i.

Ensuring the soundness of the Companies; and

ii.

 Contributing to financial stability and policyholder protection.

1-1

Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.

2-1

Board: The Company’s board of directors.

3-1

Central Bank: The Central Bank of the United Arab Emirates.

4-1

Central Bank Laws: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank and Organization of Financial Institutions and Activities, as amended and Decretal Federal Law No. (48) of 2023 On the Organization of Insurance Operations.

5-1

Company: The insurance company incorporated in the State, and the branch of a foreign insurance company, that is licensed to underwrite primary insurance and reinsurance, including Takaful insurance companies.

6-1

Conflict of Interest: A situation of actual or perceived conflict between the duty and private interests of a person, which could improperly influence the performance of his/her duties and responsibilities.

7-1

Control Function: Function (whether in the form of a person, unit or department) that has a responsibility in a Company to provide objective assessment, reporting and/or assurance; this includes the risk management, compliance, actuarial, internal audit and where applicable Shari’ah control and Shari’ah audit functions.

8-1

Corporate Governance: A set of relationships between a Company’s Board, Senior Management, customers and other stakeholders; and a structure through which the objectives of the Company are set, and the means of attaining those objectives and monitoring performance are determined.

9-1

External Auditor: The audit firm and the individual audit engagement team members conducting the audit. Where relevant, specific references are made to the audit firm only in certain paragraphs.

10-1

Financial Regulations: Insurance Authority Board of Directors’ Decision No. (25) of 2014 Pertinent to Financial Regulations for Insurance Companies and the Insurance Authority Board of Directors’ Decision No. (26) of 2014 Pertinent to Financial Regulations for Takaful Insurance Companies and Insurance Authority’s Board of Directors’ Decision No. (19) of 2020 Concerning the Guidance Manual for Insurance Companies and Related Professions to Submitting the Data, Information and Supervisory Reports.

11-1

Group: A group of entities which includes an entity (the ‘first entity’) and:

a.

any parent of the first entity;

b.

any Subsidiary of the first entity or of any parent of the first entity;

c.

any Affiliate

12-1

Internal Controls: A set of processes, polices and activities governing a Company’s organizational and operational structure, including reporting and Control Functions.

13-1

Intragroup Transactions: any transaction by which a Company relies, either directly or indirectly, on another entity within the same Group.

14-1

Matter of Significance: A matter, or group of matters, that would have significant impact on the activities or financial position of the Company. Examples include failure to comply with the licensing criteria or breaches of the Central Bank Laws, or Financial Regulations, significant deficiencies and control weaknesses in the Company’s operations or financial reporting process or other matters that are likely to be of significance to the function of the Central Bank as regulator.

15-1

Regulation: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.

16-1

Risk Management: The process through which risks are managed allowing all risks of a Company to be identified, assessed, monitored, mitigated (as needed) and reported on a timely and comprehensive basis.

17-1

Senior Management: The individuals or body responsible for managing the Company on a day-to-day basis in accordance with strategies, policies and procedures set out by the Board, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.

18-1

 Subsidiary: An entity (the 'first entity') is a subsidiary of another entity (the 'second entity') if the second entity:

a.

holds a majority of the voting rights in the first entity;

b.

is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity; or

c.

is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity; or

d.

if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.

19-1

Takaful Insurance: A collective contractual arrangement aiming at achieving cooperation among a group of participants against certain risks whereby each participant pays certain contribution amount to form an account called the participants' account through which entitled compensations are paid to the member in respect of whom the risk has realized. The Takaful Insurance Company shall manage this account and invest the funds collected therein against certain compensation.

1-2

The Board and Senior Management are responsible for ensuring that financial statements are:

a.

prepared in accordance with accounting policies and practices that are widely accepted internationally;

b.

supported by record keeping systems; and

c.

issued annually to the public together with an independent External Auditor’s opinion.

2-2

The Board audit committee must oversee the financial reporting process and the establishment or amendment of significant accounting policies and practices.

