved Investments exceeding
35%
(ii) Other Investments (Not to exceed 15%)
Total (A)
Opening Net Accretion
% to Total TOTAL % to Total
No Category of Investments POI Balance % to Total (B) for the Qtr.
Accretion (1+2)
(1) (2) (1+2)
B PENSION & GENERAL ANNUNITY AND GROUP BUSINESS
Not less than
1 Central Govt. Sec
20%
Not less than
2 Central Govt Sec, State Govt Sec or Other Approved Securities (incl (i) above)
40%
Not
3 Balance in Approved investment exceeding
60%
Total (B)
Opening Net Accretion
% to Total TOTAL % to Total
No Category of Investments POI Balance % to Total (C) for the Qtr.
Accretion (1+2)
(1) (2) (1+2)
C LINKED FUNDS
Not less than
1 Approved Investment
75%
Not more
2 Other Investments
than 25%
Total (C)
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Date:
Signature:
Full name:
Chief of Finance
215
Technical Guide
FORM - 3A
(Read with Regulation 10) PART - E
Name of the Insurer:
Registration Number:
Statement as on:
Statement of Investment Details of ULIP Products to Segregated Funds
(Business within India) Rs.Crore
Periodicity of Submission : Quarterly
INVESTMENT DETAILS OF "ULIP" PRODUCTS [UIN]TO SEGREGATED FUNDS [SFIN]
Inflow UIN1 UIN2 UIN n
Premium
Others (Specify)
TOTAL (A)
Outflow
Commission
Charges
Claims
Others
TOTAL (B)
Total C = (A-B)
Policy Funds at "C" above allotted to
SFIN 1
SFIN 2
SFIN n
TOTAL (D)
Difference (if any) E = (C-D)
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Date:
Signature:
Full name:
Chief of Finance
Note:
1. UIN represents the Unique product number as per "file and use' approved under ULIP prodcuts
2. SFIN represents the Segregated Fund Identification Number as approved by the Product Approval Committee
216
Appendix `A'
FORM - 3B
(Read with Regulation 10)
Name of the Insurer:
Registration Number:
Statement as on: PART - A
Statement of Investment Assets (General Insurer, Re-insurers)
(Business within India) Rs.Crore
Periodicity of Submission: Quarterly
Section I
No PARTICULARS SCH AMOUNT
1 Investments 8
2 Loans 9
3 Fixed Assets 10
4 Current Assets
a. Cash & Bank Balance 11
b. Advances & Other Assets 12
5 Current Liabilities 13
a. Current Liabilities
b. Provisions 14
c. Misc. Exp not Written Off 15
d. Debit Balance of P&L A/c
Application of Funds as per Balance Sheet (A) 0
Less: Other Assets SCH Amount
1 Loans (if any) 9
2 Fixed Assets (if any) 10
3 Cash & Bank Balance (if any) 11
4 Advances & Other Assets (if any) 12
5 Current Liabilities 13
6 Provisions 14
7 Misc. Exp not Written Off 15
8 Debit Balance of P&L A/c
Total (B) TOTAL (B) 0
'Investment Assets' As per FORM 3B (A-B) 0
Section II
SH
Book Value % FVC
PH Total Market Value
No 'Investment' represented as Reg. % Balance FRSM
+ (SH + PH) Actual Amount
(h)
(a) (b) (c) d = (a+b+c) (e) (f) (g)=(d+f)
Not less than
1 Central Govt. Securities
20%
Central Govt Sec, State Govt Sec or Other Approved Not less than
2
Securities (incl (i) above) 30%
3 Investment subject to Exposure Norms
Not less than
a. Housing & Loans to SG for Housing and FFE
5%
1. Approved Investments
2. Other Investments
Not less than
b. Infrastructure Investments
10%
1. Approved Investments
2. Other Investments
c. Approved Investments
Not exceeding
d. Other Investments 55%
Investment Assets 100%
Certification:
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Date: Signature:
Full name:
Chief of Finance
Note: 1. (+) FRSM refers 'Funds representing Solvency Margin'
2. Other Investments' are as permitted under 27B(3)
3. Pattern of Investment is applicable to both Shareholders funds representing solvency margin and policyholders funds.
4. Exposure Norms shall apply to Funds held beyond Solvency Margin, held in a separate Custody Account
217
FORM - 3B
(Read with Regulation 10)
Name of the Insurer: PART - B
Registration Number:
Statement as on:
Technical Guide
Statement of Accretion of Assets Rs. Crore
(Business within India)
Periodicity of Submission : Quarterly
Net
Opening % to Accretion % to Total TOTAL
No Category of Investments COI Balance Opening % to Total
for the Qtr. Accrual
Balance
(A) (B) (A+B)
1 Central Govt. Securities
2 Central Govt Sec, State Govt Sec or Other Approved Securities (incl (i) above)
3 Investment subject to Exposure Norms
218
a. Housing & Loans to SG for Housing and FFE
1. Approved Investments
2. Other Investments
b. Infrastructure Investments
1. Approved Investments
2. Other Investments
c. Approved Investments
d. Other Investments (not exceeding 25%)
Total
Certification:
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Date: Signature:
Note: Full name:
1. Total (A+B), fund wise should tally with figures shown in Form 3B (Part A) Chief of Finance
FORM 4
(read with regulation 10)
EXPOSURE / PRUDENTIAL AND OTHER INVESTMENT NORMS COMPLIANCE CERTIFICATE
PART A
Insurer Name and Code:
Date: as at: ................
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
I Investee Company a. Investment in equity, preference shares, convertible debenture:-
Exposure
Exposure at any point of time did not exceed 10% of outstanding
equity shares (face value) or 10% of the amount under point
Regulation 9 (A.1.(a) or A.1.(b) or A.1.(c) considered separately) of
this Regulation, in the case of Life insurers / an amount under
Regulation 9 (A.2) or (A.3) of this Regulation, in the case of General
219
Insurer / Re-insurer whichever is lower.
[In case of Infrastructure Co, the limit of 10% shall be read as 20%.
Where the investment assets of the insurer is Rs. 250000 Crores or
more, the limit of 10% shall be read as 15% of outstanding equity
shares (face value) or where the investment assets of the insurer is
Rs.50000 Crores but less than Rs 250,000 Crores the limit of 10%
shall be read as 12% of outstanding equity shares (face value)]
b. Investment in Debt/ loans and any other permitted Investments as per
Act / Regulation, other than `Equity', Preference Shares, Convertible
Debentures :-
Exposure at any point of time did not exceed 10% of the paid-up
share capital, free reserves (except revaluation reserve) and
debenture / bonds of the investee company or 10% of amount under
point Regulation 9 (A.1.(a) or A.1.(b) or A.1.(c) above considered
separately) of this Regulation, in the case of Life insurers / an amount
Appendix `A'
under Regulation 9 (A.2) or (A.3) of this Regulation, in the case of
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
General Insurer / Re-insurer whichever is lower.
[In case of Infrastructure Co, the limit of 10% shall be read as 20%.
Where the investment assets of the insurer is Rs. 250000 Crores or
Technical Guide
more, the limit of 10% shall be read as 15% of paid up share capital,
free reserves (excluding revaluation reserve) and debenture / bonds
or where the investment assets of the insurer is Rs.50000 Crores but
less than Rs 250,000 Crores the limit of 10% shall be read as 12%
paid up share capital, free reserves (excluding revaluation reserve)
and debenture / bonds)
c. Has the maximum exposure under limit for a single `investee'
company from all investment assets (Equity / Preference Shares /
Convertible Debenture / Debentures/ bonds / CPs / loans and any
other permitted debt Investments as per Act / Regulation), are within
220
the limit prescribed in Regulation 9 (B) (In case of Infrastructure Co,
the limit of 10% shall be read as 20%)?
d. Has debt investments made in infrastructure SPV have complied with
the limits, terms and conditions as mentioned in the Note: 4 of the
Investment Regulation 9?
II Limit for the entire Has total investments made in entire "Group of the Investee Company"
Group of the Investee is the lower of:
Company
a. amount under point Regulation 9 (A.1.(a) or A.1.(b) or A.1.(c)
above considered separately) of this Regulation, in the case of
Life insurers / an amount under Regulation 9 (A.2) or (A.3) of this
Regulation, in the case of General Insurer / Re-insurer (or)
b. 15% of investment Assets in all companies belonging to the
group
(In case of Infrastructure company the limit mentioned in point `a'
above shall be read as 20%)
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
III Promoter Group Has total investments made in all "Companies falling under Insurer's
Company Promoter Group":
a. is not more than 5% in aggregate of its total investments in all
companies belonging to the promoters' groups.
b. not made investments in any companies belonging to the
promoters' group by way of private placement (equity)
c. not made any investment in unlisted instruments [equity & debt
certificate of deposits and fixed deposits (without prejudice to
Section 27A (9) and Section 27B (10) of the Act) held in a
Scheduled Commercial Bank], except for companies formed by
Insurers under Sec 27A (4) or Sec 27B (5) of the Act.
IV Industry sector Has investment made by the insurer in any industrial sector [except
221
Financial and Insurance Activities sector as per National Industrial
Classification (All Economic Activities) - 2008]:
1. not exceeded the lower of:
15% of the amount under Regulation 9 (A.1.(a) or A.1.(b) or A.1.(c)
considered separately) of this regulation in the case of life insurer /
an amount under Regulation 9 (A.2) or (A.3) of this regulation, in the
case of General Insurer / Re-insurer
(or) 15% of investment Asset
2. Has the investment made by the insurer in Financial and Insurance
Activities sector as per National Industrial Classification (All
Economic Activities) - 2008 (excluding Fixed Deposit, Term Deposit
and Certificates of Deposit) not exceeded 25% of its total investment
assets?
Appendix `A'
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
3. Is the classification of industrial sectors been done on the lines of
National Industrial Classification (All Economic Activities) - 2008 [NIC]
for all sectors, except "infrastructure sector".
Technical Guide
4. Has exposure been calculated at Division level from A to R of (NIC
(All Economic Activities) 2008) Classification for all sectors other
than infrastructure sector?
5. Has exposure been calculated for Financial and Insurance
Activities sector at Section level (of NIC (All Economic Activities)
2008)?
V Rating Criteria 1. Are investments under `Approved Investments' made only in rated
instruments, if such instruments are capable of being rated?
222
2. At the time of purchase, are Corporate Bonds rated below AA (A+
with the prior approval of the Board of the Insurer) or its equivalent
and P1 or equivalent (in case of short term instruments) classified
under "Other Investments"?
3. Are instruments downgraded below the minimum rating prescribed
under Note 3 & 4 to Regulation 3 to 8 of the IRDA (Investment)
Regulation, 2000, as amended from time to time, reclassified under
"Other Investments" through the System?
4. Are `Debt' instruments (including Central Govt, State Govt Securities
and Other Approved Securities) - fund wise, in the case life insurer
(including ULIP funds at segregated fund level) and Investment
Assets in the case of general insurer - have a minimum rating of
Sovereign, AAA or equivalent rating for long term and Sovereign, P1+
or equivalent for short term instruments, not less than 75% (Life
Insurer) / 65% (General Insurer)?
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
5. Are `Debt' instruments (including Central Government Securities,
State Government Securities and Other approved securities) fund
wise, in the case of life insurer (including ULIP funds at segregated
fund level) and Investment Assets in the case of general insurer
have a rating of A or below or equivalent rating for long term, are not
more than 5% (8% in the case of Non-Life Insurers)?
VI Others A. CONFIRMATION ON POLICY / SYSTEMS / PROCEDURE
1. Has the software application for Investment Operations, been fully
automated without manual intervention in calculating the exposure
norms of Investee Company, Group, Promoter Group and Industry
Sector, as per the various slabs of `investment assets' provided under
Regulation 9 (B)?
223
2. Is the Constitution of the Investment Committee of the Insurer in full
compliance with the requirements mentioned under Regulation 13 of
Investment Regulation?
3. Was none of the functions of the insurer relating to Investment
Operations falling under Front / Mid / Back Office, (covering both
Shareholders and Policyholders Investments), outsourced (except to
the extent permitted under Point 11 and 12 of Annexure II to Circular
INV/CIR/008/2008-09 Dt. 22nd Aug, 2008 with respect to Outsourcing
of Investment Advice and NAV Calculation)?
4. Is the Audit Committee of the Board, headed by a Chartered
Accountant, provided he is a member of the Board of the Insurer?
5. Have periodical Investment Returns to be filed for the Quarter,
prepared in full compliance with the "Guidance Note on preparation
of Investment Returns" issued by IRDA?
Appendix `A'
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
6. Have amendments to the Investment Policy, been approved by the
Board of the Insurer?
7. Has the model code of conduct, to prevent insider / personal trading of
Technical Guide
officers involved in Investment Operations, including front, mid and
back office as approved by the Board, implemented? If so:
a. Does it cover Officers involved in Investment Operations at
various levels?
b. Does the code of conduct cover each Officer in such level?
c. Has the Board been informed of compliance or otherwise to
model code of conduct during the Quarter?
d. Has the Concurrent Auditor issued his Audit Report of previous
Quarter, without any qualification on aspects of model code of
conduct implemented by the Insurer?
224
e. Where breach of model code of conduct, if any, reported during
the previous Quarter, been dealt properly and appropriate action
as recommended by Audit Committee/ Board been taken?
8. Does the segregation of front, mid and back office are as per
Technical Guide on Internal / Concurrent Audit of Investment functions
of Insurance Companies issued by the Institute of Chartered
Accountants of India?
9. Have all non-compliance reported in the Chartered Accountant's
certificate issued (as per the Technical Guide on Investment Risk
Management Systems & Process of Insurance Companies, by ICAI)
on the `status' of implementation of Investment Risk Management
Systems and Process been implemented as per timelines committed
to IRDA?
10. Has the Internal / Concurrent audit Report of the previous Quarter
with the with comments of Audit Committee of the Board, on `very
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
serious', `serious' points (as per the Technical Guide on Internal /
Concurrent Audit of Investment functions of Insurance Companies,
issued by the Institute of Chartered Accountants of India) in the report,
and status of implementation of Audit committee recommendation
been placed before the Board of the Insurer during the current
quarter?
11. Have the Audit Report of the previous Quarter along with Audit
Committees recommendation and its implementation status filed with
the Authority along with these returns?
12. Have the increase during the quarter, in Shareholders' funds (other
than income from shareholders' investments, maintained in a separate
custody account) held beyond solvency margin requirement, is
supported by surplus calculation certified by the Appointed
225
Actuary? [annex a copy of Appointed Actuary's Certificate to this
return]
13. Has the Board reviewed (both life and non-life Insurers) during the
previous quarter the performance of products [at line of business level
in the case of General Insurers]?
14. Has the Board, during the previous Quarter, reviewed (both life and
non-life insurers) the performance of investments? [the review in the
case of life insurers should cover both Non-Linked and Linked
funds [SFIN] level]
15. Has the life insurer, in the case of ULIP business reconciled, through
the system, the premium received (net of charges and benefits paid)
under each product (Unique Identification Number UIN wise) with
value of all the segregated fund(s) (Segregated Fund Identification
Number SFIN wise) net of fund management charges, held under a
single UIN, on a day to day basis, during the quarter?
Appendix `A'
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
16. Has the life insurer disclosed UIN wise reconciliation, on the Insurer's
website on the same day?
Technical Guide
17. Is there a fully automated system to generate, on a day to day basis,
Form 3A - Part E (Investment Details of ULIP Products to Segregated
Funds)?
18. Has the life insurer disclosed the value of policy wise units held by
policyholder on the Insurer's policyholder portal?
19. Has the life insurer disclosed fund wise NAV (SFIN wise) on the
Insurer's website and life council website on the same day?
20. Has the Standard Operating Procedure (SOP) approved by the
Investment Committee of the Insurer?
226
21. Does the SOP, for each `category of investment' is same across all
fund(s)?
22. Does SOP of the Insurer, for "each" Category of Investment, (as per
Guidelines INV/GLN/001/2003-04, as amended from time to time,
issued by the Authority) provide individual activities to be carried out in
Front, Mid and Back office?
23. Have all investments made (100%) followed the IC approved SOP?
24. Does the Investment made during the Quarter, are within the
exhaustive `Categories of Investments' prescribed under Guidelines
INV/GLN/001/2003-04, as amended from time to time?
25. Has the Insurer during the Quarter taken any Derivative position
(including interest rate swap and Credit default swap)? If Yes:
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
a. Has the Derivative Policy been approved by the Board of the
Insurer?
b. Has the insurer taken prior approval of IRDA for such Derivative
policy?
c. If so, is there a process to identify the risk to be hedged [`fund-
wise' in the case of Life Insurers]?
d. Does such derivative position comply with IRDA Guidelines?
e. Has derivative exposure taken, are clearly identified with the
portfolio risk to be hedged?
f. Has the Insurer filed the regulatory information / returns required
under the Guidelines issued?
26. Are investment made in immovable property covered under Section
27A (1) (n) of the Act shall not exceed, at the time of investment,
within 5% of the Investment Assets [as per FORM 3B (Part A)] in the
case of General Insurer / within 5% of Life fund, Pension & General
227
Annuity Fund, [as per FORM 3A (Part A)] in the case of Life Insurer.
27. Have NO investments in Immovable Properties been made out of
ULIP Funds?
28. Are investments in equity shares through IPO, Mutual fund, Venture
fund, SEBI approved Alternate Investment Funds, Corporate Bond
Reverse Repo, IDF (as per Note 2 to Regulation 9) Perpetual Debt
instruments of Bank's Tier-I Capital and Debt Capital instruments of
Bank's Upper Tier-II Capital, made in compliance with the relevant
circulars issued in this regards from time to time?
29. Are investments in asset backed securities, PTC, SRs both under
Approved and Other investment category, made within 10% of
Investment assets in case of Life Companies and 5% of Investment
assets in case of Non life companies
30. Are any securitized assets with underlying housing or infrastructure
assets, if downgraded below AAA or equivalent reclassified as Other
Appendix `A'
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
Investments
B. CONFIRMATION ON INVESTMENT OPERATIONS / EXPOSURE
Technical Guide
1. Has Shareholders funds been split Funds Representing Solvency
Margin (FRSM) in FORM 3A (Part A)?
2. If funds are split as per point 1 above, between FRSM and Balance,
have the same been maintained in separate custodian account with
identified `scrips' for both Life and General (including Re-insurance)
companies and reconciled with FORM 3A (Part A) / FORM 3B?
3. Do each `Segregated fund' [SFIN] have underlying `Scrips', identified
upto to Custodian level?
228
4. Do each `Segregated Fund' [SFIN] have not less than 75% of
Approved Investments as defined in the Act?
5. Does all investments in assets or instruments which are capable of
being rated (except Fixed Deposits with Scheduled Commercial
Banks) are made based on `instrument' rating and NOT based on
Investee `Company' rating?
6. Have Investments in debt instruments rated AA - (AA minus) or below
classified under Other Investments?
7. Are Investments made in a Public Limited Special Purpose Vehicle
(SPV) engaged in infrastructure sector is within 20% of the project
cost (or) amount under Regulation 9 (B) (i), whichever is lower?
8. If answer to point above is `yes', have all the requirements mentioned
under Note 4 to Regulation 9 have been complied?
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
9. Are investments made in Mortgaged Backed Securities [MBS] /
Assets Backed Securities [ABS] complied with the requirements of
Note 5 to Regulation 9?
10. Has `each' purchase and sale of Investments, as mentioned in the
Deal Slip, been identified with respect to `each' fund / `segregated
fund' in respect of ULIP funds?
11. Are all thinly traded equity (as per SEBI norms) classified as "Other
Investment"?
12. Has inter fund transfer, been done as per circular
IRDA/FA/02/10/2003-04 and any other circular issued from time to
time , between ULIP funds during Market Hours, for Equity and Debt
at the prevailing price and not based on broker quote?
229
13. With respect to `each' Segregated Fund [including Discontinued
Policy Fund (DPF)] in the case of ULIP business, whether
reconciliation of "Units" have been made, between Policy Admin
System (PAS) and Investment Accounting Systems through a fully
automated system using process integrators to ensure seamless
data transfer without manual intervention?
14. Does the Primary Data Server of the Computer Application used for
Investment Management, maintained within the Country?
15. Has the insurer, reconciled investments, fund-wise, with bank and
custodian records on `day-to-day basis for `each' segregated fund?
16. Has the insurer, reconciled investment accounts, for each fund in the
case of Non-ULIP Business and General Insurance Business, with
Custodian records?
17. Has valuation of investments of `each' fund (including ULIP), done as
Appendix `A'
Are the required
Section Norms Exposure / Other Norms as per Regulation Norms complied? Remarks
(Yes / No)
prescribed in IRDA (Preparation of Financial Statements and Auditors
Report of Insurance Companies) Regulations, 2002?
Technical Guide
18. Is there any shortfall/deficit in meeting the Discontinued Policies Fund
(DPF) liabilities?
19. If the answer to above point is `Yes', has the Insurer provided for such
shortfall / deficit on a quarterly basis?
