Insurance Comparative Guide – Insurance

1 Legal framework

1.1 Which legislative and regulatory provisions govern the insurance sector in your jurisdiction?

The primary legal basis for the regulation of the insurance sector in Bermuda is the Insurance Act 1978 (Insurance Act), which has been amended a number of times. The Insurance Act covers not only insurers in a narrow sense, but ‘insurance business’. The latter phrase is defined to include reinsurance business.

Complementing the Insurance Act are various items of insurance-related secondary legislation. The subject matter of the secondary legislation includes, among other things:

• accounting;
• disclosure obligations;
• eligible capital;
• group supervision;
• investment and/or the maintenance of assets in Bermuda;
• prudential standards;
• solvency requirements;
• a specialist tribunal for regulatory appeals; and
• winding up.

There are specialist statutes covering particular types of insurance (eg, Health Insurance Act 1970; Life Insurance Act 1978) and particular types of insurance undertakings (eg, Non-Resident Insurance Undertakings Act 1967).

In addition, there are regulatory instruments promulgated by the Bermuda Monetary Authority (BMA), which was established by the Bermuda Monetary Authority Act 1969. The BMA is the public authority responsible for, among other things, the regulation of the insurance sector. The BMA has issued a statement of principles in accordance with which it acts. The BMA has published codes of conduct on the duties, requirements and standards to be complied with by registered persons and designated insurers, and the procedures and principles to be observed by them. The BMA has also issued guidance notes on the application of items of legislation.

1.2 Which bilateral and multilateral instruments on insurance have effect in your jurisdiction?

As to international treaties relevant to the insurance sector, by way of introduction, it is necessary to briefly describe Bermuda’s relationship with the United Kingdom. Bermuda is a British Overseas Territory, rather than a sovereign country. Bermuda is in practice domestically self-governing. However, certain defined matters, including Bermuda’s external affairs and defence, remain the responsibility of the United Kingdom. Thus, Bermuda does not have the power to enter into any international treaty, unless expressly authorised to do so by the UK government. Otherwise – which is the usual position – it is the United Kingdom that negotiates and enters into international treaties, some of which are extended to Bermuda either at the time of the treaty’s ratification or subsequently. As a matter of UK policy, any international treaty is extended to Bermuda only at the latter’s request.

A significant number of multilateral and bilateral treaties between the United Kingdom and third countries have been extended to Bermuda or made by the United Kingdom specifically on behalf of Bermuda. By category, these include, but are not limited to:

• the recognition and enforcement of foreign arbitral awards;
• legal proceedings in civil and commercial matters;
• taxation and the exchange of information relating to tax matters;
• commerce and navigation;
• the promotion and protection of investments; and
• human rights.

1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?

In general, the relevant public authority is the Bermuda Monetary Authority (BMA). The BMA has a statutory duty under the Insurance Act 1978 to supervise persons carrying on insurance business and persons carrying on business as insurance agents, brokers, managers, or salesmen.

The BMA has wide-ranging powers for the civil enforcement of applicable legislation and issues relating to the Insurance Code of Conduct. The BMA exercises such powers in accordance with the guidance it has published. By way of illustration, it may be useful to highlight the following enforcement powers:

• The BMA may require a registered person or designated insurer to provide it with information or expert/professional reports, or to submit documents to it.
• The BMA may conduct an investigation if it appears to the BMA that a person, including in some circumstances a former registered person, may have contravened certain provisions of the Insurance Act or other requirements.
• The BMA may serve a notice of objection in respect of a proposed ‘material change’ concerning an insurer.
• The BMA may intervene in the business of a registered person in certain circumstances, if it appears to the BMA that doing so is desirable to safeguard the interests of the registered person’s clients or potential clients. The BMA’s intervention takes the form of directions its gives to a registered person (eg, not to effect further contracts of insurance).
• The BMA may impose a civil penalty on any person that fails to comply with a requirement, or that contravenes any prohibition, imposed by or under the Insurance Act.
• The BMA may issue a prohibition order if it appears to the BMA that an individual is not a fit and proper person to perform functions in relation to a regulated activity carried on by a regulated person.
• The BMA may make an application to the court for an injunction to restrain the contravention of a requirement imposed by or under the Insurance Act.
• The BMA may present a petition for the winding up of an insurer in accordance with the Companies Act 1981, on specified grounds.
• The BMA may by order cancel the registration of an insurer on various grounds (eg, if false, misleading or inaccurate information has been supplied by or on behalf of the insurer to the BMA).

Apart from the civil enforcement of insurance legislation and regulatory provisions, there also exist insurance-related criminal offences created by the Insurance Act and other legislation. The prosecution of such offences is not the role of the BMA; but it is the BMA which decides whether to refer particular cases to the Bermuda Police Service.

1.4 What is the regulators’ general approach in regulating the insurance sector?

The BMA has a substantial track record of regulating financial institutions, including in the insurance sector. Viewing the BMA’s role in a strategic sense, its principal objects include:

• the promotion of the financial stability and soundness of financial institutions;
• assistance with the detection and prevention of financial crime; and
• assistance of foreign regulatory authorities in discharging their functions.

The BMA’s regulation of the insurance sector has been calibrated to facilitate international market access:

• The European Union has recognised that the regulatory and supervisory regime in force in Bermuda, which applies to most types of (re)insurers, is equivalent to that established in the European Union by Directive 2009/138 (Solvency II).
• In the United States, the BMA has secured for Bermuda both qualified jurisdiction status and reciprocal jurisdiction status, granted by the National Association of Insurance Commissioners (NAIC). In awarding these statuses, the NAIC has recognised that the BMA’s regulatory regime for (re)insurers meets the standard of, and achieves supervisory outcomes similar to, those of the US regulatory system. As a result, Bermudian (re)insurers are eligible for ‘zero collateral relief’ in the United States.

Operationally, the BMA implements its regulatory programme in two main parts: supervision and enforcement. Its approach to both is risk based, prioritising conduct which the BMA views as the major threats to its regulatory objectives.

For its supervisory activity, the BMA sets its agenda based on a categorisation of firms according to their risk profile. As to enforcement, the BMA’s general approach is set out in its Enforcement Guide. The BMA does not apply its enforcement powers to every instance of a regulated person’s non-compliance with its regulatory obligations, because it is of the view that most such issues can be addressed as part of the ‘normal supervisory relationship’.

