Outdated browser

You are using an outdated browser. DNB.nl works best with:

Pillar 2: General and governance system


This page provides information about the main requirements that Solvency II imposes on the governance system of insurance companies.

Published: 14 June 2023

General information

Solvency II requires all insurance companies to have an effective governance system in place. Adequate governance is important to achieving controlled business operations and it aims to ensure adequate business management at insurance companies, including prompt and effective risk identification and management.

The requirements imposed on governance systems are part of Pillar 2 of Solvency II and govern the internal organisation, including key functions, risk management, internal control, reliability and expertise of executive directors, internal supervisors, and outsourcing and remuneration policies.

Key functions

The requirements pertaining to the structure of the four key functions compliance, actuarial, risk and audit have been tightened. For Dutch insurance companies this means that there are new requirements specifically with respect to the actuarial function. This function for instance plays a role in the area of technical provisions and in the ORSA process. It should be noted that a "function" is not necessarily the same thing as an organisational department or a person. The company is free to choose its own organisational structure, and the rules take account of the nature, scale and complexity of the institution.

Proportionality in the structure of key functions

Insurance companies are required to have key functions in place that operate independently of each other and of other functions. It is important to ensure that there are sufficient checks & balances in place in the organisation, meaning that consistent and well-considered decisions are taken and that risks are managed adequately. Adequate positioning and staffing and a clear division of tasks and responsibilities will contribute to this. Only then can key functions deliver sufficient countervailing power, by providing independent judgement in important decisions and managing the risks that the company is exposed to. The nature, scale and complexity of the company of course also plays a role here. The bigger and more complex the organisation is, the stricter the requirements governing the structure of the key functions are. The company itself is responsible for structuring key functions adequately. This does not require DNB's prior approval, but the institution must ensure that it adequately motivates its adopted structure.

Risk management system

The risk management system must be integrated into the entire organisation and must at least include risk acceptance, asset & liability management and investments (derivatives and comparable instruments in particular). The risk management system must include strategies, processes, and reporting procedures aimed at continuous risk identification and management. Risks must be managed at individual as well as aggregate level and must take account of interdependencies between the risks that the insurance company is exposed to.


Insurance companies remain fully responsible for the tasks that they outsource. Outsourcing of critical processes and key operational functions must be promptly reported to the supervisor.

The relevant Articles in the Solvency II Directive are

  • Article 29 - General principles of supervision
  • Article 40 - Responsibility of the administrative, management or supervisory body
  • Article 41 - General governance requirements
  • Article 42 - Fit and proper requirements for persons who effectively run the undertaking or have other key functions
  • Article 44 - Risk management
  • Article 45 - Own risk and solvency assessment
  • Article 46 - Internal control
  • Article 47 - Internal audit
  • Article 48 - Actuarial function
  • Article 49 - Outsourcing

The relevant Articles in the Delegated Regulation are

  • Article 258: General governance requirements
  • Articles 259–377: Risk management
  • Articles 262–265: Solvency and valuation methods
  • Articles 266–267: Internal control
  • Articles 268–271: Key functions risk management, compliance, internal audit and actuarial
  • Article 273: Fit and proper requirements
  • Article 274: Outsourcing
  • Article 275: Remuneration policy

The relevant EIOPA guidelines are

  • Guidelines on the system of governance

Discover related articles