Guidelines on Validation Programme: Differential Levy Systems and Levies Calculations
Insurer Member (Levy)
GUIDELINES ON VALIDATION PROGRAMME: DIFFERENTIAL LEVY SYSTEMS AND LEVIES CALCULATION
ISSUE DATE : 10 FEBRUARY 2021
TABLE OF CONTENTS
SECTION 1: INTRODUCTION .............................................................................................. 3
BACKGROUND ............................................................................................................................ 3
LEGAL PROVISIONS ................................................................................................................... 4
REFERENCE MATERIALS ............................................................................................................ 4
SECTION 2: INSURER MEMBER’S LEVY INFORMATION ....................................................... 7
OVERVIEW .................................................................................................................................. 7
ERROR IN LEVY INFORMATION .................................................................................................. 8
OVERDUE CHARGES AND LEVY SURCHARGE .......................................................................... 10
TRANSITION ASSESSMENT YEAR .............................................................................................. 10
SECTION 3: EXTERNAL AUDITOR’S VALIDATION BASED ON LIMITED ASSURANCE ENGAGEMENT ................................................................................................................ 12
CRITERIA FOR APPOINTMENT OF AN EXTERNAL AUDITOR ..................................................... 12
VALIDATION REQUIREMENTS OF THE LIMITED ASSURANCE ENGAGEMENT .......................... 12
SCOPE AND NATURE OF THE LIMITED ASSURANCE ENGAGEMENT ........................................ 13
SUBMISSION DATES OF THE ASSURANCE REPORT AND DETAILED ACTION PLAN AND TIMELINE .................................................................................................................................. 16
APPENDIX 1: EXAMPLES OF ERROR IN LEVY INFORMATION ............................................. 18
APPENDIX 2: PROCESS FLOW CHART FOR ENHANCED VALIDATION PROGRAMME ........... 24
SECTION 1: INTRODUCTION
BACKGROUND
1.1 In exercise of the powers conferred by paragraph 209(1)(b) of the Malaysia Deposit Insurance Corporation Act 2011 (“the Act”), Perbadanan Insurans Deposit Malaysia (“PIDM”) issued the Guidelines on Validation Programme: Differential Levy Systems and Levies Calculation for insurer members¹ (“insurer members”) on 6 January 2014 and these were last revised on 30 March 2020 (“2020 Guidelines”).
1.2 The 2020 Guidelines, among others, set out the detailed scope, procedures and PIDM’s requirements in respect of the annual independent validation to be performed by an insurer member’s internal auditor and external auditor (“Validation Programme”) on the insurer member’s levy information² (“levy information”).
Enhanced Validation Programme
1.3 These Guidelines provide for the enhancement to the Validation Programme. As part of PIDM’s enhancement of the Validation Programme (“enhanced Validation Programme”), moving forward, only insurer members who receive a Notice of Error³ from PIDM in respect of erroneous levy information (as described in paragraph 2.7 below) are required to perform independent validation. In such circumstance, an insurer member who has received a Notice of Error will be required to appoint an external auditor to perform an independent validation as described in Section 3 of these Guidelines.
¹ As defined in Section 2 of the Act, insurer member means a member institution of PIDM that is an insurance company or a takaful operator. ² The levy information refers to an insurer member’s levy related information to be submitted to PIDM pursuant to the Guidelines on Differential Levy Systems Framework for Insurance Companies issued on 30 March 2020 ("DLS Guidelines"), Guidelines on Differential Levy Systems Framework for Takaful Operators issued on 30 March 2020 ("DLST Guidelines") and Guidelines on Takaful and Insurance Benefits Protection System: Submission of Returns on Calculation of Levies for Takaful and Insurance Businesses issued on 30 March 2020 ("RCL Guidelines”). The levy information will form the basis for the determination of the annual levy payable by the insurer member. ³ As defined in paragraph 2.8 below.
1.4 These Guidelines are effective beginning assessment year 2021 and shall supersede the Guidelines on Validation Programme: Differential Levy Systems and Levies Calculation issued on 30 March 2020.
LEGAL PROVISIONS
1.5 Pursuant to Section 193 of the Act, any person who prepares, signs, approves or concurs in any account, statement, return, report or other document required for submission to PIDM that he or she knows or has reason to believe is false or contains false or misleading information, commits an offence punishable by fine or imprisonment or both.
1.6 Section 96 of the Act provides that PIDM may examine or commission another person, to conduct an examination of the operations of an insurer member, and that the scope of audit may include the examination of:
(a) whether proper and adequate records of its takaful or insurance benefits liabilities are maintained by the insurer member; or
(b) whether reports made by the insurer member on its levies, takaful liabilities or insurance liabilities are substantially correct.
1.7 Pursuant to Section 202 of the Act, PIDM may require an insurer member to submit additional information relevant to its levy information. Any person who fails to comply with PIDM’s request for additional information commits an offence punishable by fine.
REFERENCE MATERIALS
1.8 Insurer members may refer to the following in relation to the Differential Levy Systems for Insurance Companies Framework (“DLS”), Differential Levy Systems for Takaful Operators Framework (“DLST”) and Returns on Calculation of Levies for Takaful and Insurance Businesses (“RCL”) reporting processes:
(a) the Act;
(b) the DLS Guidelines;
(c) the DLST Guidelines;
(d) the RCL Guidelines;
(e) the Malaysia Deposit Insurance Corporation (Protected Benefits) Regulations 2020;
(f) the Malaysia Deposit Insurance Corporation (Protected Benefits Limit) Order 2020;
(g) the Malaysia Deposit Insurance Corporation (Differential Premium Systems in respect of Insurer Members) Regulations 2012;⁴
(h) the Malaysia Deposit Insurance Corporation (First Premium and Annual Premium in respect of Insurer Members) Order 2016;⁵
(i) the Malaysia Deposit Insurance Corporation (Overdue Charges) Regulations 2012; and
(j) Guidelines on Premium Surcharge Framework issued on 30 October 2013.
1.9 Unless expressly stated otherwise, any information or document required to be submitted to PIDM under these Guidelines, including any letter, report, form, returns and action plan, shall be submitted online through PIDM’s portal. The original hard copy shall be kept by the insurer member.
1.10 A reference to a statute or other law includes regulations and other instruments under it and consolidations, amendments, re-enactments or replacements of any of them.
1.11 PIDM may specify such other periods or dates for compliance with any of the provisions in these Guidelines, or for any act to be done, in such form and subject to such terms and conditions as PIDM thinks fit.
⁴ As amended by the Malaysia Deposit Insurance Corporation (Differential Premium Systems in respect of Insurer Members) (Amendment) Regulations 2016, Malaysia Deposit Insurance Corporation (Differential Premium Systems in respect of Insurer Members) (Amendment) Regulations 2019 and Malaysia Deposit Insurance Corporation (Differential Premium Systems in respect of Insurer Members) (Amendment) Regulations 2020. ⁵ As amended by the Malaysia Deposit Insurance Corporation (First Premium and Annual Premium in respect of Insurer Members) (Amendment) Order 2020.
1.12 Enquiries relating to these Guidelines may be directed to:
Risk Assessment & Resolution Division General Line : 03-2173 7436 / 03-2265 6565 Fax : 03-2173 7494 Email : [email protected]
SECTION 2: INSURER MEMBER’S LEVY INFORMATION
OVERVIEW
2.1 An insurer member is required to submit to PIDM the following levy information (in the manner set out under the respective guidelines mentioned below) in respect of each assessment year:
(a) certified DLS or DLST quantitative information by the timeline set out in the DLS or DLST Guidelines; and
(b) certified RCL by the timeline set out in the RCL Guidelines.
2.2 An insurer member is also required to complete and submit the levy information based on information obtained from the sources as set out in the DLS, DLST and RCL Guidelines. These include, without limitation, the Insurance Companies Statistical Submission (“ICSS”), Takaful Operators Statistical System (“TOSS”), Risk-Based Capital Framework for Insurers (“RBC”) or Risk Based Capital Framework for Takaful Operators (“RBCT”) reporting forms, audited financial statements and management approved financial records, or other supporting sources of information for the relevant financial periods required.
