Table of Contents Table of Contents
Previous Page  59 / 203 Next Page
Information
Show Menu
Previous Page 59 / 203 Next Page
Page Background

PPS

INTEGRATED REPORT 2018

58

CORPORATE

GOVERNANCE REPORT

(continued)

PPS Group IT applies the standards recommended by the

Information Technology Infrastructure Library (ITIL). ITIL

is a set of good practices for IT service management

that focuses on aligning IT services with the needs of

business. These standards describe procedures, tasks

and checklists that are not organisation-specific, and are

recommended to be used for establishing a minimum

level of competency. They allow the organisation to

establish a baseline from which it can plan, implement

and measure. They are used to demonstrate compliance

and to measure improvement.

PPS Group IT performs annual ITIL maturity reviews which

are presented to the GRC. Additionally, Internal Audit

and other independent assurance providers regularly

perform, inter alia, IT control audits, King IV governance

audits and an internal security ethical hack. These reviews

are intended to provide the PPS Insurance Board with

independent assurance on the effectiveness and state of

internal controls, as well as confidence in the ability of IT

to deliver the approved strategies.

PPS understands and respects that PPS members’

privacy is important to them. PPS limits the collection of

personal information to what is necessary. PPS uses and

shares personal information provided to it by members

only in ways that PPS informs members of. PPS takes

all reasonable security measures to prevent personal

information from being used and shared for other

purposes. The information security objective is to develop

a cost-effective strategy that is in alignment with the PPS

Group’s IT and business strategic objectives. The goal is to

deliver this through effective risk management, where the

investment in the relevant security controls is proportional

to the risk exposure. The value delivery of information

security is realised through the secure enablement of

new business initiatives and the standardisation from a

controls perspective of the environment, thereby reducing

the number of incidents related to malicious code and

unauthorised end-user modification of systems.

REGULATORY DEVELOPMENTS

During the year under review, there was a significant

volume of proposed legislation and amendments to

existing legislation, all of which will impact the governance

and reporting of governance within the PPS Group. This

has placed additional responsibilities on the boards and

management to ensure adherence to, and compliance

with, the new requirements.

The most important legislative changes for PPS are

highlighted below:

1. PRUDENTIAL STANDARDS

The former Financial Services Board (FSB), together

with the insurance industry have, through the

Solvency Assessment and Management (SAM)

project, established a risk-based approach which will

ensure that the solvency and liquidity requirements

are consistently met by insurers. The former FSB

Insurance Prudential team has now been seconded

to the Prudential Authority (PA).

The PA published the final Prudential Standards which

became effective on 1 July 2018. The Standards consist

of Governance and Operational Standards for Insurers

and Financial Soundness Standards.

The PPS Group Insurance companies are financially

sound under the Prudential Standards and the

measures designed have been entrenched in

decision-making and the day-to-day operations of the

business. Policies were also updated where necessary.

2. TWIN PEAKS

The ‘Twin Peaks’ model is a strategy to divide the

financial regulatory system into two regulatory

regimes. These two regimes are headed by

the Prudential Authority (PA) and the Financial

Sector Conduct Authority (FSCA). The objectives of

this model are financial stability, consumer protection,

combating of financial crimes, and transparency. These

changes will be funded, among other things, by

increasing the levies paid by financial institutions.

The Financial Sector Regulation Act was proclaimed in

2018, with a notable number of its sections commencing

on 1 April 2018, while different commencement dates

apply in respect of various other sections of the Act.

During September 2018 the new PA also published

its regulatory strategy for the period 2018 to 2021.

The strategy provides information regarding the PA’s

approach to regulation and supervision; the principles

that will guide its regulatory and supervisory decisions;

the PA’s key priorities over the next three years; and

the key outcomes that the PA intends to achieve.

Similarly, the new FSCA also announced the adoption

of its regulatory strategy for the period 2018 to 2021,

during October 2018. The strategy sets out the FSCA’s

regulatory and supervisory priorities for the next three

1 54 55 56 57 58 59 60 61 62 63 64 65 203  FlippingBook