Oentoeng Suria & Partners 01 Mar 2015 Indonesia’s new insurance law
Indonesia’s House of Representatives passed the long-awaited revised Insurance Law on 23 September 2014 (the New Law). The New Law serves to provide a more comprehensive regulatory framework for Indonesia’s insurance industry under the supervision of the Financial Services Authority (Otoritas Jasa Keuangan or OJK).
The New Law replaces Law No. 2 of 1992 on Insurance Business (Existing Law).
The main changes in the New Law relate to:
- types, legal forms and ownership of insurance companies;
- sharia-based and conventional insurance companies;
- introduction of a policy guarantee programme;
- introduction of a single presence policy;
- new designations applicable to insurance companies;
- the OJK’s position as the supervisory body; and
- more comprehensive administrative and criminal sanctions
The changes became effective on 23 October 2014.
Categories of insurance companies
The New Law separates insurance companies into four types, with overlapping services prohibited:
- general insurance companies;
- life insurance companies;
- reinsurance companies; and
- sharia insurance companies, which includes sharia general insurance companies, sharia life insurance companies and sharia reinsurance companies.
Form and ownership of insurance companies
Insurance companies must be in the form of: (i) a limited liability company (Perseroan Terbatas); (ii) a co-operative; or (iii) an existing mutual business (which presently only applies to AJB Bumiputera 1912, an Indonesian life insurance company).
The New Law provides that insurance companies may only be owned by either: (i) Indonesian citizens and/or Indonesian legal entities directly or indirectly wholly owned by Indonesian citizens; or (ii) an Indonesian citizen and/or Indonesian legal entity, together with a foreign counterparty engaged in the same industry. Additionally, foreign individuals may only acquire shares in insurance companies through acquiring the shares of exchange listed insurance companies. If an insurance company does not satisfy the more stringent local shareholder rules, then compliance is prescribed through the requirement to transfer ownership of shares to Indonesian nationals or to conduct an initial public offering no later than five years after the New Law was passed.
The New Law does not make any changes with respect to foreign ownership restrictions (despite some speculation it would lower the permitted percentage) which remain controlled under a separate government regulation, No. 39 of 2008 (Second Amendment to Government Regulation No. 73 of 1992 on Implementation of Insurance Business Activity), which limits foreign ownership to 80 per cent (although a foreign shareholder remains able to increase its shareholding beyond 80 per cent by dilution of the minority by subscribing for new shares so long as the existing capital issued to the local shareholder is maintained).
Sharia-based and conventional insurance companies
The New Law now distinguishes between a sharia-based insurance company and a conventional insurance company. A conventional insurance company may not provide sharia-based services and vice versa.
Policy guarantee programme
The New Law introduces statutory protection for policyholders (hitherto not specifically regulated) by requiring insurance companies to participate in a policy guarantee programme (program penjaminan polis). This programme (intended to reflect the deposit protection guarantee scheme in the banking sector) requires further primary legislation in order to be implemented, which must be issued within three years of the New Law coming into force, however, the key takeaways of the programme based on the New Law are as follows:
- the policy guarantee programme aims to secure reimbursement of all or part of an insurance company’s policyholders’ or customers’ rights in the scenario where the insurance company is in the process of being liquidated or where its business license has been revoked by the OJK; and
- upon the effectiveness of the policy guarantee programme (in parallel with the effectiveness of its primary legislation as discussed above), those provisions in the New Law relating to the provision of security funds (or Dana Jaminan, being the amount of assets of an insurance company statutorily prescribed by the OJK to be set aside as security for policyholders) will fall away.
Single presence policy
A major new development (which largely mirrors the policy applying to the Indonesian banking sector) is that a party may only become a controlling shareholder in one life insurance company, one general insurance company, one reinsurance company, one sharia-based life insurance company, one sharia-based general insurance company and one sharia-based reinsurance company. Any party which is currently controlling more than one type of insurance company must adjust to the single presence rule within three years of the New Law coming into force.