2.3 The requirements of providing certification to the levy information by the relevant authorised persons under the DLS, DLST and RCL Guidelines remain applicable. Insurer members are accountable and responsible to ensure the levy information is accurate and complies with the requirements in the DLS, DLST and RCL Guidelines.
2.4 Insurer members should have and maintain proper governance and adequate internal controls with relevant resources and capabilities, comprehensive policies and procedures, as well as adequate systems to ensure that accurate and timely levy information is submitted to PIDM.
2.5 In addition to the above, the independent oversight of the internal auditor of insurer members remains important to ensure that the relevant systems, processes and controls are consistently reviewed and remain effective.
ERROR IN LEVY INFORMATION
2.6 Where the levy information submitted to PIDM contains error(s) that result in a change to the DLS’ or DLST’s indicator’s result and/or indicator’s score but do not affect the levy category and/or levy amount payable in the current assessment year, PIDM will notify the insurer member in writing of the error(s). The insurer member is required to submit a revised levy information with its certification, as well as to provide a written explanation on the root cause of the error(s) and rectification status for the error(s) within fourteen (14) days from the date of being notified by PIDM.
2.7 However, an insurer member will be notified in writing by way of a Notice of Error (as defined in paragraph 2.8 below) and is required to appoint an external auditor to perform an independent validation in accordance with Section 3 of these Guidelines in the following circumstances:
(a) where the insurer member has for three (3) consecutive assessment years submitted levy information that contained error(s) that result in a change to the DLS’ or DLST’s indicator’s result;
(b) where the insurer member has for three (3) consecutive assessment years submitted levy information that contained error(s) that result in a change to the DLS’ or DLST’s indicator’s score;
(c) where the levy information submitted by the insurer member to PIDM for the current assessment year contains an error or errors that result(s) in a change to the levy category; or
(d) where the levy information submitted by the insurer member to PIDM for the current assessment year contains an error or errors that result(s) in a change to the levy amount payable.
2.8 A Notice of Error is a letter issued by PIDM to the insurer member’s Chief Executive Officer and Chairman of the Audit Committee to notify them about the error(s) in the levy information that have been identified by PIDM as resulting in a change of any of the matters set out in paragraph 2.7 above.
2.9 Upon receipt of the Notice of Error, the insurer member is required to complete the reporting processes and requirements set out in Column 2 of Table 1 below and in accordance with the timelines set out in Column 1 of Table 1 below:
Table 1: Reporting Processes and Requirements Upon Issuance of a Notice of Error
| No. | Column 1 Timeline | Column 2 Reporting Processes and Requirements |
|---|---|---|
| (a) | Within fourteen (14) days from the date of the Notice of Error (or the immediate preceding working day if the 14th day falls on a weekend or a public holiday in Kuala Lumpur) | Step 1: Submit the revised levy information and its certification to PIDM. |
| Step 2: Remit any unpaid levy including overdue charges (if any), if the error(s) affect the actual amount of levy payable to PIDM. | ||
| (b) | Within one hundred and fifty (150) days from the date of the Notice of Error (or the immediate preceding working day if the 150th day falls on a weekend or a public holiday in Kuala Lumpur) | Step 3: Appoint an external auditor to perform an independent validation in accordance with Section 3 of these Guidelines. |
| Step 4: Submit an assurance report including exceptions or findings, explanation on the root cause of the error(s) and a detailed action plan together with the proposed timeline to address such exceptions or findings to PIDM. All reports are required to be addressed and tabled to the insurer member’s Audit Committee, prior to the submission to PIDM. | ||
| Step 5: If additional error(s) were identified by the external auditor, submit the revised levy information and its certification to PIDM, as well as remit any unpaid levy including overdue charges (if any) should the error(s) affect the actual amount of levy payable to PIDM. |
2.10 For further references, please refer to Appendix 1 on the examples of error in levy information, including the process for resubmission and overdue charges computation, and Appendix 2 on the process flow chart for the enhanced Validation Programme.
OVERDUE CHARGES AND LEVY SURCHARGE
2.11 For any unpaid levy that is due and payable but has not been paid by an insurer member on the due date,⁶ PIDM will impose an overdue charge on such unpaid levy pursuant to Section 76 of the Act. The overdue charge is calculated in accordance with the Malaysia Deposit Insurance Corporation (Overdue Charges) Regulations 2012 as follows:
Unpaid levy x 10% x [Number of days elapsed / 365 Days]
2.12 Non-compliance with any requirements of PIDM’s guidelines, regulations or orders by an insurer member could result in an imposition of a levy surcharge pursuant to Section 75 of the Act. The details and criteria for determining the triggering for levy surcharge are set out in the Guidelines on Premium Surcharge Framework issued on 30 October 2013.
TRANSITION ASSESSMENT YEAR
2.13 These Guidelines are effective from assessment year 2021, with a one (1) year transition period i.e., assessment year 2021 (“Transition Assessment Year”). This is to allow insurer members to have sufficient time and resources to prepare for the implementation of the enhanced Validation Programme under these Guidelines.
2.14 During the Transition Assessment Year, an insurer member that submits erroneous levy information described in paragraph 2.7 above is not required to appoint an external auditor to perform an independent validation on the revised levy information submitted to PIDM. However, the insurer member is still required to submit to PIDM the revised levy information and provide a written explanation on the root cause of error(s), as well as rectification status for the error(s) within fourteen (14) days of being notified by PIDM. If the error(s) in the levy information affects the amount of levy payable for the Transition Assessment Year, the insurer member shall remit any unpaid levy including the overdue charge to PIDM together with the submission of the revised levy information.
⁶ Please refer to the DLS Guidelines and DLST Guidelines on the payment due date for levies.
2.15 For the avoidance of doubt:
(a) paragraph 2.6 shall apply during the Transition Assessment Year; and
(b) when an insurer member submits levy information containing error(s) as described in paragraph 2.6 in the Transition Assessment Year, such error(s) will be regarded as error(s) committed for the purposes of paragraph 2.7(a) or (b) of these Guidelines in the subsequent assessment years.
SECTION 3: EXTERNAL AUDITOR’S VALIDATION BASED ON LIMITED ASSURANCE ENGAGEMENT
CRITERIA FOR APPOINTMENT OF AN EXTERNAL AUDITOR
3.1. The appointed external auditor shall be a professional accountant in public practice in Malaysia and qualified to issue an opinion in accordance with the requirements set out in the International Standards on Assurance Engagements (“ISAE”) 3000 – Assurance Engagement Other Than Audits or Reviews of Historical Financial Information.
3.2. The independent validation performed by the appointed external auditor shall be based on the limited assurance engagement.
3.3. An insurer member shall not appoint the same external auditor to perform the independent validation under these Guidelines, if that external auditor had carried out a review or validation of the insurer member’s original levy information submitted to PIDM in the relevant assessment year.
VALIDATION REQUIREMENTS OF THE LIMITED ASSURANCE ENGAGEMENT
3.4. The appointed external auditor is required to ensure that the validation requirements set out in this section are met.
3.5. The validation requirements generally cover two (2) areas:
(a) Assess the operational effectiveness of the insurer member’s internal controls
In order to ensure compliance with the requirements of the DLS, DLST and RCL Guidelines, the insurer member is required to maintain proper and effective internal controls and processes for the relevant information compilation, checking, approval and submission processes and procedures. The insurer member is required to appoint an external auditor to assess the effectiveness of its internal controls and identify any deficiency in the relevant controls that needs to be enhanced.
(b) Validate the levy information based on the requirements specified in the DLS, DLST and RCL Guidelines
To ensure that the revised levy information submitted to PIDM has fully complied with the requirements of the DLS, DLST and RCL Guidelines, the insurer member is required to appoint an external auditor to validate the revised levy information.
SCOPE AND NATURE OF THE LIMITED ASSURANCE ENGAGEMENT
3.6. The scope and nature of the independent validation based on the limited assurance engagement under ISAE 3000 will focus on the processes of preparing the revised levy information based on the sources of information.⁷
3.7. Table 2 below provides a guidance on the minimum scope of independent validation that is required to be performed by the external auditor.