2 Insurance contracts

2.1 What are the main types of insurance available in your jurisdiction?

Bermuda’s (re)insurance sector is comprised of about 1,200 (re)insurers holding total assets greater than $980 billion and writing gross premiums of about $240 billion per year. In terms of gross premiums, Bermuda’s market size is approximately the same as Germany’s, in sixth place in the global ranking of jurisdictions.

Bermudian insurers have a particularly high global market share in the following segments:

• 73% of the aggregate outstanding exposure of insurance-linked securities;
• 70% of the aggregate issuances outstanding of catastrophe bonds; and
• 36% of all property/casualty reinsurance, based on net premiums earned.

For regulatory purposes, the Bermuda Monetary Authority (BMA) distinguishes the following types of insurance. Only simplified definitions are given here:

• ‘General business’ is all business other than long-term business and special purpose business, with some exceptions.
• ‘Long-term business’ includes effecting and carrying out contracts of insurance on human life, or against the risk that the insured sustains accidental injury or becomes incapacitated or dies as a result of disease. This concept overlaps in part with that of ‘life insurance’. The latter is separately defined in the Life Insurance Act 1978, and made subject to distinct regulatory requirements.
• ‘Special purpose business’ means insurance business in which the insurer fully collateralises its liabilities to the insured. Special purpose insurers are often used in structuring insurance-linked securities and catastrophe bonds.
• ‘Innovative insurance business’ is a phrase used in respect of insurers which operate in an ‘innovative and experimental manner’, and which are registered and regulated by the BMA in a correspondingly tailored way.
• 
  ‘Domestic business’ is insurance business in which the subject matter of the contract of insurance is:

• • property in Bermuda;
  • the life or other insurable interest of a person who is at the time ordinarily resident in Bermuda; or
  • the risk of a non-exempted company formed in Bermuda.

2.2 Are all insurance contracts regulated? What terms do they typically include?

The conduct of all ‘insurance business’ is regulated under the Insurance Act 1978 and/or related legislation. In Bermuda law, unlike in English law, for a contract to be one of insurance there is arguably no requirement for:

• the (re)insured to have an insurable interest in the subject matter of the contract; or
• the contract to transfer any risk to the (re)insurer.

As to the terms typically included in a contract of insurance in Bermuda, this issue can be addressed under three headings.

Express terms in general: Functionally, the terms of a contract of insurance tend to include:

• definitions;
• the insuring clause;
• exclusions from cover;
• the obligations of the parties;
• procedural clauses related to making claims and the notification of events; and
• provisions concerning dispute resolution.

Alternatively, express terms can be analysed according to their legal effect:

• 
  An insurance ‘warranty’ is a promise by an insured that:

• • he or she will or will not do a particular thing;
  • some condition will be fulfilled; or
  • a particular state of things does or does not exist.

• In the common law of Bermuda, the breach of a warranty automatically discharges the insurer from the contract from the time of breach.
• An insurance ‘condition’ is a term of the contract other than a warranty. Depending on the nature and type of a condition, the remedial consequence of its breach can range from a mere entitlement to damages to a right to terminate the contract.

Bermuda Form: In excess liability insurance, there is a form of contract known as the ‘Bermuda Form’, which has some distinctive express terms compared to insurance contracts often used in the United Kingdom or the United States. In a Bermuda Form contract, among other things:

• the trigger for the insurer’s liability is ‘occurrence reported’, not occurrence alone or claims made;
• there is ‘occurrence integration’ to batch together multiple instances of damage resulting from a common cause’ and
• there is a ‘maintenance deductible’ to exclude spikes in claims beyond the level historically experienced by the insured.

Implied terms: In the law of Bermuda, contracts may include implied terms – that is, non-express terms. Some implied terms are provided by statute, while others arise at common law.

2.3 What are the formal and documentary requirements for conclusion of an insurance contract?

In the common law of Bermuda, there exist no formal or documentary (together, ‘formality’) requirements for contracts of insurance. Thus, the position appears to be the same as in the common law of England and Wales – for example, an oral contract is binding.

Over time, in English law, there have occurred various statutory interventions which create formality requirements for some types of insurance. Some such legislation has also been enacted in Bermuda, albeit in fewer instances than in England:

• The Motor Car Insurance (Third Party Risks) Act 1943 refers to a requirement for a ‘policy of insurance’, and the insurer must ‘issue’ to the insured a ‘certificate of insurance’ in a form prescribed by legislation. A policy is of no effect unless and until such a certificate is issued.
• Pursuant to the Life Insurance Act 1978, an insurer entering into a contact must ‘issue a policy’. The contract does not take effect unless various criteria are satisfied, except if otherwise provided in the application or the policy itself. The required criteria include that the policy be ‘delivered’ by the insurer to the insured or another specified person.

2.4 What are the procedural requirements for conclusion of an insurance contract?

In Bermuda at common law, as in English common law, the formation of an insurance contract generally follows the same procedure as for any other contract. Among other things:

• there must be an offer and acceptance; and
• beforehand, there may be an invitation to treat, plus one or more counteroffers.

The typical pattern appears to be that the insurer provides an application form to the potential insured; this constitutes an invitation to treat. The offer is made by the potential insured when he or she completes and submits the application form to the insurer; and acceptance occurs when the insurer unconditionally accepts the offer.

In addition, as indicated in question 2.3, legislation may require certain formalities to be complied with regarding the formation of a contract of insurance in order for the contract to have legal effect.

Historically, in Bermuda, as at Lloyd’s of London, contracting often occurred by way of a short-form ‘slip’, notwithstanding that most of the terms of the contract were not stated on the slip and not immediately reduced to writing. Agreements in the form of a slip have been held to be capable in principle of constituting a contract. After the slip was agreed, the full terms of the contract were often not set out in writing for a considerable time, if at all. To address the resulting evidential uncertainty, in 2008 two Bermuda insurance industry associations adopted a code of practice (‘ABIR Code’), which sets out best practice as to contract formation. The ABIR Code characterises itself as a set of guidelines which is not mandatory for members of those associations. Nevertheless, within a few years the reported rate of compliance with the ABIR Code reached 99% for insurance and 97.7% for reinsurance. In this regard, the Insurance Code of Conduct published by the BMA requires compliance with “internationally recognised contract certainty standards and codes”, without naming or defining any such standard or code.