20. Have all the negative deviations reported in FORM 4A (Part A)?
21. Has NAV of each segregated fund [SFIN] been audited before its
declaration by Internal / Concurrent Auditor on a day-to-day basis (on
T+0 basis)?
22. Has the Insurer floated any new fund during the quarter?
230
23. If the answer to point above is `yes', has the directions in respect of
Fund Approval procedure and Guidelines on NAV Process as per
Circular IRDA/F&I/CIR/INV/173/08/2011 Dt. 29th Jul, 2011 complied
with?
24. Has the insurer, apart from the credit rating evaluated by the rating
agencies, carried out their own risk analysis commensurate with the
complexity of the product(s) and the materiality of their holding for
every investment made?
CERTIFICATION
Certified that the information given herein is correct and complete to the best of my knowledge and belief and nothing has been concealed or suppressed.
Signature:............................................. Signature:............................................. Signature:.............................................
Chief Executive Officer Chief of Finance Chief of Investments
Date:
FORM - 4
(Read with Regulation 10) PART B
Name of the Insurer:
Registration Number:
Statement as on:
INTERNAL / CONCURRENT AUDITOR'S CERTIFICATE ON INVESTMENT RISK MANAGEMENT SYSTEMS - IMPLEMENTATION STATUS
Remarks & Comments of Audit
MMM/YYYY Committed by the Proof provided (or)
Committee of the Board on non-
Severity of Non Action(s) taken for Insurer's Board to IRDA for demonstrated by the Insurer, to
No Annexure Ref Audit Objective Audit Observation compliance of `time frame'
Compliance Compliance complying with the the Auditor to comply with the
communicated to IRDA on
requirement Requirement
implementing Systems & Processes
1 2 3 4 5 6 7 8 9
A ISSUES OF PREVIOUS QUARTER(S)
231
B ISSUES TO BE COMPLIED IN CURRENT QUARTER
CERTIFICATE
We certify that all issues, to be reported to IRDA on implementation of Investment Risk Management Systems and ProcessES, for the Quarter and pending issues of previous Quarter(s) [as committed to IRDA], and as listed in
the Chartered Accountant's Certificate issued, vide Circular INC/CIR/008/2008-09 Dt. 22 nd Aug, 2008, have been covered in the above table.
Place: ------------------------------
Date: Chartered Accountants
(Internal / Concurrent Auditor)
Note:
1. No. (under Col. 1 in above table) shall be as per the Annexure(s) to the Certificate issued by the Chartered Accountant appointed to certify implementation of Investment Risk Management Systems and Process
Appendix `A'
2. If all the issues have been complied with and no issues to be reported, a NIL statement should be filed
FORM - 4A
(Read with Regulation 10) PART A
Name of the Insurer:
Registration Number:
Statement as on: Total Investment Asset for the quarter as per FORM 3A:
Technical Guide
EXPOSURE NORM COMPLIANCE - INVESTEE COMPANY Rs. Crore
% of Deviation with respect to
Equity & Equity related Debt + Others Equity + Debt + Others Deviation Amount
Regulation
Whether
No Investee Company Eligibility Limit Eligibility Limit Eligibility Limit Equity +
(Equity/Debt) (Debt + Equity + Debt (Debt +
as per Actual as per Actual as per Actual Equity Equity Debt +
Others) + Others Others)
Regulation 9* Regulation 9* Regulation 9* Others
232
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Signature:
Date: Full name:
Note: Chief of Finance
1. Above table shall be Complied separately for Life, Pension & General Annuity and Group Business and Individually for each Segregated Fund (SFIN) AND at Assets under Management Level
2. Only (-ve) deviations are to be reported
3. Exposure would be on the basis of Book Value for Non-unit linked funds & on Market Value for Unit linked Funds
4. Provisions of Section 27A (8) / Section 28B (9) of The Insurance Act, 1938 has been complied with.
FORM - 4A
(Read with Regulation 10) PART B
Name of the Insurer:
Registration Number:
Total Investment Asset for the quarter as per FORM 3A:
Statement as on: Rs. Crore
EXPOSURE NORMS COMPLIANCE- PROMOTER GROUP
Eligibility limit of group as Actual Investments % of Deviation with respect
No Name of Group Company Deviation
per Regulation 9 (Cumulative) to regualtion
a b d e f=d-e g
233
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Signature:
Date: Full name:
Chief of Finance
Note:
1. Above table shall be Complied in aggregate of its total investments
2. Exposure would be on the basis of Book Value for Non-unit linked funds & on Market Value for Unit linked Funds
Appendix `A'
FORM - 4A
(Read with Regulation 10) PART C
Name of the Insurer:
Registration Number:
Technical Guide
Statement as on: Rs. Crore
Total Investment Asset as per FORM 3A:
EXPOSURE NORMS COMPLIANCE- GROUP
Eligibility limit of Actual
% of Deviation with
No Name of Group Company group as per Investments Deviation
respect to regualtion
Regulation 9 (Cumulative)
a b c d f=c-d g
234
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Signature:
Date: Full name:
Chief of Finance
Note:
1. Above table shall be Complied separately for Life, Pension & General Anniuty and Group Business and Individually for each
Segregated Fund (SFIN) AND at Assets under Management Level its total investment assets
2. Exposure would be on the basis of Book Value for Non-unit linked funds & on Market Value for Unit linked Funds
FORM - 4A
(Read with Regulation 10) PART D
Name of the Insurer:
Registration Number:
Statement as on: Rs.Crore
Total Investment Asset as per FORM 3A:
EXPOSURE TO INDUSTRY SECTOR
Eligibility limit of Actual % of Deviation with
No Name of Industry Sector (as per Regulations) industry as per Investments Deviation respect to
Regulation 9 (Cumulative) regualtion
a b c d e=d-c f
235
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Signature:
Date: Full name:
Chief of Finance
Note:
1. Above table shall be Complied separately for Life, Pension & General Annuity and Group Business and Individually for each Segregated Fund
(SFIN) AND at Assets under Management Level its total investment assets
2. Exposure would be on the basis of Book Value for Non-unit linked funds & on Market Value for Unit linked Funds
Appendix `A'
FORM - 5
(Read with Regulation 10)
Name of the Insurer:
Registration Number:
Statement as on:
Statement of Investment Reconciliation Name of the Fund:
(Business within India) Rs.Crore
Periodicity of Submission : Quarterly
Technical Guide
Opening Balance Purchase for the Period Sale for the Period Adjustments Closing Balance
No Category of Investments COI % to Total (1+2+3)
Face Value Book Value Face Value Book Value Face Value Book Value Face Value Book Value Face Value Book Value Makret Value
1 Central Govt. Securities
Total (1)
2 Central Govt. Sec, State Govt Sec or Other Approved
S
Total [1+2]
3 Investments subject to Expsoure Norms
(a) Housing & Loans to State Govt for Housing / FFE
1. Approved Investments
2. Other Investments Total [3(a)]
(b) Infrastructure Investments
1. Approved Investments
236
2. Other Investments
Total [3(b)]
(c) Approved Investments
Total [3(c)]
(d) Other Investments
Total (3(d))
Total [3 (a+b+c+d)]
TOTAL Total (1+2+3)
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Also, certified that all Cash Market transactions executed on the Stock Exchange are made only on Delivery basis.
Date: Signature
NOTE: Full Name & Designation
1. Individual Categories under each of the above Major heads should be listed with Category Code Chief of Finance
2. FORM-5 shall be prepared in respect of each fund. In case of ULIP Form 5 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level.
3. Each sub-total of FORM-5 shall be linked to its corresponding head in PART-A of FORM-3A / FORM-3B.
4. 'Other Investments' are as permitted under Sec 27A(2) and 27B(3)
5. Guidelines on preparation of FORM 5 should be strictly followed.
6. The ' % to Total ' Column, in the case of Non-Linked funds shall be computed on Book Value and in the Case of Linked Funds it shall to Market Value
FORM - 5A
(Read with Regulation 10)
Name of the Insurer:
Registration Number:
Statement as on: Name of the Fund:
Statement of Investment made in Mutual Funds Rs.Crore
Periodicity of Submission : Quarterly
Op. Balance Purchase for the Qtr Sale for the Qtr Cl. Balance
PARTICULARS COI Market Value % to Total Inv.
Units Amount Units Amount Units Cost of Sale Units Book Value
Approved Investments
MF - Gilt / G Sec / Liquid Schemes EGMF
0 0 0 Total (A) 0 0 0
MF - (under Insurer's Promoter Group) EMPG
0 0 0 Total (B) 0 0 0
Total (A+B)
Other Investments
MF - Debt / Income / Serial / Liquid Funds OMGS
237
0 0 0 Total (C) 0 0 0
MF - (under Insurer's Promoter Group) OMPG
0 0 0 Total (D) 0 0 0
Total (C+D)
Total (A+B+C+D)
CERTIFICATION
Certified that the information given herein are correct, complete and nothing has been concealed or suppressed, to the best of my knowledge and belief.
Signature:
Date: Full name:
NOTE Chief of Finance
1. FORM-5A shall be prepared in respect of Life, Pension & General Annuity and Group Business and ULIP funds
2. Each sub-total of FORM-5A shall be linked to its corresponding head in FORM-5.
3. 'Other Investments' are as permitted under Sec 27A(2) and 27B(3) of The Insurance Act,1938
4. Guidelines on preparation of FORM 5 should be strictly followed.
5. Invsetments made in liquid and Gilt mutual funds in excess of norms specified in Circular: INV/CIR/008/2008-09 Dt. 2nd Aug, 2008 under Point:5, shall be reported under 'Other investments'
Appendix `A'
6. FORM-5A shall be prepared in respect of each fund. In case of ULIP Form 5 shall be prepared at Segregated Fund (SFIN) level and also at consolidated level.
FORM - 6
(Read with Regulation 10)
Name of the Insurer:
Registration Number: Name of the Fund:
Statement as on:
Certificate under Section 28(2A) / 28(2B) / 28B(3) of The Insurance Act, 1938 Rs.Crore
Periodicity of Submission : Quarterly
Under the Custody of
Technical Guide
No Investment Particulars Bank / Custody (Rs) Self (Rs) Others (Rs) Total (Rs)
Share Holders Policy Holders Share Holders Policy Holders Share Holders Policy Holders SH + PH
1 Central Govt. Security
2 Central Govt Securities, State Govt Securities or Other Approved Securities
3 Investment subject to Exposure Norms
a. Housing & Loans to State Govt. for Housing & FFE
1. Approved Investments
2. Other Investments
b. Infrastructure Investments
1. Approved Investments
2. Other Investments
c. Approved Investments
238
d. Other Investments
TOTAL
CERTIFICATE
We certify that the above mentioned securities are held free of any encumbrance, charge, hypothecation, or lien as on the above date.
Signature: Signature: Signature:
Full name: ___________________________ Full name: Full name:
Chairman ___________________________ Director 1 Director 2
Signature:
Full name:
Principal Officer
Note:
1. Custodian should certify that he is not disqualified under SEBI (Custodian of securities) Regulations, 1996 as amended from time to time.
2. Value of the Securities shall be as per Guidelines
3. In the case of Life Insurance Business, FORM-6 shall be prepared in respect of each fund and in aggregate for Segregated Funds
4. The values under certificate should be adjusted for Purchase / Sale of investments purchased and awaiting settlement.
A reconciliation to this effect should be attached to the Certificate.
FORM 7
(Read with Regulation 10)
Name of the Insurer:
Registration No: Name of Fund: Rs.Crore
DETAILS OF NON-PERFORMING ASSETS - QUARTERLY
Bonds / Debentures Loans Other Debt instruments T0TAL
NO PARTICULARS YTD ( As on Prev. FY ( As on YTD ( As on Prev. FY ( As on YTD ( As on Prev. FY ( As on YTD ( As on Prev. FY ( As
date) 31 Mar .....) date) 31 Mar .....) date) 31 Mar .....) date) on 31 Mar .....)
1 Investments Assets (As per Form 3A / 3B - Total Fund)
2 Gross NPA
3 % of Gross NPA on Investment Assets (2/1)
4 Provision made on NPA
5 Provision as a % of NPA (4/2)
6 Provision on Standard Assets
7 Net Investment Assets (1-4)
8 Net NPA (2-4)
9 % of Net NPA to Net Investment Assets (8/7)
239
10 Write off made during the period
Certification
Certified that the information given herein are correct and complete to the best of my knowledge. Also certified that the various investments made and covered in the return are within the exhaustive categories
provided in Investment Guidelines as amended from time to time.
Signature:
Full name:
Chief of Finance
Note:
1. The above statement, in the case of 'Life' Insurers shall be prepared 'fund-wise' Viz. Life Fund, Pension & General Annuity and Group Business and ULIP Fund
2. Investment Assets should reconcile with figures shown in Schedule 8, 8A, 8B & 9 of the Balance Sheet
3. Gross NPA is investments classified as NPA, before any provisions
4. Provision made on the 'Standard Assets' shall be as per Circular: 32/2/F&A/Circulars/ 169/Jan/2006-07 as amended from time to time.
5. Net Investment assets is net of 'provisions'
6. Net NPA is gross NPAs less provisions
Appendix `A'
7. Write off as approved by the Board
APPENDIX `B'
Date: 22rd Aug. 2008
Ref.: INV/CIR/008?2008-09.
The CEOs of all Insurers
Dear Sir/Madam
Sub: IRDA (Investment) (Fourth Amendment) Regulations, 2008 - Reg.
1. As you are aware, a Working Group was set up by the Authority, to
review comprehensively the current regulatory and other provisions on
Investments of Insurance companies and suggest changes considered
necessary in the light of experience gained/ the constraints faced by
Insurance Companies, as well as the developments in Financial Markets.
The Working Group reviewed the statutory provisions on the pattern of
Investment, Operational and Policy issues of Investment Regulations and
suggested amendments that would provide flexibility to the Authority in the
manner of Regulation on Investment of Life and General Insurance
Companies. The Group also looked into the concurrent modifications in the
formats of the prescribed Returns to reflect the changes.
2. The recommendations of the Working Group have been examined by
the Authority in the light of legal provisions and keeping in view the interests
of the stakeholders. The implementation of some of the proposals requires
appropriate changes in Regulations and evolution of suitable regulatory
framework. It was also observed by the Authority while monitoring
compliance with the regulations over a period that some of the extant
instructions/guidelines also needed clarity and consistency.
3. Accordingly, the Authority has initiated action to amend the provisions
of IRDA Investment Regulations, 2000 in order to implement the
recommendations of the Working Group and also to effect such changes that
are considered necessary to clarify the existing regulatory requirements. A
copy of the Gazette notification on the amended regulations is available at
our website www.irdaindia.org. Insurers are advised to peruse the notifi
cation to take the modifications on record for further compliance. For the
sake of convenience a brief summary of the changes proposed to be effected
in the Regulations is furnished in Annexure I.
Appendix `B'
4. Besides the amendment in regulations, it has also been decided to
effect some modifications in the extant Guidelines/ Circulars on investment
portfolio [Annexure - II] and also introduce certain requirement on the
Systems/Process of investment in the context of Risk Management
requirements. The proposals in this regard are outlined in Annexure III.
5. Insurers are advised to place the Circular before the Board at the next
meeting in order to apprise the Directors of the important changes brought
about in the management of investment portfolio. The Board should also be
advised of the specific time bound action taken to comply with the
requirements on investment systems and process wherever considered
necessary.
6. The changes would be effective from the dates indicated therein.
C. R. MURALIDHARAN
MEMBER
241
Technical Guide
Annexure I
AMENDMENT TO IRDA (INVESTMENT) REGULATIONS, 2000
Reg. Regulation Implication of Amendment
No.
2. DEFINITIONS
Investment Assets a. Investment Assets of Life and
General Insurance
Companies have been
defined along with valuation
methods.
Group b. Group will include Financial
Institutions for the purpose of
Exposure calculations.
Money Market Instruments c. Money Market Instruments
include rated CDs, CPs, TDs,
Repo, Reverse Repo,
Treasury Bills, Call, Notice,
Term Money, CBLO with
maturity less than one year.
3. RENAMING OF OTHER THAN
APPROVED INVESTMENTS
The Insurance Act,1938 under a. This category of Investments
Sections 27A (2) and 27B (3) will henceforth be referred to
refers to investment permitted as `Other Investments'.
under these sections as b. All provisions of the Act,
`Otherwise than in an Approved Regulations, Circulars and
Investments' and the IRDA Guidelines pertaining to
(Investment) Regulations, 2000 investments falling under
had interpreted it as 'Other than Sections 27A (2) and 27B (3)
Approved Investments'. of Insurance Act, 1938 shall
continue to be applicable as
such.
3. REGULATION OF
INVESTMENTS
Exposure Norms a. It is now proposed that the
Exposure Norms would be
applicable to ULIP Business
also.
Infrastructure Investments b. Infrastructure facility had
242
Appendix `B'
been aligned as per the
definition of Reserve Bank of
India.
c. Infrastructure Investments
would be subject to Investee,
Mortgage Backed Securities Group Exposure.
(MBS) d. Investment in MBS, rated as
per Guidelines, will fall under
`Approved Investments' and
will qualify for investment
under `Housing Sector' for
the purpose of pattern of
Investments.
e. MBS will be subject to
Industry Sector Exposure
Approved Investments and Rating Norms.
Requirement f. It is now proposed to
recognize securities
complying with the following
criteria as `Approved
Investments'.
i. Bonds/Debentures
issued by companies
(including All India
Financial Institutions,
recognized by RBI as
such) shall be rated not
less than AA or its
equivalent and P1 or
Equivalent ratings for
Short term Bonds/
Debentures/ CDs and
CPs.
ii. Tier II Bonds of Banks,
complying with the
above rating criteria,
will be classified under
Approved Investments.
g. Assets / Instruments,
downgraded below the
minimum rating prescribed
above, should automatically
243
Technical Guide
be re-classified under 'Other
Investments' category for the
purpose of pattern of
Investments.
h. The above approach will be
reviewed based on
experience after a period of
two years.
i. Rating should not replace
appropriate risk analysis and
management on the part of
the Insurer. The Insurer
should conduct risk analysis
commensurate with the
complexity of the product(s)
and the materiality of their
holding, or could also refrain
from such investments.
j. The modification will be
effective from August 1, 2008
5. COMPLIANCE TO EXPOSURE The Authority, to remove the
NORMS differential treatment of
IRDA (Investment) Regulations, a.provisions applicable to
2000 requires exposure norms to Public Sector and Private
be calculated based on Controlled Sector Insurers, had
Fund and Total Assets in the case amended the exposure
of Life and General Insurance norms as follows:
Companies respectively. b. 10% of Outstanding Shares
Regulation 3 of IRDA (Investment) (Face Value) or 10% of Fund
Regulations, 2000, in terms of size, whichever is lower, can
explanation in Section 27A of the be invested in Equity Shares
Act, had determined that assets of Investee Company.
relating to Pension Business, c. Sum of 10% of Subscribed
Annuity Business and Linked Life Share Capital, Free
Insurance. Reserves and
Business would not form part of Debentures/Bonds of
Controlled Fund for the purpose of Investee Company or 10% of
that section. Fund size, whichever is
lower, can be invested in
Debt instruments of Investee
Company.
d. A maximum of 5% of
244
Appendix `B'
Investments Assets of
General Insurers or 5% of
Investment Assets of funds
relating to life funds, pension
and general annuity funds in
the case of life insurer can be
invested in Immovable
Property as per Sec.
27A(1)(n) of Insurance Act,
1938.
e. A maximum of 25% of
Investment Assets can be
invested in Banking and
Financial Sector instruments.
f. Not less than 75% of debt
instruments excluding
Government and Other
approved Securities fund
wise, in the case of life
insurer and Investment
assets in the caser of general
insurer shall have a rating
of AAA or equivalent rating
for long term and P1+ or
equivalent for short term
instruments. This shall also
apply to Unit linked funds(s).
g. FDs, TDs, CDs invested as
per Sec. 27A(9) and 27B(10)
of the Act and subject to
Promoter Group Exposure
limits, would not be deemed
as Exposure to Banking
Sector.
Treatment of Free Reserves h. Free Reserves of the
Investee Company,
recognized in Regulations 5
of IRDA (Investment)
Regulations, 2000 under
Investee Company Exposure
Norms will be considered
under 27A(3), 27A(4), 27B(4)
245
Technical Guide
& 27B(5) in addition to the
Subscribed Share Capital
and Debentures of the
Investee Company.
i. At any point of time,
exposure to a single Investee
Company under 27A (3) and
27B (4) shall not exceed 10%
of the sum of Subscribed
Share Capital, Free
Reserves and
Debenture/Bonds, taken as
per the previous year
Balance Sheet of the
Investee Company.
6. RETURNS TO BE FURNISHED
Introduction of new periodical a. All forms have been
returns and amendment to existing amended for the various
returns. decisions reached.
b. All returns are required to be
filed on a Quarterly basis.
