Insurance companies are legally obliged to establish an effective internal control system (ICS) for their entire business that covers all their business operations (see Art. 27 ISA). The ICS covers a company’s internally prescribed processes, methods and measures designed to secure adequate management control, leading to effective business processes, reliable financial reporting and compliance with laws and regulations.
Within the “ICS assessment – self-assessment of the company-wide controls & internal control system” (ICSA), FINMA periodically collects information about the internal control system in place at the insurance company, the insurance group or the insurance conglomerate. The focus is on the underlying processes, methods and measures for ensuring that there is an appropriate level of assurance regarding the risks of the business.
The survey is based on the (supervisory) laws and ordinances (CO, ISA, ISO, etc.) and FINMA’s ICS supervisory practice (cf. FINMA Circ. 2017/02 “Corporate governance – insurers” and FINMA Circ. 2018/03 “Outsourcing – banks and insurers”). Information about the maturity of the ICS is also gathered.
The information obtained helps FINMA to assess the ICS structure and processes (ICS framework) in place at the insurance company, group or conglomerate.
The findings from the ICS assessment are incorporated into the overall assessment of the insurance company group or the conglomerate as well as FINMA’s supervisory process. It can lead to follow-up activities either for individual insurance companies, a selected groups of insurance companies or for the overall market.