2.5 What are the respective obligations and liabilities of insurer and insured, both on concluding an insurance contract and during its term? What are the consequences of any breach?

At common law, probably the most characteristic feature of all contracts of insurance is that they are based on ‘utmost good faith’. In Bermuda, that principle continues in force at present, with little statutory intervention. This is unlike in England, where the corresponding common law has been codified and significantly diluted by statute.

Utmost good faith is a legal duty imposed on both parties to the contract – that is, the insured and the insurer. It has two distinct elements:

• 
  Pre-contractual duty: Each party must:

• • disclose to the other all the material facts relevant to the contract being negotiated which are known to the party or deemed by law to be known to it; and
  • refrain from making any relevant untrue statement to the other.

• Post-contractual duty: In the performance of the contract, no further duty exists to disclose material facts relevant to the original risk insured. But any express or implied term of the contract must be performed in good faith.

Turning to the remedy for breach of the duty of utmost good faith, in Bermuda law, it is generally the same as it used to be in England before the statutory interventions referred to above, as follows:

• Breach of pre-contractual duty: The innocent party is entitled to avoid the contract ab initio, provided that the breach induced it to enter into the disputed contract or induced it to deal with a claim under the contract in a particular way. This means that, upon the innocent party’s election, the law regards the contract to have never existed. Damages are not an available remedy for breach of a pre-contractual duty of utmost good faith.
• Breach of post-contractual duty: Whether or not the remedy of avoidance ab initio is available depends on the nature of the breach and its consequences. If avoidance is not available, then the innocent party’s remedy is based on ordinary contract law principles.

3 Making a claim

3.1 What are the formal and documentary requirements for making a claim?

At common law in Bermuda, as in England, the general principle of indemnity insurance is that unless the contract provides otherwise, the insurer becomes liable to indemnify the insured immediately upon the occurrence of an event insured against. In other words, beyond anything provided by the express terms of the contract, there are no formal or documentary requirements for making a claim. There exist two exceptions from the foregoing in Bermuda:

• For motor insurance contracts, the insurer’s liability in respect of a statutorily mandated level/scope of cover cannot be conditioned on any particular way of making a claim.
• For life insurance, if the insurer “receives sufficient evidence of the happening of the event upon which the insurance money becomes payable” and of certain other facts specified by statute, then, without more, the insurer must pay the insurance money to the person entitled to it.

3.2 What are the procedural requirements for making a claim?

Regarding procedural requirements for making a claim under a contract of insurance, the position is the same as outlined in question 3.1 concerning formal and documentary requirements.

3.3 On what grounds can the claim be denied? How can the insured challenge the denial of claim?

The grounds on which an insurer may deny a claim are many and varied. Some of the more relevant grounds include the following:

• breach of a warranty, or the sufficient breach of a condition, as mentioned in question 2.2;
• breach of the duty of utmost good faith, as outlined in question 2.5;
• the absence of cover for the risk which eventuated or the circumstances in which it eventuated;
• fraud by the insured;
• illegality or public policy;
• mistake, the simplest form of which is where, at the time the contract is formed, the insurer and the insured have a common assumption or belief about the existence of a state of affairs which is in fact false; and
• failure to bring the claim within the relevant limitation period. In Bermuda, for most causes of action, the relevant period is set by the Limitation Act 1984.

Turning to the grounds on which the insured can respond to the denial of a claim, perhaps the simplest is to deny the insurer’s factual allegations. Other frequently used defences include:

• challenge to the insurer’s construction/interpretation of the contract;
• rectification, where the written terms of the insurance contract did not reflect the common intention of the parties as of the date on which the contract was formed;
• affirmation or waiver by election, where the insurer had knowledge of the facts giving rise to a breach by the insured, as well as knowledge of his or her related legal rights, but elected expressly or by conduct to treat the contract as continuing. This also or alternatively applies if, following the insured’s breach, the insurer elected not to exercise its right to claim damages; and
• estoppel. Under this family of doctrines, the law may prevent a person from denying or going back on a statement, promise or assurance which he or she makes to another as to the existence of a particular state of affairs, which leads that other person to believe in and to change his or her position in reliance on the existence of that state of affairs.

3.4 How can third parties make a claim?

In Bermuda law, the rights of a third party to a contract of insurance are primarily addressed in the Contracts (Rights of Third Parties) Act 2016 (“2016 Act”), which also applies to a wide range of other types of contracts. In general, a third party – that is, a person who is not a party to a contract – can in his or her own right enforce a term of that contract if:

• he or she is expressly identified in the contract; and
• the contract expressly provides in writing that the third party may enforce that term.

In a (re)insurance context, the 2016 Act is likely to make possible at least some ‘cut-through clauses’, as a matter of contract law. Such clauses confer a right on an insured to claim directly against a reinsurer, in case of the insurer’s insolvency. Prior to the 2016 Act, cut-through clauses were not at all possible at common law, due to the absence of privity. In light of the 2016 Act, appropriately drafted cut-through clauses can now be effective, at least in non-insolvency scenarios. It is yet to be seen whether the 2016 Act will be construed by the Bermuda courts as enabling cut-through clauses to operate in case of an insurer’s insolvency, but there is doubt as to the effectiveness of such a clause in that situation.

Another aspect of third-party rights is that one way in which a third party may become entitled to enforce a contract is if the right is expressly assigned to him or her by a party to the contract. The issue of assigning an indemnity insurance contract is somewhat complex, due to the interaction of the relevant common law, equity and statute law.

A third party who has rights in respect of a contract pursuant to the 2016 Act, may generally assign those rights, unless:

• the contract expressly provides otherwise; or
• on a proper construction of the contract, the right is personal to the third party and not assignable. Whether and how this point applies to insurance contracts is not entirely clear because, at common law, a contract of insurance is personal to the parties who form it, but assignable with the consent of the relevant party. The Bermudian courts have not yet been required to decide how the common law position is affected by the 2016 Act.

The final aspect of a third party’s rights in Bermuda law arises from the Third Parties (Rights Against Insurers) Act 1963. This statute applies to situations in which an insured natural or legal person is covered by against liability to third parties. If the insured incurs liability to a third party and then becomes bankrupt/insolvent, then upon the occurrence of that event, the insured’s rights against the insurer are automatically transferred to and vested in the third party.