Table 2: Minimum Scope of Independent Validation
| No | Minimum Scope of Independent Validation |
|---|---|
| 1. | Overall Control Environment Assessment |
| Policies and procedures are formally and adequately documented, kept up-to-date, and circulated to all concerned personnel to ensure effective communication of the requirements, data sources, processes and procedures for compliance with the DLS, DLST and RCL Guidelines. | |
| 2. | Operational Controls Assessment |
| (a) Information identification, preparation and data extraction | |
| (i) Operating manuals relating to the information identification, data mapping preparation and data extraction processes are in place to provide guidance for all concerned personnel, facilitate understanding, and stipulate requirements for responsible personnel on the related operations. | |
| (ii) Clear definitions of roles and responsibilities relating to the information identification, preparation, data extraction, performance and accountability of related processes are provided and effectively communicated to all concerned personnel. | |
| (iii) Review procedures are in place and operating effectively for automated or manual processes in data identification, preparation and extraction processes to ensure that the automated or manual processing is complete, accurate, authorised, and in accordance with the DLS, DLST and RCL Guidelines. | |
| (b) Reconciliation and verification of data | |
| (i) Formal operating manuals relating to the data reconciliation and verification processes are documented to provide guidance for all concerned personnel, facilitate understanding, and stipulate requirements for responsible personnel on the related operations. | |
| (ii) Clear definitions of roles and responsibilities relating to the reconciliation, verification, accountability and performance of related processes are provided and effectively communicated to all concerned personnel. | |
| (iii) Adequate and appropriate reconciliation procedures are in place to ensure completeness and accuracy of the information. For example, where information is not directly obtained from the sources of information, it should be reconciled with the underlying financial records. | |
| (iv) Automated or manual verification procedures are in place and operating effectively to ensure that the data and information prepared are in compliance with the requirements set out in the DLS, DLST and RCL Guidelines. Discrepancy handling procedures are in place to ensure that: • discrepancies noted are recorded, and are timely and completely followed up by the appropriate personnel; and • verification results are reviewed to ensure that all discrepancies are followed up and resolved. |
|
| (c) Approval and submission of information | |
| (i) Formal operating manuals relating to the approval and submission of information to PIDM are documented to provide guidance for all concerned personnel, facilitate understanding, and stipulate requirements for responsible personnel on the related operations. | |
| (ii) Clear definitions of roles and responsibilities relating to the approval or accountability and submission of information to PIDM and performance of related processes are provided and effectively communicated to all concerned personnel. | |
| (iii) Review procedures are in place and operating effectively prior to submission to PIDM to ensure that all information required is prepared in the specified format, reconciled, verified, and compiled for submission. | |
| 3. | Related Application⁸ Controls Assessment (if applicable) |
| (a) Application or systems documentation | |
| The application used must be developed or implemented using the internally approved System Development Life Cycle or Information Technology (IT) project management processes. This will include, but not limited to, user requirement, architecture and design, entity relationship diagrams, user acceptance tests, installation guides and user manuals. | |
| (b) Application change management controls | |
| Change management controls are in place to ensure that changes in relevant systems (for example, any changes to data extraction programs and automated data checking procedures) are properly managed and monitored for compliance with the requirements set out in the DLS, DLST and RCL Guidelines. | |
| (c) Access security management controls | |
| Physical and logical access to the related applications and data are restricted to authorised personnel only. Access should be granted to individuals involved in the related processes on a “need to have” basis. These access privileges must be approved and reviewed periodically. | |
| (d) End-user computing or tagging management controls | |
| Controls and security over end-user computing or tagging are in place to ensure the information integrity and security of end-user maintained applications and information for example, the internal control on automated computation or any system tagging are in place. | |
| 4. | Reporting Forms Validation |
| Reporting forms are in compliance to the DLS, DLST and RCL Guidelines and that all data are extracted from the right sources as per the DLS, DLST and RCL Guidelines. The review is required to be performed on the levy information i.e., both the DLS or DLST quantitative information and RCL based on the latest submission to PIDM. |
⁷ Sources of information are the key sources such as ICSS, TOSS and RBC or RBCT reporting forms for insurance companies and takaful operators, audited financial statements and management approved financial records/other supporting information. ⁸ Application refers to the systems, tools or programs that are used to extract data from the sources or those that are intended for checking and verifying data automatically including the applications that provide information for PIDM’s requirements e.g. classification of benefit types as stipulated in the RCL Guidelines.
3.8. For the avoidance of doubt, the scope and extent of the independent validation to be undertaken by the external auditor should not be limited to or restricted by the minimum scope as set out in Table 2 above. The scope of the independent validation shall cover such other areas as it is required in order for the external auditor to issue an opinion on the independent validation to PIDM.
3.9. If the external auditor appointed to perform the independent validation under these Guidelines is the same auditor who has performed a statutory audit for the insurer member, and the statutory audit covered the scope on processes and controls over the maintenance of the source documents and application systems, the external auditor may not be required to include such scope for the independent validation. However, such information may still need to be considered in the course of the independent validation to identify the root cause and implication of the error(s).
SUBMISSION DATES OF THE ASSURANCE REPORT AND DETAILED ACTION PLAN AND TIMELINE
3.10. The insurer member is required to submit the assurance report pursuant to the independent validation performed by the appointed external auditor including exceptions or findings, explanation on the root cause of error(s) and the detailed action plan together with the proposed timeline to address such exceptions or findings to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to the insurer member’s Audit Committee, prior to the submission to PIDM.
3.11. In the event that additional error(s) were identified based on the external auditor’s independent validation, the external auditor shall liaise with the insurer member to rectify the error(s). The insurer member is required to submit the revised levy information and its certification, as well as pay any unpaid levy to PIDM, which includes the overdue charge, if any, within one hundred and fifty (150) days from the date of the Notice of Error.
Perbadanan Insurans Deposit Malaysia 10 February 2021
APPENDIX 1: EXAMPLES OF ERROR IN LEVY INFORMATION
As stated in paragraph 2.7 above, there are four (4) circumstances under which errors can trigger a resubmission and require an independent validation to be performed by an external auditor. The scenarios below are in relation to a general insurance company and they are strictly for illustration purposes only.
Scenario 1: Error in the DLS’ indicator’s result for three (3) consecutive assessment years.
Note: The error gives rise to a change in the indicator’s result but does not change the indicator score or the overall levy category.
Summary of error:
| Assessment year | Initial submission with error | Resubmission by insurer member | ||||
|---|---|---|---|---|---|---|
| Result | Score | Levy category | Result | Score | Levy category | |
| 2023 | 16.15% | 5% | 2 | 15.98% | 5% | 2 |
In assessment year 2023, an error was identified in Insurance Company A’s receivable ratio that affected the indicator’s result as shown above, but the error did not affect the indicator’s score, levy category or levy amount payable. Errors were also identified in other indicators that affected the indicator’s result for the past two (2) consecutive assessment years i.e., the combined ratio in assessment year 2021 and receivable ratio in assessment year 2022.
A Notice of Error will be issued to Insurance Company A in assessment year 2023. Insurance Company A will be required to submit to PIDM its revised DLS quantitative information for assessment year 2023 together with its certification within fourteen (14) days from the date of the Notice of Error.
At the same time, Insurance Company A is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company A’s Audit Committee, prior to the submission to PIDM.
Scenario 2: Error in the DLS’ indicator’s score for three (3) consecutive assessment years.
Note: The error gives rise to a change in the indicator’s score but does not change the overall levy category.
Summary of error:
| Assessment year | Initial submission with error | Resubmission by insurer member | ||||
|---|---|---|---|---|---|---|
| Result | Score | Levy category | Result | Score | Levy category | |
| 2023 | 14.98% | 10% | 2 | 16.67% | 5% | 2 |
In assessment year 2023, an error was identified in Insurance Company B’s receivable ratio that affected the indicator’s score as shown above, but the error did not affect the levy category or levy amount payable for assessment year 2023. Errors were also identified in other indicators that affected the indicator’s score for the past two (2) consecutive assessment years i.e., the gross premium growth ratio in assessment year 2021 and combined ratio in assessment year 2022.
A Notice of Error will be issued to Insurance Company B in assessment year 2023. Insurance Company B will be required to submit to PIDM its revised DLS quantitative information for assessment year 2023 together with its certification within fourteen (14) days from the date of the Notice of Error.
At the same time, Insurance Company B is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company B’s Audit Committee, prior to the submission to PIDM.