The period of submission has
been increased from 21 to 45
days to ensure proper sync
with Actuarial returns.
c. FORM 3C is no more
required to be filed.
d. FORM 7A is introduced to
capture details of Non-
Performing Assets.
9. CONSTITUTION OF a. Chief of Investment (CIO)
INVESTMENT COMMITTEE and Chief of Finance (CFO)
AND INVESTMENT POLICY will be different individuals in
Investment Committee the Investment Committee
Investment Policy and Investment (IC)
Department b. Investment Policy need not
be filed with the Authority.
But is required to be drawn in
respect of each Unit linked
fund.
c. Investment Policy should
246
Appendix `B'
address all risks, Scope of
Internal and Concurrent
Audits including investment
Statistics.
d. To ensure internal control of
Investment function, the
Insurer is required to
segregate operations and
functions between Front, Mid
and Back Office. Further, the
Front office will report
through CIO to the CEO. The
Mid and Back Office, headed
by separate personnel, will
report through CFO to the
CEO.
e. Issues relating to Internal and
Concurrent Audit made clear.
Audit is made to cover
Investment Operations and
System & Process supporting
Investment Operations.
247
Technical Guide
Annexure II
1. NEED FOR INVESTMENT SYSTEMS
IRDA (Registration of Companies) Regulations, 2000 under Regulation 7
(c) of Chapter II requires every Insurer to carry on all functions in respect
of the Insurance business including management of investments within its
own organization. In the context of the increasing volumes of the Unit
linked life Insurance business and consequent market risk being assumed
by the policyholders, it is appropriate to specify the minimum requirements
for risk management systems within the Insurers, with particular reference
to the investment activity (Please see Annexure III enclosed). The
Investment Risk Management Systems & Processes specified, outline the
minimum requirement to be in place. While it is likely that some of the
Insurers have already put in place adequate systems and processes
consistent with the proposals, there may be others who need to modify the
systems to achieve compliance. Hence the effective date for adoption of
the suggested measures by all insurers shall be not later than December
31, 2008. All Insurance Companies, seeking registration henceforth shall
comply with this guideline, as a part of the registration process. The
Authority advises that a Chartered Accountants firm, who is not the
Statutory or Internal or Concurrent Auditor of the concerned Insurer and
having a minimum of three to four years audit experience of IT systems,
risk management and process controls of Banks or Mutual Funds or
Insurance Companies, shall certify that the Investment Risk Management
Systems and Processes envisaged by these guidelines are in place and
working effectively. The Insurer shall file with the Authority, the Chartered
Accountants certificate not later than the 1st week of January, 2009.
2. RENAMING OF OTHER THAN APPROVED INVESTMENTS AS
`OTHER INVESTMENTS'
The Insurance Act, 1938 under Sections 27A (2) and 27B (3) refers to
investment permitted under these sections as `otherwise than in an
approved investment'. IRDA (Investment) Regulations, 2000 refers it as
`other than approved investments'. For simplicity, this category of
investment will henceforth be referred to as `Other Investments'. All
provisions of the Act, Regulations, Circulars and Guidelines pertaining to
investments falling under Sections 27A (2) and 27B (3) of Insurance Act,
1938 shall continue to be applicable as such.
248
Appendix `B'
3. TREATMENT OF FREE RESERVES AND EXPOSURE
The Insurance Act, 1938 under Sections 27A (3), 27A (4), 27B (4) and
27B (5) allows exposure to banking companies, investment companies
and other companies based on the least of Capital Employed or the
specified percentage of `controlled fund' in the case of Life insurer and
`assets' in the case of general insurance companies. Further, the
Insurance Act, 1938 do not recognize `free reserves' as a part of capital
employed, though the same is recognized in IRDA (Investment)
Regulations, 2000 for calculating the investee company exposure norms.
It is now clarified that:
a. In addition to subscribed capital and debentures, `free Reserves' of
the investee company, recognized in Regulations 5 of IRDA
(Investment) Regulations, 2000 under investee company exposure
norms, shall be considered in calculating the exposure under
27A(3), 27A (4), 27B (4) and 27B (5).
b. Also, at any point of time, the exposure to Investee Company under
Sections 27A(3) and 27B(4) shall not exceed 10% of the sum of
paid-up share capital, free reserves and debenture/bonds, taken as
per the audited balance sheet not more than one year old of the
investee company.
c. The effective date for adoption of norm by all insurers shall be from
August 1, 2008.
4. INVESTMENT IN IPOs
The Authority had issued Circular INV/CIR/046/2004-05 Dt: November 8,
2004 on Investment in Initial Public Offer which was further modified vide
Circular INV/CIR/059/2004-05 dated December 28, 2004. As compliance
with a few conditions mentioned in the above circular posed operational
difficulties, the guidelines have been reviewed to effect the following
changes:
(i) Equity Shares offered through IPO which comply with the criteria
listed in the circular INV/CIR/046/2004-05 dated November 8, 2004
for categorization as `Approved Investments' would henceforth
include `Offer for sale' also.
(ii) The criterion on minimum size of the IPO including Offer for Sale
for investment by Insurers would now stand uniform at Rs. 200
249
Technical Guide
Crores in super session of the instructions at item 2 and 3 of our
Circular of November 8, 2004 and that contained in Circular
INV/CIR/059/2004-05 dated December 28, 2004.
(iii) It has now been decided that the details of investments in Equity
Shares through IPOs required to be filed with IRDA vide Circular
dated November 8, 2004 need not be filed with the Authority with
effect from August 1, 2008
(iv) It has also been decided to prescribe the following limits for
investments in IPOs by insurers:
LIMIT FOR INVESTMENT IN `IPO'
In the case of Life Insurance Company, the maximum bid amount (and not
Margin Money) to be invested in IPO shall be the lesser of the following:
(a) 10% of Subscribed Capital (Face Value) of the Investee Company
(including the proposed Equity issue through IPO) or
(b) 10% of the `Fund'.
In the case of General Insurance Company, the maximum bid amount (and not
Margin Money) to be invested in IPO shall be the lesser of the following:
(a) 10% of Subscribed Capital (Face Value) of the Investee Company
(including the proposed Equity issue through IPO) or
(b) 10% on the Investment Assets.
Note: `Fund' shall refer to all investment funds under management put together.
5. INVESTMENT IN MUTUAL FUNDS
As Gilt, G Sec and Liquid Mutual Funds, predominantly invest in
Government Securities and Money Market instruments, the Authority has
decided to revise the existing guidelines on investment in Mutual Funds.
These investments in Gilt, G Sec and Liquid Mutual Funds would form
part of `Approved Investment' under IRDA (Investment) (Fourth
Amendment) Regulations, 2008 as per guidelines listed below. However,
these investments should not be used as long-term investments instead of
investing directly in Government Securities. This Guideline shall be
effective from August 1, 2008.
Any Investment made in other categories of Mutual Funds, including those
which partly invest in Government Securities and Money Market
250
Appendix `B'
instruments, will fall under `Other Investments', which in turn shall be
subject to the limits prescribed in the guidelines issued under IRDA
(Investment) Regulations, 2000 along with the norms mentioned below.
A. NORMS FOR MUTUAL FUND INVESTMENTS
The investment shall be restricted to schemes of Mutual Funds comprising
of Liquid, Gilt, G Sec or Debt/Income funds and subject to the following
conditions:
i. The Mutual Fund should be registered with SEBI and be governed
by SEBI (Mutual Funds) Regulations, 1996.
ii. Gilt, G Sec, Liquid MFs, Debt/Income shall have the same meaning
as under SEBI Regulations.
iii. The insurer shall ensure proper diversification among various
Mutual Funds to minimize risk.
iv. The Investment Committee of the Insurer shall lay down proper
Guidelines for selection of Mutual Funds and schemes permissible
including exposure norms to a Single Mutual Fund and to each
Scheme of Mutual Fund to avoid concentration.
v. Where the schemes of mutual funds in which such investment is
made by an Insurer, is managed by an Investment Manager who is
under the direct or indirect management or control of the Insurer or
its promoter, the same shall not exceed 3% of Life Fund and 5% of
Unit Linked Fund/Investment Assets.
B. OVERALL INVESTMENT/EXPOSURE LIMIT
i. The investment in Gilt, G Sec, Liquid Mutual Funds at any point of
time, under the Approved Investment category shall be as under:
Fund size Limit
Above Rs.50000 Crores in the 1.5 % of the Fund in the case
case of Life Company and of Life Company and 1.5% of
above Rs.2000 Crores in the Investment Assets in the case
case of General Insurance of General Insurance
Company. Company
Upto Rs.50000 Crores in the 5% of the Fund in the case of
case of Life Company and up to Life Company and 5% of
251
Technical Guide
Rs.2000 Crores in the case of Investment Assets in the case
General Insurance Company. of General Insurance
Company.
ii. In addition to the above, the maximum investments in Mutual
Funds falling under `Other Investments' Category, shall be as
follows:
Nature of Private Sector Public Sector
Business
Life Fund ULIP Life Fund ULIP
Life 7.5% 12.5% 3% 5%
Non Life 12.5% 5%
The percentage in the above table refers to in the case of:
Life Companies - to individual Fund Size
General Insurance Companies - to Investment Assets.
iii. Investment in Gilt, G Sec, Liquid Mutual Funds beyond the
percentage mentioned in the table under point B(i), will
automatically fall under the `Other Investments' category in
calculating pattern of investment.
C. VALUATION OF MUTUAL FUND INVESTMENTS
i. The purchase and sale of units shall be calculated at Weighted
Average Cost. Also, the insurer shall report the aggregate Market
Value of such Mutual Funds in FORM 5 and FORM 5A of IRDA
(Investment) Regulations, 2000,
ii. A separate Fair Value Change Account for Mutual Fund
Investments shall be maintained.
iii. The unrealized gains/losses arising due to changes in fair value of
the Mutual Funds shall be taken to `Fair Value Change Mutual
Fund' account. The Profit/Loss on sale of Mutual Fund units, shall
include accumulated changes in the Fair value previously
recognized in Mutual Funds under the heading "Fair Value Change
Mutual Fund" in respect of a particular Mutual Fund and being
recycled to Revenue/Profit and Loss Account on actual sale of
Mutual Fund units.
252
Appendix `B'
iv. The Insurer shall assess, on each Balance Sheet date, whether
any diminution in the value has occurred to the Investment. A
diminution in the value of investments shall be recognized as an
expense in Revenue/Profit and Loss Account to the extent of the
difference between the remeasured fair value of the Investment
and its Cost as reduced by any previous diminution in value of
investments is recognized as expenses in Revenue/ Profit and
Loss Account. Any reversal of diminution in value of investments
earlier recognized in Revenue/Profit and Loss Account shall be
recognized in Revenue/Profit and Loss Account.
v. In the case of Unit Linked Business, Mutual Fund units shall be
valued at NAV.
6. INVESTMENT IN ASSET BACKED SECURITIES, PTCs & SRs
The extant Guidelines INV/GLN/001/2004-05 dated January 1, 2004 allow
investment in Pass through Certificates (PTC) under Approved Sectors, namely
`Infrastructure/Social Sector'. The Authority, after considering the request of
Insurers, the significant growth of this market and the suitability of these
instruments to match the long-term liabilities of insurers has decided to reckon
them as `Approved Investments' subject to the following conditions. Hence, Asset
Backed Securities, but only with underlying Housing loans and infrastructure
assets would be reckoned to be part of Approved Investments subject to
exposure norms, under Housing, Infrastructure Sector Investments for the
purpose of Regulation 3 and 4 of IRDA (Investment) Regulations, 2000 as
modified now. This Guideline shall be effective from August 1, 2008.
The investment in Asset Backed Securities with underlying Housing and/or
Infrastructure assets [as defined under Regulation 2(h) of IRDA (Registration of
Indian Insurance Companies) Regulation, 2000] may be deemed as a part of
"Approved Investments" and Pass Through Certificates (PTCs), Asset backed
Securities (ABS) and Security Receipts (SRs) may be deemed as part of "Other
Investments" for the purpose of Regulation 3 and 4 of IRDA (Investment)
Regulations, 2000 subject to following exposure and prudential norms:
1. The securitized assets must be rated and shall have highest rating by a
reputed Credit Rating Agency, registered under SEBI (Credit Rating
Agencies) Regulations, 1999.
2. The investment in Asset Backed Securities with underlying Housing
and/or Infrastructure assets shall at `all times' not exceed 10% of
253
Technical Guide
respective fund(s) in the case of Life Insurance Companies and not more
than 5% of Investment Assets in the case of General Insurance
Companies.
3. If the Asset Backed Securities with underlying Housing and/or
Infrastructure assets are downgraded below AAA, or the highest rating,
such investment shall be re-classified as `Other Investments'.
4. In case the cash-flows from such instrument are not received on due
dates, the investment in such assets are to be re-classified as "Other
Investments" from such date for reporting to the Authority through FORM
3A (Part A) of IRDA (Investment) Regulations, 2000.
5. The investments in securitized assets, both under Approved and Other
Investments, taken together shall not exceed 10% of fund size in the case
of Life Companies and not more than 5% of Investment Assets in the case
of General Insurers.
6. The Insurer shall lay down internal guidelines for investment in securitized
assets (ABS, PTCs and SRs) to avoid concentration with regards to
issuer, tenor and type of underlying and any other criteria to achieve
diversification.
7. All guidelines of Classification, Income Recognition and Valuation of
Assets issued by the Authority shall be applicable to such investments.
7. INVESTMENTS IN PERPETUAL DEBT INSTRUMENTS
In terms of the Circular IRDA/INV/CIR/005/2006-07 Dt. April 28, 2006 on
`Investment in Innovative Perpetual Debt Instrument of Bank Tier 1 Capital and
Debt Capital of Banks Upper Tier 2 Capital' within certain limits are considered
under `Approved Investment'. As it is represented that the current ceiling on
maximum investment in the bonds is restrictive, IRDA has reexamined the issue
and has decided to delete the maximum permissible limit for such instruments by
Life and General Insurers prescribed in paras 3 and 4 of the above Circular
dated April 28, 2006. The revision will be effective from August 1, 2008.
8. INVESTMENT IN VENTURE FUNDS
The Authority vide Circular INV/CIR/007/2003-04 dated: December 15, 2003 had
listed the conditions and maximum investment that can be made in Venture
Funds. While investment in Venture Funds would continue to be categorised
under `Other Investments' as per IRDA (Investment) Regulations, 2000 as
254
Appendix `B'
amended from time to time, the following special guidelines may be kept in view
in respect of Venture Funds:-
1. The decision to invest in the Venture Fund shall remain with the
Investment Committee of the Insurer, and within the approved Investment
Policy of the Insurer, subject to appropriate prudential and exposure
norms and complying with the provisions of IRDA Regulations concerned.
2. The Venture Fund would invest in Infrastructure Projects as defined under
IRDA (Registration of Indian Companies) Regulations, 2000 as amended
from time to time. [Refer latest amendment to `infrastructure facility' under
Regulation 2 (h) of Insurance Regulatory and Development Authority
(Registration of Indian Insurance Companies) (Second Amendment)
Regulations, 2008 vide GO Gazette notification dated February 11, 2008.]
3. Investments in Venture Fund(s) shall be subject to the following exposure
norms:
Particulars Overall exposure limits
Limits for Investment Life Insurance Company
in `Venture Fund' 3% of respective Fund (or)
10% of Venture Fund's Size, whichever is
lower.
General Insurance Company
5% of Investment Assets (or)
10% of Venture Fund's Size, whichever is
lower.
The above conditions supersede those issued in the Circular INV/CIR/007/2003-
04 dated: December 15, 2003. The new Guidelines will be effective from August
1, 2008.
9. APPOINTMENT OF CUSTODIAN
Section 28B(3) of The insurance Act, 1938 requires every insurer to submit,
along with the returns referred to in Sections 28B(1) and 28B(2), a statement,
where any part of the assets are in the custody of a Banking Company, from that
company, and in any other case, from the Chairman, two directors and the
Principal Officer, of the company specifying the assets, which are subject to a
charge and certifying that the other assets are held free of encumbrance, charge,
hypothecation or lien. The Authority, has also prescribed FORM 6 in the IRDA
255
Technical Guide
(Investment) Regulations, 2000 for the certification. Currently the custodian
appointed by the Insurer (which could be either belonging to the Insurer's
promoter group or otherwise) issues a certificate to the above effect and the
Insurer, as required under the Act, certifies that the Assets held are free from
encumbrance, charge, hypothecation or lien.
Considering the implications of the certification by the Custodian belonging to the
Insurers Promoter Group of the Insurer, it is decided that all insurers should
comply with the following norms:
A. Appointment of Custodian
(i) The Board of the Insurance Company shall be responsible for the
appointment of Custodian to carry out the custodial service for its
Investments.
(ii) No custodian in which the promoter or its associates hold 50% or
more of the voting rights of the Share Capital of the custodian or
where 50% or more of the Directors of the Custodian represent the
interest of the promoter or its associates shall act as Custodian for
the Insurance Company constituted by the same promoter or any of
its associates or subsidiary company.
B. Agreement with Custodian
(i) The Insurer shall enter into a custodial agreement with the
Custodian, which shall contain the clauses, which are necessary for
the efficient and orderly conduct of the affairs of the Custodian.
(ii) The agreement, the services contract, terms and appointment of
the Custodian shall be entered into with the prior approval of the
Board.
Insurers who are not compliant currently with the above conditions shall take
immediate steps to achieve compliance not later than December 31, 2008, under
intimation to the Authority.
10. SEGREGATION OF SHAREHOLDERS & POLICYHOLDERS FUNDS
The Insurance Act, 1938 under Section 11 (1B) requires `Every insurer to keep
separate accounts relating to funds of shareholders and policyholders'. Taking
note of representations of general insurance companies, as a measure of
practical application, the provisions of Section 11(1B) would be deemed to have
been complied with, in the case of General Insurance Company, if Investments
256
Appendix `B'
are `allocated' to the policyholders' funds to the extent of the Technical reserves
in respect of general insurance business and the specifi c liabilities of general
insurance business and the balance shown as Shareholders' funds. However, a
Life Insurer should continue to maintain strict segregation of Investments
between Shareholders and Policyholders funds at `Scrip' level for every
individual fund under any class of business without making arbitrary transfer of
investments from one fund to another. Further, both Life and General insurers
should make necessary arrangements (through a separate Custody Account) to
facilitate identification of investment out of Shareholders funds that do not
support Solvency Margin and which is not covered by the prescribed pattern of
Investments. This Guideline shall be effective from December 31, 2008.
11. OUTSOURCING OF INVESTMENT ADVICE
The Authority, considering the cost involved in setting up Research and advisory
divisions would permit outsourcing of Investment advice only at the initial stages
and till the insurers attain a Fund Size of Rs.500/- Crores Assets under
Management (AUM) or two years from the commencement of business,
whichever is earlier, subject to the following conditions:
a. The Investment decisions are made within the Company with proper
documentation within the delegated power as provided in the Investment
Policy.
b. Deal placement and execution are done by the Front Office personnel.
c. Periodic reports to Management and Authority are drawn by the Company
(in-house).
d. The advisory fee to be paid to the Service Provider is on a case-to-case
basis and not on Net Asset Value.
The advisory fee shall:
a. not form part of NAV calculations in the case of ULIP business
b. be paid out of Shareholders funds not representing Solvency Margin.
The Authority may, on an application made to it by an existing insurer, for
valid reasons, grant a further period of time of not more than one year to
comply with the above direction.
257
Technical Guide
12. OUTSOURCING OF `NAV' CALCULATION
The permission to outsource Computation of NAV would be available only up to
attainment of Fund Size of Rs.500/- Crores (Assets under Management) or two
years from the commencement of business, whichever is earlier. Also, the fees
paid to the service provider shall not form part of NAV calculations.
The Authority may, on an application made to it by an existing insurer, for valid
reasons, grant a further period of time of not more than one year to comply with
the above direction.
258
Appendix `B'
Annexure III
INVESTMENT RISK MANAGEMENT SYSTEMS & PROCESSES
A. GENERAL
1. FRONT & BACK OFFICE OPERATIONS
a. Insurer having Assets under Management (AUM) in excess
of Rs.500 Crores shall ensure separate personnel acting as
fund manager and dealer.
b. The Investment System should have separate modules for
Front and Back Office.
c. Transfer of data from Front Office to Back Office should be
electronic without Manual intervention (Real time basis) i.e.,
without re-entering data at Back Office.
d. The Insurer may have multiple Data Entry Systems, but all
such Systems should be seamlessly integrated without
manual intervention.
e. The Front Office shall report through the Chief Investment
Officer (CIO) to the Chief Executive Officer (CEO). The Mid
Office and Back Office, to be headed by separate personnel,
shall be under the overall responsibility of Chief Financial
Officer (CFO) who shall independently report to the CEO.
2. EMPLOYEE DEALING GUIDELINES
a. The Standard Operating Procedure followed by the Insurer
shall clearly specify the Guidelines to be adhered by the
Dealer i.e., the Insurer shall clearly specify the Trading
guidelines for Personal Investments of the dealer. The
compliance of this requirement shall be commented upon by
the Internal/Concurrent Auditor.