4 Form and structure of insurers

4.1 What types of insurance companies are typically found in your jurisdiction?

In practice, Bermuda has two insurance industries. One is a large globally significant ecosystem of insurers and related service providers, which serves the complex and high-value (re)insurance requirements of non-Bermudian insureds, or insured risks that are non-Bermudian. Related data is outlined in question 2.1. The other part of Bermuda’s insurance sector is local and small, catering for insurance requirements on the island of Bermuda.

As of the end of 2020, there were 1,191 insurers registered with the Bermuda Monetary Authority (BMA), which included the following:

• Captive insurers other than those that write only long-term business: 660 licences. These insurers fall into one of Classes 1 to 3 in the BMA’s licensing terminology. A ‘captive’ is an insurer created by a non-insurer parent company or companies to insure their own risks.
• Commercial insurers which do not underwrite direct excess liability or property catastrophe reinsurance risk (Class 3A and 3B): 154 licences.
• Large commercial insurers which do underwrite direct excess liability or property catastrophe reinsurance risk (Class 4): 45 licences.
• Captive insurers which write only long-term business (Classes A and B): 20 licences.
• Long-term insurers (Classes C to E): 143 licences.
• Special purpose insurers: 165 licences.
• Collateralised insurers: four licences.
• Innovative insurers: two licences.

4.2 How are these insurance companies typically structured and funded?

As to structuring, for an insurer to be registrable by the BMA, one of the requirements is that it must be a body corporate. Entities of several legal forms can be, and have been, used:

• 
  For companies incorporated in Bermuda, the Companies Act 1981 recognises two basic types of non-cellular company – ‘local’ and ‘exempted’:

• • For a local company to lawfully carry on business in Bermuda, it must be beneficially owned, controlled, and directed by Bermudians to a statutorily prescribed degree.
  • An exempted company is one that does not meet the requirements that apply in respect of a local company, and which is registered accordingly. The starting position is that an exempted company is restricted by statute from carrying on most types of business in Bermuda, other than with persons outside Bermuda and similar purposes. An exempted company can obtain from the minister of finance a licence to conduct other types of business in Bermuda.

• A company incorporated outside Bermuda is an ‘overseas company’. Such a company can lawfully engage in or carry on a business in Bermuda only with a permit issued by the minister of finance, whereupon it becomes a ‘permit company’.
• A mutual company is one that is not limited by shares or having a share capital, and which is authorised to carry, on its principal object, (re)insurance business of all kinds on the ‘mutual principle’.
• 
  Bermuda law recognises two forms of cellular company:

• • A segregated accounts company (SAC) under the Segregated Accounts Companies Act 2000 is one within which there are segregated accounts kept in order to separate identifiable pools of assets/liabilities from each other, while each such company also has a general account. A segregated account within an SAC does not constitute a distinct legal person.
  • An incorporated segregated accounts company (ISAC), registered under the Incorporated Segregated Accounts Companies Act 2019, is different from an SAC mainly in that, within an ISAC, each segregated account is itself incorporated and it is recognised as a legal person distinct from the ISAC.

• In practice, cellular company structures are not infrequently used by special purpose insurers to issue insurance-linked securities (ILSs) or catastrophe bonds, and for the creation of ‘rent-a-captives’.
• A company of any kind may be incorporated by a private act of the Bermuda Parliament. Such an act is a statute which is not a government measure and which, among other things, affects or benefits a particular person or body corporate. This procedure is not widely used at present, but can be used where a specific exemption from the Companies Act 1981 or from other legislation is needed.

Pursuant to the Non-Resident Insurance Undertakings Act 1967, it is in principle possible for a company not incorporated in Bermuda, or any other body corporate not resident in Bermuda, to acquire the status of a ‘non-resident insurance undertaking’ if it obtains a permit to that effect from the minister of finance. In practice, we understand that there is presently a de facto moratorium in effect against the issue of such permits.

A limited liability company (LLC) can be formed under the Limited Liability Company Act 2016. LLCs do not issue shares and have no share capital. Instead, the members of an LLC hold ‘LLC interests’ pursuant to an ‘LLC agreement’, whereby their entitlements are determined in respect of the LLC’s profits/losses. Our understanding is that the BMA does not consider LLCs to be suitable for registration as an insurer.

Turning to the funding of insurers, the following may be noted:

• Several Bermuda-based insurers which serve non-local markets are public companies whose shares are listed on foreign stock exchanges. Others are subsidiaries of such companies, or they are privately held. Of the insurers focused on the local market, some are listed on the Bermuda Stock Exchange (BSX).
• An insurer may also obtain debt financing. Common forms of debt include loans, notes, bonds and debentures, both secured and unsecured. In practice, a variety of debt structures are used.
• Many ILSs and catastrophe bonds are listed on the BSX.

4.3 Are there any restrictions on foreign ownership of insurance companies?

Bermuda law does not restrict the foreign ownership of insurance companies, except those which take the form of a local company in the sense discussed in question 4.2. However, there are restrictions on the business activities of companies other than local companies, as indicated in question 4.2.

5 Authorisation

5.1 What authorisations are required to provide insurance services in your jurisdiction? What activities do they cover?

In general, it is prohibited to carry on insurance business in or from within Bermuda without registration with the Bermuda Monetary Authority (BMA). Contravention of this prohibition is a criminal offence. The Insurance Act 1978 creates, and the BMA administers, a somewhat complex classification system for registering persons that intend to conduct insurance business. The classes of registration are mutually exclusive; and in relation to classifying an insurer, the BMA has a limited degree of discretion to exercise flexibility. In outline, the classes are as follows:

• Class 1: A single-parent captive which insures only the risks of its owner or affiliates of the owner.
• 
  Class 2:

• • A multi-owner captive which insures the risks of its owners or affiliates of the owners; or
  • A single-parent or multi-owner captive insuring only related the risks and/or deriving up to 20% of its net premiums from unrelated risks.

