By Mr Declan McDaid, Partner, and Ms Gillian Young, Associate, Norton Rose Fulbright Hong Kong
The Office of the Commissioner of Insurance (OCI) proposes to introduce a risk-based capital (RBC) framework for insurers. The existing Hong Kong capital adequacy framework is rules-based with capital and solvency requirements in the Insurance Companies Ordinance and guidance notes. The proposed RBC framework will introduce solvency control levels (Prescribed Capital Requirements and Minimum Capital Requirements), the breach of which will trigger supervisory intervention.
The reforms are in line with the International Association of Insurance Supervisors’ (IAIS) Insurance Core Principles 16 (enterprise risk management for solvency purposes) and 17 (capital adequacy). A three-month public consultation on the proposed framework closed in mid-December, the conclusions from which are awaited.
The OCI proposes to apply the framework to direct insurers and reinsurers authorised to carry on insurance business in Hong Kong, regardless of whether these are locally-established entities or branches.
The RBC regime foresees three pillars:
• Pillar 1: quantitative requirements – including capital adequacy assessment and valuation
• Pillar 2: qualitative requirements – including corporate governance, enterprise risk management and own risk and solvency assessment (ORSA)
• Pillar 3: public disclosure and transparency regarding insurers’ capital.
These pillars will be broadly familiar to international insurers who have engaged in preparations for Solvency II in Europe. However, details of the Hong Kong RBC framework are yet to be worked out and a phased approach to the introduction of the RBC framework is proposed.
It is expected that following the development of the RBC framework and the main approaches, starting in 2015, further detailed rules will be developed and quantitative impact studies undertaken. The legislation on the RBC framework will be proposed and subject to public consultation. The OCI suggests this phase may take two to three years, following which there will be a phased implementation period to assist with compliance by insurers.
A consequence of breaching their privacy could be the loss of your liberty
The first custodial sentence for a breach of the Personal Data (Privacy) Ordinance (PDPO) was imposed in December 2014. An insurance agent was sentenced to four weeks’ imprisonment for breaching the PDPO by providing false statements to the Privacy Commissioner for Personal Data (PC), fraud and using false instruments. The maximum sanction for a contravention of the relevant section of the PDPO is a fine of HK$10,000 (US$1,300) and a six-month imprisonment.
The PC received a complaint from a policyholder who had originally been contacted by the agent whilst he was employed by another insurer. The agent left that insurer and used the information for a policy later issued by the agent’s new employer. The policyholder complained that the agent had unfairly obtained her personal data, having misled her that the original insurer (his former employer) was underwriting the policy.
In the course of the PC’s investigation, the agent claimed he had been assigned to serve the customer during his employment with the insurer but this was denied by the insurer. It is an offence to make a knowingly false statement to the PC or to knowingly mislead the PC. The agent pleaded guilty.
The PC recently published the 2014 annual report on complaints and enforcement activity under the PDPO. The report highlighted a consistently high number of complaints (1,702 compared with 2013’s 1,792) and an increase in enforcement actions taken by the PC (90 enforcement actions up from 25 in 2013). The PC also referred 20 cases to the police for criminal investigation and potential prosecution.
The importance of data protection and privacy for individuals and the potentially serious consequences for all persons collecting, using, storing or processing personal data in Hong Kong is highlighted by this insurance agency case and by the PC’s annual report.