New designations in insurance companies
The New Law introduces and regulates two new designations which apply to insurance companies.
The first designation is that of a Controller, which is the party considered by the OJK as having the authority, either directly or indirectly, to influence the Board of Directors (BOD) or the Board of Commissioners (BOC) of an insurance company. The New Law states that the change of the Controller must be reported to the OJK and, more significantly, that a Controller must also be responsible for the loss of the insurance company which is caused by a party through its control. The OJK’s intention is to determine the identity of the Controller(s) in order to decide who is responsible if the insurance company fails to fulfil its obligations to policyholders or insured persons, as a result of the influence of the relevant party on the management of the insurance company.
The second designation is that of a Statutory Manager, which is a party appointed by the OJK to take over the management of an insurance company upon the occurrence of the following events:
- the OJK suspends the insurance company’s business license;
- the insurance company notifies the OJK that it is unable to fulfil its obligations, or will discontinue its repayment obligations which have become due;
- based on the OJK’s view, the insurance company is unable to fulfil its obligations, or will discontinue its repayment obligations which have fallen due;
- based on the OJK’s view, the insurance company fails to comply with applicable insurance laws and regulations, or is deemed to be financially unsound; or
- based on the OJK’s view, the insurance company facilitates, or is involved in, criminal actions.
Further details regarding the Controller and Statutory Manager will be regulated under separate OJK regulations.
Local insurance and reinsurance prioritisation
The New Law further restricts the situations where insurance of an Indonesian “insured object” can be obtained by a non-OJK licensed insurer, namely:
- no insurance company, whether alone or with others, has the ability to cover or manage the insurance risk relating to the insured object; or
- no insurance company is prepared to provide insurance in relation to the insured object.
Significantly, this appears to remove the prior exception whereby an insured object in Indonesia owned by a foreign citizen or legal entity could obtain insurance from a non-OJK licensed insurer.
The New Law (arguably more proactively than its predecessor) requires the insurance companies to optimise utilisation of local insurance, sharia insurance, re-insurance and sharia re-insurance capabilities.
The objective is to further encourage insurance companies to optimise their functions as insurers and/or reinsurer companies by having as much reinsurance as possible placed with local insurance companies, with due observation of risk management principles.
The OJK, as the insurance industry’s supervisory body, is granted a wide range of authorities and duties under the New Law to:
- approve, reject, and revoke insurance business licenses;
- approve, reject, and revoke the registration statement of an actuary consultant, public accountant, appraiser, or any other party providing services to an insurance company;
- request a quarterly report from an insurance company;
- examine or supervise insurance companies and other parties, whether formerly or otherwise affiliated, or any other party providing services to an insurance company;
- approve or revoke the Controller of an insurance company;
- conduct fit and proper testing of the BOD, BOC, Sharia Supervisory Boards, company actuaries, internal auditor and Controllers;
- terminate the aforementioned parties, except for the company’s actuary, internal auditor, or Controller, and to appoint Statutory Managers, Members of the BOD, BOC and Sharia Supervisory Boards may be replaced by the OJK with a Statutory Manager if the relevant insurance company is subject to any written warning or limitation of business activities, however, we understand that the exact details for this to occur will be contained in a subsequent implementing regulation;
- provide written instructions to insurance companies; and
- impose sanctions on insurance companies, including its shareholders, BOD, BOC, Sharia Supervisory Boards, company actuaries, and internal auditor. With respect to shareholders, the New Law only provides for administrative sanctions if a shareholder fails to comply with its obligation to provide any information deemed necessary by a liquidation team during an insurance company’s liquidation process. Further details in relation to these sorts of sanctions will be contained in a subsequent implementing regulation.
Administrative and criminal sanctions
Administrative and criminal sanctions have been aggregated and deepened in several areas. With respect to administrative sanctions, in our experience, the OJK will apply these in an escalating manner and only take more serious action if the insurance company fails to adequately address the breach or issue identified for remedy.
