Hong Kong Regulatory Insurance Update - May 2024

In the May 2024 edition of Regulatory Insurance Update, our Hong Kong Corporate and Commercial Team provides the latest updates relating to the law and regulations, developments, and news in the insurance industry in Hong Kong.

Hong Kong_Skyline At Sunrise

Updates on insurance law and regulation

12 April 2024

The IA has issued a revised Guideline on “Fit and Proper” Criteria for Authorized Insurers under the Insurance Ordinance (Cap. 41) (Revised GL4). 

The Revised GL4 will take effect on 1 July 2024, being the same day on which the Insurance (Amendment) Ordinance 2023 (Amendment Ordinance) comes into operation (the Revised GL4 takes account of those amendments).

The Revised GL4 elaborates on the following:

  • the “fit and proper” criteria for majority shareholder controllers;
  • the qualification and experience requirement for certifying actuary in relation to general business; and
  • the assessment of internal control and corporate governance structure for body corporates.

Minority Shareholder Controller and Majority Shareholder Controller

The Amendment Ordinance and the Revised GL4 introduce a distinction between minority shareholder controllers (15% or more but less than 50% of the voting power at a general meeting of the insurer) and majority shareholder controllers (more than 50% of the voting power at a general meeting of the insurer). 

Under revised section 13B of the IO, a person must obtain the IA’s prior approval before they become a majority shareholder controller or a minority shareholder controller of an authorised insurer incorporated in Hong Kong (a HK Insurer) or of a designated insurer. This includes where a minority shareholder controller intends to become a majority shareholder controller of the same insurer.

Where a majority shareholder controller of a HK Insurer or a designated insurer becomes a minority shareholder controller of the same insurer, that person is required under the (new) section 13BB of the IO to notify the IA within one month after that change.

Revised GL4 notes that shareholder controllers can exert significant influence on the business strategy and conduct of business of an authorised insurer. Therefore, the IA will “consider the likely or actual level of influence and control over the insurer by a person holding his capacity as a shareholder controller. Generally, the greater the influence on the insurer by the shareholder controller, the higher the level of standard will be applied by the IA in assessing his fitness and propriety.”

A prospective majority (and, if appropriate, minority) shareholder controller is required to submit clear and detailed strategic objectives and business plans of the authorised insurer and show that such objectives and plans are “realistic, viable, and conducive to the long-term stability and healthy and sustainable development of the insurer”. In particular, the majority shareholder controller is expected to demonstrate its long term commitment to the insurer and that it has the “willingness and financial capacity to maintain the financial soundness of the insurer including to contribute additional capital to support the operations of the insurer, as and when required.”

Certifying Actuary in relation to General Business

Under the (new) section 15AAAB(1) of the IO, an authorised insurer that carries on general business in or from Hong Kong must obtain the IA's prior approval for the appointment of an actuary (which the Revised GL4 refers to as a “certifying actuary”). Revised GL4 sets out the qualification and experience requirements for the certifying actuary.

Assessment of Internal Control and Corporate Governance Structure for Body Corporates

Revised GL4 sets out the following new additional criteria in determining whether a body corporate is fit and proper, being whether the body corporate:

"(j) has been untruthful to, has provided false or misleading information to, or has been subject to adverse comment from, any regulatory authority in Hong Kong or elsewhere;

(k) has in place sound corporate governance structure, for example, the composition of the board of directors and board committees including the proportion of directors being independent nonexecutive directors;

(l) has in place adequate internal control systems and procedures that would reasonably ensure that the persons that it appoints to act on its behalf, in relation to its conduct of the activity regulated under the relevant legal or regulatory requirements, meet the fit and proper criteria relevant to the regulated activity;

(m) maintains effective systems of risk management and internal controls and that risks are properly monitored and managed at the entity level or at group-wide basis (where relevant); or

(n) has established adequate internal controls on financial reporting that is effective to provide reasonable assurance regarding the reliability of financial statements or regulatory submissions (where relevant) in accordance with relevant principles."

For key changes to the IO introduced by the Amendment Ordinance, please refer to our July 2023 edition.

Link to IA circular

Link to Attachment: Revised GL4

Link to July 2023 edition for summary of key changes introduced by the Amendment Ordinance

12 April 2024

In 2023, the IA conducted a survey on three supervised groups of Designated Insurance Holding Companies (DIHCs) on their current practices and TRM functions and controls, and how the group TRM functions ensure mitigation of identified technology risks and compliance with relevant regulations.

The IA’s Note on Good Practices on TRM highlights the following good practices and potential areas for enhancement:


  • The Group Board oversees a robust governance framework that assesses the impact of operational disruptions brought about by technology risks and ensures that appropriate mitigation strategies and measures are in place to manage such risks.
  • Such framework should be consistently applied within the DIHCs.

TRM Framework

  • The TRM framework should cover:

(a) approved technology-specific risk appetite statements endorsed by the Group Board or delegated committee; and
(b) monitoring and reporting of key risk indicators and escalation thresholds to the Group Board or delegated committee on a regular basis.

  • Technology-specific risk appetite statements, key risk indicators and escalation thresholds should be clearly defined and integrated within the TRM framework for ongoing monitoring and reporting.

Implementation of the Group TRM Function

  • A DIHC’s senior management should ensure:

(a) suitable and sufficient resources allocation to maintain the expected level of IT system services and facilitate effective TRM; and
(b) clear accountability and responsibility under the Group TRM Function, including on key technology projects and the onboarding of third-party service providers who are responsible for critical IT systems and infrastructure.