3. MAKER CHECKER PROCESS
a. Insurer should have the procedure of Maker/Checker
mapped in their Standard Operating Procedure/Operations
Manual of Investment Operations. The Internal/Concurrent
Auditor shall comment on such practice in his report.
259
Technical Guide
4. AUDIT TRAIL AT DATA ENTRY POINTS
a. The Audit trail should be available for all data entry points
including at the Checker/Authorizer level.
5. BUSINESS CONTINUITY PROCESS
a. To ensure Business continuity, the Insurer should have a
clear Off-site Back-up of Data in a City falling under a
different Seismic Zone, either on his own or through a
Service Provider. Further, the Insurer/service provider (if
outsourced) is required to have the necessary infrastructure
for Mission Critical Systems to address at least the following:
1. Calculation of daily NAV (Fund wise)
2. Redemption processing.
B. FRONT OFFICE
1. SEGREGATION OF FUND MANAGER/DEALER
a. Investment Department should have documented the
segregation of Fund Managers and Dealers through
Authority Matrix as a part of its `Standard Operating
Procedure'.
b. The Insurer should have documented the Access Controls
and Authorization process for Orders and Deal execution.
c. The Dealing Room should have a Voice Recorder and
procedure for maintaining the recorded conversation and
their disposal including procedure like no mobile phone
usage in dealing rooms and other best practices.
2. INVESTMENT IN INVESTEE/GROUP COMPANY/INDUSTRY
SECTOR
a. System based checks should be in place for investments in
an Investee Company, Group and Industry Sector. The
system should signal when the Internal/Regulatory limits are
nearly reached PRIOR to taking such exposure and making
actual investment.
260
Appendix `B'
3. INTER FUND TRANSFER
a. The System should handle Inter Fund transfer as per
Circular IRDA-FA-02-10-2003-04. The Investment
Committee may fix the Cut Off time as per Market practice,
for such transfer within the fund. (The inter fund transfer
should be like any other Market deal and the same needs to
be carried out within the Market hours only.)
C. MID OFFICE
1. MARKET RISK
a. The system should be capable of computing various portfolio
returns.
b. Regular limits monitoring and Exception Reporting. Also
reporting on movement of prices.
2. LIQUIDITY RISK
a. The Insurer should have a Cash Management System to
provide the funds available for Investment considering the
settlement obligations and subscription and redemption of
units etc., to preempt any leveraged position or liquidity risk.
b. The System should be validated not to accept any
commitment beyond availability of funds.
3. CREDIT RISK
a. The Investment System should capture Instrument Ratings
to enable it to automatically generate FORM 2 (Statement of
Downgraded Investments) through the System.
b. System should automatically monitor various Regulatory
limits on Exposure & Rating.
c. The System should have the ability to track changes in
ratings over a period and generate appropriate alerts, along
with ability to classify investment between Approved and
Other Investments.
d. The Insurer should conduct periodic credit reviews for all
companies in the portfolio. The periodicity should be clearly
mentioned in the Investment Policy.
261
Technical Guide
e. The Insurer is required to keep a track of movement of
Securities between Approved and Other Investments Status,
as a part of Audit trail, at individual security level.
4. TRACKING OF REGULATORY LIMITS
a. The System should have key limits preset for ensuring
compliance with all Regulatory requirements and should be
supported by workflow through the System, (Real time
basis) for such approval, if Regulatory limit is close to be
breached.
b. The System should have capability of generating Exception
reports for Audit by Internal/Concurrent Auditor.
5. REVIEW, MONITORING AND REPORTING
a. System should automatically track and report all internal
limits breaches. All such breaches should be audited by
Internal/Concurrent Auditor.
b. Implementation and Review of Asset & Liability Matching
and other Investment Policy Guidelines.
D. BACK OFFICE
1. DATA INPUT ERROR
a. The system should be validated in such a way, that the Deal
can only be rejected by the Back Offi ce and not edited.
2. SETTLEMENT RISK
a. The System should be validated to restrict Short Sales at the
time of placing the order.
3. COMPUTATION OF `NAV'
a. The System should be capable of computing NAV and
compare it with the NAV computed by the Service provider,
if outsourced.
b. The Insurer should maintain NAV history (Fund wise) in his
Public Domain from the Start of the Fund to Current Date.
c. `NAV' error Computation & Compensation
262
Appendix `B'
1. All expenses and incomes accrued up to the
Valuation date shall be considered for computation of
NAV. For this purpose, while major expenses like
management fees and other periodic expenses
should be accrued on a day to day basis, other minor
expenses and income can be accrued on a weekly
basis, provided the non-accrual does not affect the
NAV calculations by more than 1%.
2. Any changes in Securities and in the number of Units
should be recorded in the books not later than the first
valuation date following the date of transaction. If this
is not possible, the recording may be delayed upto a
period of seven days following the date of the
transaction. Provided, the non-recording does not
affect the NAV calculations by more than 1%.
3. In case the NAV of a Plan differs by more than 1%
due to non-recording of the transactions or any other
errors/mistakes, the investors or fund(s) as the case
may be, shall be paid the difference in amount as
follows:-
(i) If the investors are allotted units at a price higher than
NAV or are given a price lower than NAV at the time
of sale of their Units, they shall be paid the difference
in amount by the plan.
(ii) If the investors are charged lower NAV at the time of
purchase of their units or are given higher NAV at the
time of sale of their units, the Insurer shall pay the
difference in amount to the Plan and shall be
compensated from Shareholders portfolio that does
not support Solvency Margin.
(iii) The Internal/ Concurrent Auditor shall look into the
above issues and specifically report on it and
comment on the Systems in place to take care of
such issues on an ongoing basis.
(iv) A log of NAV errors shall be maintained in the System
and be forwarded to Internal/Concurrent Auditors.
263
Technical Guide
4. ERRORS DURING BROKER EXECUTION LEG
a. All Equity deals should be through STP gateway for all
broker transactions.
5. UPLOADING OF VALUATION PRICE FILES
a. System to have capability to upload Corporate Actions such
as Stock Splits, Dividend, Rights Issue, Buy Back, Bonus
issues etc., for computation of NAV/Portfolio valuation.
6. RECONCILIATION
a. Fund wise, in the case of Life Insurers, reconciliation with
Investment Accounts, Bank, and Custodian records should
be done on day-to-day basis for all types of products. In the
case of ULIP products, Units reconciliation with Policy Admin
Systems should be ensured on a day to day basis.
b. In the case of General Insurer/Re-insurer reconciliation with
Investment Accounts, Bank and Custodian records should
be done on a day-to-day basis.
E. INTERNAL/CONCURRENT AUDIT
a. An Insurer having Assets under Management (AUM) not more than
Rs.1000 Crores shall conduct a Quarterly Internal Audit to cover
both Transactionsand related Systems. Insurers having AUM
above Rs.1000 Crores should appoint a Chartered Accountant firm
for Concurrent Audit, to have the transactions and related Systems
audited.
b. The Audit Report shall clearly state the observation at transaction
level and its impact, if any at System level. The Audit Report shall
be based on Exception Reporting.
c. The Auditor shall clearly state that the Insurer had done the
reconciliations as required under point D.6.a. and D.6.b.
d. Segregation of `Shareholders & Policyholders' funds
1. In the case of a Life Insurer, each individual fund, both falling
under Shareholder/Policyholders', under any class of
business, has `scrip' level investments to comply with the
provisions of Section 11(1B) of Insurance Act, 1938
264
Appendix `B'
2. Furthermore the Shareholders funds beyond Solvency
Margin, to which the pattern of Investment will not apply,
shall have a separate custody account with identified scrips
for both Life and General Insurance Companies.
e. The Insurer is required to place the Audit Report before the Audit
Committee and implement all its recommendations.
f. The Insurer shall, along with Quarterly Investment Returns to be
filed with the Authority, shall confirm in FORM 4, that the Internal/
Concurrent Audit observations, up to the Quarter preceding the
Quarter to which the Returns are filed, were placed before the Audit
Committee for its recommendation and action taken.
Note: Points A (5.a.1) and D (3) are specific to ULIP Business.
265
Appendix `C'
Date: 1st April, 2013
REF: IRDA/F&I/CIR/INV/067/04/2013
The CEOs of all Insurers
Dear Sir / Madam,
Sub: IRDA (Investment) (Fifth Amendment) Regulations, 2013 Reg.
As you are aware, based on the experience gained from the earlier
amendments, feedback received through internal/Concurrent Audit report
and periodical returns filed with the Authority, various issues were discussed
with Working Group of professionals drawn from Industry, experts from SEBI
and Department of Financial Service, MoF, Life Insurance Council, General
Insurance Council in evaluating the need for introducing new
instruments/amending existing regulatory framework to enable Insurers
deploy funds more prudently without sacrificing safety, disclosure and
governance requirements, very specific to Insurance Industry.
The recommendations were analysed for legal and regulatory consistency,
as well as the developments in Financial Markets including Unit Linked
Insurance Policies as one of the product portfolios of life insurers. Also, the
Authority during Investment Inspection observed that few regulations
required clarifications. Thus the Authority initiated the process for amending
the Investment Regulations to address the need of the Industry. The copy of
the Gazette Notification on the amended regulation is placed at
www.irda.gov.in Insurers may take note of the same for compliance. For the
convenience of the Insurers, the brief details of the important changes
brought in the 5th Amendment and clarification required are provided in
Annexure-I. The regulations shall be effective from 1st April, 2013 and
where ever the regulations demand departure from the effective date, the
same are mentioned therein.
The Insurers are hereby informed to place the Regulations, Circulars and
Guidelines issued before their Board in their next meeting to apprise their
Board of the important changes that have been brought in the 5th
Amendments to IRDA (Investment) Regulations, 2000
R K NAIR
Member (F&I)
Appendix `C'
Annexure 1
KEY CHANGES IN IRDA (INVESTMENT) REGULATIONS, 2000 AS
AMENDED BY IRDA (INVESTMENT) (5TH AMENDMENT) REGULATIONS,
2013
Reg. No REGULATION IMPLICATION OF
AMENDMENT
2(f) "Group" means: two or more Use of common brand names
individuals, association of shall be looked in conjunction
individuals, firms, trusts, with other parameters of
trustees or bodies corporate, or significant influence and / or
any combination thereof, which control, whether direct or
exercises, or is established to indirect.
be in a position to exercise,
significant influence and / or
control, use of common brand
names, directly or indirectly,
over any associate as defined
in AS 23, body corporate, firm
or trust, or (ii) Associated
persons, as may be stipulated
by the Authority, from time to
time, by issuance of guidelines
under these regulations
2(g) "Investment Assets" mean all Pattern of Investment will not be
investments made out of: applicable for Shareholders'
(1) in the case of a Life Insurer funds held in business beyond
(i) shareholders' funds required solvency margin. But
representing solvency such excess shall be:
margin, non-unit i. made only after fully
reserves of unit linked complying with mandatory
insurance business, investment in Central
participating and non- Government Securities,
participating funds of State Government and
policyholders at their Other Approved Securities
carrying value and in Housing &
(ii) policyholders' funds of Infrastructure Investments
from funds representing
267
Technical Guide
Reg. No REGULATION IMPLICATION OF
AMENDMENT
Pension, Annuity solvency margin.
business and Group ii. such excess of
business at their Shareholder's funds, held
carrying value beyond Solvency Margin
(iii) policyholders' unit requirement, shall be held
reserves of unit linked in a separate custody
insurance business at account with identified
their market value as scrips
per guidelines issued iii. such excess funds shall be
under these determined only after
regulations, from time Actuarial Valuation, certified
to time by Appointed Actuary and
(2) in the case of a General such valuation is filed with
Insurer the Authority.
(i) shareholders' funds iv. such transfer made
representing solvency between quarters, shall be
margin and certified by the Concurrent
policyholders funds at Auditor to have complied
their carrying value with the above mentioned
as shown in its balance sheet requirement
drawn as per the Insurance Exposure Norms of `investee
Regulatory and Development company', `group', `promoter
Authority (Preparation of group' and `industry sector' shall
Financial Statements and be applicable to both funds
Auditors' Report of Insurance representing solvency margin
Companies) Regulations, 2000, [FRSM] and funds held in excess
but excluding items under the of required solvency margin.
head `Miscellaneous Expenditure
4 Pattern of Investment: Any investment made in Central
In the case of Life Insurers, the Government Securities, State
Regulations require total Government Securities, Other
Investment in housing and Approved Securities, (provided
infrastructure (i.e.,) investment in the respective government
categories (i), (ii), (iii) and (iv) of issues such a security
Regulation 4, taken together specifically to meet the needs of
268
Appendix `C'
Reg. No REGULATION IMPLICATION OF
AMENDMENT
shall not be less than 15% of the any of the sectors specified as
fund under Regulation 3(a)" `infrastructure facility') along with
Approved Investments and Other
Investments will qualify for the
mandatory requirement of not
less than 15% to be investment
in Housing and Infrastructure
Investments. But in any
combination the total investment
falling under Other Investments
cannot exceed 15% of fund
under Regulation 3(a)
Exposure Norms of `Investee
Company', `Group', and
`Promoter Group' shall apply to
investments made in housing
and infrastructure. Any
investment made in housing and
infrastructure as per earlier
regulations which are in excess
of the limits specified as per
Regulation 9, as at 31st March,
2013, Investee company, Group,
Promoter Group wise, as
certified by the Internal /
Concurrent Auditor shall be filed
with IRDA. No further exposure
shall be made in such
companies.
The Insurer shall make all efforts
to re-align the exposure to be in
line with regulations. In
compliance to this direction, the
Insurer shall commit the time
required to the Authority.
269
Technical Guide
Reg. No REGULATION IMPLICATION OF
AMENDMENT
6 Unit Linked Insurance
Business:-
Every insurer shall invest and at The insurer shall invest only in
all times keep invested his such investments for which the
segregated fund(s)under day-to-day Valuations are
Regulation 3(c)(with underlying available. No investment can be
securities at custodian level) of made in any Funds of Fund or a
Unit linked business as per fund for which NAV is not
pattern of investment offered to available on a day-to-day basis.
and approved by the policy-
holders where the units are
linked to categories of assets
which are both marketable and
easily realizable. However the
investment in Approved
Investments shall not be less
than 75% of such fund(s) in each
such segregated fund"
7 Pattern of Investment: Any investment made in Central
In the case of General Insurer, Government Securities, State
the Regulations require Total Government Securities, Other
Investment in housing (i.e.,) Approved Securities, (provided
investment in categories (i), (ii), the respective government
(iii) and (iv) of Regulation 7 taken issues such a security
together shall not be less than specifically to meet the needs of
5% of the Investment Assets; any of the sectors specified as
and `housing' or `infrastructure
Total Investment in facility') along with Approved
Infrastructure (i.e.,) investment Investments and Other
in categories (i), (ii), (iii) and (iv) Investments will qualify for the
of Regulation 7 taken together mandatory requirement of not
shall not be less than 10% of the less than 5% and 10% to be
Investment Assets. investment in `Housing' and
`Infrastructure' Investments
respectively. But in any
270
Appendix `C'
Reg. No REGULATION IMPLICATION OF
AMENDMENT
combination, the total investment
falling under Other Investments
cannot exceed 25% of
Investment Assets
Exposure Norms of `Investee
Company', `Group', and
`Promoter Group' shall apply to
investments made in housing
and infrastructure. Any
investment made in housing and
infrastructure as per earlier
regulations which are in excess
of the limits specified as per
Regulation 9, as at 31st March,
2013, Investee company, Group,
Promoter Group wise, as
certified by the Internal /
Concurrent Auditor shall be filed
with IRDA. No further exposure
shall be made in such
companies.
The Insurer shall make all efforts
to re-align the exposure to be in
line with regulations. In
compliance to this direction, the
Insurer shall commit the time
required to the Authority.
3 to 8 Note 7 (a) for the purpose of In calculating the 75% and 65%
Regulation 3 to 8 of investment in `Debt'
Not less than 75% of investment instruments in the case of Life
in debt instruments (including and General insurers
Central Government Securities, respectively, the following shall
State Government Securities or not be taken either in the
Other Approved Securities) in the numerator or denominator:
case life insurer and not less 1. Reverse Repo with
271
Technical Guide
Reg. No REGULATION IMPLICATION OF
AMENDMENT
than 65% of investment in debt corporate bond underlying
instruments (including Central 2. Fixed Deposit
Government Securities, State 3. Investment in Promoter
Government Securities or Other Group Mutual Fund(s) and
Approved Securities) in the case un-rated Mutual funds
of general insurer - shall be in
sovereign debt, AAA or
equivalent rating for long term
and sovereign debt, P1+ or
equivalent for short term
instruments. This shall apply at
segregated fund(s) in case of
Unit linked business
9 Exposure Norms compliance: In compliance of Regulation 9,
the Insurer shall file a statement,
a. Investee Company Exposure as at 31st March, 2013, with the
b. Group Company Exposure Authority, certified by Internal /
Concurrent Auditor, both at
c. Promoter Group exposure
fund level and at Investment
d. Industry Sector exposure
Assets level [as per Regulation
2(g)(1) and 2(g)(2)] providing:
(a) In the case of `Investee
Company', the exposure
details of individual
company exposure which is
in excess of the prescribed
limits
(b) In the case of `Group
Company', the exposure in
respect of `each group',
which are in excess of
prescribed limits
(c) In respect of `Promoter
Group' the details of
investment in Equity, Debt,
272
Appendix `C'
Reg. No REGULATION IMPLICATION OF
AMENDMENT
FDs, MFs or any other
Investments made in
Promoter Group entities,
which are in excess of the
prescribed limits.
(d) In respect of `Industry
Sector', the exposure in
respect of `each' sector (as
per National Industrial
Classification (All
Economic Activities) -
2008 [NIC]) exposure which
is in excess of the
prescribed limits.
The above information shall be
filed with IRDA on or before
15th April, 2013. Where ever
exposure is in excess of limits
mandated under Regulation 9 of
IRDA (Investment) (5th
Amendment) Regulations, 2013
no further or additional exposure
shall be made. The Insurer shall
make all efforts to re-align the
exposure to be in line with
regulations. In compliance to this
direction, the Insurer shall
commit the time required to the
Authority.
9 Fixed Deposit under section a. No investment shall be
27A(9) of Insurance Act, 1938 made in FDs and CDs in
and Certificate of Deposit financial institutions falling
under Promoter Group.
b. Investment in FDs and CDs
taken together shall comply
273
Technical Guide
Reg. No REGULATION IMPLICATION OF
AMENDMENT
with the provisions of
Section 27A(9)
c. Section 27A (9) shall be
monitored at a Controlled
Fund level[Investment
Assets as per Regulation
2(g)(1) level]
10 Filing of Forms In filing returns, the Insurer shall:
Regulation 10 requires all a Confirm to procedure
insurers to file within 30 days mentioned in "Guidance
from the end of the Quarter the Note on preparation of
various periodical returns Investment Returns" for each
prescribed. Also, the Authority to of the form
standardise the data filed, had b. As the Insurer will be
issued the "Guidance Note on required to amend the
preparation of Investment Systems for preparing
Returns". Investment Returns, the
returns as per Regulation 10
shall be filed with effect from
the Quarter ending 30th
September, 2013
c. All returns of Unit Linked
fund(s), prepared based on
"Segregated Fund
Identification Number"
[SFIN], shall be filed at a
consolidated level. But,
Insurer shall maintain the
data at SFIN level in their
system and may
13 B (4) Quarterly review of Product and A Life Insurer shall report to its
Fund performance Board, the following minimum, in
respect of each product:
a. New business scale
274
Appendix `C'
Reg. No REGULATION IMPLICATION OF
AMENDMENT
planned versus actual at
the end of the period1 to
maturity
b. Expenses projected versus
actual
c. Persistency / renewal
premium streams projected
versus actual
d. Claims - projected versus
actual
e. Actual Yield versus
projected yield or returns
f. Action plan and follow up
status
In respect of General Insurers,
the reporting as mentioned
above, to the Board shall be with
respect to each `line of business'
13 D (4) Daily disclosure of Unique The Insurer shall, with effect from
Identification Number (UIN) 1stOctober, 2013 disclose the
wise reconciliation of Product reconciliation as per Annexure
II, in the Insurer's website on a
and Fund information in insurer's
website day-to-day basis.
Till the above reconciliation is
automated, the Insurer shall
disclose such reconciliation, in
their website on a monthly basis,
with effect from April, 2013. The
Internal / Concurrent Auditor
shall confirm such disclosure in
his report to the Audit Committee
of the Board.
Disclosure of value of `policy' The Insurer shall in his customer
wise `units' held by portal disclose the information
275
Technical Guide
Reg. No REGULATION IMPLICATION OF
AMENDMENT
`policyholder' on the insurers provided in Annexure III. The
customer portal customer portal of the insurer
shall be enabled for `every'
policyholder to login and know
the details as per the format in
Annexure III on any given date
The Insurer shall provide the
details in their customer portal
from 1st October, 2013
Disclosure of SFIN wise NAV on The Insurer shall disclose, the
both the insurers' and Life day-to-day, SFIN wise NAV in
Insurance Council website both the Insurers' and Life
Insurance Council's website.
