PPS
INTEGRATED REPORT 2018
58
CORPORATE
GOVERNANCE REPORT
(continued)
PPS Group IT applies the standards recommended by the
Information Technology Infrastructure Library (ITIL). ITIL
is a set of good practices for IT service management
that focuses on aligning IT services with the needs of
business. These standards describe procedures, tasks
and checklists that are not organisation-specific, and are
recommended to be used for establishing a minimum
level of competency. They allow the organisation to
establish a baseline from which it can plan, implement
and measure. They are used to demonstrate compliance
and to measure improvement.
PPS Group IT performs annual ITIL maturity reviews which
are presented to the GRC. Additionally, Internal Audit
and other independent assurance providers regularly
perform, inter alia, IT control audits, King IV governance
audits and an internal security ethical hack. These reviews
are intended to provide the PPS Insurance Board with
independent assurance on the effectiveness and state of
internal controls, as well as confidence in the ability of IT
to deliver the approved strategies.
PPS understands and respects that PPS members’
privacy is important to them. PPS limits the collection of
personal information to what is necessary. PPS uses and
shares personal information provided to it by members
only in ways that PPS informs members of. PPS takes
all reasonable security measures to prevent personal
information from being used and shared for other
purposes. The information security objective is to develop
a cost-effective strategy that is in alignment with the PPS
Group’s IT and business strategic objectives. The goal is to
deliver this through effective risk management, where the
investment in the relevant security controls is proportional
to the risk exposure. The value delivery of information
security is realised through the secure enablement of
new business initiatives and the standardisation from a
controls perspective of the environment, thereby reducing
the number of incidents related to malicious code and
unauthorised end-user modification of systems.
REGULATORY DEVELOPMENTS
During the year under review, there was a significant
volume of proposed legislation and amendments to
existing legislation, all of which will impact the governance
and reporting of governance within the PPS Group. This
has placed additional responsibilities on the boards and
management to ensure adherence to, and compliance
with, the new requirements.
The most important legislative changes for PPS are
highlighted below:
1. PRUDENTIAL STANDARDS
The former Financial Services Board (FSB), together
with the insurance industry have, through the
Solvency Assessment and Management (SAM)
project, established a risk-based approach which will
ensure that the solvency and liquidity requirements
are consistently met by insurers. The former FSB
Insurance Prudential team has now been seconded
to the Prudential Authority (PA).
The PA published the final Prudential Standards which
became effective on 1 July 2018. The Standards consist
of Governance and Operational Standards for Insurers
and Financial Soundness Standards.
The PPS Group Insurance companies are financially
sound under the Prudential Standards and the
measures designed have been entrenched in
decision-making and the day-to-day operations of the
business. Policies were also updated where necessary.
2. TWIN PEAKS
The ‘Twin Peaks’ model is a strategy to divide the
financial regulatory system into two regulatory
regimes. These two regimes are headed by
the Prudential Authority (PA) and the Financial
Sector Conduct Authority (FSCA). The objectives of
this model are financial stability, consumer protection,
combating of financial crimes, and transparency. These
changes will be funded, among other things, by
increasing the levies paid by financial institutions.
The Financial Sector Regulation Act was proclaimed in
2018, with a notable number of its sections commencing
on 1 April 2018, while different commencement dates
apply in respect of various other sections of the Act.
During September 2018 the new PA also published
its regulatory strategy for the period 2018 to 2021.
The strategy provides information regarding the PA’s
approach to regulation and supervision; the principles
that will guide its regulatory and supervisory decisions;
the PA’s key priorities over the next three years; and
the key outcomes that the PA intends to achieve.
Similarly, the new FSCA also announced the adoption
of its regulatory strategy for the period 2018 to 2021,
during October 2018. The strategy sets out the FSCA’s
regulatory and supervisory priorities for the next three