Scenario 3: Error in the levy category for the current assessment year.
Note: The error gives rise to a change in the indicator’s score and overall levy category.
Summary of error:
| Assessment year | Initial submission with error | Resubmission by insurer member | Unpaid levy (RM’ 000) | ||||
|---|---|---|---|---|---|---|---|
| Result | Score | Levy category | Result | Score | Levy category | ||
| 2022 | 14.67% | 10% | 2 | 15.98% | 5% | 3 | 100 |
In assessment year 2022, an error was identified in Insurance Company C’s receivable ratio. The error resulted in a change in the score of its receivable ratio, which in turn changed the levy category as shown above.
A Notice of Error will be issued to Insurance Company C in assessment year 2022. Insurance Company C will be required to submit to PIDM its revised DLS quantitative information and RCL for assessment year 2022 together with its certification, as well as remit the unpaid levy including the overdue charge within fourteen (14) days from the date of the Notice of Error. The computation of the unpaid levy including the overdue charge is illustrated in table below.
| (a) | Unpaid levy | RM100,000 |
|---|---|---|
| (b) | Due date of annual levy payment | 31 May 2022 |
| (c) | Notice of Error issued by PIDM | 15 June 2022 |
| (d) | Resubmission of levy information & remittance of unpaid levy | 17 June 2022 |
| (e) | Number of days elapsed [(d) – (b)] | 16 days |
| (f) | Overdue charge calculation [(a) x 10% x (e)/365] | RM100,000 X 10% X [16 / 365 days] = RM438 |
| Total of unpaid levy and overdue charge for Insurance Company C [(a) + (f)] | RM100,438 |
The total unpaid levy and overdue charge of RM100,438 is remitted to PIDM on 17th June 2022. Insurance Company C is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company C’s Audit Committee, prior to the submission to PIDM.
Scenario 4: Error in the levy amount payable for the current assessment year.
Note: The error gives rise to a change in the total levy payable, which is illustrated in (a) and (b) below.
In assessment year 2022, an error in Insurance Company D’s levy payable was identified.
(a) An error was noted in the total net premiums received for general insurance business
| Assessment year | Initial submission with error | Resubmission by insurer member | |||||
|---|---|---|---|---|---|---|---|
| Total net premiums [A] (RM’ 000) | Levy rate | Levy payable (RM’ 000) | Revised total net premiums [B] (RM’ 000) | Difference [C = B – A] (RM’ 000) | Levy rate [D] | Unpaid levy [C * D] (RM’ 000) | |
| 2022 | 500,000 | 0.1% | 500 | 600,000 | 100,000 | 0.1% | 100 |
The error was identified in the total net premiums reported by Insurance Company D as shown above that led to the change in the levy amount payable for assessment year 2022.
A Notice of Error will be issued to Insurance Company D in assessment year 2022. Insurance Company D is required to submit its revised RCL for assessment year 2022 together with its certification, as well as remit the unpaid levy payable to PIDM including the overdue charge within fourteen (14) days from the date of the Notice of Error.
The computation of the unpaid levy including the overdue charge is illustrated below.
| (a) | Unpaid levy | RM100,000 |
|---|---|---|
| (b) | Due date of annual levy payment | 31 May 2022 |
| (c) | Notice of Error issued by PIDM | 15 June 2022 |
| (d) | Resubmission of levy information & remittance of unpaid levy | 29 June 2022 |
| (e) | Number of days elapsed [(d) – (b)] | 28 days |
| (f) | Overdue charge calculation [(a) x 10% x (e) / 365] | RM100,000 X 10% X [28 / 365 days] = RM767 |
| Total of unpaid levy and overdue charge for Insurance Company D [(a) + (f)] | RM100,767 |
The total unpaid levy and overdue charge of RM100,767 is remitted to PIDM on 29th June 2022. Insurance Company D is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company D’s Audit Committee, prior to the submission to PIDM.
(b) Error noted in the levy rate used
| Assessment year | Initial submission with error | Resubmission by insurer member | |||||
|---|---|---|---|---|---|---|---|
| Total net premiums (RM’ 000) | Levy rate | Levy payable [A] (RM’ 000) | Total net premiums (RM’ 000) | Levy rate | Revised levy payable [B] (RM’ 000) | Unpaid levy [B – A] (RM’ 000) | |
| 2022 | 500,000 | 0.05% | 250 | 500,000 | 0.1% | 500 | 250 |
The error was identified in the levy rate used by Insurance Company D as shown above that led to the change in the levy payable for assessment year 2022.
A Notice of Error will be issued to Insurance Company D in assessment year 2022. Insurance Company D will be required to submit its revised RCL for assessment year 2022 together with its certification, as well as remit the unpaid levy payable to PIDM including the overdue charge within fourteen (14) days from the date of the Notice of Error.
The computation of the unpaid levy including the overdue charge is illustrated below.
| (a) | Unpaid levy | RM250,000 |
|---|---|---|
| (b) | Due date of annual levy payment | 31 May 2022 |
| (c) | Notice of Error issued by PIDM | 27 June 2022 |
| (d) | Resubmission of levy information & remittance of unpaid levy | 29 June 2022 |
| (e) | Number of days elapsed [(d) – (b)] | 28 days |
| (f) | Overdue charge calculation [(a) x 10% x (e) / 365] | RM250,000 X 10% X [28 / 365 days] = RM1,918 |
| Total of unpaid levy and overdue charge for Insurance Company D [(a) + (f)] | RM251,918 |
The total unpaid levy and overdue charge of RM251,918 is remitted to PIDM on 29th June 2022. Insurance Company D is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company D’s Audit Committee, prior to the submission to PIDM.
Subsequently, additional errors were identified by the external auditor in Insurance Company D’s revised levy information, which resulted in further unpaid levy of RM50,000. Insurance Company D is required to rectify the errors and submit the revised levy information to PIDM together with the unpaid levy including the overdue charge within one hundred and fifty (150) days from the date of the Notice of Error as illustrated in the table below:
| (a) | Unpaid levy | RM50,000 |
|---|---|---|
| (b) | Due date of annual levy payment | 31 May 2022 |
| (c) | Notice of Error issued by PIDM | 27 June 2022 |
| (d) | Resubmission of levy information & remittance of unpaid levy | 14 November 2022 |
| (e) | Number of days elapsed [(d) – (b)] | 166 |
| (f) | Overdue charge calculation [(a) x 10% x (e) / 365] | RM50,000 X 10% X [166 / 365 days] = RM2,274 |
| Total of unpaid levy and overdue charge for Insurance Company D [(a) + (f)] | RM52,274 |
The additional unpaid levy and overdue charge of RM52,274 is remitted to PIDM on 14th November 2022.
APPENDIX 2: PROCESS FLOW CHART FOR ENHANCED VALIDATION PROGRAMME
[Flowchart Description]
- Start
- Insurer members submit the certified DLS or DLST quantitative information to PIDM
- PIDM notifies insurer members on the final levy category
- Insurer members submit the certified RCL with levies payment
- Decision: Errors in levy information in current assessment year?
- No: End
- Yes: Decision: Errors in levy information as set out in paragraph 2.7 is identified?
- No: Submit the revised levy information with its certification & explain the root cause of the error(s) and rectification status to PIDM within 14 days from the date of being notified by PIDM. (End)
- Yes: PIDM issues Notice of Error. Insurer member submits its revised levy information & remit unpaid levy including overdue charge, if any, to PIDM within 14 days from the date of the Notice of Error.
- Appoint an external auditor to conduct independent validation
- Submit the assurance report to PIDM together with the detailed action plan and the proposed timeline to address such exceptions or findings within 150 days from the date of the Notice of Error after tabling to the Audit Committee
- Decision: Additional errors identified based on the external auditor’s validation?