3-2

In addition to the reporting requirements per the Financial Regulations, a Company must provide the Central Bank with qualitative and quantitative reports in an easily accessible manner with the following information, at a minimum:

a.

a description of the nature of the Company’s activities which sets out the following:

i.

business lines, types of products offered, policyholder segments and location of business;

ii.

policies concerning sales, marketing and remuneration paid to intermediaries;

iii.

the main trends and factors that contribute to the development, performance and position of the Company over its business planning time period; and

iv.

any material changes that have occurred in the Company’s activities.

b.

a description of the Company’s undertakings to ensure fair treatment of policyholders, which sets out the following:

i.

the culture of the Company in relation to policyholder treatment, including the extent to which the Company’s leadership, governance, performance management and recruitment, complaints handling policies and remuneration practices demonstrate a culture of fair treatment to policyholders;

ii.

how products are designed and distributed to ensure they fulfil the customers’ demands and needs;

iii.

the adequacy, appropriateness and timeliness of the information and advice given to customers;

iv.

the handling and timing of claims, including but not limited to acknowledging receipt of claims, notifying policyholders of accepting claims, rejecting claims or requiring additional documentation to proceed;

v.

 premium refunds;

vi.

the handling, frequency and nature of customer complaints, disputes, and litigation;

vii.

means of communication used to address customer complaints, including but not limited to SMS text messages, telephone, email or social media platforms and the frequency of their update;

viii.

policyholder experience reports used by the Company or from other sources, such as the insurance disputes resolution committees/ courts of law/ ombudsman/ arbitration/ mediation, as the case may be; and

ix.

any material changes that have occurred in the Company towards fair treatment of policyholders.

c.

a description of the Corporate Governance framework, Risk Management system and Conflict of Interest policies - including those from the Company’s relations with policyholders-, and any material changes in this regard.

d.

at the Group level -where applicable- a description of the Company’s relationships within the Group, including Group structures, Intragroup Transactions and intragroup links along with a description of any material changes in this regard;

4-2

 The Central Bank will determine the frequency and deadlines of submitting reports according to Article (2.3). The Central Bank may require additional reports as it deems necessary.

5-2

Companies must correct inaccurate reporting, as soon as possible, once identified.

6-2

Companies must report on any material changes or incidents that could affect their condition or customers, a soon as possible.

7-2

Companies must refrain from any action that may disclose or reveal their intentions regarding distribution or repatriation of profits, retained earnings, reserves, or other component of regulatory capital, unless they first have obtained the prior written no-objection from the Central Bank.

8-2

Companies must not make any distribution or repatriation of profits, retained earnings, reserves, or other component of regulatory capital unless they have obtained the prior written no-objection from the Central Bank.

9-2

The Board is responsible for ensuring that the risk governance framework of the Company, and if applicable, Group, provides for appropriate oversight of financial reporting and external audit. The framework must, at a minimum, provide for:

a.

documentation in an appropriate mandate or terms of reference of the role and responsibility of the Board audit committee, with respect to financial reporting; and

b.

Board-approved policies, procedures, systems, internal controls and independent assurance by the internal and/or external audit functions of the Company on the preparation of financial statements and prudential reporting to the Central Bank.

10-2

Companies must prepare their financial statements in accordance with the International Financial Reporting Standards (IFRS) and the instructions of the Central Bank. Such instructions may include, but are not limited to, the submission and publication of financial statements, classification and provisioning of financial items or guidance on the application of specific IFRS in the UAE insurance sector.