13 D (6) For allotment of units, the
applicable NAV shall be as per
the date of commencement of
policy for new policy contracts
and date of receipt of premium
for renewals.
13 E Risk Management Systems and a. The Board shall implement
Review the Investment Risk
Management Systems and
Process as per the
"Technical Guide on
Review and Certification of
Investment Risk
Management Systems and
Process of Insurance
Companies', issued by the
Institute of Chartered
Accountant of India.
b. Insurers, who have either
implemented for the 1st
time or have reviewed their
Investment Risk
276
Appendix `C'
Reg. No REGULATION IMPLICATION OF
AMENDMENT
Management Systems and
Process, during the year
2012 shall have the review
done from the quarter April,
2014 and file the Audit
Certificate issued by the
Chartered Accountant with
status of implementation of
recommendations of Audit
Committee of the Board, on
issues of `very serious' and
`serious' nature, as per the
Technical Guide referred in
point `a' above.
c. Where the Insurers have
not done the review of
Investment Risk
Management Systems and
Process, during the year
2012, shall have such
review done during the
quarter April, 2013 of the
financial year 2013-14, and
with the implementation
status of recommendations
of the Audit Committee, on
issues of `very serious' and
`serious' nature, as per the
Technical Guide referred in
point `a' above, file with the
returns of June, 2013.
d. Subsequent reviews shall
follow Regulations 13 E.
18 (b) IRDA (Linked Insurance
Products) Regulations, 2013
277
Technical Guide
Reg. No REGULATION IMPLICATION OF
AMENDMENT
Chapter V Discontinuance
terms
In the case of Unit Linked 1. As the insurer is required to
Products, the discontinued policy pay a minimum guaranteed
fund shall be a unit fund with the interest rate of 4% per
following asset categories: annum for the discontinued
i) Money Market Instruments: policy, and Insurers
0% to 40% represented that the asset
ii) Government Securities: 60% allocation for Money Market
to 100% Instruments should not be
restricted to 40%, the
Authority had considered the
submissions made and
hereby permits upto 100% to
be invested in Money Market
instruments [as defined in
Regulation 2 (h) of IRDA
(Investment) (5th
Amendment) Regulations,
2013
19 (a) Minimum Guaranteed Interest
Rate:
The Minimum guaranteed 2. As the discontinued policy
interest rate applicable to the premium, along with 4%
discontinued fund/ discontinued interest requires to be paid
policy account shall be at a rate back to the Policyholder, the
of 4% per annum. Insurer's Policy Admin
System (PAS) shall be
`automated' for tracking
`policy-wise', information of
discontinued policies along
with the information of the
particular ULIP fund to which
the same pertains.
3. The Insurer shall implement
278
Appendix `C'
Reg. No REGULATION IMPLICATION OF
AMENDMENT
the above mentioned system
requirement, and the
Internal / Concurrent
Auditor shall confirm the
same in their report to Audit
Committee of the Board, to
avail the dispensation
provided in point 1 above.
279
Technical Guide
Annexure II
Name of the Insurer: Report Date
Registration No:
DAILY RECONCILIATION OF ULIP PORTFOLIO
Unique Name of Segregated Name of the Life / Group Policy Admin System
Identity the Fund Fund Opening Opening Net Amount Net units Closing Closing
Number Product Identifiation Unit Capital Units (as of collected or allotted or unit capital units (as at
(UIN) Number (as at the the start of redeemed redeemed for (as at the the end of
(SFIN) start of the the day) (net of the day end of the the day)
day) (Number of charges) for (Number of day) (Number of
(Amount in Units) the day Units) (Amount in Units)
Rs) (Amount in Rs)
Rs)
(a) (b) (c) (d) (e) = (a) + (f) = (b) +
(c) (d)
X A XYZ Fund Name 1
Y B
Z C
Sub total
L D ABC Fund Name 'n'
M E
Sub total
Appendix `C'
Investment Management System
SFIN Name Opening Opening Addittional Addittional Investment FMC Closing Closing NAV per
of the fund Value units (as at fund Value Units income for charges fund Value Units (as at Unit
Fund (as at the the start of created or created or the day deducted (as at the the end of declared
start of the the day) redeemed redeemed (including for the day end of the the day)
day) (Number of for the day for the day unrealised day) (Number of
Units) gain/loss) units)
(g) (h) (i) (j) (k) (l) (m) = (g) (n) = (h) + (o) = (m) /
+(i)+(k)-(l) (j) (n)
Fund 1
Fund 2
Fund 'n'
Notes:
1. Opening units as per Life / Group Policy Admin System of previous NAV day [refer (b)] shall reconcile with Opening Units as per
Investment Management System [refer (h)]
2 Addittional fund or Units created or redeemed for the day in Investment Management System [refer (i) and (j)] shall reconcile with
Net Amount or Units collected or redeemed as per Life / Group Policy Admin System [refer (c) and (d)]
3 Closing units as per Life / Group Policy Admin System of previous NAV day [refer (f)] shall reconcile with Closing Units as per
Investment Management System [refer (n)]
4 NAV per unit declared [refer (O)] must reconcile with NAV per unit uploaded on Life Insurance council's website
5 The unit movements of day "T" in Life/Group Admin System shall flow into Investment Management System with a maximum time
lag of 1 working day i.e T+1.
281
Annexure III
Insuer Name XYZ Insurance Company Limited
Registration No:
Policyholder ID Login Dt DD/MM/YYYY
Name of Policyholder
Address:
PART - A
Product UIN Premium Premium Funds Units as per Value Product
(Rs) Allocation Allocated Policy per Value
Charge (Rs) Admin Unit (Rs)
(Rs) System (Rs)
(PAS)
ZXY [A]
Premium
Plus
PART B Rs.
Particulars SFIN... SFIN... SFIN
Name of the Fund Fund X Fund Y Total
Units (as per Investment Management System)
Percentage of Allocation (as on Login Dt) % % %
Funds Allocated
Switch In
Switch Out
Withdrawals
Charges
Commission
Switch charge
Policy Administration charge
Mortality charges
Other charges (specify)
Service Tax
Total amount invested in Segregated funds
Current NAV
Fund value as on Login Dt:
[B]
Appendix `C'
PART - C (Product Statistics)
Insurance Cover over the interim reporting period from dd/mm/yyyy to
dd/mm/yyyy
Total Premium Paid from inception
Total Risk premium from inception, for insurance cover
Total Charges and deductions other than Mortality including Allocation
charges till Login Dt. (including Service Charges)
Difference between (B) (C) (unrealised Gain / Loss)
Portfolio value on Net Investment as per Benefit Illustration at the lower
rate as prescribed in the regulations
Portfolio value on Net Investment as per Benefit Illustration at the upper
rate prescribed in the regulations
Note:
1. Product Porfolio value would be aggregate of all fund values in a product.
2. Product value per unit would be arrived at post dividing aggregate fund
value by initial units
3. Consolidated Product Value would be a derived by aggregating the
product values and divding the same by consolidated initial units
4. Product Value would be in addition to all the existing disclosures and
calculations
5. Current prescribed practices shall continue.
283
Technical Guide
Annexure IV
AUDIT OF INVESTMENT RISK MANAGEMENT SYSTEMS & PROCESS,
INTERNAL / CONCURRENT AUDIT
[Vide Circular INV/CIR/023/2009-10 Dt. 4th Aug, 2009]
The Authority vide notification F.No.IRDA/Reg./16/74/2013 dated 16th Feb, 2013
notified IRDA (Investment) (5th Amendment) Regulations, 2013. Regulation
13 (E) prescribes as under:
1. The Board shall implement the Investment Risk Management Systems
and Process, mandated by the Authority. The implementation shall be
certified by a Chartered Accountant firm, as per the procedure laid down
in the "Technical Guide on Review and Certification of Investment Risk
Management Systems and Process of Insurance Companies", issued by
the Institute of Chartered Accountants of India, as amended from time to
time.
2. The Investment Risk Management Systems and Process shall be
reviewed at the beginning of every second financial year or such shorter
frequency as decided by the Board of the Insurer, by a Chartered
Accountant firm and file the certificate issued by such Chartered
Accountant, with the Authority along with the first quarter returns.
3. The appointment of Chartered Accountant firm to certify implementation
and review of Investment Risk Management Systems and Process shall
be as per the circular issued under these regulations.
Thus, all Insurer shall have their Investment transactions and related Systems of
Investment functions audited on a Quarterly basis through Internal Audit (either
through internal resources or through firms of Chartered Accountants) and
Insurer with AUM of over Rs.1000 Crores shall necessarily appoint a firm of
Chartered Accountants as Concurrent Auditor to have its Investment transactions
and related Systems audited on a concurrent basis.
Where a firm of Chartered Accountant is appointed either as Internal /
Concurrent Auditor, the Audit team engaged for Internal / Concurrent Audit shall
be headed by an Finance professional, preferably a Chartered Accountant, with
a minimum experience of 3 to 5 years in a Senior position handling Investment
Operations, Audit, Accounts of an Insurance Company or have been engaged by
the Authority in Audit of Investment Operations / Investment Risk Management
Systems and Process of the Insurers and is fully conversant with IRDA's
284
Appendix `C'
Accounting and Investment Regulations and Circulars and Guidelines issued
there under.
A. AUDIT OF INVESTMENT RISK MANAGEMENT SYSTEMS AND PROCESS
i. As per Regulation 13 (E) of IRDA (Investment) (5th Amendment)
Regulations, 2013 a Chartered Accountants firm, which is not the
Statutory or Internal or Concurrent Auditor of the concerned Insurer shall
certify that the Investment Risk Management Systems and Processes as
per the "Technical Guide on Review and Certification of Investment Risk
Management Systems and Process of Insurance Companies" issued by
the Institute of Chartered Accountants of India (ICAI), in consultation with
IRDA, had been implemented.
ii. All companies seeking IRDA registration shall file a certificate issued by a
Chartered Accountant firm, to confirm that the Insurer had complied with
the systems related requirements, as given in the "Technical Guide on
Review and Certification of Investment Risk Management Systems and
Process of Insurance Companies", when the Insurer seeks registration
under R3 of IRDA (Indian Insurance Companies Registration)
Regulations, 2000. It should also indicate the actions further required to
be taken
B. INTERNAL / CONCURRENT AUDIT OF TRANSACTIONS
1. The minimum Scope of Audit for Internal or Concurrent Audit shall be as
detailed in the "Technical Guides on Internal / Concurrent Audit of
Investment Functions of Insurance Companies" issued by ICAI (in
consultation with IRDA), for both Life and Non-Life Insurers. The Insurer
could include additional scope depending upon their need for control
systems. The Internal / Concurrent Audit is expected to cover 100% of
transactions of all fund(s) as per the periodicity prescribed.
2. Where the Internal Audit is carried in house, the internal audit report shall
be signed by the Head of Internal Audit.
3. An insurer who gets covered under AUM clause of over Rs. 1000 Crores
for the 1st time, for the purpose of applicability of Internal / Concurrent
Audit, will continue to have the Investment functions concurrently audited,
even if the AUM falls below Rs.1000 Crores, subsequently.
285
Technical Guide
C. APPOINTMENT OF AUDITORS
i. COMMON FOR BOTH "INVESTMENT RISK MANAGEMENT SYSTEMS
& PROCESS", "INTERNAL / CONCURRENT AUDIT"
1. The Chartered Accountant firm shall be a firm, registered with the
Institute of Chartered Accountants of India.
2. The Audit firm should have experience, for at least four years, in
conducting reviews of Risk Management Systems and Process of
either Banks or Mutual Funds or Insurance Companies or have, on
behalf of IRDA conducted Investment Inspection of Insurance
Companies.
3. On the date of appointment as an Auditor for certifying Investment
Risk Management Systems and Process, the Auditor must not hold
more than two audits of Internal, Concurrent and Risk Management
Systems Audit, all taken together. Hence, the Audit firm, can at the
maximum hold not more than three Audits (i.e., Investment Risk
Management Systems and Process Audit, Internal Audit,
Concurrent Audit all taken together), apart from Statutory Audits
at any point of time. For this purpose, at the time of appointment,
the insurer shall obtain a declaration to this effect from the firm of
Chartered Accountants. The Insurer shall, file with IRDA, the
confirmation obtained from the Chartered Accountant firm, within
7 days of such appointment. Also, it is clarified that Investment Risk
Management Systems & Process Auditor, shall not be the Internal /
Concurrent Auditor.
4. The Auditor should not have been prohibited/debarred by any
regulating agency including IRDA, RBI, SEBI, ICAI etc.
5. Every Insurer, upon appointing the firm of Chartered Accountants
as Internal or Concurrent or Risk Management Systems Auditor
shall send a communication to IRDA within seven days of such
appointment, confirming such appointment as per format provided
below under point (iv)
ii. AUDIT OF "INVESTMENT RISK MANAGEMENT SYSTEMS &
PROCESS"
1. The Auditor appointed for certifying the Investment Risk
Management Systems and Process, should not have conducted
286
Appendix `C'
the following assignments for the same Insurer proposing to be
appointed as Systems Auditor, for a period of two years
immediately preceding his appointment.
i. Statutory Audit
ii. Any Internal Audit
iii. Any Concurrent Audit
iv. Any consulting assignment, whether or not related to Audit
functions
iii. AUDIT OF "INTERNAL / CONCURRENT AUDIT OF TRANSACTIONS"
1. The Internal/Concurrent audit term shall be for the financial year
and where the appointment is made during the course of the
financial year, it shall be up to the end of that financial year.
2. The Internal / Concurrent Auditor shall be appointed by the Audit
Committee of the Insurer's Board and the Auditor shall directly
report to the Audit Committee of the Insurer's Board. Any change in
Auditor during the middle of the term, shall be communicated to
IRDA with the reasons for such change. The new Auditor, for the
remaining term, shall be appointed only with the prior approval of
IRDA.
3. The Internal / Concurrent Auditor shall not be eligible for re-
appointment, with the same Insurer after serving three consecutive
years or three years during the preceding five years.
4. The Internal / Concurrent Auditor appointed for the first time should
not have conducted the following assignments for the same Insurer
proposing to be appointed as Internal or Concurrent Auditor for
Investment functions during a period of two years immediately
preceding his appointment as Internal or Concurrent auditor.
i. Statutory Audit
ii. Any Internal Audit
iii. Any Concurrent Audit
iv. Any consulting assignment, whether or not related to Audit
functions
287
Technical Guide
v. Reviews or Certification of Investment Risk Management
Systems and Process
iv. CONFIRMATION OF APPOINTMENT OF AUDITOR
IN THE LETTER HEAD OF THE INSURER
Date:.......................
To
The Insurance Regulatory and Development Authority
Parisram Bhavan, 3rd Floor, Basheerbagh
Hyderabad 500 004
Sir
In pursuant of IRDA Circular INV/CIR/008/2008-09 Dt. 22nd Aug, 2008 and
related provisions of IRDA (Investment) (5th Amendment) Regulations, 2013 in
respect of Internal (or) Concurrent Audit of Investment functions, we have
appointed the following firm(s) as our Internal / Concurrent Auditor(s) for the
Investment functions for the period starting from:....................... to
..........................
We have taken necessary confirmations in writing from the Chartered Accountant
firm(s)
Yours faithfully
Chief Executive Officer
288
Appendix 'D'
Guidance note on
Preparation of Investment Returns
(Version 01)
Issued by:
Insurance Regulatory and Development Authority
in May, 2013
INTRODUCTION
The Authority issued the Investment Regulations, for the first time, in 2000
and had since then amended it from time to time, (the latest having been
notified on 16th Feb, 2013) to keep pace with the changing market and to
have a hold on policyholders funds. The Assets under Management that
were around Rs. 2.91 Lakh Crores in 2000 are around Rs. 17.83 lakh Crores
in 2013. When funds grow in such volumes, the Systems and Processes too
should keep pace. Such systems and processes put in place should enable
the Regulator to watch growth and channelize the same to the needy sectors
without compromising on the safety aspect.
Such information, to benefit of all stakeholders, including the Regulator,
requires to be taken in the electronic form. In this effort of collating huge
volume of information, it is essential that the information / data is
`standardized' to facilitate proper consolidation and meaningful comparability
within and among Insurers.
In order to ensure compliance with regulations, all Insurers are expected to
put in place a proper system for the preparation of periodical returns to be
filed with the Authority. To help such preparation and to enable the
Investment Committee of the Insurer ensure that the periodical returns are
prepared in compliance with the procedures laid down, the Authority is
coming out with this guidance note. Even though the periodical returns are
signed by the respective officer named in the form, the Chairman of the
Insurer, Chief Executive Officer, Chief Investment Officer, Chief Financial
Officer and Chief Risk Officer of the Insurer, as the case may be, the Officers
Technical Guide
shall be collectively responsible for the authenticity of information / data
submitted, filed either in electronic as well as hard copy.
All periodical returns are required to be filed with the Authority within
30 days from the end of the Quarter. In relation to Quarter ending on the
Balance Sheet date, the return shall first be filed based on `Provisional
figures' and shall again be re-filed with Audited figures in addition to other
Returns. On each return the Insurer shall clearly mark `Provisional' if
submitted based on provisional figures. The final returns, based on Audited
figures, shall be clearly marked as `Audited figures'. All figures shall be
reported in Crores, corrected to two decimals.
The Authority, soon after amending the Regulations had worked with the
Industry in bringing out this "Guidance Note on preparation of Investment
Returns". While due care had been taken to prepare the material, users can
point out through Life Insurance Council or General Insurance Council
any inconsistency. The Authority will look into such issues and will address
the same in the subsequent versions.
290
Appendix `D'
FORM 1 STATEMENT OF INVESTMENT AND INCOME
ON INVESTMENT
OBJECTIVE
In order to ascertain the return on the investment assets, all insurers are
required to file FORM-1 listing category of Investment wise (as per the
Guidelines INV/GLN/001/2003-04 - Guidelines Category of Investments Dt.
1st Jan 2004 as amended from time to time) income and the yield on such
investment at gross and net basis The Form should be prepared in respect of
each fund. In case of ULIP FORM 1 shall be prepared at Segregated Fund
(SFIN) level and also at consolidated level. The Income on Investments
shown in FORM1 should reconcile with Revenue and Profit & Loss Account
figures
A. METHOD OF PREPARATION
a. COI (Category of Investments)
Category of investment shall be as per the IRDA Guidelines
INV/GLN/001/2003-04 - Guidelines Category of Investments Dt. 1st
Jan 2004 as amended from time to time
b. Cat Code (Category Code)
Category code shall be stated as prescribed in Guidelines as
amended from time to time.
DETAILS PERTAINING TO THE CURRENT QUARTER
c. Investments
The insurer shall state the simple average of investments for (Non-
ULIP and General Insurance Business) the quarter at their Balance
Sheet Value and for ULIP Business at the value of Investment
Assets taken for computing NAV. The simple average investments
shall be calculated based on daily closing balance. In case where
any security has been reclassified (when the Security is moved from
Approved to Other Investment Category or vice versa) to another
category then the simple average balance shall be shown under the
first category till the time such investment was classified under that
category and for the balance period in the reclassified category.
291
Technical Guide
NOTE:
Simple average of investments shall be the sum of daily closing
balance of Investments divided by the number of day(s) such
investments are outstanding. The net investment current assets of
linked funds should be reported as at the period end in the Current
quarter and Year to Date column.
d. Income on Investment
For non-ULIP funds and General insurers, Income on Investments
will include the income taken to Revenue Account & Profit and Loss
account (Interest, profit / (loss) on sale, accretion of discount,
amortization of premium, dividend earned during the quarter) and
taken to financial statements pertaining to all the securities held
under that category during that quarter. In case of ULIP funds, any
incremental un-realized gains / (loss) arisen for the period on
investment shall be included. In case where any security has been
reclassified to another category then income shall be shown under
the first category till the time such investment was classified under
that category and for the balance period in the reclassified category.
e. Gross yield
The gross yield (absolute) shall be computed by dividing the income
on Investment for the quarter by the simple daily average
investments outstanding for number of days for the quarter.
f. Net Yield
The net yield shall be computed by giving the effect of tax rate to the
gross yield.
1. DETAILS PERTAINING TO THE INCOME AND YIELD FOR
YEAR TO DATE
Under the head "Year to Date", details of Investments, Income,
Gross Yield and Net Yield shall be shown for the period April to
the end of the quarter for which details are being furnished. For
example for the quarter ended June, the details from April to
June shall be provided and for the quarter ended September,
the details pertaining to April to September shall be provided.
292
Appendix `D'
2. DETAILS PERTAINING TO THE INCOME AND YIELD FOR
PREVIOUS YEAR
Under the head "Year to Date", details of Investments, Income,
Gross Yield and Net Yield for the corresponding period of the
previous year are to be shown.