- No: End
- Yes: Rectify the error(s) and resubmit the revised levy information and its certification, as well as remit unpaid levy including the overdue charge, if any, to PIDM within 150 days from the date of the Notice of Error. (End)
# GUIDELINES ON VALIDATION PROGRAMME: DIFFERENTIAL LEVY SYSTEMS AND LEVIES CALCULATION
**ISSUE DATE : 10 FEBRUARY 2021**
---
# TABLE OF CONTENTS
**SECTION 1: INTRODUCTION .............................................................................................. 3**
BACKGROUND ............................................................................................................................ 3
LEGAL PROVISIONS ................................................................................................................... 4
REFERENCE MATERIALS ............................................................................................................ 4
**SECTION 2: INSURER MEMBER’S LEVY INFORMATION ....................................................... 7**
OVERVIEW .................................................................................................................................. 7
ERROR IN LEVY INFORMATION .................................................................................................. 8
OVERDUE CHARGES AND LEVY SURCHARGE .......................................................................... 10
TRANSITION ASSESSMENT YEAR .............................................................................................. 10
**SECTION 3: EXTERNAL AUDITOR’S VALIDATION BASED ON LIMITED ASSURANCE ENGAGEMENT ................................................................................................................ 12**
CRITERIA FOR APPOINTMENT OF AN EXTERNAL AUDITOR ..................................................... 12
VALIDATION REQUIREMENTS OF THE LIMITED ASSURANCE ENGAGEMENT .......................... 12
SCOPE AND NATURE OF THE LIMITED ASSURANCE ENGAGEMENT ........................................ 13
SUBMISSION DATES OF THE ASSURANCE REPORT AND DETAILED ACTION PLAN AND TIMELINE .................................................................................................................................. 16
**APPENDIX 1: EXAMPLES OF ERROR IN LEVY INFORMATION ............................................. 18**
**APPENDIX 2: PROCESS FLOW CHART FOR ENHANCED VALIDATION PROGRAMME ........... 24**
---
# SECTION 1: INTRODUCTION
## BACKGROUND
1.1 In exercise of the powers conferred by paragraph 209(1)(b) of the Malaysia Deposit Insurance Corporation Act 2011 (“the Act”), Perbadanan Insurans Deposit Malaysia (“PIDM”) issued the Guidelines on Validation Programme: Differential Levy Systems and Levies Calculation for insurer members¹ (“insurer members”) on 6 January 2014 and these were last revised on 30 March 2020 (“2020 Guidelines”).
1.2 The 2020 Guidelines, among others, set out the detailed scope, procedures and PIDM’s requirements in respect of the annual independent validation to be performed by an insurer member’s internal auditor and external auditor (“Validation Programme”) on the insurer member’s levy information² (“levy information”).
## Enhanced Validation Programme
1.3 These Guidelines provide for the enhancement to the Validation Programme. As part of PIDM’s enhancement of the Validation Programme (“enhanced Validation Programme”), moving forward, only insurer members who receive a Notice of Error³ from PIDM in respect of erroneous levy information (as described in paragraph 2.7 below) are required to perform independent validation. In such circumstance, an insurer member who has received a Notice of Error will be required to appoint an external auditor to perform an independent validation as described in Section 3 of these Guidelines.
---
¹ As defined in Section 2 of the Act, insurer member means a member institution of PIDM that is an insurance company or a takaful operator.
² The levy information refers to an insurer member’s levy related information to be submitted to PIDM pursuant to the Guidelines on Differential Levy Systems Framework for Insurance Companies issued on 30 March 2020 ("DLS Guidelines"), Guidelines on Differential Levy Systems Framework for Takaful Operators issued on 30 March 2020 ("DLST Guidelines") and Guidelines on Takaful and Insurance Benefits Protection System: Submission of Returns on Calculation of Levies for Takaful and Insurance Businesses issued on 30 March 2020 ("RCL Guidelines”). The levy information will form the basis for the determination of the annual levy payable by the insurer member.
³ As defined in paragraph 2.8 below.
---
1.4 These Guidelines are effective beginning assessment year 2021 and shall supersede the Guidelines on Validation Programme: Differential Levy Systems and Levies Calculation issued on 30 March 2020.
## LEGAL PROVISIONS
1.5 Pursuant to Section 193 of the Act, any person who prepares, signs, approves or concurs in any account, statement, return, report or other document required for submission to PIDM that he or she knows or has reason to believe is false or contains false or misleading information, commits an offence punishable by fine or imprisonment or both.
1.6 Section 96 of the Act provides that PIDM may examine or commission another person, to conduct an examination of the operations of an insurer member, and that the scope of audit may include the examination of:
(a) whether proper and adequate records of its takaful or insurance benefits liabilities are maintained by the insurer member; or
(b) whether reports made by the insurer member on its levies, takaful liabilities or insurance liabilities are substantially correct.
1.7 Pursuant to Section 202 of the Act, PIDM may require an insurer member to submit additional information relevant to its levy information. Any person who fails to comply with PIDM’s request for additional information commits an offence punishable by fine.
## REFERENCE MATERIALS
1.8 Insurer members may refer to the following in relation to the Differential Levy Systems for Insurance Companies Framework (“DLS”), Differential Levy Systems for Takaful Operators Framework (“DLST”) and Returns on Calculation of Levies for Takaful and Insurance Businesses (“RCL”) reporting processes:
(a) the Act;
(b) the DLS Guidelines;
(c) the DLST Guidelines;
(d) the RCL Guidelines;
(e) the Malaysia Deposit Insurance Corporation (Protected Benefits) Regulations 2020;
(f) the Malaysia Deposit Insurance Corporation (Protected Benefits Limit) Order 2020;
(g) the Malaysia Deposit Insurance Corporation (Differential Premium Systems in respect of Insurer Members) Regulations 2012;⁴
(h) the Malaysia Deposit Insurance Corporation (First Premium and Annual Premium in respect of Insurer Members) Order 2016;⁵
(i) the Malaysia Deposit Insurance Corporation (Overdue Charges) Regulations 2012; and
(j) Guidelines on Premium Surcharge Framework issued on 30 October 2013.
1.9 Unless expressly stated otherwise, any information or document required to be submitted to PIDM under these Guidelines, including any letter, report, form, returns and action plan, shall be submitted online through PIDM’s portal. The original hard copy shall be kept by the insurer member.
1.10 A reference to a statute or other law includes regulations and other instruments under it and consolidations, amendments, re-enactments or replacements of any of them.
1.11 PIDM may specify such other periods or dates for compliance with any of the provisions in these Guidelines, or for any act to be done, in such form and subject to such terms and conditions as PIDM thinks fit.
---
⁴ As amended by the Malaysia Deposit Insurance Corporation (Differential Premium Systems in respect of Insurer Members) (Amendment) Regulations 2016, Malaysia Deposit Insurance Corporation (Differential Premium Systems in respect of Insurer Members) (Amendment) Regulations 2019 and Malaysia Deposit Insurance Corporation (Differential Premium Systems in respect of Insurer Members) (Amendment) Regulations 2020.
⁵ As amended by the Malaysia Deposit Insurance Corporation (First Premium and Annual Premium in respect of Insurer Members) (Amendment) Order 2020.
---
1.12 Enquiries relating to these Guidelines may be directed to:
Risk Assessment & Resolution Division
General Line : 03-2173 7436 / 03-2265 6565
Fax : 03-2173 7494
Email : [email protected]
---
# SECTION 2: INSURER MEMBER’S LEVY INFORMATION
## OVERVIEW
2.1 An insurer member is required to submit to PIDM the following levy information (in the manner set out under the respective guidelines mentioned below) in respect of each assessment year:
(a) certified DLS or DLST quantitative information by the timeline set out in the DLS or DLST Guidelines; and
(b) certified RCL by the timeline set out in the RCL Guidelines.
2.2 An insurer member is also required to complete and submit the levy information based on information obtained from the sources as set out in the DLS, DLST and RCL Guidelines. These include, without limitation, the Insurance Companies Statistical Submission (“ICSS”), Takaful Operators Statistical System (“TOSS”), Risk-Based Capital Framework for Insurers (“RBC”) or Risk Based Capital Framework for Takaful Operators (“RBCT”) reporting forms, audited financial statements and management approved financial records, or other supporting sources of information for the relevant financial periods required.
2.3 The requirements of providing certification to the levy information by the relevant authorised persons under the DLS, DLST and RCL Guidelines remain applicable. Insurer members are accountable and responsible to ensure the levy information is accurate and complies with the requirements in the DLS, DLST and RCL Guidelines.
2.4 Insurer members should have and maintain proper governance and adequate internal controls with relevant resources and capabilities, comprehensive policies and procedures, as well as adequate systems to ensure that accurate and timely levy information is submitted to PIDM.