• Class 3: A captive insurer which underwrites more than 20% but less than 50% unrelated business.
• Class 3A: A commercial insurer, where the unrelated business net premiums are less than $50 million.
• Class 3B: A commercial insurer, where the unrelated business net premiums are $50 million or more.
• Class 4: A large commercial insurer whose insurance business includes underwriting excess liability and/or property catastrophe reinsurance risk.
• Class A: A single-parent captive which underwrites only the long-term business risks of its owner or affiliates of the owner.
• 
  Class B:

• • A multi-owner captive which underwrites only the long-term business risks of its owners and affiliates of the owners and/or risks related to or arising out of the same; or
  • A single-parent or multi-owner captive which derives no more than 20% of its net premiums from unrelated risks.

• Class C: A long-term insurer with total assets of less than $250 million.
• Class D: A long-term insurer with total assets of $250 million or more, but less than $500 million.
• Class E: A long-term insurer total assets of more than $500 million.
• Special purpose: An insurer which carries on special purpose business – that is, which fully collateralises its exposure to the risks it underwrites.
• Collateralised: An insurer which carries on special purpose business, but which is not registrable as a special purpose insurer.
• Classes IGB and ILT: An insurer which undertakes general business or long-term business, respectively, in an ‘innovative and experimental manner’.
• Classes IIGB: An insurer which undertakes general business in an ‘innovative manner’.

A different regulatory regime applies to non-resident insurance undertakings.

A non-insurer which provides insurance-related services must be registered with the BMA. This registration requirement applies to an insurance manager, broker, agent, marketplace provider or salesperson. For such service providers, there are no classes of registration of the kind mentioned above for insurers.

5.2 What requirements must be satisfied to obtain authorisation?

Whether registration is sought by an insurer, an insurance manager or intermediary, the BMA cannot grant registration unless it is satisfied, among other things, that the applicant fulfils the ‘minimum criteria’ listed in the schedule to the Insurance Act 1978 (Insurance Act). In relation to an insurer, the criteria may be summarised as follows:

• Every person who is, or is to be a controller or officer of the insurer, must be a ‘fit and proper person’ for performing functions in respect of the activity of the insurer.
• The insurer must implement corporate governance policies and processes which the BMA considers appropriate given the nature, size, complexity and risk profile of the insurer.
• If the insurer is a body corporate, its business must be effectively directed by at least two persons. In addition, the BMA has the power to require the appointment of non-executive directors.
• 
  The insurer must conduct its business in a ‘prudent manner’. This includes:

• • complying with the Insurance Act and other relevant legislation;
  • maintaining sufficient capital to enable the insurer to meet its insurance obligations; and
  • maintaining adequate accounting and other records and systems of control.

• If the insurer belongs to any group, then the structure of the group must be such as to not obstruct the conduct of effective consolidated supervision.
• The business of the insurer must be carried on “with integrity and the professional skills appropriate to the nature and scale of its activities”.

Beyond the minimum criteria for registration, if the application is by an insurer, the BMA must also be satisfied that the applicant:

• has available to it adequate knowledge and expertise;
• has adequate premises to conduct its business;
• meets the relevant ‘minimum margin of solvency’ (MMS). This concept is defined to refer to the amount by which the value of an insurer’s assets exceeds the value of its liabilities; and
• if the application is for registration in one of Classes 3A, IIGB, 3B, 4, C, D, E, or as a collateralised insurer, then the applicant’s available statutory capital and surplus must also meet the relevant ‘enhanced capital requirement’ (ECR). This concept refers to an additional capital and surplus requirement – that is, beyond the MMS. The ECR is calculated based on risk modelling.

Different/further registration requirements apply to special purpose insurers, innovative insurers and incorporated segregated accounts companies.

5.3 What is the procedure for obtaining authorisation? How long does this typically take?

The BMA’s related information bulletin includes a checklist of the documents to be submitted when applying to the BMA to be registered as an insurer. Key items on the checklist include the following:

• 
  a business plan setting out, among other things:

• • details of the policyholders;
  • the lines of business to be conducted;
  • the nature of the risks being insured;
  • the proposed capitalisation and sources of funding; and
  • pro forma financial statements;

• 
  supporting evidence, including:

• • copies of existing insurance contracts and/or related letters of intent; and
  • unconditional acceptance letters from proposed service providers to the applicant (eg, auditor, actuary, loss reserve specialist);

• detailed information about the ownership and beneficial ownership of the applicant, including personal/corporate background and financial information;
• details of the applicant’s officers, senior management and key employees, plus the corporate governance framework;
• investment policy guidelines for the applicant;
• evidence of the applicant’s risk management and internal controls, and their appropriateness;
• evidence of the applicant’s ability to comply with the Insurance Code of Conduct published by the BMA;
• evidence of the applicant’s anti-money laundering and anti-terrorist financing policies and procedures, and its ability to comply with international sanctions legislation; and
• the contact details of the supervisory authority of the applicant’s controller or owner, if the latter is a (re)insurer domiciled in another jurisdiction.

In addition to the foregoing, depending on the class of registration sought by the applicant seeking to be registered by the BMA, the application procedure may involve further class-specific requirements.

An application must be filed with the BMA electronically, ordinarily on a Monday for consideration by the Insurance Assessment and Licensing Committee (IALC) that Friday. The IALC consists of a chairperson and a panel. The chairperson is the chief executive officer of the BMA or his or her designate.

If an application to be registered is considered by the IALC to be incomplete, then it will inform the applicant accordingly and invite the applicant to provide the required additional information. Where an application does not meet the minimum criteria set out in the Insurance Act 1978, the IALC will not approve the application. If an application is not approved, the IALC will communicate the basis of that decision to the applicant, unless there are legal or other reasons for not doing so.

The IALC usually advises applicants of its decision on the day of the decision by telephone. A follow-up letter is then issued by the BMA within three business days.

6 Regulatory capital and liquidity

6.1 What minimum capital requirements apply to insurance companies in your jurisdiction?

In the regulatory capital requirements imposed on insurers under Bermuda law, a variety of different concepts of capital are used, depending on the specific purpose for which capital is referred to. The most fundamental capital requirements include the following:

• Paid-up share capital: If an insurer has a share capital, then for the insurer to be capable of registration by the Bermuda Monetary Authority (BMA), the minimum amount paid up on the share capital must meet the statutory minimum for the appropriate class of insurer. That minimum ranges from $1 for a Special Purpose Insurer, to $1 million to a Class 4 insurer. That said, before it carries on insurance business, a Class 4 insurer must also have a total statutory capital and surplus of not less than $100 million.
• 
  Minimum margin of solvency (MMS):

• • For an insurer’s general business assets, there is a minimum MMS imposed by legislation, which the insurer must exceed in order to be registrable by the BMA, and thereafter at the end of each of its financial years. The threshold depends on a series of calculations, but legislation also provides for absolute minima. They range from $1 for a Special Purpose Insurer, to $100 million for a Class 4 insurer.
  • For the long-term business assets of an insurer carrying on long-term business, the minimum MMS requirements are subject to more complex calculations, depending on the insurer’s class.
  • For an insurance group, different MMS requirements apply, which are higher than the aggregate of the MMS of each qualifying member of the controlled group.