11-2

Companies must use valuation practices consistent with IFRS and Financial Regulations, and subject their fair value estimation framework, structure and processes to independent verification and validation. The Board must ensure adequate governance structures and control process for all financial instruments that are measured at fair value for Risk Management and financial reporting purposes, which must include:

a.

reviewing and approving written policies related to fair valuations;

b.

ongoing review of significant valuation model performance for issues escalated for resolution and all significant changes to valuation policies;

c.

ensuring adequate resources are devoted to the valuation process;

d.

articulating the Company’s tolerance for exposures subject to valuation uncertainty and monitoring compliance with the Board’s overall policy settings at an aggregate Company-wide level;

e.

ensuring independence in the valuation process between risk taking and control units, including but not limited to dual signatures, “four eyes principle” and segregation of duties;

f.

ensuring the appropriate internal and external audit coverage of fair valuations and related processes and controls;

g.

ensuring the consistent application of accounting and disclosures;

h.

ensuring the identification of significant differences, if any, between accounting and Risk Management measurements, and that these are well documented and monitored; and

i.

ensuring that the External Auditor’s reservations are attended to, and that all necessary amendments and remedial action is being taken prior to the issuance of the annual financial statements and audit opinion, this includes but not limited to reservations towards valuation of real estate and any other assets, as determined by the Central Bank.

1-3

Companies must, every year, appoint an External Auditor or more, approved by the Central Bank, for auditing their accounts.

2-3

The Board audit committee must recommend the appointment, reappointment, dismissal and compensation of the External Auditor.

3-3

a.

The Board audit committee must establish a policy and processes for the nomination of the External Auditor. The policy and processes must be approved by the Board and applied at the general assembly for the purpose of selecting an External Auditor. The Board audit committee must review and recommend to the Board to agree to the terms of engagement prior to the signing of the written contract with the External Auditor. Where relevant, the Board audit committee must ensure that the terms of engagement with the External Auditor have been updated to reflect changes in the size, nature or complexity of the Company or in the instructions of the Central Bank.

b.

The Company must carry out a procurement procedure to select the external audit firm at least once every six (6) years, which coincides with the period of the rotation of the firm. Following rotation, a cooling off period of three (3) years must be observed before the same firm may be reselected. In addition, the Company must rotate the external audit partner in charge of the audit every three (3) years.

4-3

The Board audit committee must oversee the External Auditor’s effectiveness and independence.

5-3

The External Auditor must provide the Board audit committee with timely observations arising from the audit that are relevant to the Committee’s oversight responsibility for the reporting process. These include, but not limited to:

a.

 significant difficulties encountered during the audit;

b.

key areas of significant risk of material misstatement in the financial statements, including a summary of material corrected and uncorrected misstatements.

c.

the extent of requests made by the Group auditor to another audit firm of member firms with respect to performance of a Group audit;

d.

the use of external experts to assist with the audit;

e.

the extent to which the External Auditor has used the work of the internal audit function and Internal Controls;

f.

matters relating to accountability, including significant decisions or actions by Senior Management that lack appropriate authorization;

g.

significant qualitative aspects of financial statement disclosures;

h.

feedback on the External Auditor’s relationship with Senior Management;

i.

identification of internal control weaknesses;

j.

issues resulting from regulatory and accounting changes; and

k.

changes in insurance and financial risks.

6-3

The External Auditor must conduct audits in accordance with the International Standards on Auditing (ISA) that require the use of a risk and materiality based approach in planning and performing the audit.

7-3

The scope of the external audits must include but not be limited to investments, technical provisions, solvency margins, commissions to distribution channels, capital adequacy, reinsurance arrangements, efficiency of the Corporate Governance and Risk Management arrangements and Internal Controls, and where applicable, compliance with Shari’ah requirements.

8-3

The External Auditor must comply with the independence requirements laid down in the Central Bank Laws and this Regulation. In case of violation of these requirements or failure in the performance of duties, the Central Bank may take any measures against the violating or negligent External Auditor, including rejection by the Central Bank to conduct audits in Companies.

9-3

The Central Bank may require a Company to rescind the appointment of an External Auditor when the Central Bank determines that the External Auditor has not adhered to established professional standards or has inadequate expertise or independence.

10-3

The External Auditor must meet with the Central Bank as deemed necessary for supervisory purposes. The Central Bank determines the agenda, timing and attendees for such meetings, which might be without the presence of the Company. The Central Bank may access the External Auditor’s working papers, when necessary.