2.5 In addition to the above, the independent oversight of the internal auditor of insurer members remains important to ensure that the relevant systems, processes and controls are consistently reviewed and remain effective.
## ERROR IN LEVY INFORMATION
2.6 Where the levy information submitted to PIDM contains error(s) that result in a change to the DLS’ or DLST’s indicator’s result and/or indicator’s score but do not affect the levy category and/or levy amount payable in the current assessment year, PIDM will notify the insurer member in writing of the error(s). The insurer member is required to submit a revised levy information with its certification, as well as to provide a written explanation on the root cause of the error(s) and rectification status for the error(s) within fourteen (14) days from the date of being notified by PIDM.
2.7 However, an insurer member will be notified in writing by way of a Notice of Error (as defined in paragraph 2.8 below) and is required to appoint an external auditor to perform an independent validation in accordance with Section 3 of these Guidelines in the following circumstances:
(a) where the insurer member has for three (3) consecutive assessment years submitted levy information that contained error(s) that result in a change to the DLS’ or DLST’s indicator’s result;
(b) where the insurer member has for three (3) consecutive assessment years submitted levy information that contained error(s) that result in a change to the DLS’ or DLST’s indicator’s score;
(c) where the levy information submitted by the insurer member to PIDM for the current assessment year contains an error or errors that result(s) in a change to the levy category; or
(d) where the levy information submitted by the insurer member to PIDM for the current assessment year contains an error or errors that result(s) in a change to the levy amount payable.
2.8 A Notice of Error is a letter issued by PIDM to the insurer member’s Chief Executive Officer and Chairman of the Audit Committee to notify them about the error(s) in the levy information that have been identified by PIDM as resulting in a change of any of the matters set out in paragraph 2.7 above.
2.9 Upon receipt of the Notice of Error, the insurer member is required to complete the reporting processes and requirements set out in Column 2 of Table 1 below and in accordance with the timelines set out in Column 1 of Table 1 below:
**Table 1: Reporting Processes and Requirements Upon Issuance of a Notice of Error**
| No. | Column 1 Timeline | Column 2 Reporting Processes and Requirements |
| :--- | :--- | :--- |
| (a) | Within fourteen (14) days from the date of the Notice of Error (or the immediate preceding working day if the 14th day falls on a weekend or a public holiday in Kuala Lumpur) | Step 1: Submit the revised levy information and its certification to PIDM. |
| | | Step 2: Remit any unpaid levy including overdue charges (if any), if the error(s) affect the actual amount of levy payable to PIDM. |
| (b) | Within one hundred and fifty (150) days from the date of the Notice of Error (or the immediate preceding working day if the 150th day falls on a weekend or a public holiday in Kuala Lumpur) | Step 3: Appoint an external auditor to perform an independent validation in accordance with Section 3 of these Guidelines. |
| | | Step 4: Submit an assurance report including exceptions or findings, explanation on the root cause of the error(s) and a detailed action plan together with the proposed timeline to address such exceptions or findings to PIDM. All reports are required to be addressed and tabled to the insurer member’s Audit Committee, prior to the submission to PIDM. |
| | | Step 5: If additional error(s) were identified by the external auditor, submit the revised levy information and its certification to PIDM, as well as remit any unpaid levy including overdue charges (if any) should the error(s) affect the actual amount of levy payable to PIDM. |
2.10 For further references, please refer to Appendix 1 on the examples of error in levy information, including the process for resubmission and overdue charges computation, and Appendix 2 on the process flow chart for the enhanced Validation Programme.
## OVERDUE CHARGES AND LEVY SURCHARGE
2.11 For any unpaid levy that is due and payable but has not been paid by an insurer member on the due date,⁶ PIDM will impose an overdue charge on such unpaid levy pursuant to Section 76 of the Act. The overdue charge is calculated in accordance with the Malaysia Deposit Insurance Corporation (Overdue Charges) Regulations 2012 as follows:
> Unpaid levy x 10% x [Number of days elapsed / 365 Days]
2.12 Non-compliance with any requirements of PIDM’s guidelines, regulations or orders by an insurer member could result in an imposition of a levy surcharge pursuant to Section 75 of the Act. The details and criteria for determining the triggering for levy surcharge are set out in the Guidelines on Premium Surcharge Framework issued on 30 October 2013.
## TRANSITION ASSESSMENT YEAR
2.13 These Guidelines are effective from assessment year 2021, with a one (1) year transition period i.e., assessment year 2021 (“Transition Assessment Year”). This is to allow insurer members to have sufficient time and resources to prepare for the implementation of the enhanced Validation Programme under these Guidelines.
2.14 During the Transition Assessment Year, an insurer member that submits erroneous levy information described in paragraph 2.7 above is not required to appoint an external auditor to perform an independent validation on the revised levy information submitted to PIDM. However, the insurer member is still required to submit to PIDM the revised levy information and provide a written explanation on the root cause of error(s), as well as rectification status for the error(s) within fourteen (14) days of being notified by PIDM. If the error(s) in the levy information affects the amount of levy payable for the Transition Assessment Year, the insurer member shall remit any unpaid levy including the overdue charge to PIDM together with the submission of the revised levy information.
---
⁶ Please refer to the DLS Guidelines and DLST Guidelines on the payment due date for levies.
---
2.15 For the avoidance of doubt:
(a) paragraph 2.6 shall apply during the Transition Assessment Year; and
(b) when an insurer member submits levy information containing error(s) as described in paragraph 2.6 in the Transition Assessment Year, such error(s) will be regarded as error(s) committed for the purposes of paragraph 2.7(a) or (b) of these Guidelines in the subsequent assessment years.
---
# SECTION 3: EXTERNAL AUDITOR’S VALIDATION BASED ON LIMITED ASSURANCE ENGAGEMENT
## CRITERIA FOR APPOINTMENT OF AN EXTERNAL AUDITOR
3.1. The appointed external auditor shall be a professional accountant in public practice in Malaysia and qualified to issue an opinion in accordance with the requirements set out in the International Standards on Assurance Engagements (“ISAE”) 3000 – Assurance Engagement Other Than Audits or Reviews of Historical Financial Information.
3.2. The independent validation performed by the appointed external auditor shall be based on the limited assurance engagement.
3.3. An insurer member shall not appoint the same external auditor to perform the independent validation under these Guidelines, if that external auditor had carried out a review or validation of the insurer member’s original levy information submitted to PIDM in the relevant assessment year.
## VALIDATION REQUIREMENTS OF THE LIMITED ASSURANCE ENGAGEMENT
3.4. The appointed external auditor is required to ensure that the validation requirements set out in this section are met.
3.5. The validation requirements generally cover two (2) areas:
(a) **Assess the operational effectiveness of the insurer member’s internal controls**
In order to ensure compliance with the requirements of the DLS, DLST and RCL Guidelines, the insurer member is required to maintain proper and effective internal controls and processes for the relevant information compilation, checking, approval and submission processes and procedures. The insurer member is required to appoint an external auditor to assess the effectiveness of its internal controls and identify any deficiency in the relevant controls that needs to be enhanced.
(b) **Validate the levy information based on the requirements specified in the DLS, DLST and RCL Guidelines**
To ensure that the revised levy information submitted to PIDM has fully complied with the requirements of the DLS, DLST and RCL Guidelines, the insurer member is required to appoint an external auditor to validate the revised levy information.
## SCOPE AND NATURE OF THE LIMITED ASSURANCE ENGAGEMENT
3.6. The scope and nature of the independent validation based on the limited assurance engagement under ISAE 3000 will focus on the processes of preparing the revised levy information based on the sources of information.⁷
3.7. Table 2 below provides a guidance on the minimum scope of independent validation that is required to be performed by the external auditor.