- written warnings;
- limitation of business activities, either entirely or partially;
- prohibition of the marketing of insurance products;
- revocation of business license;
- annulment of the statement of registration of an insurance broker, reinsurance broker or insurance agent;
- annulment of the statement of registration of an actuary consultant, public accountant, appraiser or other party who provides services to an insurance company;
- annulment of approval for a mediation or association institution;
- monetary fines; and
- prohibition on a party from becoming a shareholder, a member of the BOD, BOC, or of the Sharia Supervisory Board, or from holding an executive position on the BOD in an insurance company.
The OJK may also request the following actions from an insurance company under a written warning, or subject to a limitation on its business activities that it:
- undertakes a capital injection;
- replaces (members of) its BOD, BOC, Sharia Supervisory Board or its actuary or internal auditor;
- transfers (entirely or partially) its insurance portfolio;
- transfers its authority to a Statutory Manager; or
- carries out the necessary actions to overcome its situation, or that it does not do anything to further aggravate the company’s condition.
The New Law provides for more comprehensive criminal sanctions. For example, it introduces criminal charges specifically for members of the BOC, BOD, Sharia Supervisory Board, Controllers, internal auditors, or other employees of an insurance company for criminal activities.
The New Law also provides that any person appointed or mandated by the OJK who uses or discloses any confidential information to other parties, except for the purposes of carrying out its duties and authorities by virtue of an OJK decree or prevailing laws, may be subject to up to five years’ imprisonment and fined up to IDR 20 billion.
A regulation implementing the New Law must be issued no more than two years and six months from the date of the New Law coming into force. We will keep you updated on further developments as the New Law is bedded down.
2018 Insurance Regulatory Outlook
Forging ahead amid uncertainty
Gain insight into key regulations that insurance companies should be monitoring and addressing in 2018.
Embracing complexity: 2018 trends in insurance regulations
Most insurers are moving ahead deliberately with their risk and compliance initiatives, even as certain areas pose regulatory uncertainty that will likely remain a significant and ongoing challenge. Even if lawmakers and regulators make certain definitive changes, insurance companies must continue to drive the effectiveness and efficiency of their risk and compliance programs so they meet applicable laws, regulations, and supervisory expectations.
Many of the new state regulatory requirements are clear. But in other areas, such as the Department of Labor’s (DOL) Fiduciary Rule (the Rule), companies don’t have the time or luxury of waiting to see how things will shake out. Therefore, they’re planning implementation based on available guidance.
Overall, many of the changes organizations are making to achieve insurance regulatory compliance are useful improvements that are worth doing from a risk and business perspective.
Read on to learn more about the insurance regulations we’re tracking for 2018.
This publication is part of the Deloitte Center for Regulatory Strategy annual, cross-industry series on the year’s top regulatory trends. Learn more about regulatory challenges and opportunities in other industries on our regulatory outlook homepage.
The insurance industry has seen a shift as the regulatory environment has driven organizations to take a serious yet fresh look at the state of their cybersecurity risk management programs. Institutions at both the state and federal levels remain committed to protecting insurance organizations from the influx of cyber threats and to raising the bar on cyber risk management and reporting.
Numerous regulatory agencies at the federal level, as well as the National Association of Insurance Commissioners (NAIC), have moved or are moving to establish regulations governing the conduct of insurers with respect to this significant operational risk.
In an era where cyber criminals could be state-sponsored, part of a political cooperative, or just after the money, how can boards and senior executives assess the soundness of their cybersecurity programs? The Society of Worldwide Interbank Financial Telecommunication (SWIFT) network articulated three overarching objectives:
- “Secure your environment”
- “Know and limit access”
- “Detect and respond”
The DOL’s Fiduciary Rule has already significantly shifted the financial services industry to operate more in the best interest of the customer, specifically retirement account investors and policyholders. It has also prompted other regulatory agencies to develop or propose new regulations that are likely to be enacted during 2018, thus creating a new patchwork of state and federal regulations that might not be completely aligned.
