Newsletters Business Crime & Financial Services 9th Oct 2017

Regulatory D-Day for Hong Kong’s Insurance Industry

  1. On 26 June 2017, the Insurance Authority (IA) assumed its regulatory responsibilities and replaced the Office of the Commissioner of Insurance (OCI) in regulating insurers in Hong Kong. Described as “D-Day” by the Hong Kong Government, the institutional change marks an inflection point for the Hong Kong insurance industry.
  2. The IA was created by the Insurance Ordinance (Cap. 41) (the Ordinance),[1] which brings wide-ranging changes to the regulation of insurance and insurance companies in Hong Kong. All the facts indicate that the IA will be a much more powerful regulator than its predecessor, and one with enhanced authorisation and supervisory powers.[2]

The new Levy to the IA

  1. Unlike the OCI, which was a government department, the IA was created as an entity independent of Government. A second layer of independence was established through an Insurance Appeals Tribunal, creating a new regulatory framework to review the IA’s decisions.
  2. An important objective underpinning the change is the desire for the regulatory regime to become self-funding, rather than relying on taxpayers, reflecting a global trend in regulation. The IA will generate funds from the insurance industry by charging a Levy on premiums from 1 January 2018. The Levy is payable by policyholders but will be collected by insurers. Insurers may absorb the cost of the new Levy if they feel that it is practical to do so, but economics tells us that in practice the end consumer will ultimately bear the cost. Although the Levy has been described as minimal, with the initial rate set at 0.04 per cent of each premium, legal practitioners should still explain to insurers that there remains an obligation on them to update their policy documents and communicate the imposition of the Levy to policy holders in advance of January 2018.

Enhanced powers over insurers

    1. The IA’s powers over insurers are much broader than those available to its predecessor, the OCI, and are largely modelled on the regime for regulating licensed corporations by the Securities and Futures Commission (SFC). The key persons regime and the extension of personal liability that it brings is perhaps the most consequential change at this stage of the regime’s implementation. The Ordinance increases scrutiny and supervision over key persons, such as controllers and directors, and individuals introduced by the new concept of “key persons in control functions”.
    2. Furthermore, under the new regime the IA will now have additional powers to:
      1. Conduct investigations where there is reasonable cause to believe that there may have been a breach of the Ordinance, fraud or misfeasance, or if it has reason to enquire in an insurer is guilty of misconduct or is no longer fit and proper;
      2. Impose disciplinary sanctions;
      3. Conduct compliance inspections on authorised insurers;
      4. Apply to a Magistrate for a search warrant;
      5. Prosecute in its own name offences which are triable summarily under the Ordinance.[3]
  1. Section 41P of the Ordinance sets out the definition of misconduct:

misconduct means:

  • (a) a contravention of a provision of this Ordinance;
  • (b) a contravention of a term or condition of an authorization granted under section 8;
  • (c) a contravention of any other condition imposed on an authorized insurer under a provision of this Ordinance; or
  • (d) an act or omission relating to the carrying on of a class of insurance business by an authorized insurer which, in the [Insurance] Authority’s opinion, is or is likely to be prejudicial to the interests of policy holders or potential policy holders or the public interest, and guilty of misconduct is to be construed accordingly.

Key Persons in Control Functions

  1. Under the changed regime, the Ordinance introduces the requirement that an authorised insurer must not appoint individuals as “key persons in control functions” of the insurer unless the IA has approved the appointment. Section 13AE (12) of the Ordinance outlines the definition of a control function of an insurer as:

Control function

 in relation to an authorized insurer, means any of the following functions that is likely to enable the individual responsible for the performance of the function to exercise a significant influence on the business carried on by the insurer:

    • risk management function, which is a function to establish the strategies, policies and procedures to manage different types of key risks of the insurer;
    • financial control function, which is a function to oversee all financial matters (including investments, accounting and financial reporting) of the insurer;
    • compliance function, which is a function to establish and formulate the standards, policies and procedures to ensure the compliance with legal and regulatory requirements that are applicable to the insurer;
    • internal audit function, which is a function to establish and implement an audit plan to examine and evaluate the adequacy and effectiveness of the controls to manage risks of the insurer;
    • actuarial function, which is a function to evaluate and monitor:
    1. the technical provisions, premium and pricing strategies of the insurer;
    2. the reserving and investment policies and reinsurance arrangements of the insurer; and
    3. the policies and controls in respect of the insurer’s vulnerability to fluctuations in risk exposures and distribution policies…
  1. Legal practitioners should be aware that applications for the approval of existing key persons in each of these functions should have been submitted by 30 September 2017. A new Form A1 has been issued by the IA for these purposes. This form requires the insurer to provide details of key persons’ reporting lines and where they fit within the management organisation. It also requires the insurer to demonstrate that the proposed key person meets the “fit and proper” requirements set out in the new Guideline On “Fit and Proper” Criteria under the Insurance Ordinance (Cap. 41) issued by the IA.[4]
  2. For the first time, the Ordinance extends personal liability for regulatory breaches beyond insurance company directors. A key person can be held liable for offences under the Ordinance attributable to neglect or omission on their part.[5] Extending personal liability to an individual member of senior management beyond Directors and the Chief Executive Officer is a principal mechanism by which the new regimes seeks to restrain undesirable behavior by insurance companies. This change reflects a global trend towards enhanced scrutiny of individual conduct in regulatory enforcement.

 Regulation of agents and brokers

  1. The most significant expansion of regulatory power under the Ordinance is still to come. So significant in fact, that the industry has been given potentially two years to prepare itself. At some point during this two-year period, the current self-regulatory regime for insurance agents and insurance brokers will be replaced with direct regulation by the IA, in addition to their oversight of insurance companies. Further, this new licensing regime is expanding beyond existing brokers and agents to encompass any person carrying on “regulated activities”.
  2. It is recommended that intermediaries should begin to review practices to ensure that adequate compliance policies are in place. Particular focus should be paid to the Insurance Core Principles published by the International Association of Insurance Supervisors,[6] which the Ordinance attempts to enshrine.


  1. Following “D-Day”, the global trend in financial regulation to enhance responsibility and accountability for the conduct, culture and compliance of individual professionals is now reflected in the regulatory framework of Hong Kong. The new framework has been heralded as a positive way to ensure that the quality and accountability of individuals working in leadership positions in the insurance industry continues to develop. It is therefore important that industry stakeholders should familiarise themselves with the new regulatory landscape and the fresh obligations that it places on them, in particular reflecting on how they can demonstrate compliance and whether it is necessary to adapt their current practices.

David Whittaker

Nicholas Hall

[1] See

[2] The IA’s new website has been launched and can be accessed at

[3] See Section 41P of the Ordinance.

[4]  See

[5] See section 124 of the Ordinance.

[6] See

Categories: Newsletters