**Table 2: Minimum Scope of Independent Validation**
| No | Minimum Scope of Independent Validation |
| :--- | :--- |
| 1. | **Overall Control Environment Assessment** |
| | Policies and procedures are formally and adequately documented, kept up-to-date, and circulated to all concerned personnel to ensure effective communication of the requirements, data sources, processes and procedures for compliance with the DLS, DLST and RCL Guidelines. |
| 2. | **Operational Controls Assessment** |
| | (a) Information identification, preparation and data extraction |
| | (i) Operating manuals relating to the information identification, data mapping preparation and data extraction processes are in place to provide guidance for all concerned personnel, facilitate understanding, and stipulate requirements for responsible personnel on the related operations. |
| | (ii) Clear definitions of roles and responsibilities relating to the information identification, preparation, data extraction, performance and accountability of related processes are provided and effectively communicated to all concerned personnel. |
| | (iii) Review procedures are in place and operating effectively for automated or manual processes in data identification, preparation and extraction processes to ensure that the automated or manual processing is complete, accurate, authorised, and in accordance with the DLS, DLST and RCL Guidelines. |
| | (b) Reconciliation and verification of data |
| | (i) Formal operating manuals relating to the data reconciliation and verification processes are documented to provide guidance for all concerned personnel, facilitate understanding, and stipulate requirements for responsible personnel on the related operations. |
| | (ii) Clear definitions of roles and responsibilities relating to the reconciliation, verification, accountability and performance of related processes are provided and effectively communicated to all concerned personnel. |
| | (iii) Adequate and appropriate reconciliation procedures are in place to ensure completeness and accuracy of the information. For example, where information is not directly obtained from the sources of information, it should be reconciled with the underlying financial records. |
| | (iv) Automated or manual verification procedures are in place and operating effectively to ensure that the data and information prepared are in compliance with the requirements set out in the DLS, DLST and RCL Guidelines. Discrepancy handling procedures are in place to ensure that: <br>• discrepancies noted are recorded, and are timely and completely followed up by the appropriate personnel; and <br>• verification results are reviewed to ensure that all discrepancies are followed up and resolved. |
| | (c) Approval and submission of information |
| | (i) Formal operating manuals relating to the approval and submission of information to PIDM are documented to provide guidance for all concerned personnel, facilitate understanding, and stipulate requirements for responsible personnel on the related operations. |
| | (ii) Clear definitions of roles and responsibilities relating to the approval or accountability and submission of information to PIDM and performance of related processes are provided and effectively communicated to all concerned personnel. |
| | (iii) Review procedures are in place and operating effectively prior to submission to PIDM to ensure that all information required is prepared in the specified format, reconciled, verified, and compiled for submission. |
| 3. | **Related Application⁸ Controls Assessment (if applicable)** |
| | (a) Application or systems documentation |
| | The application used must be developed or implemented using the internally approved System Development Life Cycle or Information Technology (IT) project management processes. This will include, but not limited to, user requirement, architecture and design, entity relationship diagrams, user acceptance tests, installation guides and user manuals. |
| | (b) Application change management controls |
| | Change management controls are in place to ensure that changes in relevant systems (for example, any changes to data extraction programs and automated data checking procedures) are properly managed and monitored for compliance with the requirements set out in the DLS, DLST and RCL Guidelines. |
| | (c) Access security management controls |
| | Physical and logical access to the related applications and data are restricted to authorised personnel only. Access should be granted to individuals involved in the related processes on a “need to have” basis. These access privileges must be approved and reviewed periodically. |
| | (d) End-user computing or tagging management controls |
| | Controls and security over end-user computing or tagging are in place to ensure the information integrity and security of end-user maintained applications and information for example, the internal control on automated computation or any system tagging are in place. |
| 4. | **Reporting Forms Validation** |
| | Reporting forms are in compliance to the DLS, DLST and RCL Guidelines and that all data are extracted from the right sources as per the DLS, DLST and RCL Guidelines. The review is required to be performed on the levy information i.e., both the DLS or DLST quantitative information and RCL based on the latest submission to PIDM. |
---
⁷ Sources of information are the key sources such as ICSS, TOSS and RBC or RBCT reporting forms for insurance companies and takaful operators, audited financial statements and management approved financial records/other supporting information.
⁸ Application refers to the systems, tools or programs that are used to extract data from the sources or those that are intended for checking and verifying data automatically including the applications that provide information for PIDM’s requirements e.g. classification of benefit types as stipulated in the RCL Guidelines.
---
3.8. For the avoidance of doubt, the scope and extent of the independent validation to be undertaken by the external auditor should not be limited to or restricted by the minimum scope as set out in Table 2 above. The scope of the independent validation shall cover such other areas as it is required in order for the external auditor to issue an opinion on the independent validation to PIDM.
3.9. If the external auditor appointed to perform the independent validation under these Guidelines is the same auditor who has performed a statutory audit for the insurer member, and the statutory audit covered the scope on processes and controls over the maintenance of the source documents and application systems, the external auditor may not be required to include such scope for the independent validation. However, such information may still need to be considered in the course of the independent validation to identify the root cause and implication of the error(s).
## SUBMISSION DATES OF THE ASSURANCE REPORT AND DETAILED ACTION PLAN AND TIMELINE
3.10. The insurer member is required to submit the assurance report pursuant to the independent validation performed by the appointed external auditor including exceptions or findings, explanation on the root cause of error(s) and the detailed action plan together with the proposed timeline to address such exceptions or findings to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to the insurer member’s Audit Committee, prior to the submission to PIDM.
3.11. In the event that additional error(s) were identified based on the external auditor’s independent validation, the external auditor shall liaise with the insurer member to rectify the error(s). The insurer member is required to submit the revised levy information and its certification, as well as pay any unpaid levy to PIDM, which includes the overdue charge, if any, within one hundred and fifty (150) days from the date of the Notice of Error.
Perbadanan Insurans Deposit Malaysia
10 February 2021
---
# APPENDIX 1: EXAMPLES OF ERROR IN LEVY INFORMATION
As stated in paragraph 2.7 above, there are four (4) circumstances under which errors can trigger a resubmission and require an independent validation to be performed by an external auditor. The scenarios below are in relation to a general insurance company and they are strictly for illustration purposes only.
**Scenario 1: Error in the DLS’ indicator’s result for three (3) consecutive assessment years.**
*Note: The error gives rise to a change in the indicator’s result but does not change the indicator score or the overall levy category.*
Summary of error:
| Assessment year | Initial submission with error | | | Resubmission by insurer member | | |
| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
| | Result | Score | Levy category | Result | Score | Levy category |
| 2023 | 16.15% | 5% | 2 | 15.98% | 5% | 2 |
In assessment year 2023, an error was identified in Insurance Company A’s receivable ratio that affected the indicator’s result as shown above, but the error did not affect the indicator’s score, levy category or levy amount payable. Errors were also identified in other indicators that affected the indicator’s result for the past two (2) consecutive assessment years i.e., the combined ratio in assessment year 2021 and receivable ratio in assessment year 2022.
A Notice of Error will be issued to Insurance Company A in assessment year 2023. Insurance Company A will be required to submit to PIDM its revised DLS quantitative information for assessment year 2023 together with its certification within fourteen (14) days from the date of the Notice of Error.
At the same time, Insurance Company A is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company A’s Audit Committee, prior to the submission to PIDM.
---
**Scenario 2: Error in the DLS’ indicator’s score for three (3) consecutive assessment years.**
*Note: The error gives rise to a change in the indicator’s score but does not change the overall levy category.*
Summary of error:
| Assessment year | Initial submission with error | | | Resubmission by insurer member | | |
| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
| | Result | Score | Levy category | Result | Score | Levy category |
| 2023 | 14.98% | 10% | 2 | 16.67% | 5% | 2 |
In assessment year 2023, an error was identified in Insurance Company B’s receivable ratio that affected the indicator’s score as shown above, but the error did not affect the levy category or levy amount payable for assessment year 2023. Errors were also identified in other indicators that affected the indicator’s score for the past two (2) consecutive assessment years i.e., the gross premium growth ratio in assessment year 2021 and combined ratio in assessment year 2022.
A Notice of Error will be issued to Insurance Company B in assessment year 2023. Insurance Company B will be required to submit to PIDM its revised DLS quantitative information for assessment year 2023 together with its certification within fourteen (14) days from the date of the Notice of Error.
At the same time, Insurance Company B is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company B’s Audit Committee, prior to the submission to PIDM.