293
Technical Guide
FORM 2 STATEMENT OF DOWNGRADED
INVESTMENTS (PART A)
OBJECTIVE
In order to establish the movement of securities from one category to another
especially the movement from Approved Investments to Other Investments
on account of rating downgrades/upgrades on the reporting date, all insurers
are required file FORM 2, listing various instruments which have been
downgraded from its rating at the time of the purchase (original rating).
A. METHOD OF PREPARATION
The details of all the downgraded debt securities during the quarter shall be
given under `current quarter' and all downgraded securities shall be shown
under "As on date". 'Investments currently upgraded to the original grade or
above, listed as Down Graded during earlier Quarter shall be deleted from
the Cumulative listing.
a. COI (Category of Investments)
Insurers are required to pick up the corresponding Category of
Investment (COI) for every downgraded security, reposition the same
at the appropriate COI as prescribed in the regulation.
b. Amount
The Balance Sheet Value shall be stated in this column.
c. Date of purchase
In this column, the insurer shall state the date of purchase of that
security. In case there are multiple purchases then the date on which
the earliest purchase was made shall be stated.
d. Rating Agency
In this column, the insurer shall state the name of the rating agency as
prescribed in the regulation. If an instrument is rated by more than one
rating agency, the lowest rating must be used as a matter of
conservatism.
e. Original Grade
Original grade is the rating at the time of purchase of the instrument.
294
Appendix `D'
f. Current Grade
Current grade is the rating for the instrument as at the last day of the
quarter.
g. Date of Downgrade
Further the Insurer shall state the date of downgrade along with
remarks, if any. In case of any downgrade of security resulting in
securities being reclassified as "Other Investment", in Pension and
General Annuity fund, the same shall be specifically disclosed in the
Returns.
295
Technical Guide
FORM 2 INVESTMENT ASSETS RATING PROFILE
(PART B)
OBJECTIVE
To assess the credit quality of the Investment portfolio, Insurers are required
to file FORM 2. This form needs to be linked to FORM 3A/ 3B. Equity or
Equity Related Instruments and other than Debt Instruments Portfolio are
also reported in FORM 2, for the purpose of linking the total portfolio to
FORM 3A / 3B.
A. METHOD OF PREPARATION
1. FORM - 2 shall be prepared in respect of each fund/investment assets.
In case of ULIP Form 2 shall be prepared at Segregated Fund (SFIN)
level and also at consolidated level.
2. For the purpose of asset classification in various rating classes, the
following points may be noted:
a. Debt investments which are capable of being rated and are not
rated shall be shown under "Unrated"
b. In case of loans in housing sector, infrastructure sector, secured
loans appearing in approved investment and unsecured loans
appearing in `Other investments' amount shall appear in unrated
column of the form 2(part B). In this regard, the unrated loans
having security as prescribed by Insurance Act shall be classified
as approved investment. Unrated & unsecured loans and unrated
and in adequately secured as prescribed in Insurance act shall
be classified as Other Investment.
c. Reverse Repo with underlying corporate bond, Investment in
Mutual Funds including the Promoter Group Mutual Fund, Bank
FDs, CBLO, Net investment current assets, Venture funds,
Derivative instruments, immovable property and any other non-
debt investments as permitted under the regulations, shall be
shown under "Equity or Equity Related Instruments and other
Instruments". No investment shall be made in "Equity related
instruments" unless the same is specifically permitted by IRDA.
296
Appendix `D'
d. In case of Reverse Repo with underlying Government securities
the same shall be classified under 'AAA' or Equivalent
e. Non-Performing investments assets will be shown separately
irrespective of rating
3. Balance sheet values of the Investments shall be provided. The figures
in Col (i) must match with FORM 3A/B
4. Percentage to Investment Assets shall be computed, in the case of
Non-ULIP funds and General Insurers by dividing the Balance Sheet
value of investments in various rating class by the total Balance Sheet
Value of Investment assets held and in the case of ULIP funds, by
dividing the Market value of investments in various rating class by the
total market value of Investment assets held.
297
Technical Guide
FORM 2 - INVESTMENT ASSETS & INFRA INVESTMENTS
- RATING PROFILE (PART C)
OBJECTIVE
To assess the amount of infrastructure investments in life funds, Insurers are
required to file FORM 2C. This form needs to be linked to FORM 3A / 3B.
A. METHOD OF PREPARATION
1. FORM 2C shall be prepared in respect of life fund only and general
insurer including reinsurers.
2. The figures under investment assets category must reconcile with
Form 3A / Form 3B
3. The figures under the infrastructure category must reconcile with Form
3A / Form 3B
298
Appendix `D'
FORM 3A STATEMENT OF INVESTMENT ASSETS
(PART A)
OBJECTIVE
The Insurer shall file FORM 3A (Part A) for compliance of fund wise Pattern
of Investments showing Investment assets and other assets and linking the
same with Balance Sheet figures.
A. METHOD OF PREPARATION
1. FORM 3A (Part-A) has two Sections
SECTION-I
Section I provides link to Investment assets reported in the Balance Sheet
with that as reported in FORM 3A (Part A). The investment assets which are
subject to pattern of investments, under each fund of the Life Insurer as
required under Regulation 3, and shown under "funds available for
investments"
(i) Funds available for Investment
To arrive at the "funds available for investments", the amounts
appearing in the non investment schedules and non investment line
items appearing in Balance Sheet under Application of Funds, are
deducted. Similarly any non-investment items, deducted from Balance
Sheet, shown under Application of Funds, shall be added back in the
reconciliation to arrive at the "funds available for investments". If any
Insurer is carrying Loans as a part of investments, then the same shall
not be deducted from the application of the funds.
The balance so arrived as "funds available for investments" shall tally
with the sum of the values shown in the "Total Fund" column of all the
three funds in FORM 3A (Part A) which shall reconcile with figures
shown in schedule 8, 8A, 8B & 9.
Application Money for investments under `non linked funds' shall form
part of the Schedule 12 and the same shall not form part of the
Schedule 8, 8A, & 9. It shall not form part of the investment assets till
the allotment is complete. In case of `Linked portfolios' the same shall
form part of `Net Current assets' till the allotment is complete. Also, it
shall be reported under Schedule 8B. If investment application money
299
Technical Guide
is paid through ASBA Fixed Deposit instead of cash, the same shall be
treated as application money (current Assets) and the lien shall be
properly disclosed in Form 6 as a note.
SECTION-II
Section II requires the insurer to report the fund wise, pattern of investments
as prescribed under Regulation 4, 5 and 6 of the IRDA (Investment)
Regulations 2000 as amended from time to time.
Separate Custodian account shall be maintained for "balance" investments of
Shareholder's fund that does not form part of the FRSM (except in case of
Securities held with RBI/ CCIL). Shareholders' funds held beyond the
solvency requirements shall not be subject to Pattern of Investments
prescribed under Regulation 4, 5 and 6 and shall be subject to Prudential /
Exposure norms prescribed under Regulation 9, provided the same are
maintained in a separate custody account.
(i) Category of Investments
Investments shall be categorized as per the Regulation or circular
issued there under, such as Central Government Securities, State
Government Securities, Other Approved Securities, Housing and
Infrastructure, Approved Investments and Other Investments.
(ii) % as per Regulation
This specifies the minimum or maximum % of investments under each
category of investments as prescribed in Regulation for various funds.
(iii) Shareholder's and Policyholder's fund
All the insurers shall maintain portfolios of SH - FRSM, SH BALANCE
(other than fund representing solvency margin), UL non-unit reserves,
Par and Non par. The insurer shall maintain sub portfolios under these
broad portfolios on the basis of various line of business. The Pattern of
Investment, with respect to Life Fund, shall be complied with respect
to the total of Life fund (both shareholder fund representing solvency
and Policyholder funds taken together). It may be noted that the
pattern of Investment will not apply to Shareholders funds in
excess of solvency requirement, held in a separate custody
account. But exposure norms of `Investee' company, `Group', and
300
Appendix `D'
`industry sector' will apply to both shareholders and
policyholders funds.
(iv) Book Value (SH+PH)
In case of ULIP Net asset value including net current assets shall be
considered for pattern of investments. Net current assets shall be
considered as `approved investment' for this purpose. All the securities
(both Equity and Debt) shall be marked to market.
In case of `Non-Linked' funds, cost plus amortization value of the debt
securities and acquisition cost in case of Equity, mutual fund and
investment property and other than Debt investments will be
considered for pattern of investments. Net current Assets shall not be
considered for calculation of Pattern of Investments for non linked
portfolio.
(v) Actual %
The actual % of the each category of investments under Non-linked
portfolios shall be calculated as a % to the total book value of
investment assets in the fund. The amounts in the column (f) shall be
used for calculating the Exposure %.
In case of the ULIP, the actual % of each category are calculated as a
% to the `market value' of the assets of the funds including `net current
assets' that is considered for NAV calculation.
(vi) Fair Value Change (FVC) Amount
The insurer shall compute the fair value for equities and units of
mutual fund. The difference between the fair value and the book value
is the Fair Value Change (FVC) and the same shall be disclosed in the
column provided for.
(vii) Total Fund
The amount after adding the fair value amount to the book value shall
be shown under Total Fund Column. The Grand total under this
column shall reconcile with the `Balance Sheet' value of investments
assets shown in Section I
301
Technical Guide
Market Value
The market value of the securities classified under the various
categories of investments shall be shown under Market Value column.
In the case of Equity, the Market Value shall be the lower of BSE /
NSE prices.
NOTE
a. In case of Life Fund, Pattern of Investment is applicable for Share
holder fund representing solvency margin and Policyholder funds.
Shareholder fund beyond solvency margin is not subject to pattern of
investment.
b. In Form 3A part A, the equation provided under 'Book Value (SH+PH)
shall be read as '(f) = [b+c+d+e],
c. "Other Investments" made from all Categories of Investment
including housing and infrastructure category shall not exceed
15% of investment assets of Life fund.
d. All the investment assets such as Fixed Deposits, Section 7 deposits
by way of investment assets shall form part of the Schedule, 8, 8A, 8B
or 9 with a note in the respective forms.
e. Non-investment assets of the non-linked funds shall be shown in the
respective schedules other than 8, 8A & 9
f. Non investment assets of the Linked portfolios are also shown as a
separate line item in the Schedule 8B
302
Appendix `D'
FORM 3A STATEMENT OF INVESTMENT ASSETS
(PART B)
OBJECTIVE
The objective of the form is for compliance to the pattern of Investment under
Reg. at the Segregated Fund level of ULIP fund. This Form is linked to the
item C of FORM 3A (Part-A).
A. METHOD OF PREPARATION
Fund 1 to Fund `n`
Details about each Segregated Fund of ULIP and its total shall be
provided in this form. The number of funds shall be the funds as
approved by the File & Use of IRDA.
a. FORM 3A (Part-B) has two sections
SECTION-I
This section shows the movement of funds from the previous quarter to the
reporting quarter on account of the inflow /outflow in the policyholders funds
and increase/decrease in the value of investments during the quarter.
(i) Opening Balance (Market Value)
The closing fund values i.e. total Assets under Management (AUM) (at
the segregated ULIP fund level) at the end of the previous quarter
shall be brought forward as opening balance of the linked portfolio(s).
(ii) Inflow during the quarter
Inflow (a positive figure) will represent the funds brought in for creation
of units in each of the Fund(s).
(iii) Outflow During the quarter
Outflow (a negative figure) during the quarter shall represent the
redemption of units for surrender, claims, charges etc.
(iv) Increase / (Decrease) value of Investments
Increase / (decrease) in the value of investments shall include the
realized, unrealized gains/losses and other Investment income that
has accrued to the individual fund during the reporting quarter
(v) Total Investible Funds (Market Value)
303
Technical Guide
Opening Balance (Market Value) + inflow during the quarter + net
Increase / (Decrease) in the value of Investments outflow during the
quarter of all funds taken together. In the case of Equity, the Market
Value shall be the lower of BSE / NSE prices.
SECTION-II
INVESTMENT OF UNIT FUND
All the Investments under the ULIP each Segregated Fund(s) shall be shown
under two heads namely Approved and Other Investments.
Under the Approved Investment Category, the investments shall be further
divided into Central Govt. Securities, State Govt Securities, Other Approved
Securities, Corporate Bonds, Infrastructure Bonds, Equity, Money Market
investments, Mutual funds, Deposit with Banks. `Net current assets' shall be
classified as `Approved Investment' and its breakup shall be provided as
prescribed in the format.
Under the Other Investment Category, the investments shall be further
divided into between Corporate Bonds, Infrastructure Bonds, Equity, Mutual
funds, and any other investments which can be readily realizable and
marketable. No investment shall be made in the securities which cannot be
marked to market on daily basis. Total funds i.e. aggregate of Approved and
Other Investments shall reconcile with the Total investible funds as shown in
the Section 1 of the FORM 3A (Part B).
NOTE
(a) The aggregate of all the above Segregated Unit-Funds should tally
with item C of FORM 3A (Part A), for both Par & Non Par Business
(b) The details of Item 12 of FORM LB 2 which form part of IRDA
(Actuarial Report) Regulation, 2000 shall be reconciled with FORM 3A
(Part B). LB2 being an annual form the reconciliation would be done
only at year end.
(c) Other Investments' are as permitted under Sec 27A(2) and 27B(3)
(d) Market value of the securities considered for NAV calculation shall be
taken for the purpose of applicability of Pattern of Investments for
ULIP
(e) All the assets of linked funds at the segregated level including net
current assets shall be considered in the denominator for limit
monitoring
304
Appendix `D'
FORM 3A STATEMENT OF INVESTMENT ASSETS
(PART - C)
OBJECTIVE
The objective of the form is to compare the performance of funds at various
periods. Further the form establishes the consistency of NAV considered for
accounting and that reported in Actuarial Statement LB2 are the same. Also
the form provides the periodical investment returns of fund(s). This Form is
linked to the FORM 3A (Part B).
A. METHOD OF PREPARATION
a. Name of the Segregated fund
Details about each segregated fund of linked fund shall be provided in
this column.
b. SFIN
SFIN for each of the segregated fund shall be provided.
c. Date of Launch
The date of the first unit allotted under the fund needs to be stated
against each segregated fund.
d. Par/Non Par
Details about the fund whether it is Par/Non Par to be provided
e. Assets Under Management on the above date
The total should be equivalent to the Assets under Management
(AUM) of the segregated fund as provided in FORM 3A PART B.
f. NAV as per LB 2
NAV as per FORM LB2, (Regulation 4 of IRDA (Actuarial Report and
Abstract) Regulations 2000 shall be provided in the column. LB2 being
an annual form, the NAV as per LB2 would equal the published NAV
on a quarterly basis.
g. NAV as on the above date
The NAV on the last day of the quarter shall be provided for
calculating the return.
305
Technical Guide
h. NAV of previous quarters
NAV from previous quarter upto the 4th previous quarter shall be
provided. For example for the quarter ended June 2012, the NAV on
March 31, 2012 shall be provided in Previous Qtr NAV column, the
NAV on December 31, 2011 shall be provided in 2nd Previous Qtr
NAV column, the NAV on September 30, 2011 shall be provided in 3rd
Previous Qtr NAV column and the NAV on June 30, 2011 shall be
provided in 4rd Previous Qtr NAV column.
i. Return
The absolute yield should be computed for one year return based on
NAV movement. Absolute return/ yield = Current quarter NAV/ 4th
Previous Qtr NAV -1. In case the fund inception data is later than 4th
previous quarter NAV date the same must be reported as NA (Not
Applicable).
j. 3 Year rolling CAGR
The formulae for 3 year CAGR is = ((X/Y) ^ (1/3))-1
X = NAV as provided in the as on above date column
Y = NAV of the corresponding date of the 3rd previous year
In case the fund inception data is later than three years from as on
above date of the Form the same must be reported as NA (not
applicable).
k. Highest NAV since inception
Highest NAV of each fund since inception should be provided.
306
Appendix `D'
FORM 3A STATEMENT OF INVESTMENT ASSETS
(PART - D)
OBJECTIVE
All insurers are required to file FORM 3A (Part D) to provide the details of
investments made under various funds (Life, Pension and Linked) of the Life
Insurer during the quarter. The Form should be prepared separately for each
fund and in aggregate for all segregated linked funds. The form is intended to
bring out the accretion to the insurers investments (fund wise) while
complying with the fund wise pattern of Investment.
A. METHOD OF PREPARATION
a. Opening balance
The value of investments of the previous quarter as disclosed under FORM
3A (Part A) shall be reported in the column.
b. % to Total
The opening balance of prescribed category of investments under various
funds divided by total value of investments of the fund expressed as a
percentage.
c. Net Accretion for the Qtr.
Net increase/ (decrease) in the category of investments during the quarter.
d. Total
Opening balance of the category of investments plus net accretion during the
quarter must be shown in the column. The summation of the column for the
various funds should tally with book value figures shown in FORM 3A (Part
A).
307
Technical Guide
FORM 3A STATEMENT OF INVESTMENTS (PART - E)
OBJECTIVE
All insurers are required to file FORM 3A (Part E) to provide the details of
investments made under unit linked funds (at a segregated fund level) of the
Life Insurer during the quarter. The Form should be prepared separately for
each fund and in aggregate for all segregated linked funds. The form is
intended to bring out the reconciliation of Investment details of ULIP products
(UIN) to segregated funds (SFIN)
A. METHOD OF PREPARATION
a. This form is to be prepared for all ULIP products at UIN level. UIN
approved by IRDA
b. Premium
a. It represents premium income (including first year premium,
renewal premium, Top up premium and Single premium)
received during the quarter for each UIN
b. Others need to specify type of inflow, other than premium
income, which flows into policy fund.
c. Outflow
a. Details of all charges, policyholders' payouts including claims,
surrender, partial withdrawal, and any other outflows (need to
specify), which gets deducted either from premium inflow or
policy fund (by way of policyholders' payout or charges) during
the quarter.
d. The above information will flow from policy admin system at UIN level
e. Policy funds
a. Net inflow or outflow as computed above will flow into or flow
out of segregated policy fund (at SFIN level) during the quarter.
This information will reconcile with change in unit capital and
premium reserve at SFIN level in the Investment management
system
f. Difference between net inflows/outflows as per UIN level and Net
inflows/outflows as per SFIN level must be "nil"
308
Appendix `D'
FORM 3B STATEMENT OF INVESTMENTS
(PART - A)
OBJECTIVE
The Insurer shall file FORM 3B (Part A) for compliance of Pattern of
Investments showing Investment assets and other assets and linking the
same with Balance Sheet figures
A. METHOD OF PREPARATION
(a) FORM 3B has two sections:
Section I
Section I requires the insurer to establish linkage with the
details of investment as shown in the Balance Sheet and the
investment returns. The Insurer shall furnish the figures as
appearing in Schedule 8 to 15 and the debit balance in Profit &
Loss Account. Further, all the items pertaining to investments
disclosed in the investment returns (FORM 5) which do not form
part of schedule 8 need to be shown in the "less" items of this
section. The Investment assets as appearing in section I shall
be reconciled with the investment assets shown under the head
"Total Fund" in section II.
Section II
In Section II, the insurer is required to comply with the pattern of
investments as prescribed under Regulation 7 of the IRDA
(Investment) Regulations 2000 as amended from time to time.
Separate Custodian account shall be maintained for "balance"
investments of Shareholder's fund that does not form part of the
FRSM (except in case of Securities held with RBI/ CCIL).
Shareholders' funds held beyond the solvency requirements
shall not be subject to Pattern of Investments prescribed under
Regulation 7 (provided such assets are kept in a separate
custody account) but shall be subject to Prudential / Exposure
norms prescribed under Regulation 9, provided the same are
maintained in a separate custody account.
309
Technical Guide
(b) Category of Investments
Investments shall be categorized as per the Regulation, such as
Central Government Securities, State Government Securities,
Other Approved Securities, Housing and Infrastructure,
Approved Investments and Other Investments.
(c) % as per Regulation
This specifies the minimum or maximum % of investments under
each category of investments as prescribed in Regulation for
various funds.
(d) Shareholders' Fund (SH) and Policyholders' Fund
All the insurers shall maintain portfolios of SH BALANCE (other
than fund representing solvency margin) and /or assets
representing Solvency Margin. The Pattern of Investment shall
be complied with funds representing solvency margin (both
shareholder fund representing solvency and Policyholder funds
taken together. It may be noted that the pattern of
Investment will not apply to Shareholders funds in excess
of solvency requirement, held in a separate custody
account. But exposure norms of `Investee', `company',
`Group' and `industry sector' will apply to both
shareholders and policyholders funds.
Any amount shown under the head "Balance" shall clearly
identified (security wise) in a separate custody account.
(e) Book Value (SH + PH)
Investment assets allocated under SH and PH shall be shown at
Book value i.e. all the debt securities shall be at historical cost
subject to amortization. Units of Mutual Fund and equity and
equity related instruments shall be shown at cost of acquisition.
In the investment returns, column d would be sum of
column b and column c.
