The Insurance Authority (IA) of UAE recently issued Circular No. (47) of 2020 regarding 2021 reporting requirements for all insurance companies operating in the UAE. This includes Insurance Companies, Foreign Branches of Insurance Companies and Takaful Insurance Companies. This write-up focusses specifically on the following two matters:
A. AML & CFT: Insurance Companies’ year-end reporting requirements pertaining to the reports of the Internal Auditor & External Auditor in compliance with Article (44) paragraph 3 of cabinet resolution 10 for 2019, in regards to AML &CFT, and board resolution number 19 for the year 2020.
Paragraph 3 of Article 44 states: Compliance by Insurance Companies of the following:
Putting in place the required procedures and controls to assess the compliance by Insurance Companies with the provisions of Law No. 20 of 2018 on Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) and Illegal Organizations
Request to report the information relating to such compliance
Section Six of Board of Director’s Decision 19 of 2020 states: The insurance companies and the insurance-related professionals shall present following reports on Anti-Money Laundering and Combating the Financing of Terrorism:
The reports prepared by the Internal Auditor concerning the effective internal controls for anti-money laundering and combating terrorism financing. The insurance companies and the insurance-related professionals must file an annual report by the end of April every year on reviewing the internal policies, regulation and procedures for anti-money laundering and combating the financing of terrorism according to the intended E-Form No (4).
The report of the certified external auditor of the company concerning the effective internal controls for anti-money laundering and combating terrorism financing. The insurance companies and the insurance-related professionals shall fill in the e-form of the annual report prepared by the company’s external auditor when the audited annual financial statements and reports are provided to the Authority in Form No. (5) as hereto attached.
The report of the certified external auditor of the company concerning the effective internal controls for anti-money laundering and combating terrorism financing. The insurance companies and the insurance-related professionals shall fill in the e-form of the annual report prepared by the company’s external auditor when the audited annual financial statements and reports are provided to the Authority in Form No. (5).
In case Insurance Companies and the Insurance-related Professionals do not have In-house Internal Audit Staff including Subject Matter Experts, it can outsourced to third party.
In this context, all companies must consider adherence to the minimum audit scope mentioned in the Insurance Authority’s Board of Directors Decision No. 19 of 2020 Section Six Scope Table and Form No. 5 (shown below), in order to avoid rejection of the report prepared by (Compliance Officers, Internal Auditors , External Auditor - Any Reports prepared by the company and submitted to the authority)
Such reports prepared by Internal Auditor and External Auditor, have to be submitted to IA by 30th April 2021.
B. ICFR: As per the Circular (47) issued in October 2020, the IA has requested the insurance companies to provide a separate opinion from the External Auditors on the operating effectiveness of Internal Controls over Financial Reporting (ICFR). As recommended, the companies may adopt the following two-phase approach for complying with the requirements:
PHASE I: For the year-end 2020, the management should assess and evaluate the design and implementation of the existing ICFR and also test its operating effectiveness, considering an appropriate internal control framework. The existing gaps and failures in the ICFR identified during the internal assessment should be communicated to the respective "control owners". The companies should provide a report to the IA highlighting the results of this assessment by 30th April 2021. The report may be brief, and may cover only those gaps and control failures which in the company’s assessment pose the highest risk.
PHASE II: Over the year 2021, management should have a plan in place to fix all the gaps identified during the initial assessment and evaluation of the ICFR; and management should work to fix the issues as per the plan. Additionally, the management should test the operating effectiveness of the implemented ICFR and take necessary corrective measures, if required.
From the year-end 2021 onwards, the Insurance companies are required to obtain a separate opinion from the External Auditors on the operating effectiveness of the internal controls over financial reporting (ICFR). The Auditors would need to obtain reasonable assurance to state if adequate internal controls over financial reporting were maintained and if these controls operated effectively in all material aspects.
This report has to be submitted by 30th April 2021.
At UHY James, we provide services to Insurance Service Providers (Insurance Companies, Brokers, Agencies, etc.) for complying with Insurance Authority Regulations. We have Subject Matter Experts (SME) for AML/CFT Compliance who can also help Insurance Companies to develop / review their AML/CFT Policies & Procedures in line with prevailing Rules & Regulations. Also, we provide trainings/awareness sessions relating to AML/CFT to staff of Insurance Companies
This article is authored by Adil Buhariwalla Partner – Internal Audit & Risk Consulting at UHY James. Email: firstname.lastname@example.org