Skip to content

Changes to the Hong Kong insurance regime herald a new era of risk

The regulatory risk level for stand alone insurers and mixed financial groups (which include an insurer) in Hong Kong is about to rise significantly. As part of the long awaited and on-going overhaul of insurance regulation in Hong Kong, the new Independent Insurance Authority (IIA) replaced the existing insurance regulator, the Insurance Authority (also known as the Office of the Commissioner of Insurance or OCI), on 26 June 2017 – in the words of the Hong Kong Government, “D-Day”, and a highly significant moment for the Hong Kong insurance industry. 

Much of the attention in relation to the incoming enhanced insurance regulatory regime for Hong Kong has been focused on the increased regulation of insurance intermediaries, who will become subject to a new licensing regime. However, this will not occur or be introduced from D-Day; the transition from the current self regulatory regime for intermediaries to full, direct regulation by the IIA is expected to take effect within two years from D-Day.

Instead, the immediate impact on and from D-Day will be on authorised insurers, who, for this reason, are the focus of this article. The principal regulatory risk will be that of uncertainty in respect of the new powers that will become available to the IIA. From D-Day, authorised insurers are now required to enhance their corporate governance, with new provisions on key persons in control, directors, and actuaries coming into force.

Also, the IIA can, in stark contrast to the previous Insurance Authority, inspect, investigate, and discipline authorised insurers for misconduct. Many of these powers mirror similar provisions found in the Securities and Futures Ordinance (SFO) and the Banking Ordinance (BO). Knowledge of the securities and banking regime will therefore be highly relevant to understanding the expectations of the IIA. An Insurance Appeals Tribunal has been created, creating a new regulatory framework for appeals of the IIA’s decisions, designed to enhance the independence of the new regime.

The remainder of this article focuses on the governance implications of the new insurance regime and its wider ramifications.

Key Persons in Control Functions

Under the changed regime, the Insurance Ordinance (IO) introduces a requirement that an authorised insurer (not being a captive insurer) must not appoint individuals as key persons in control functions of the insurer (key person) unless the IIA has approved the appointment.1 A key person:

  • in relation to an authorised insurer incorporated in Hong Kong, means an individual responsible for the performance of one or more of the control functions for the authorised insurer; and
  • in relation to an authorised insurer incorporated outside Hong Kong, means an individual responsible for the performance of one or more of the control functions for the insurer in respect of so much of its insurance business as is carried on within Hong Kong.

A “control function” is a function that is likely to enable the individual responsible for the performance of the function to “exercise a significant influence on the business carried on by the insurer” (Significant Influence Test). The IO provides for six control functions:

  • risk management function;
  • financial control function;
  • compliance function;
  • internal audit function;
  • actuarial function; and
  • intermediary management function (to take effect when the intermediary licensing regime comes into effect).

The list of control functions is not set in stone; it can be expanded where the Hong Kong Financial Secretary is satisfied that another function meets the Significant Influence Test.

The introduction of control functions for insurers chimes with the new Manager-in-Charge (MIC) regime introduced by the Securities and Futures Commission (SFC) that similarly requires licensed corporations to appoint MICs for eight “core functions”. This can also be compared to the “managers” regime under the BO, for banks, and to senior management regulatory regimes introduced elsewhere.

However, unlike the position under the MIC or the managers regime, the appointment of a key person will require the prior approval of the IIA, which the IIA will not give unless the proposed key person is “fit and proper”. As is the case with persons regulated under the banking and securities regimes, the obligation to be fit and proper is a continuing requirement, ie the IIA can require an authorised insurer to revoke the appointment of a key person if the IIA believes that the person is no longer fit and proper.

Liability of Directors, Employees, and Members of Insurers

One of the most significant revisions to the IO is the imputation of liability when offences under the IO are committed by companies.

If an offence is committed under the IO by a company and it is proved that the offence was committed with the consent or connivance of, or was attributable to the neglect or omission of a:

  • controller;
  • director;
  • key person;
  • responsible officer; or
  • member, if the body corporate is managed by its members (each a Responsible Individual), then the Responsible Individual also commits the offence.

Importantly, the IO presumes that an offence committed by a company is committed by a Responsible Individual if it is proved that, at the time the offence was committed, the Responsible Individual was concerned in the management of the company.

This presumption can be rebutted where the Responsible Individual raises sufficient evidence that the offence was committed without his or her consent or connivance and was not attributable to his or her neglect or omission.

However, that is unlikely to ease the minds of Responsible Individuals who may be held liable for offences conducted in other departments where that person is simply “concerned in the management” of the company and not necessarily directly responsible.

This attribution of liability under the IO is significantly tougher than its equivalent in the securities legislation, which does not include such a presumption.

No doubt the operation of this part of the IO will be carefully monitored by the financial services industry generally, and the banking and securities regulators in particular, who may find it tempting in due course to raise the bar set under their regimes to a similar level.

General corporate governance

The Office of the Commissioner of Insurance issued a revised Guidance Note on The Corporate Governance of Authorised Insurers (GN10) in October 2016. GN10 sets out the OCI’s requirements for the governance structure and management of authorised insurers incorporated in Hong Kong (or overseas-incorporated insurers who have a significant portion of their business in Hong Kong). In particular, GN10 states that the Board of an authorised insurer “has the ultimate responsibility for fair treatment of customers”. Good corporate governance will continue to be an important aspect under the new regime. Other regulators, such as the Hong Kong Monetary Authority (see its Circular on Bank Culture Reform published in March 2017), are also emphasising the importance of good corporate governance, a sound corporate culture, and prudent risk management practices.


The changes to the Hong Kong regulatory framework for insurers are by no means cosmetic, and potentially have implications across the financial industry.

The new regulatory landscape for insurers in Hong Kong will present significant challenges for the insurance industry as it adapts to the new environment. This will particularly be so once the regime is fully implemented to accommodate the regulation of intermediaries.

It is reasonable to expect teething issues with the implementation of the new regime, and institutions need to ensure that they are prepared to identify and manage the relevant risks accordingly.

Institutions need to remain aware of potential regulatory cross-overs from the new regime that may affect them: authorised insurers should consider and leverage off experiences and approaches used in other regulated industries, such as the securities industry, where appropriate; and banks and securities firms will need to keep a watchful eye on the new insurance regime to assess the potential for enhancements to the insurance regime that go beyond (and may ultimately be imported into) the current scope of their regimes. The same applies to market practices of regulators and regulated entities which evolve under the new insurance regime.


1 S. 13AE of the IO.

Further information

This case summary is part of the Allen & Overy Legal & Regulatory Risk Note, a quarterly publication.  For more information please contact Karen Birch –, or tel +44 20 3088 3710.

Legal and Regulatory Risk Note