The Rule continues to serve as a catalyst for change across the financial services industry. Although implementation efforts to achieve compliance have slowed, the industry continues to migrate toward a fiduciary (or at least a “best interest”) model for delivering advice to both retirement and non-retirement clients.
This trend will likely accelerate in 2018 under a number of emerging scenarios, such as the DOL’s Rule progression, the SEC drafting of a rule, individual state legislation, and adoption of the NAIC model regulation by individual states.
Big data: Big issues, big potential rewards
The potential benefits of analytics are undeniable. In fact, one can reasonably argue that as the use of analytics rises—and as the analysis becomes increasingly precise and personal—insurers will be able to offer more effective, customized products to consumers with greater efficiency. The counterargument is that the increasing availability of data—and the increasingly sophisticated ability to analyze and manage it—could enable insurers to micro-segment the market to a point where it undermines the fundamental concept of risk pooling.
In our current environment, the ability to use data and predictive analytics to accelerate underwriting and reduce market friction could be both a competitive advantage and market expander. The question regulators—and the industry—face is where to draw the line. For example, the value and validity of genetic information is indisputable, but should it be usable?
Regulators worldwide are moving to address the issue. The NAIC has created the Big Data Working Group to “review current regulatory frameworks used to oversee insurers’ use of consumer and non-insurance data.”
Enterprise risk management and Own Risk Solvency Assessment (ORSA)
With the passing of the Risk Management Own Risk and Solvency Assessment Model Act #505, the NAIC paved the way for the formal requirement for insurance companies to have a risk management program and framework within their organizations. The ORSA requirement specifies a filing at least annually that sets out:
- The company’s risk management framework
- A stress testing requirement for the risks the company faces
- A forward-looking projection of solvency
Although insurance companies are naturally in the business of managing risk, these new requirements have taken time and effort to formally adopt. And they will continue to do so for some time.
Corporate governance disclosure
Corporate governance disclosure may have been a quiet issue lately, but it’s one that most insurers will need to begin addressing soon.
The NAIC’s Corporate Governance Annual Disclosure (CGAD) Model Act and Regulation were adopted in 2014 to provide regulators with more details on insurers’ corporate governance practices. All insurers, no matter their size, will be required to file an annual CGAD. The CGAD must contain discussions of the following:
- The insurers’ corporate governance framework and structure
- The policies and practices of its board of directors and significant committees, including information regarding board member qualifications and independence
- The policies and practices directing senior management, including information regarding significant compensation programs
- The processes by which the board of directors, its committees, and senior management ensure an appropriate level of oversight of the critical risk areas impacting the insurers’ business activities
With such high visibility for the CGAD, it might be better for company management to err on the side of over—rather than under—compliance.
The NAIC and state Departments of Insurance (DOIs) continue to focus considerable resources on market conduct exams and analysis. While many of the areas of focus aren’t new, some are more recent and gaining more attention.
In addition, many insurers are experiencing more frequent examinations, driven in part by heavier reliance on market analysis data and greater activity on the part of state regulators as the federal government has limited authority and inclination to increase its presence.
With continuing data breaches that impact customer personally identifiable information (PII), the NAIC and states are continuing to focus on appropriate measures and the controls insurers should have in place to protect sensitive policyholder information. Likewise, as carriers get more sophisticated in their use of big data, the states find themselves trying to determine what safeguards are required to protect against unfair and/or discriminatory behavior.
International regulatory change
Regulatory change continues to pervade the insurance industry, and international regulatory change is no exception. The international regulatory environment is significant even for US-only industry participants because of the direct and trickle-down impacts of globally accepted changes.
Local country-based change is also creating uncertainty, with socio-economic and political change driving significant regulatory adjustments within individual countries. Brexit is just one example of such a change currently taking place.
Against this backdrop, both US and international insurers would be well-advised to stay on top of global regulatory developments and continuously assess the potential impact on their business models.