(f) % Actual
The insurer shall work out the percentage of holding in G Sec, G
Sec or Other Approved Securities (including Govt. Securities),
Housing & Loans to State Government for Firefighting
310
Appendix `D'
equipments; Infrastructure Investments, Approved investments
and Other Investments with respect to Total Investment asset.
(g) FVC Amount
The insurer shall compute the fair value for holding in equities
and for units of mutual fund. The difference between the fair
value and the book value is the Fair Value Change (FVC).
(h) Total
This is the sum of Balance of Shareholders Fund, FRSM,
Policyholders funds and FVC amount. The grand total under this
column should tally with the investments assets shown in
section I.
(i) Market Value
The market value all the securities shall be shown, Category
code wise as provided in the Guidelines issued. In the case of
Equity, the Market Value shall be the lower of BSE / NSE prices
NOTE
a. "Other Investments" made from all categories of Investment
including Housing and Infrastructure sectors shall not exceed
25% of the total investment assets.
b. All investment assets such as Fixed Deposit, Section 7 deposit
should form part of Schedule 8 in the Balance Sheet
311
Technical Guide
FORM 3B STATEMENT OF INVESTMENTS
(PART - B)
OBJECTIVE
All insurers are required to file FORM 3B (Part B) to provide the details of
investments during the quarter. The form is intended to bring out the
accretion to the Insurer's investments while complying with the pattern of
Investment.
A. METHOD OF PREPARATION
a. Opening balance
The closing book value of investments of the previous quarter as
disclosed under FORM 3B (Part A) shall be reported in the column.
b. % to Opening Balance
The opening balance of prescribed category of investments under
various funds divided by total book value of investments of the fund
expressed as a percentage.
c. Net Accretion for the Qtr.
Net increase/ (decrease) in the category of investments during the
quarter is the difference between the opening balance and the closing
balance during the quarter.
d. Total
Opening balance of the pattern of investment assets plus net accretion
during the quarter must be shown in the column. The summation of the
column for the various funds should tally with book value figures
shown in FORM 3B (Part A).
312
Appendix `D'
FORM 4A EXPOSURE NORMS COMPLIANCE
(PART A, B, C & D)
OBJECTIVE
In order to establish compliance with prudential and exposure norms as
prescribed in Regulation 9 and other circulars issued by the Authority from
time to time, all insurers are required to file FORM 4A (PART A, B, C & D).
Norms for exposure to Investee Company, Investee Company Group and
Industrial Sector have been laid down in Regulation 9 of the IRDA
(Investment) Regulation, 2000 as amended from time to time. FORM 4A
(Part A) requires exception reporting and hence only deviations from the
prescribed regulations are required to be reported. FORM 4A (Part B) shall
be prepared for Promoter Group, FORM 4A (Part C) shall be prepared for
Non Promoter Group and Part D be prepared for each Industry Sector.
FORMs 4A (PART A, B, C & D) shall be prepared for Life, Pension & General
Annuity and for ULIP at Segregated Funds [SFIN] level.
A. METHOD OF PREPARATION
In Part A of FORM 4A
The insurer is required to submit only the instances of deviation where there
is non-compliance with investee company norms as prescribed in Regulation.
a. Investee Company
The insurer shall state the full name of the Investee Company.
b. Eligibility limit as per Regulation
The insurer shall state the limit in terms of amount for equity and debt.
The maximum amount (Eligible limit) for investment in equity,
preference shares and convertible debentures shall be the lower of
amount computed as per percentage (prescribed under Regulation 9
of IRDA (Investment) Regulations, 2000 as amended from time to
time) of (1) investee company's outstanding shares or (2) insurers
investment assets/ funds.
In case of debt, loans and other investments the limit shall be the
lower of amount computed as per percentage (prescribed under
Regulation 9 of IRDA (Investment) Regulations, 2000 as amended
313
Technical Guide
from time to time) of (1) Paid-up share capital, free reserves and
Debentures / Bonds or (2) insurers investment assets/ funds.
Outstanding shares do not include the preference shares. Investments
in preference shares, Convertible debentures / bonds shall be as per
Regulation 9 of IRDA (Investment) Regulations, 2000 as amended
from time to time. Further, the total exposure to any company (equity,
debt and all other investments taken together) shall be capped as
prescribed in the regulations.
The insurer shall endeavor to obtain the latest available details.
c. Actual Investment
In this column the insurer shall show, Investee Company wise, the
actual investments at Book Value. The insurer shall show equity
investments and debt investments separately.
d. Deviation Amount
The deviation amount is the difference between the eligible investment
amount and the actual investment made by the insurer. The deviations
shall be given separately for equity and debt investments. The insurer
shall report only those cases where there are deviations.
In Part B of FORM 4A
a. Name of the Promoter Group Company:
The insurer shall identify Investee Company with the promoter group
to which Investee Company belongs to.. The insurer shall follow the
"Group" definition consistently as prescribed in the Investment
Regulation
b. Eligible limit of the Promoter Group as per Regulation 9
The maximum investments in any company belonging to the Insurer's
promoter Group shall be the percentage (as prescribed in the
Regulations) computed on investment assets at aggregate level.
c. Actual Investments
In this column the insurer shall show, Investee Company group wise,
the actual investments at Book value
314
Appendix `D'
d. Deviation
The deviation amount is the difference between the eligible investment
limit as shown in column `d' and the actual investment as shown in
column `e'.
e. % deviation
The insurer shall show the deviation as a % to investment assets.
In Part C of FORM 4A
a. Name of the Group
The insurer shall identify every investee company with the group to
which Investee Company belongs to. The insurer shall follow the
"Group" definition consistently as prescribed in the Investment
Regulation.
b. Eligible limit of the Promoter Group as per Regulation 9
The maximum investments in the investee company belonging to the
Group Company as defined in the Investment Regulation. Shall be the
percentage (as prescribed in the Regulations) computed on investment
asset/ fund. In the case of ULIP funds, the limit shall be applicable
both at Segregated Fund level and at aggregate level.
c. Actual Investments
In this column the insurer shall show, Investee Company group wise,
the actual investments at Book value
d. Deviation
The deviation amount is the difference between the eligible investment
limit as shown in column `c' and the actual investment as shown in
column `d'.
e. % deviation
The insurer shall show the deviation as a % to investment
assets/controlled fund/ULIP fund size.
315
Technical Guide
In Part D of FORM 4A
a. Name of the Industry
The insurer shall state the name of industrial sector. The classification
of any investee company into any industry sector shall be classified on
the lines of National Industrial Classification (All Economic Activities)
2008 (NIC) for all sectors, except infrastructure sector. Exposure shall
be calculated at Division level from A to R. For Financial and
Insurance Activities sector, exposure shall be at Sectional level. In
case an investee company is capable of being classified under more
than one classification, then the insurer shall classify such that it
reflects same in such a way the broad business of the investee
company and shall consistently classify the same under the industrial
sector in future.
b. Actual investments
The insurer shall state the total investments made in that industrial
sector at Book value.
c. Deviation
The deviation amount is the difference between the eligible investment
limit as shown in column `c' and the actual investment as shown in
column `d'.
d. % deviation
The insurer shall show the deviation as a % to investment
assets/controlled fund/ULIP fund size.
Lastly, the insurer shall state the % deviation from the limit prescribed
under Regulation 9 of the IRDA (Investment) Regulation 2000 as
amended from time to time.
Further investments in fixed deposits, term deposit and certificate of
deposits would not be deemed as exposure to Financial and Insurance
Activities sector. However, such exposure to the promoter group is
subject to Industrial exposure norms.
Industry sector norms shall not apply for investments made in
`Infrastructure' sector as defined under Regulation 2(h) of IRDA
(Registration of Indian Insurance Companies) Regulations, 2000 as
amended from time to time.
316
Appendix `D'
FORM 5 STATEMENT OF INVESTMENT
RECONCILIATION
OBJECTIVE
In order to understand the movement of instruments as a result of Purchase
and Sale of Investments during the Quarter and in order to link the same
[FORM-5 shall be prepared in respect of each fund. In case of ULIP Form 5
shall be prepared at Segregated Fund (SFIN) level and also at consolidated
level and Total Investments in the case of General Insurer] with FORM-3A
(Part A) / FORM-3B filed for each Quarter this report is presented. Listing of
various investments made based as per Guidelines INV/GLN/001/2003-04 -
Guidelines Category of Investments Dt. 1st Jan 2004 as amended from time
to time.
A. METHOD OF PREPARATION
The statement shall be prepared as per major categories mentioned under
IRDA (Investment) Regulations, 2000 amended from time to time and as
applicable to Life Insurers, General Insurers namely;
1. Central Government Securities
2. State Government Securities or Other Approved Securities
3. Housing and Loans to State Government for Housing and Fire Fighting
Equipments
4. Infrastructure Investments
5. Approved Investments
6. Other Investments
NOTE
For all securities, falling under the above heads, the respective Category
Code shall be Guidelines INV/GLN/001/2003-04 - Guidelines Category of
Investments Dt. 1st Jan 2004 as amended from time to time.
a. Category Listing Method
The list should follow the category code as prescribed in the Annexure
1 of IRDA/Reg./5/47/2008 as amended from time to time.
317
Technical Guide
The Opening Balance of each sub-category shall be the consolidated
entry, shown at the book cost of that particular sub-category or at the
Actual Cost of Purchases after amortization. In respect of investment
property, equity, mutual fund investment, the opening balance shall be
shown at weighted average cost of acquisition under respective
category of investments. The same shall be the closing balance of
previous quarter.
b. Purchases for the Quarter
All purchases made during the period shall be shown at the
consolidated Weighted Average Value, category code wise (as
provided in Guidelines on Category of Investments), and be listed in
the same sequence as provided in the "Category of Investments". The
Face Value shall be the consolidated Value of each security
purchased during the Quarter.
c. Cost of Sales
In case of equity, cost of sales shall be the Weighted Average Cost of
the investment and in case of debt securities the cost of sales shall be
the amortized cost of investment at the time of sale.
d. Closing Balance
In Closing Balance column, the book value shall be the sum of
Weighted Average Cost of Opening Balance and Purchases made
during the period as reduced by the Cost of Sales for that period plus
adjustments if any. The closing balance, thus arrived at each sub-
category level should be grossed at each category level. The book
value, Market Value of each sub-category of Category of Investments
shall be reconciled with Form 3A/3B.
e. % To Total
For Life Insurance Companies : In case of Non- Linked Funds, each
category code will be calculated with respect to on Book value and the
same will be calculated with respect to Market Value basis for linked
funds. For Non-Life Insurance Companies, It will be calculated on
Book value basis.
318
Appendix `D'
f. Adjustments
Any change in value of investments due to cat code reclassification
during the quarter, adjustments in securities on account of corporate
action entitlements and amortization of premium/ accretion of discount
on investments shall be reported under Adjustments column.
NOTE
1. Circular No. 32/2/F&A/Circulars/169/Jan/2006-07 Dt. 24th Jan, 2007 on
"Prudential norms for Income Recognition, Asset Classification and
Provisioning and Other related matters" should strictly be complied
with.
2. Refer Annexure 1 of this Guidelines for "Category of Investments for
Life, Linked and General Insurance Business as amended from time to
time"
3. Refer Annexure 2 of this Guidelines for "Market Value Basis for
FORM 3A, FORM 3B"
4. In case of ULIP, FORM 5 shall be prepared at Segregated Fund
(SFIN) level for ULIP funds.
5. All transaction shall comply with IRDA/INV/CIR/062/Jan 2005 on
transaction on stock market to be on cash basis.
319
Technical Guide
FORM 5A STATEMENT OF INVESTMENT IN MUTUAL
FUNDS
OBJECTIVE
The details of investments in made by the Insurer in Mutual Funds, within the
limits permitted under the Regulations, shall be captured in this Form. The
sum of such investments made in Mutual Funds, as shown in FORM 5A shall
be linked to FORM 5 under respective head.
A. METHOD OF PREPARATION
The statement shall be prepared with regard to Approved Investments
and Other Investments.
a. Category Listing Method
The list should follow the category code as prescribed in the Annexure
1 of IRDA/Reg./5/47/2008 as amended from time to time.
In respect of Mutual Fund Investments, the Opening Balance shall be
the acquisition cost of the Mutual Fund.
b. Purchases For The Quarter
All purchases in respect of Mutual Fund made during the period shall
be shown at the number of Units purchased and the Weighted
Average Value of NAV of all purchase made during the quarter for
each of the Mutual Fund.
c. Sales For The Quarter
All sales in respect of Mutual Fund during the period shall be shown at
the number of Units sold and the Weighted Average Cost of all sales
made during the quarter for each of the Mutual Fund.
d. Closing Balance
In Closing Balance column, the book value shall be the sum of
Weighted Average Cost of Opening Balance and Purchases made
during the period as reduced by the Cost of Sales for that period plus
adjustments if any, which shall be listed sub-category wise. The
closing balance, thus arrived at each sub-category level should be
grossed at each category level. This shall be the investment in mutual
fund that will be carried forward to the next period.
320
Appendix `D'
e. Market Value
Market value for the units held in respect to Mutual Funds shall be
shown in this column.
f. % To Total
Percentage of Investment in Mutual Funds to the book value of Fund
(as per FORM 3A/3B) of the respective fund shall be provided in this
column.
The Mutual Funds shown in "Approved Investments" shall be moved to
"Other Investments" category in case of exceeding the limit as
provided in the Circular INV/CIR/008/2008-09 as amended from time
to time.
321
Technical Guide
FORM 6 CERTIFICATE UNDER SECTION 28 OF
INSURANCE ACT, 1938
OBJECTIVE
This is a certificate requires under Section 28 (2A) / (2B) of Insurance Act,
1938. This form confirms the reconciliation of Investments as per Investment
Returns and the same held free of charge, lien, hypothecation etc. This form
is linked to FORM 3A/3B. This form shall be signed by Chairman and two
Directors and the Principal Officer. The non-encumbrance shall need to be
reported by both insurer and the custodian.
A. METHOD OF PREPARATION
1. The form is prepared fund-wise and in aggregate for all segregated
linked funds.
2. The Separate Custodian account shall be maintained for balance
investments of Shareholder's fund that does not form part of the
FRSM.
3. The details are furnished at major category code level namely,
investment in Central Government Securities, State Government
Securities, Other Approved Securities, Infrastructure/Housing & Loans
to State Govt. for Housing & FFE, Approved Investment, Other than
Approved Investment.
4. The statement reveals the holding particulars of Banks (Custodian
bank), Self and Others with respect to Shareholder / Policy holder fund
and shall certify the following.
(i) The custodian should certify in the disclosure that he is not
disqualified by SEBI (Custodian of securities) Regulation every
time on annual basis.
(ii) The value should be adjusted for Purchase/Sale of investments
purchased and awaiting settlement. Reconciliation to this effect
should be attached to the certificate.
(iii) If the custodian belongs to promoter group, the norms of the
promoter group as in the mentioned in INV/CIR/008/2008-09
dated 22nd Aug, 2008 (Annexure II), point 9 shall be complied
with.
322
Appendix `D'
5. Investment current assets of linked business to be presented under
the custody of self. CBLO to be presented under the custody of
`Others'. Government Securities and Treasury bills, Reverse Repo
held in SGL account with Reserve Bank of India shall be classified
under `Bank' while for insurers availing CSGL account, these holdings
should be shown under the respective head i.e. Banks if held with
Custodian Bank else under `Others'.
6. Section 7 deposit shall be shown under `Banks if the same is kept with
a Bank
323
Technical Guide
FORM 7 DETAILS OF NON-PERFORMING ASSETS
OBJECTIVE
This form provides the Non Performing Asset details in the debt investments
of the funds.
A. METHOD OF PREPARATION
1. Investments assets are excluding Central Government Securities and
State Government Securities (SDL), Other Approved securities and
any other equity or equity related instruments. This form is to be
prepared at SFIN level for ULIP fund and at aggregate fund level for
Life Fund, Pension & General Annuity funds and General Insurers.
2. The absolute amount of Gross NPA as on date (before Provision of
NPA to be provided but after write off)
3. Gross NPA as on date to Investment assets shall be shown by dividing
"Gross NPA" by "Investment Assets"
4. Item No 4 shall be Provisions made for NPAs appearing under "Gross
NPA"
5. Ratio of provisions made on the "NPAs" to "Gross NPA" shall not
include provisions made on Standard Assets
6. Provision made on the 'Standard Assets' shall be as per Circular:
32/2/F&A/Circulars/169/Jan/2006-07 as amended from time to time.
7. "Net Investment Assets" is to be arrived at by subtracting provisions
(Item no. 4) from Investment Assets (Item no. 1)
8. "Net NPA" is to be arrived at by subtracting provision (Item no. 4) from
the Gross NPA (Item no.2)
9. "% of the net NPA" shall be calculated by dividing "Net NPA" by "Net
Investment Asset"
10. Write off made during the period shall be as approved by the Board of
the Insurer.
324
ANNEXURE-1
CATEGORY OF INVESTMENTS FOR LIFE, LINKED, GENERAL
INSURANCE BUSINESS
The Authority vide Notification F. No. IRDA/Reg./5/47/2008 dated 30th Jul, 2008
published the 4th Amendment of Investment Regulations on 22nd Aug, 2008.
With a view of reflecting the specific changes brought about in respect of
Insurers investment in various Categories, had issued Guidelines:
INV/GLN/001/2003-04 dated 1st Jan, 2004, the same had been amended
suitably as under. These are the Category of Investments that are permissible for
Life, Pension and General Annuity, Linked Insurance Business and General
Insurance (including Re Insurance) Business. These are the exhaustive
categories as per the Insurance Regulatory and Development Authority.