• 
  Enhanced capital requirement (ECR):

• • There is no ECR for certain categories of insurer, namely those registered in Classes 1, 2, 3, IGB, A, B or ILT, or as a Special Purpose Insurer.
  • An ECR requirement does apply to an insurer registered in any of the classes not mentioned above and to an insurance group. The ECR is calculated based on risk modelling, as set out in legislation.

6.2 What liquidity requirements apply to insurance companies in your jurisdiction?

The main regulatory liquidity requirement imposed on insurers under Bermuda law is the ‘minimum liquidity ratio’ (MLR), which applies in respect of general business. Even apart from the MLR, an insurer is required to manage its liquidity risk as an element of its risk management framework.

The MLR is the minimum required proportion which the liquid assets of an insurer carrying on general business must keep relative to the insurer’s liabilities. The MLR must be attained at the end of each financial year end. In general, if an insurer carries on general business, then the MLR is 75%, by reference to ‘relevant assets’ and ‘relevant liabilities’. By contrast, the MLR is 100% for an insurer that is a ‘composite’ which was already carrying on both general business and long-term business immediately before 1 January 1980. There are also a handful of classes of insurer which are distinctly regulated for MLR purposes:

• Class IIGB: The MLR is 75%, without reference to whether the insurer conducts general business and/or long-term business.
• Special Purpose Insurer and Collateralized Insurer: There is no required MLR for these classes of insurer.

For an insurance group, as such, there is no MLR requirement. However, an insurance group must manage its liquidity risk in accordance with the relevant secondary legislation.

7 Supervision of insurance groups

7.1 What requirements apply with regard to the supervision of insurance groups in your jurisdiction?

Bermuda law makes provision for the regulation of insurance groups in Part IVA of the Insurance Act 1978 (Insurance Act) and related secondary legislation. An ‘insurance group’ is defined as a group that conducts insurance business; and for this purpose, a ‘group’ refers to two or more companies, the situation of which can be characterised in one of the following ways:

• a ‘participating company’ such as a parent or holding company, its subsidiaries and any entities in which the participating company or its subsidiaries hold, directly or indirectly, 20% or more of the voting rights or capital; or
• a ‘strong and sustainable financial relationship’ among two or more companies, which can be established by contract or otherwise.

The Bermuda Monetary Authority (BMA) has the power to determine, in respect of an insurance group, whether it is appropriate for the BMA to act as its group supervisor. In order to make that determination, the BMA must take into account various matters – for example, whether the group is headed by an insurer of Class 3A, 3B, 4, C, D, or E, or otherwise so designated by an order made by the BMA.

If the BMA determines that it is appropriate for the BMA to act as the group supervisor of an insurance group, then it must designate a specified insurer in that group to be the ‘designated insurer’ in respect of the group. In effect, the designated insurer is the lead insurer for the members of the group. Once the BMA designates a group’s designated insurer, the latter has a duty to facilitate and maintain compliance by the group as a whole with the regulatory obligations imposed by Bermuda law, including as to:

• the minimum margin of solvency and enhanced capital requirement requirements discussed in question 6.1;
• corporate governance;
• risk management; and
• reporting on the above to the BMA.

The BMA’s functions as the group supervisor of an insurance group include, among other things:

• coordinating information gathering and the dissemination of relevant essential information as between the competent insurance regulatory authorities;
• assessing the insurance group’s compliance with rules on solvency, risk concentration and intra-group transactions, pursuant to the Insurance Act and related secondary legislation;
• assessing the insurance group’s system of governance; and
• planning and coordinating the supervisory activities of competent authorities in respect of the insurance group, including any relevant enforcement action.

8 Reporting, governance and risk management

8.1 What key disclosure requirements apply to insurance companies in your jurisdiction?

From an insurance regulatory perspective, Bermudian legislation imposes public disclosure requirements on the following:

• Insurers registered in Classes 3A, 3B, 4, C, D and E: Generally, the information required to be disclosed is the insurer’s ‘financial condition report’ (FCR), which an insurer must file with the Bermuda Monetary Authority (BMA) and then publicly disclose. Where a ‘significant event’ occurs to an insurer after the end of the financial year to which its most recent FCR relates, the insurer must file a report about the event with the BMA and thereafter that report must be disclosed to the public. A ‘significant event’ is defined to include, among other matters, acquisitions, divestitures and new lines of business entered into.
• Insurance groups of which the BMA is the group supervisor: In general, the information to be disclosed is that contained in the group’s FCR, which the group’s designated insurer must first file with the BMA and then publicly disclose. Concerning the reporting and public disclosure of a significant event related to an insurance group, there is a similar requirement to that mentioned above, mutatis mutandis.

Upon the application of an insurer or a designated insurer, the foregoing disclosure requirements can be modified by the BMA. Further, the BMA can grant an exemption from some or all of those requirements.

In addition, the Insurance Code of Conduct published by the BMA imposes disclosure requirements on insurers with regard to their policyholders. These include the following:

• 
  An insurer must be prepared to provide a policyholder with a full and fair account of the fulfilment of the insurer’s responsibilities. The frequency with which information is to be disclosed depends on the contractual arrangement. In any case, the insurer must take reasonable care to ensure that the information disclosed is:

• • accurate;
  • not misleading;
  • comprehensible; and
  • available in writing or by appropriate electronic means.

• An insurer must disclose to the policyholder, on a timely and effective basis, any contractual changes during the life of a contract of insurance.

