The procedures and operations of the internal control, compliance and risk management have developed from the traditional to the modern methods emanating from the global professional associations, which laid down the international standards of the internal control, compliance, risk management operations in terms of planning and undertaking such activates, so that those in charge of these operations would focus on the riskiest fields.

The task of those employees can be summed up in ensuring that the operations, actions and procedures of the company in certain fields of the insurance industry are in line with the provisions in the State-enacted laws and, in particular, the laws, regulations, instructions and decisions of the Insurance Authority.

The Authority assures that the higher management has the responsibility for taking all necessary actions that would ensure objective and professional work performed by the staff of the Internal Control, Compliance and Risk Management Departments, especially in relation to providing the information and data and facilitating their work. The Authority also emphasizes that the staff should necessarily perform their work with high professionality and objectivity free from any interest or pressure that would impact the integrity and impartiality of their reports.

General Provisions:

1. The insurance companies and the insurance-related professionals shall take due diligence to effectively regulate and control their affairs taking into consideration the nature, size, complexity and diversity of their operations and the risks faced by them. They must have suitable procedures and controls on the risk management.
2. The insurance companies must establish and maintain a governance framework stipulating that:
   1. The responsibilities shall be distributed among the board directors, highermanagement and officers of the regulatory positions.
   2. The regulatory tasks shall be separated from the responsibilities of themanagement.
   3. The operations and affairs of the company shall be adequately monitored andcontrolled by the managers and the higher management.
   4. Such strategies, policies, procedures and controls shall be established andmaintained including the internal controls in commensuration with the nature,size and complexity of the operations and risk profile of the company.
3. They shall ensure that their policies, procedures and controls are regularly reviewed and updated as required.
4. The insurance companies shall create and maintain the internal control jobs as follows:
   1. Risk management,
   2. Compliance which includes combating financial crimes, anti -moneylaundering and countering terrorism financing, and
   3. Internal audit.
   4. The insurance companies can combine more than one of the internal controljobs above by performing them through the internal control staff. It should beemphasized that the combating of the financial crimes shall be carried on by aseparate and specialized employee in this task.
5. The insurance-related professions shall create and maintain the internal controljobs as follows:
   1. Risk management,
   2. Compliance which includes combating financial crimes, anti -moneylaundering and countering terrorism financing,
   3. Internal audit, and
   4. The other jobs as they hold suitable for the nature, size and complexity of theinsurance operations.
6. The operating insurance brokerage companies can authorize the internalcontroller who is registered with the Insurance Authority to perform all aforesaidinternal control tasks till other directives will be issued by the Authority.