IT Outsourcing

  • A DIHC’s senior management is accountable and responsible for outsourced services. Sufficient oversight of critical service providers is required.
  • A DIHC should at least:

(a) undertake due diligence and monitor the service providers’ performance;
(b) evaluate the potential risk of over-concentration or dependence on a single service provider;
(c) maintain an effective contingency plan for disruptions; and
(d) plan for an orderly exit from outsourcing arrangements as and when necessary.

  • Additional measures should be implemented to mitigate risks associated with outsourcing critical services to a single service provider.

The IA will continue to monitor and ensure that regulatory requirements and industry good practices remain aligned.

Link to IA circular

Link to Attachment: Note on Good Practices on TRM

Insurance industry news and developments

10 April 2024

The IA, together with the Hong Kong Monetary Authority, the Mandatory Provident Fund Schemes Authority and the Securities and Futures Commission, has launched the Anti-Scam Charter 2.0 to encourage financial institutions to adopt measures aimed at combatting against digital frauds and scams.

Under this Anti-Scam Charter participating institutions will undertake to:

  • refrain from sending instant electronic messages with embedded hyperlinks to acquire bank, credit card, investment, insurance and MPF account or other key personal information from customers;
  • raise public awareness of credit card scams and other digital frauds by sending anti-scam messages to their customers and the general public;
  • provide suitable channels for customer enquiries; and
  • enhance training for frontline staff on the charter.

Mr Clement Cheung, Chief Executive Officer of the IA, stated that "the [Anti-Scam] Charter [2.0] is a cross-sector initiative that underscores [the IA's] collective resolve in combatting digital frauds and scams.” The IA will aim to “maintain a reliable and convenient environment for normal business transactions to be conducted, hence preserving public confidence in the insurance industry."

Link to IA press release

Link to Joint Circular on Anti-Scam Consumer Protection Charter 2.0

Link to Anti-Scam Consumer Protection Charter 2.0

Link to Insurance Business article

Link to Insurance Asia article

12 April 2024

On 12 April 2024, the IA hosted the first ever ILS Conference in Hong Kong for institutional investors and related professional service providers.

The ILS Conference featured two expert panels on value proposition of the local ILS market and the ILS investment landscape, and a live catastrophe bond transaction roadshow for ILS investors.

Mr Joseph Chan, Acting Secretary for Financial Services and the Treasury, cited various factors which favour Hong Kong’s emergence as an ILS domicile, noting that "Hong Kong is home to an array of insurers and reinsurers with rich experience and expertise, providing a solid bedrock for our ILS ecosystem to develop. Combined with our connectivity with the Mainland and the rest of world, Hong Kong is an ideal platform for ILS issuance."

Link to IA press release

Link to Insurance Business article

Link to Asia Insurance Review article

Link to Insurance Asia article

Link to SCMP article

23 April 2024

A recent survey conducted by QBE Hong Kong reported a significant increase in cyberattacks on SMEs year-on-year alongside with a greater awareness of and protection against cyber risks. Survey respondents also noted the potential of AI to increase workplace productivity.

Over 600 SMEs participated in the survey between December 2023 and January 2024.

Some key findings of the survey include:

  • 48% of the respondents said that they are fully informed of possible cyber threats, showing an improvement of 12% from last year.
  • 30% of SMEs experienced a cyberattack at one point or another, a 6% increase from the previous year.
  • 55% of SME executives considered that AI had impacted productivity and 71% of Hong Kong SMEs do not expect AI to take over or replace jobs in companies.
  • 94% of the respondents felt that mental health was a key issue, with 50% of SMEs citing mental health as being very important.
  • 90% of SMEs are effectively communicating insurance coverage and benefits to their staff.

Link to Hong Kong press release

Link to infographic of the survey

Link to Insurance Business article

25 April 2024

The IA has published the consultation conclusions on the six draft RBC Rules, which are:

  • Insurance (Exemption to Appointment of Actuary) Rules (Cap. 41Q);
  • Insurance (Valuation and Capital) Rules (Cap. 41R);
  • Insurance (Submission of Statements, Reports and Information) Rules (Cap. 41S);
  • Insurance (Maintenance of Assets in Hong Kong) Rules (Cap. 41T);
  • Insurance (Marine Insurers and Captive Insurers) Rules (Cap. 41U); and
  • Insurance (Lloyd’s) Rules (Cap. 41V).

The draft RBC Rules were published in two batches in December 2023 and January 2024 for public consultation. The majority of respondents were generally supportive of the proposals and provided comments and suggestions, mainly on areas such as capital requirements and valuation of assets and liabilities. The IA made amendments to certain original proposals after consideration of the feedback received.

The finalised RBC Rules are expected to be vetted at the Legislative Council in May 2024, and to take effect when the Insurance (Amendment) Ordinance 2023 comes into force on 1 July 2024.

Link to IA press release

Link to consultation conclusions

26 April 2024

On 25 April 2024, government representatives, financial regulators and the representatives of the stock exchanges of Hong Kong and Shanghai attended a meeting in Hong Kong to discuss the latest developments of financial services in the China (Shanghai) Pilot Free Trade Zone, cooperation in respect of cross-boundary Renminbi business, securities, futures, insurance, financial technology (fintech) and green finance as well as enhancing talent exchange.

Both sides agreed to facilitate exchange and cooperation in the insurance industry on development issues, such as risk management of Belt and Road projects, captive insurance and ILS.

Link to Business Insurance article

Link to Xinhua Net article

Related content