8.2 What key reporting requirements apply to insurance companies in your jurisdiction?

Bermuda law requires an insurer to prepare statutory financial statements (SFSs) in respect of its insurance business for each financial year. The SFSs must contain the information prescribed pursuant to statute. An insurer’s SFSs must be audited by an auditor approved by the BMA. An insurer must file its SFSs with the BMA, including notes to those statements and the auditor’s report thereon, by a specified ‘filing date’. The required content of the SFS and the filing date depend on the class in which the insurer is registered with the BMA.

At the time an insurer files its SFSs with the BMA, it must also:

• 
  deliver to the BMA statutory declarations of compliance in respect of the preceding financial year, stating that the insurer has complied with a variety of regulatory requirements applicable to it, including:

• • the minimum criteria;
  • the MMS;
  • any relevant ECR;
  • any conditions, direction, restrictions or approvals of the BMA; and
  • the MLR for its general business; and

• file with the BMA the insurer’s ‘statutory financial return’ (SFR), which must be in the prescribed form.

Further, on or before their filing date, insurers of some classes must also file with the BMA a ‘capital and solvency return’ (CSR) and/or an FCR.

In respect of an insurance group, where the BMA has determined that it is appropriate for it to act as the group supervisor, the designated insurer must file with the BMA an SFS, an SFR and an FCR. In addition, the insurance group must prepare and the designated insurer must file with the BMA:

• ‘group financial statements’, which must be prepared annually on a consolidated basis and audited;
• ‘quarterly financial returns’, which must be filed only annually. These must include unaudited quarterly consolidated group financial statements; and
• an insurance group CSR, which must be filed annually.

An insurer must notify the BMA of various specific types of events once it is aware of their occurrence. Such a notification must usually be followed within a specified number of days by a written report of the particulars of the event in question. The types of events concerned include the following:

• a ‘material change’ relating to the insurer. A ‘material change’ is defined to include various specified events in the insurer’s business, structure, management and ownership. The BMA has the power to object to a material change. A similar regime applies to insurance groups – albeit, for that purpose, there is a narrower definition of what amounts to a ‘material change’;
• a ‘cyber reporting event’. The law on such events is further discussed in question 12.2;
• an insurer’s failure to meet the relevant MMS requirement; and
• an insurer’s failure to comply with any applicable ECR.

In addition to the above, an insurer’s ‘principal representative’ has separate and additional duties to notify the BMA in specified circumstances, and to make related reports to the BMA.

8.3 What key governance requirements apply to insurance companies in your jurisdiction?

As indicated in question 5.2, for an insurer to gain registration by the BMA, one of the requirements is that the BMA be satisfied that the insurer meets the minimum criteria set out in the Schedule. The minimum criteria include a provision according to which an insurer must “implement corporate governance policies and processes as the [BMA] considers appropriate given the nature, size, complexity and risk profile of the registered person”. Thereafter, an insurer must make an annual declaration to the effect that it has complied with all of the minimum criteria applicable to it.

The BMA’s approach to corporate governance is set out mainly in two documents:

• The Statement of Principles, published pursuant to the Insurance Act 1978 (Insurance Act), states that the BMA regards corporate governance as an aspect of the requirement that an insurer must conduct its business in a prudent manner, the latter itself being a minimum criterion. Part of the BMA’s overall assessment of corporate governance is to evaluate the composition, role and effectiveness of an insurer’s board of directors, including the presence of non-executive directors, if appropriate.
• 
  The Insurance Code of Conduct, also published under the Insurance Act, states that the BMA takes a proportionate approach to the assessment of insurers’ compliance therewith, including in relation to corporate governance. The BMA requires every insurer to establish and maintain a sound corporate governance framework, within which:

• • the ultimate responsibility for the sound and corporate governance and for oversight of the insurer lies with the board of directors. The board is not absolved of that responsibility even if it delegates authority to committees, specific executives or third parties; and
  • 
    the BMA considers that, in order to conduct its business in a prudent manner, an insurer must establish sound governance mechanisms, among other things. These include:

  • • an appropriately staffed and managed risk management function;
    • an internal control function;
    • an internal audit function;
    • a compliance function;
    • an actuarial function; and
    • ongoing self-assessment of the insurer’s capital requirements.

Other aspects of the corporate governance of insurers, particularly those applicable only to specific classes of insurer, are addressed in secondary legislation.

For an insurance group, more detailed and prescriptive corporate government requirements are applicable than for non-group insurers.

8.4 What key risk management requirements apply to insurance companies in your jurisdiction?

The minimum criteria referred to in questions 5.2 and 8.3 are also relevant in relation to the risk management requirements imposed on an insurer under Bermuda law. As discussed there, an insurer must conduct its business in a prudent manner, which is not regarded by the BMA as being fulfilled “unless [the insurer] maintains sufficient capital to enable it to meet its insurance obligations, given the size, business mix, complexity and risk-profile of its business”.

Beyond the foregoing, according to the Insurance Code of Conduct, the BMA considers risk management to be part of the corporate governance of an insurer, for which its board of directors is responsible. An insurer’s board of directors, its chief executive and its senior executives must adopt an effective risk management and internal controls framework. The risk management framework must:

• identify all material risks to which the insurer is exposed, both financial and non-financial;
• assess the potential impact of those risks; and
• develop policies and strategies to effectively manage, mitigate and report all material risks.

The types of material risk to which the foregoing requirements apply are:

• insurance underwriting risk;
• investment, liquidity and concentration risk;
• market risk;
• credit risk;
• systems and operations risk;
• group risk;
• strategic risk;
• reputational risk; and
• legal/litigation risk.

Additional risk management requirements for insurers are provided by secondary legislation, on a class basis.

Insurance groups must comply with risk management requirements which are, in some respects, more detailed and more prescriptive than those applicable for non-group insurers.

9 Senior management

9.1 What requirements apply with regard to the management structure of insurance companies in your jurisdiction?

As noted in question 4.2, for an insurer to be registrable by the Bermuda Monetary Authority (BMA), it must be a body corporate.

Accordingly, the first layer of legal requirements as to an insurer’s management structure arises in company law. In that connection, for brevity, the requirements mentioned here refer only to those for a company registered under the Companies Act 1981.

A company’s affairs must be managed by at least one director. Subject to the company’s bye-laws, the directors may exercise all the powers of the company, except those reserved by statute or by the bye-laws to the members. Ordinarily, a meeting of members, known as the annual general meeting, must be convened at least once in every calendar year. Other general meetings, known as special general meetings, can also be convened either by the directors or by members holding at least 10% of the total voting rights of all members.