11-3

The Central Bank may require a Company to appoint, at the Company’s expense, the existing External Auditor or another specified by the Central Bank to provide a report on a particular aspect of the Company’s business operations, prudential requirements, risk governance framework or other matters specified by the Central Bank.

1-4

The external audit in Companies must be fully compliant with the provisions laid down in the Central Bank Laws and Regulations. Where more than one External Auditor is appointed, the External Auditors must distribute duties amongst themselves and issue a common external audit opinion.

2-4

The Board audit committee must approve a policy for the tendering of the audit engagement. This must include requirements for knowledge and competence, objectivity, independence, professional scepticism and quality control. The Board audit committee must review and agree to the terms of the engagement prior to the signing of the written contract. Where relevant, the Board audit committee must ensure that the work plan of the engagement has been updated to reflect changes in the size, business mix or complexity of the Company or in the instructions of the Central Bank.

3-4

The Board audit committee must assess the overall quality of the External Auditor at least annually. The Board audit committee must obtain from the External Auditor, on an annual basis, a report on the audit firm’s internal quality control procedures, including the audit firm’s engagement quality control process, and any significant matters of concern arising from these procedures.

4-4

In monitoring and assessing the work of the External Auditor, the Board audit committee must obtain an understanding of the auditor’s view on any significant matters arising during the audit, including both those subsequently resolved and those that remain outstanding. The Board audit committee must review with the External Auditor the statements provided by the Board and Senior Management in the representation letter to the External Auditor, considering whether, based on the knowledge of the members of the Board audit committee, the information provided for each item is complete and appropriate.

5-4

Following completion of the fieldwork for the audit, and prior to issuance of the audit opinion, the Board audit committee must consider whether the External Auditor followed the audit plan and understand any reasons for changes in the plan. The Board audit committee must obtain feedback from Senior Management on the conduct of the audit. The Board audit committee’s assessment of the effectiveness of the external audit process must be documented and reported to the Board for discussion of findings and any recommendations.

6-4

The Board audit committee must have the right and authority to meet regularly with the External Auditor – in the absence of Senior Management –to understand and discuss all issues that may have arisen between the External Auditor and Senior Management in the course of the external audit and how these issues have been resolved. These meetings must also address any other matters that the External Auditor believes the Board audit committee should be aware of in order to exercise its responsibilities.

7-4

The Board audit committee must discuss with the External Auditor any matters arising from the audit that may have an impact on regulatory capital or regulatory disclosures.

8-4

The Board audit committee must approve a policy governing the provision of non-audit services by the External Auditor. The policy must specify the types of non-audit services the External Auditor may provide, or is prohibited from providing, and establish a requirement for approval of any such arrangement by the Board audit committee or by an appropriate level of Senior Management in accordance with authority delegated by the Board audit committee.

9-4

The external audit firm engaged by the Company, including its Affiliates or Subsidiaries, must not provide any non-audit services to the Company during the financial years of its external audit mandate, which could impair its objectivity and independence.

10-4

Prohibited non-audit services by the External Auditor include:

a.

bookkeeping and preparing accounting records and financial statements;

b.

designing and implementing Internal Controls or Risk Management procedures related to the preparation and/or control of financial information or designing and implementing financial information technology systems;

c.

services related to the Company’s internal audit function;

d.

valuation services, including valuations performed in connection with actuarial services or litigation support services;

e.

human resources services, with respect to:

i.

management in a position to exert significant influence over the preparation of the accounting records of financial statements which are the subject of the external audit, where such services involve searching for or seeking out candidates for such position or undertaking reference checks of candidates for such position;

ii.

structuring the organization design; and

iii.

cost control.

f.

brokerage services in securities services or works;

g.

services linked to the financing, capital structure and allocation, and investment strategy of the Company, except providing assurance services in relation to the financial statements, such as the issuing of comfort letters in connection with the prospectuses issued by the Company;

h.

promoting, dealing in, or acquiring ownership in the Company;

i.

legal services, with respect to:

i.

the provision of general counsel;

ii.

negotiating on behalf of the Company; and

iii.

acting in advocacy role in the resolution of litigation.

j.

services that involve playing any part in the management or decision-making of the Company; and

k.

tax services and the provision of tax advice.