---
**Scenario 3: Error in the levy category for the current assessment year.**
*Note: The error gives rise to a change in the indicator’s score and overall levy category.*
Summary of error:
| Assessment year | Initial submission with error | | | Resubmission by insurer member | | | Unpaid levy (RM’ 000) |
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
| | Result | Score | Levy category | Result | Score | Levy category | |
| 2022 | 14.67% | 10% | 2 | 15.98% | 5% | 3 | 100 |
In assessment year 2022, an error was identified in Insurance Company C’s receivable ratio. The error resulted in a change in the score of its receivable ratio, which in turn changed the levy category as shown above.
A Notice of Error will be issued to Insurance Company C in assessment year 2022. Insurance Company C will be required to submit to PIDM its revised DLS quantitative information and RCL for assessment year 2022 together with its certification, as well as remit the unpaid levy including the overdue charge within fourteen (14) days from the date of the Notice of Error. The computation of the unpaid levy including the overdue charge is illustrated in table below.
| (a) | Unpaid levy | RM100,000 |
| :--- | :--- | :--- |
| (b) | Due date of annual levy payment | 31 May 2022 |
| (c) | Notice of Error issued by PIDM | 15 June 2022 |
| (d) | Resubmission of levy information & remittance of unpaid levy | 17 June 2022 |
| (e) | Number of days elapsed [(d) – (b)] | 16 days |
| (f) | Overdue charge calculation [(a) x 10% x (e)/365] | RM100,000 X 10% X [16 / 365 days] = RM438 |
| | Total of unpaid levy and overdue charge for Insurance Company C [(a) + (f)] | RM100,438 |
The total unpaid levy and overdue charge of RM100,438 is remitted to PIDM on 17th June 2022. Insurance Company C is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company C’s Audit Committee, prior to the submission to PIDM.
---
**Scenario 4: Error in the levy amount payable for the current assessment year.**
*Note: The error gives rise to a change in the total levy payable, which is illustrated in (a) and (b) below.*
In assessment year 2022, an error in Insurance Company D’s levy payable was identified.
(a) An error was noted in the total net premiums received for general insurance business
| Assessment year | Initial submission with error | | | Resubmission by insurer member | | | |
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
| | Total net premiums [A] (RM’ 000) | Levy rate | Levy payable (RM’ 000) | Revised total net premiums [B] (RM’ 000) | Difference [C = B – A] (RM’ 000) | Levy rate [D] | Unpaid levy [C * D] (RM’ 000) |
| 2022 | 500,000 | 0.1% | 500 | 600,000 | 100,000 | 0.1% | 100 |
The error was identified in the total net premiums reported by Insurance Company D as shown above that led to the change in the levy amount payable for assessment year 2022.
A Notice of Error will be issued to Insurance Company D in assessment year 2022. Insurance Company D is required to submit its revised RCL for assessment year 2022 together with its certification, as well as remit the unpaid levy payable to PIDM including the overdue charge within fourteen (14) days from the date of the Notice of Error.
The computation of the unpaid levy including the overdue charge is illustrated below.
| (a) | Unpaid levy | RM100,000 |
| :--- | :--- | :--- |
| (b) | Due date of annual levy payment | 31 May 2022 |
| (c) | Notice of Error issued by PIDM | 15 June 2022 |
| (d) | Resubmission of levy information & remittance of unpaid levy | 29 June 2022 |
| (e) | Number of days elapsed [(d) – (b)] | 28 days |
| (f) | Overdue charge calculation [(a) x 10% x (e) / 365] | RM100,000 X 10% X [28 / 365 days] = RM767 |
| | Total of unpaid levy and overdue charge for Insurance Company D [(a) + (f)] | RM100,767 |
The total unpaid levy and overdue charge of RM100,767 is remitted to PIDM on 29th June 2022. Insurance Company D is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company D’s Audit Committee, prior to the submission to PIDM.
---
(b) Error noted in the levy rate used
| Assessment year | Initial submission with error | | | Resubmission by insurer member | | | |
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
| | Total net premiums (RM’ 000) | Levy rate | Levy payable [A] (RM’ 000) | Total net premiums (RM’ 000) | Levy rate | Revised levy payable [B] (RM’ 000) | Unpaid levy [B – A] (RM’ 000) |
| 2022 | 500,000 | 0.05% | 250 | 500,000 | 0.1% | 500 | 250 |
The error was identified in the levy rate used by Insurance Company D as shown above that led to the change in the levy payable for assessment year 2022.
A Notice of Error will be issued to Insurance Company D in assessment year 2022. Insurance Company D will be required to submit its revised RCL for assessment year 2022 together with its certification, as well as remit the unpaid levy payable to PIDM including the overdue charge within fourteen (14) days from the date of the Notice of Error.
The computation of the unpaid levy including the overdue charge is illustrated below.
| (a) | Unpaid levy | RM250,000 |
| :--- | :--- | :--- |
| (b) | Due date of annual levy payment | 31 May 2022 |
| (c) | Notice of Error issued by PIDM | 27 June 2022 |
| (d) | Resubmission of levy information & remittance of unpaid levy | 29 June 2022 |
| (e) | Number of days elapsed [(d) – (b)] | 28 days |
| (f) | Overdue charge calculation [(a) x 10% x (e) / 365] | RM250,000 X 10% X [28 / 365 days] = RM1,918 |
| | Total of unpaid levy and overdue charge for Insurance Company D [(a) + (f)] | RM251,918 |
The total unpaid levy and overdue charge of RM251,918 is remitted to PIDM on 29th June 2022. Insurance Company D is required to appoint an external auditor to perform an independent validation on the revised levy information based on the requirements set out in Section 3 of these Guidelines. The assurance report of the independent validation and the detailed action plan together with the proposed timeline to rectify the exception(s) noted shall be submitted to PIDM within one hundred and fifty (150) days from the date of the Notice of Error. All reports are required to be addressed and tabled to Insurance Company D’s Audit Committee, prior to the submission to PIDM.
---
Subsequently, additional errors were identified by the external auditor in Insurance Company D’s revised levy information, which resulted in further unpaid levy of RM50,000. Insurance Company D is required to rectify the errors and submit the revised levy information to PIDM together with the unpaid levy including the overdue charge within one hundred and fifty (150) days from the date of the Notice of Error as illustrated in the table below:
| (a) | Unpaid levy | RM50,000 |
| :--- | :--- | :--- |
| (b) | Due date of annual levy payment | 31 May 2022 |
| (c) | Notice of Error issued by PIDM | 27 June 2022 |
| (d) | Resubmission of levy information & remittance of unpaid levy | 14 November 2022 |
| (e) | Number of days elapsed [(d) – (b)] | 166 |
| (f) | Overdue charge calculation [(a) x 10% x (e) / 365] | RM50,000 X 10% X [166 / 365 days] = RM2,274 |
| | Total of unpaid levy and overdue charge for Insurance Company D [(a) + (f)] | RM52,274 |
The additional unpaid levy and overdue charge of RM52,274 is remitted to PIDM on 14th November 2022.
---
# APPENDIX 2: PROCESS FLOW CHART FOR ENHANCED VALIDATION PROGRAMME
[Flowchart Description]
* **Start**
* Insurer members submit the certified DLS or DLST quantitative information to PIDM
* PIDM notifies insurer members on the final levy category
* Insurer members submit the certified RCL with levies payment
* **Decision:** Errors in levy information in current assessment year?
* **No:** End
* **Yes:** **Decision:** Errors in levy information as set out in paragraph 2.7 is identified?
* **No:** Submit the revised levy information with its certification & explain the root cause of the error(s) and rectification status to PIDM within 14 days from the date of being notified by PIDM. (End)
* **Yes:** PIDM issues Notice of Error. Insurer member submits its revised levy information & remit unpaid levy including overdue charge, if any, to PIDM within 14 days from the date of the Notice of Error.
* Appoint an external auditor to conduct independent validation
* Submit the assurance report to PIDM together with the detailed action plan and the proposed timeline to address such exceptions or findings within 150 days from the date of the Notice of Error after tabling to the Audit Committee
* **Decision:** Additional errors identified based on the external auditor’s validation?
* **No:** End
* **Yes:** Rectify the error(s) and resubmit the revised levy information and its certification, as well as remit unpaid levy including the overdue charge, if any, to PIDM within 150 days from the date of the Notice of Error. (End)
Change History
No changes detected for this document.
Changes will appear when the scraper detects modifications.