No INVESTMENT CATEGORY HEADS CAT CODE
A GOVERNMENT SECURITIES
A01 Central Government Bonds CGSB
A02 Special Deposits CSPD
A03 Deposit under Section 7 of Insurance Act, 1938 CDSS
A04 Treasury Bills CTRB
GOVERNMENT SECURITIES / OTHER APPROVED
B
SECURITIES
B01 Central Government Guaranteed Loans / Bonds CGSL
B02 State Government Bonds SGGB
B03 State Government Guaranteed Loans SGGL
B04 Other Approved Securities (excluding Infrastructure Investments) SGOA
B05 Guaranteed Equity SGGE
HOUSING & LOANS TO STATE GOVT. FOR HOUSING AND
C
FIRE FIGHTING EQUIPMENT
C01 Loans to State Government for Housing HLSH
C02 Loans to State Government for Fire Fighting Equipments HLSF
C03 Term Loan - HUDCO / NHB / Institutions accredited by NHB HTLH
C04 Commercial Papers - NHB / Institutions accredited by NHB HTLN
C05 Housing - Securitised Assets HMBS
C06 Debentures / Bonds / CPs / Loans - (Promoter Group) HDPG
TAXABLE BONDS
C07 Bonds / Debentures issued by HUDCO HTHD
Bonds / Debentures issued by NHB / Institutions accredited by
C08 HTDN
NHB
Bonds / Debentures issued by Authority constituted under any
C09 Housing / Building Scheme approved by Central / State / any HTDA
Authority or Body constituted by Central / State Act
TAX FREE BONDS
Technical Guide
C10 Bonds / Debentures issued by HUDCO HFHD
Bonds / Debentures issued by NHB / Institutions accredited by
C11 HFDN
NHB
Bonds / Debentures issued by Authority constituted under any
C12 Housing / Building Scheme approved by Central / State / any HFDA
Authority or Body constituted by Central / State Act
OTHER INVESTMENTS
C13 Debentures / Bonds / CPs / Loans HODS
C14 Housing - Securitised Assets HOMB
C15 Debentures / Bonds / CPs / Loans - (Promoter Group) HOPG
D INFRASTRUCTURE INVESTMENTS
D01 Infrastructure - Other Approved Securities ISAS
D02 Infrastructure - PSU - Equity shares - Quoted ITPE
D03 Infrastructure - Corporate Securities - Equity shares-Quoted ITCE
D04 Infrastructure - Equity (Promoter Group) IEPG
D05 Infrastructure - Securitised Assets IESA
Infrastructure - Debentures / Bonds / CPs / loans - (Promoter
D06 IDPG
Group)
D07 Infrastructure - Infrastructure Development Fund (IDF) IDDF
TAXABLE BONDS
D08 Infrastructure - PSU - Debentures / Bonds IPTD
D09 Infrastructure - PSU CPs IPCP
D10 Infrastructure - Other Corporate Securities - Debentures/ Bonds ICTD
D11 Infrastructure - Other Corporate Securities - CPs ICCP
D12 Infrastructure - Term Loans (with Charge) ILWC
TAX FREE BONDS
D13 Infrastructure - PSU - Debentures / Bonds IPFD
D14 Infrastructure - Other Corporate Securities - Debentures/ Bonds ICFD
OTHER INVESTMENTS
D15 Infrastructure - Equity (including unlisted) IOEQ
D16 Infrastructure - Debentures / Bonds / CPs / loans IODS
D17 Infrastructure - Securitised Assets IOSA
D18 Infrastructure - Equity (Promoter Group) IOPE
Infrastructure - Debentures / Bonds / CPs / loans - (Promoter
D19 IOPD
Group)
E APPROVED INVESTMENT SUBJECT TO EXPOSURE NORMS
E01 PSU - Equity shares Quoted EAEQ
E02 Corporate Securities - Equity shares (Ordinary)- Quoted EACE
Equity Shares - Companies incorporated outside India (invested
E03 EFES
prior to IRDA Regulations)
E04 Equity Shares - Promoter Group EEPG
E05 Corporate Securities - Bonds - (Taxable) EPBT
E06 Corporate Securities - Bonds - (Tax Free) EPBF
E07 Corporate Securities - Preference Shares EPNQ
E08 Corporate Securities - Investment in Subsidiaries ECIS
326
Appendix `D'
E09 Corporate Securities - Debentures ECOS
Corporate Securities - Debentures / Bonds/ CPs /Loan - (Promoter
E10 EDPG
Group)
E11 Corporate Securities - Derivative Instruments ECDI
E12 Municipal Bonds Rated EMUN
E13 Investment properties - Immovable EINP
E14 Loans - Policy Loans ELPL
Loans - Secured Loans - Mortgage of Property in India (Term
E15 ELMI
Loan)
Loans - Secured Loans - Mortgage of Property outside India (Term
E16 ELMO
Loan)
Deposits - Deposit with Scheduled Banks, FIs (incl. Bank Balance
E17 ECDB
awaiting Investment), CCIL, RBI
E18 Deposits - CDs with Scheduled Banks EDCD
E19 Deposits - Repo / Reverse Repo - Govt Securities ECMR
E20 Deposits - Repo / Reverse Repo - Corporate Securities ECCR
Deposit with Primary Dealers duly recognised by Reserve Bank of
E21 EDPD
India
E22 CCIL CBLO ECBO
E23 Commercial Papers ECCP
E24 Application Money ECAM
Perpetual Debt Instruments of Tier I & II Capital issued by PSU
E25 EUPD
Banks
Perpetual Debt Instruments of Tier I & II Capital issued by Non-
E26 EPPD
PSU Banks
Perpetual Non-Cum. P.Shares & Redeemable Cumulative
E27 EUPS
P.Shares of Tier 1 & 2 Capital issued by PSU Banks
Perpetual Non-Cum. P.Shares & Redeemable Cumulative
E28 EPPS
P.Shares of Tier 1 & 2 Capital issued by Non-PSU Banks
E29 Foreign Debt Securities (invested prior to IRDA Regulations) EFDS
E30 Mutual Funds - Gilt / G Sec / Liquid Schemes EGMF
E31 Mutual Funds - (under Insurer's Promoter Group) EMPG
E32 Net Current Assets (Only in respect of ULIP Business) ENCA
F OTHER INVESTMENTS
F01 Bonds - PSU Taxable OBPT
F02 Bonds - PSU - Tax Free OBPF
F03 Equity Shares (incl Co-op Societies) OESH
F04 Equity Shares (PSUs & Unlisted) OEPU
F05 Equity Shares - Promoter Group OEPG
F06 Debentures OLDB
F07 Debentures / Bonds/ CPs / Loans etc. - (Promoter Group) ODPG
F08 Municipal Bonds OMUN
F09 Commercial Papers OACP
F10 Preference Shares OPSH
327
Technical Guide
Venture Fund / SEBI approved Alternate Investment Fund
F11 OVNF
(Category I)
F12 Short term Loans (Unsecured Deposits) OSLU
F13 Term Loans (without Charge) OTLW
F14 Mutual Funds - Debt / Income / Serial Plans / Liquid Secemes OMGS
F15 Mutual Funds - (under Insurer's Promoter Group) OMPG
F16 Derivative Instruments OCDI
F17 Securitised Assets OPSA
F18 Investment properties - Immovable OIPI
Note: F. `Other Investments' shall not be applicable to Pension and General
Annuity Funds of Life Insurers.
328
Appendix `D'
ANNEXURE-2
MARKET VALUE - BASIS FOR FORM-3A / FORM-3B
The Authority vide Notification F. No. IRDA/Reg./5/47/2008 dated 30th Jul, 2008
published the 4th Amendment of Investment Regulations on 22nd Aug, 2008.
With a view of reflecting the specific changes brought about in respect of Maket
Value of Investments for the purpose of FORM 3A, FORM 3B, the Authority
issued Guidelines INV/GLN/003/2003-04 dated 1st Jan, 2004 and the same has
been amended suitably as under. The following shall, without prejudice to
Section 27A, 27B of the Insurance Act, 1938 be the basis for arriving at the
"Market Value" of Investment to be furnished in FORM-3A and FORM-3B.
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
A Government Securities
A01 Central Government Bonds CGSB Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
A02 Special Deposits CSPD At Cost
A03 Deposit under Section 7 of CDSS Value as per FIMMDA if rated. If
Insurance Act, 1938 not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
A04 Treasury Bills CTRB Valued as per FIMMDA.
B Government Securities / Other
Approved Securities
B01 Central Government CGSL Value as per FIMMDA if rated. If
Guaranteed Loans / Bonds not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
B02 State Government Bonds SGGB Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
B03 State Government Guaranteed SGGL Value as per FIMMDA if rated. If
Loans not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
B04 Other Approved Securities SGOA Value as per FIMMDA if rated. If
(excluding Infrastructure not, valued at applicable Market
Investments) Yield rates published as per
329
Technical Guide
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
reputed Rating Agency
B05 Guaranteed Equity SGGE Book Value.
C Housing & Loans to State
Govt. for Housing and Fire
Fighting Equipment
C01 Loans to State Government for HLSH At Cost Less Provisions
Housing
C02 Loans to State Government for HLSF At Cost Less Provisions
Fire Fighting Equipments
C03 Term Loan - HUDCO / NHB / HTLH At Cost Less Provisions
Institutions accredited by NHB
C04 Commercial Papers - NHB / HTLN Value as per FIMMDA if rated. If
Institutions accredited by NHB not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
C05 Housing - Securitised Assets HMBS Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
C06 Bonds/Debentures/CPs/Loans - HDPG Value as per FIMMDA if rated. If
Promoter Group not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
TAXABLE BONDS OF
C07 Bonds / Debentures issued by HTHD Value as per FIMMDA if rated. If
HUDCO not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
C08 Bonds / Debentures issued by HTDN Value as per FIMMDA if rated. If
NHB / Institution accredited by not, valued at applicable Market
NHB Yield rates published as per
reputed Rating Agency
C09 Bonds / Debentures issued by HTDA Value as per FIMMDA if rated. If
Authority constituted under any not, valued at applicable Market
Housing / Building Scheme Yield rates published as per
approved by Central / State / reputed Rating Agency
any Authority or Body
constituted by Central / State
Act
TAX FREE BONDS
C10 Bonds / Debentures issued by HFHD Value as per FIMMDA if rated. If
330
Appendix `D'
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
HUDCO not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
C11 Bonds / Debentures issued by HFDN Value as per FIMMDA if rated. If
NHB / Institution accredited by not, valued at applicable Market
NHB Yield rates published as per
reputed Rating Agency
C12 Bonds / Debentures issued by HFDA Value as per FIMMDA if rated. If
Authority constituted under any not, valued at applicable Market
Housing / Building Scheme Yield rates published as per
approved by Central / State / reputed Rating Agency
any Authority or Body
constituted by Central / State
Act
OTHER INVESTMENTS
C12 Debentures / Bonds / CPs / HODS Value as per FIMMDA if rated. If
Loans not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
C13 Housing - Securitised Assets HOMB Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
C14 Debentures / Bonds / CPs / HOPG Value as per FIMMDA if rated. If
Loans - (Promoter Group) not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
D INFRASTRUCTURE
INVESTMENTS
D01 Infrastructure - Other Approved ISAS Value as per FIMMDA if rated. If
Securities not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
D02 Infrastructure - PSU - Equity ITPE If quoted, valued at Market Value
shares Quoted (last Quoted price should not be
later than 30 days). In unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
331
Technical Guide
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
year, the same shall be reduced
from the Book Value)
D03 Infrastructure - Corporate ITCE If quoted, valued at Market Value
Securities - Equity shares- (last Quoted price should not be
Quoted later than 30 days). If unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
D04 Infrastructure - Equity (Promoter IEPG If quoted, valued at Market Value
Group) (last Quoted price should not be
later than 30 days). If unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
D05 Infrastructure - Securitised IESA Value as per FIMMDA if rated. If
Assets not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
D06 Infrastructure - Debentures / IDPG Value as per FIMMDA if rated. If
Bonds / CPs / loans - Promoter not, valued at applicable Market
Group Yield rates published as per
reputed Rating Agency and in
case of loans at cost
D07 Infrastructure - Infrastructure IDDF At NAV (if available) or at cost
Development Fund (IDF) less Provision for diminution
TAXABLE BONDS OF
D08 Infrastructure - PSU - IPTD Value as per FIMMDA if rated. If
Debentures / Bonds not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
D09 Infrastructure - PSU CPs IPCP Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
332
Appendix `D'
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
reputed Rating Agency
D10 Infrastructure - Other Corporate ICTD Value as per FIMMDA if rated. If
Securities - Debentures/ Bonds not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
D11 Infrastructure - Other Corporate ICCP Value as per FIMMDA if rated. If
Securities CPs not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
D12 Infrastructure - Term Loans ILWC At Cost less opening Provisions
(with Charge)
TAX FREE BONDS
D13 Infrastructure - PSU - IPFD Value as per FIMMDA if rated. If
Debentures / Bonds not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
D14 Infrastructure - Other Corporate ICFD Value as per FIMMDA if rated. If
Securities - Debentures/ Bonds not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
OTHER INVESTMENTS
D15 Infrastructure - Equity (including IOEQ If quoted, valued at Market Value
unlisted) (last Quoted price should not be
later than 30 days). In unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
D16 Infrastructure - Debentures / IODS Value as per FIMMDA if rated. If
Bonds / CPs / loans not, valued at applicable Market
Yield rates published as per
reputed Rating Agency and in
case of loans at cost
D17 Infrastructure - Securitised IOSA Value as per FIMMDA if rated. If
Assets not, valued at applicable Market
Yield rates published as per
reputed Rating Agency and in
case of loans at cost
333
Technical Guide
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
D18 Infrastructure - Equity (Promoter IOPE If quoted, valued at Market Value
Group) (last Quoted price should not be
later than 30 days). In unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
D19 Infrastructure - Debentures / IOPD Value as per FIMMDA if rated. If
Bonds / CPs / loans - (Promoter not, valued at applicable Market
Group) Yield rates published as per
reputed Rating Agency and in
case of loans at cost
E APPROVED INVESTMENT
SUBJECT TO EXPOSURE
NORMS
E01 PSU - Equity shares - quoted EAEQ Market Value
E02 Corporate Securities - Equity EACE Market Value
shares (Ordinary)-quoted
E03 Equity Share - Companies EFES If quoted, valued at Market Value
incorporated outside India (last Quoted price should not be
(invested prior to IRDA later than 30 days). In unquoted,
Regulations) Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
E04 Equity Shares - Promoter Group EEPG If quoted, valued at Market Value
(last Quoted price should not be
later than 30 days). In unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
334
Appendix `D'
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
from the Book Value)
E05 Corporate Securities - Bonds - EPBT Value as per FIMMDA if rated. If
(Taxable) not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
E06 Corporate Securities - Bonds - EPBF Value as per FIMMDA if rated. If
(Tax Free) not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
E07 Corporate Securities - EPNQ If quoted, valued at Market Value
Preference Shares (last Quoted price should not be
later than 30 days). In unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
E08 Corporate Securities - ECIS At Cost less Provision for
Investment in Subsidiaries diminution
E09 Corporate Securities ECOS Value as per FIMMDA if rated. If
Debentures not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
E10 Corporate Securities - EDPG Value as per FIMMDA if rated. If
Debentures / Bonds/ CPs /Loan not, valued at applicable Market
- Promoter Group Yield rates published as per
reputed Rating Agency and in
case of loans at cost
E11 Corporate Securities - Derivative ECDI Marked to Market
Instruments
E12 Municipal Bonds - Rated EMUN Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency and in
case of loans at cost
E13 Investment properties EINP At Cost
Immovable
E14 Loans - Policy Loans ELPL At Cost
E15 Loans - Secured Loans - ELMI At Cost Less Provisions
335
Technical Guide
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
Mortgage of Property in India
(Term Loan)
E16 Loans - Secured Loans - ELMO At Cost Less Provisions
Mortgage of Property outside
India (Term Loan)
E17 Deposits - Deposit with ECDB At Carrying Cost
Scheduled Banks, FIs (incl.
Bank Balance awaiting
Investment), CCIL, RBI
E18 Deposits - CDs with Scheduled EDCD At Carrying Cost
Banks
E19 Deposits - Repo / Reverse ECMR At Cost
Repo- Govt Securities
E20 Deposits - Repo / Reverse ECCR At Cost
Repo- Corporate Securities
E21 Deposit with Primary Dealers EDPD At Cost
duly recognised by Reserve
Bank of India
E22 CCIL CBLO ECBO At Carrying Cost
E23 Commercial Papers ECCP Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
E24 Application Money ECAM At Cost
E25 Perpetual Debt Instruments of EUPD Value as per FIMMDA if rated. If
Tier I & II Capital issued by PSU not, valued at applicable Market
Banks Yield rates published as per
reputed Rating Agency
E26 Perpetual Debt Instruments of EPPD Value as per FIMMDA if rated. If
Tier I & II Capital issued by Non- not, valued at applicable Market
PSU Banks Yield rates published as per
reputed Rating Agency
E27 Perpetual Non-Cum. P.Shares & EUPS Value as per FIMMDA if rated. If
Redeemable Cumulative not, valued at applicable Market
P.Shares of Tier 1 & 2 Capital Yield rates published as per
issued by PSU Banks reputed Rating Agency
E28 Perpetual Non-Cum. P.Shares & EPPS Value as per FIMMDA if rated. If
Redeemable Cumulative not, valued at applicable Market
P.Shares of Tier 1 & 2 Capital Yield rates published as per
issued by Non-PSU Banks reputed Rating Agency
E29 Foreign Debt Securities EFDS At Carrying Cost
336
Appendix `D'
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
(invested prior to IRDA
Regulations)
E30 Mutual Funds - Gilt / G Sec / EGMF At NAV as on the reporting date
Liquid Schemes
E31 Mutual Funds - (under Insurer's EMPG At NAV as on the reporting date
Promoter Group)
E32 Net Current Assets (Only in ENCA At book value
respect of ULIP Business)
F OTHER INVESTMENTS
F01 Bonds - PSU Taxable OBPT Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
F02 Bonds - PSU - Tax Free OBPF Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
F03 Equity Shares (incl Co-op OESH If quoted, valued at Market Value
Societies) (last Quoted price should not be
later than 30 days). In unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
F04 Equity Shares (PSUs & OEPU If quoted, valued at Market Value
Unlisted) (last Quoted price should not be
later than 30 days). In unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
F05 Equity Shares - Promoter Group OEPG If quoted, valued at Market Value
(last Quoted price should not be
later than 30 days). In unquoted,
337
Technical Guide
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
F06 Debentures OLDB Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
F07 Debentures / Bonds/ CPs / ODPG Value as per FIMMDA if rated. If
Loans etc. - Promoter Group not, valued at applicable Market
Yield rates published as per
reputed Rating Agency and in
case of loans at cost
F08 Municipal Bonds OMUN Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency and in
case of loans at cost
F09 Commercial Papers OACP Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency
F10 Preference Shares OPSH If quoted, valued at Market Value
(last Quoted price should not be
later than 30 days). In unquoted,
Book Value Less Provisions
(Provisions shall be made at the
end of the Year. For the purpose
of Quarterly Returns, if there exist
any Provision for any Equity
Share at the beginning of the
year, the same shall be reduced
from the Book Value)
F11 Venture Fund / SEBI approved OVNF At NAV (if available) or at cost
Alternate Investment Fund less Provision for diminution
(Category I)
F12 Short term Loans (Unsecured OSLU At Cost Less Provisions
Deposits)
338
Appendix `D'
S.No Particulars Cat Market value basis for Form-
code 3A, Form-3B
F13 Term Loans (without Charge) OTLW At Cost Less Provisions
F14 Mutual Funds - Debt / Income / OMGS At NAV as on the reporting date
Serial Plans
F15 Mutual Funds (under Insurer's OMPG At NAV as on the reporting date
Promoter Group)
F16 Derivative Instruments OCDI Marked to Market
F17 Securitised Assets OPSA Value as per FIMMDA if rated. If
not, valued at applicable Market
Yield rates published as per
reputed Rating Agency. If NAV is
available, at applicable NAV.
F18 Investment properties OIPI At Cost
Immovable
339
Appendix 'E'
Format of Engagement Letter to be sent to the
Appointing Authority of the Insurance Company for
"Certificate on Investment Risk Management Systems
and Processes"
To the Board of Directors (or the appropriate representative of senior
management).
[The objective and the scope of the engagement]
This has reference to your letter No. ................ dated ....... whereby you
have offered us to carry out the examination of compliance status of
"Investment risk management system and processes" as at ................. as
stipulated in regulation 13(E) (1) of IRDA (Investment) (Fifth Amendment)
Regulations, 2013 notified by the Insurance Regulatory and Development
Authority (IRDA) and issue a certificate thereon.
[The responsibility of the practitioner]
We are pleased to confirm our acceptance for the aforementioned
assignment through the letter of acceptance attached herewith subject to the
following:
We shall conduct our examination as per the procedure laid down in the
Technical Guide on Review and Certification of Investment Risk Management
Systems and Processes of Insurance Companies issued by the Institute of
Chartered Accountants of India ("ICAI").
An examination of the Company's implementation of the Investment Risk
Management Systems and Processes includes examining evidence
supporting the management's compliance with respect to requirements
mandated in the Regulations, Guidelines, and Circulars of IRDA. The
procedures selected for examination depend on our judgment.We shall take
into cognizance of the internal controls relevant and necessary for
compliance of regulations issued by IRDA on investment risk management
systems and processes in order to obtain evidencethat is appropriate in the
circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity's over all internal control. However, we will
communicate to you in writing concerning any significant deficiencies in
Appendix `E'
internal control relevant to the compliance of conditions of Investment Risk
Management System & Processes.
[The responsibility of Management]
Our assignment will be conducted on the basis that the management and,
where appropriate, those charged with governance acknowledge and
understand that they have responsibility:
· For the design of IT Governance Architecture
· For implementation of the Investment Risk Management Systems and
process in accordance with the Regulations , Guidelines, and Circulars
issued by IRDA from time to time, and compliance thereto
· For making judgments and estimates those are reasonable and
prudent for compliance of IRDA regulations and guidelines on
Investment Risk Management System and Processes; and
To provide us with:
(i) Access, at all times, to all information, including the books of accounts,
vouchers and other records and documentation relevant for
information system of the company and for Investment Risk
Management System and Processes.
(ii) Additional information that we may request from the Chief Executive
Officer/the Chief Investment Officer/ Chief Technology Officer/ Chief
Information Officer /Other Officers of the company for the purpose of
examination; and
(iii) Unrestricted access to persons within the entity from whom we
determine it necessary to obtain evidence for examination. This
includes our entitlement to require from the officers of the branch or
head office such information and explanations as we may think
necessary for the purpose of issue of Certificate on Investment Risk
Management Systems and Processes.
As part of our assignment, we will request from the management and where
appropriate, those in charge of governance, written confirmation concerning
representations made to us in connection with the information system of the
company and the compliance of conditions of Investment Risk Management
System and Processes as may be considered necessary by us for the
purpose of our assignment.
It may also be noted that non provision of any information/ confirmation
requested by us from the management and where appropriate those in charge of
governance, may result in limitation on the scope of our assignment.
341
Technical Guide
We also wish to invite your attention to the fact that our examination is
subject to 'peer review' under the Chartered Accountants Act, 1949 to be
conducted by an Independent reviewer. The reviewer may inspect, examine
or take abstract of our working papers during the course of the peer review,
as required The Chartered Accountants Act, 1949, as amended from time to
time and the same need not be construed as breach of confidentiality
agreement entered with you.
We look forward to full cooperation from your staff during our examination.
[Other relevant information]
[Insert other information, such as fee arrangement, billings and other specific
terms as appropriate.]
[Certificate]
[Insert appropriate reference to the expected form and content of certificate]
The form and content of our certificate may need to be amended in the light
of findings of our examination.
Please sign and return the attached copy of this letter to indicate your
acknowledgement of, and agreement with, the arrangement for our
aforementioned assignment/s including our respective responsibilities.
Kindly also mark a copy of such acknowledgement to the concerned official/s
of the respective managements.
XYZ & Co.
Chartered Accountants
..............................
(Signature)
Date : (Name of the Member)
Place : (Designation1)
Acknowledged on behalf of Insurance Company by
..........................
(Signature)
Name and Designation
Date
Attached: Letter of Acceptance duly signed by us.
1 Partner or proprietor, as the case may be.
342
|