11-4

The prohibited non-audit services also include any prohibited services under Federal Law No (12) of 2014 on the Regulation of the Auditing Profession, as amended, Cabinet Decision No. 48/2022 On the Implementing Regulation of Federal Law No. 12/2014 on the Regulation of the Auditing Profession; and under the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants, which are not specifically listed above.

12-4

 Where non-audit services are provided by the External Auditor, the Board audit committee must monitor the provision of such services to ensure that their performance does not impair the External Auditor’s objectivity and independence. This must take into consideration various factors including the skills and experience of the External Auditor, safeguards in place to mitigate any threat to objectivity and independence, and the nature and arrangements for non-audit fees. The Company’s annual report must explain to shareholders the nature and the fee arrangements for the non-audit services received, and how the External Auditor’s independence is safeguarded.

13-4

The External Auditor must meet the following expectations:

a.

have insurance industry knowledge and competence sufficient to respond appropriately to the risks of material misstatement in the Company’s financial statements and to properly meet additional regulatory requirements that may be part of the external audit;

b.

be objective and independent in both fact and appearance with respect to the Company;

c.

exercise professional scepticism when planning and performing the audit of Companies, having due regard to the specific challenges in auditing a Company;

d.

identify and assess the risks of material misstatement in the Company’s financial statements, taking into consideration the complexities of the Company’s activities and effectiveness of its internal control environment;

e.

have professional indemnity insurance in the UAE; and

f.

maintain confidentiality of information relating to the Company, unless such information is required by the Central Bank pursuant to Central Bank Laws, Regulation or other applicable legislation or required by other competent supervisory authority or judicial body.

14-4

The External Auditor must furnish the Board audit committee at least annually with information about the External Auditor’s policies and processes for maintaining independence and monitoring compliance with independence requirements.

15-4

The External Auditor must not purchase the securities of the Company whose accounts are audited by them or sell such securities directly or indirectly or provide any consultations to any person in connection with such securities during the blackout period.

16-4

The External Auditor must not serve on the Board or hold a position in Senior Management before two years have lapsed from the time of involvement in the Company’s audit.

17-4

 The External Auditor’s terms of engagement must be established in a written contract, which at a minimum, provides that:

a.

the External Auditor must meet with the Central Bank as deemed necessary for supervisory purposes. The Central Bank will determine whether the Company will participate in such meetings;

b.

the External Auditor bears no duty of confidentiality to the Company with respect to any notification of meeting with the Central Bank required by this Regulation, or the provision of any document or information required to be submitted to, or requested by, the Central Bank for supervisory purposes; and

c.

the External Auditor must provide, upon the request of the Central Bank, access to working papers and other documents that support conclusions made in the audit opinion.

1-5

External Auditors must promptly report to the Central Bank violations of the Central Bank Laws, Regulations, instructions and any Matters of Significance arising from their audit of the Company. External Auditors making such reports in good faith shall not be considered to have breached any of their obligations

2-5

Companies must promptly notify the Central Bank in case of resignation of their External Auditor and the reasons thereof, as well as obtain the non-objection from the Central Bank in case of their dismissal or change. Divergence of opinions between the Company and its External Auditor cannot be ground for dismissal.

3-5

Any material reservations of the External Auditor in relation to finalisation of accounts and issuing of a clean audit opinion, must be reported to the Central Bank prior to the finalization of the audit.

4-5

The External Auditor must not finalise financial statements containing a qualified audit opinion without first receiving the Central Bank’s non-objection.

1-9

This Regulation shall be published in the Official Gazette in both Arabic and English, and shall come into effect immediately on its publication. Companies which are not currently in compliance with the requirements must rectify this within six (6) months from the publication date.

2-9

Companies that will have the same External Audit firm engaged cumulatively for six (6) years or more as at the end of 2023 must rotate the external audit firm in 2024.