Turning to the requirements on the management structure imposed specifically on insurers by Bermuda law, the minimum criteria for registration imposed by the Insurance Act 1978 (Insurance Act) state that if a registered person is a body corporate, then “at least two individuals shall effectively direct” it. According to the Statement of Principles published by the BMA under the Insurance Act, the BMA normally expects the individuals in question to be either executive directors or persons to whom the board of directors has delegated executive powers and who report directly to the board of directors.

The minimum criteria require a registered person which is a body corporate to consider, in light of the nature and scale of its operations, whether its board of directors should include non-executive directors and, if so, how many. The BMA can require the addition of non-executive directors, if it deems appropriate.

The risk management requirements discussed in question 8.4 have implications for an insurer’s management structure, because the BMA requires an insurer’s risk management framework to be embedded in its organisation.

There are two kinds of statutory provision which tend to have the effect that an insurer must be directed and managed from Bermuda:

• Pursuant to the Insurance Act, in general, an insurer of one of Classes 3A, IIGB, 3B, 4, C, D, E or a collateralised insurer must have its head office in Bermuda and must be directed and managed from Bermuda. The Insurance Act does not impose comparable requirements on other classes of insurer.
• Under the Economic Substance Act 2018 and the Economic Substance Regulations 2018, every entity engaged in a ‘relevant activity’ must “maintain a substantial economic presence in Bermuda”. For this purpose, the concept of ‘entity’ includes a company, including a company registered under the Companies Act. ‘Relevant activity’ means, among other things, carrying on the business of insurance. In respect of insurers, the content of the economic substance requirements is elaborated in statutory guidance published by the minister of finance.

For an insurance group, the management structure requirements are more elaborate than those applicable for non-group insurers.

9.2 How are directors and senior executives appointed and removed? What selection criteria apply in this regard?

In general, Bermuda law concerning the appointment and removal of an insurer’s directors and senior executives is in the first instance a matter of company law. For example, in respect of a company registered under the Companies Act 1981, its bye-laws can regulate these issues, subject to which:

• the appointment of a company’s directors is by a statutory or general meeting of the company; and
• a special general meeting is required for the removal of a director.

Some aspects of Bermuda insurance regulatory law are also relevant to the appointment and removal of directors and senior executives. The most important of these are as follows:

• 
  The minimum criteria require, among other things, that every person who is, or is to be, an officer of a registered person be ‘fit and proper’ to perform functions in relation to the regulated person’s activity. In this context, ‘officer’ means a director, secretary, chief executive or senior executive. Factors relevant to whether a person is fit and proper include:

• • his or her probity, competence and soundness of judgement and diligence; and
  • whether the interests of clients or potential clients of the registered person would be threatened by his or her holding that position.

• The BMA may conduct an investigation where it appears to the BMA that an individual may not be a fit and proper person to perform functions in relation to the regulated activity.
• In some circumstances, the BMA can give directions to a registered person for an officer of the latter to be removed.
• Where it appears to the BMA that an individual is not a fit and proper person to perform functions in relation to a regulated person’s regulated activity, then the BMA can make a prohibition order. Such an order can prohibit the individual in question from performing a specified function, a function falling within a specified description or any function.
• When a person becomes or ceases to be an officer of an insurer or insurance group, or when an officer role is outsourced, the BMA must be notified accordingly.

9.3 What are the legal duties of directors and senior executives of insurance companies?

In Bermuda law, the duties of an insurer’s officers are, in the first instance, a matter of company law. Here, the key duties in question are discussed only in relation to a company registered under the Companies Act 1981 (Companies Act), which defines ‘officer’ to include both a director and a secretary of a body corporate. Subject to any contrary law, a company’s bye-laws can regulate the duties, responsibilities and functions of all of its officers and employees.

Pursuant to the Companies Act, an officer of a company must:

• “act honestly and in good faith with a view to the best interests of the company”; and
• “exercise the care, diligence and skill that a reasonably prudent person would exercise in comparable circumstances”.

The requirement to act honestly and good faith reflects the general equitable obligations of a fiduciary to his or her principal. Equity prohibits, among other things, a fiduciary from entering into any transaction in which he or she has a personal interest and which might conflict with his duty to his or her principal, unless the principal consents to the transaction with full knowledge of all the material circumstances, including the nature and extent of the fiduciary’s interest.

While in company law, the duties of an officer are generally owed to the company, the courts of Bermuda have inferred from various insolvency-related provisions of the Companies Act that, “after the onset of insolvency”, a director exercising his or her general management duties must “have primary regard to the welfare of the company’s creditors”.

Subject to a qualification below, under the Companies Act, a company may exempt or indemnify, among others, an officer or any person employed by the company from or with respect to any loss arising or liability attaching to that person by virtue of any rule of law in relation to any negligence, default, breach of duty or breach of trust committed by that person in respect of the company or any subsidiary thereof. Such an exemption or indemnity is void if it purports to apply in respect of any fraud or dishonesty in relation to the company.

In addition, a company can purchase and maintain related insurance for the benefit of any officer of the company.

From the perspective of Bermuda insurance regulatory law, the officers of a company have additional duties, including the following provided by the Insurance Code of Conduct:

• In relation to corporate governance, the BMA requires the chief executive and senior executives of an insurer to support the board of directors in the prudent management of the insurer.
• Together with the board of directors, the chief executive and senior executives are required to adopt an effective risk management and internal controls framework for the insurer, as well as regularly assess the design and effectiveness of that framework.
• Together with the board of directors, the chief executive and senior executives are required to review and assess the effectiveness of the insurer’s internal reporting and operating controls, and timely implement measures to resolve any deficiencies.

9.4 How is executive compensation regulated in your jurisdiction?

There is no Bermuda legislation concerning the remuneration of an insurer’s directors, senior executives and/or employees. For a company registered under the Companies Act 1981, its bye-laws can regulate the remuneration of all officers and employees. Otherwise, the issue is addressed as a matter of contract between the company and any given person.

From an insurance regulatory perspective, the Insurance Code of Conduct published by the BMA under the Insurance Act 1978, makes it a corporate governance requirement that an insurer’s board of directors adopt and oversee “the effective implementation of a remuneration policy, which does not induce excessive or inappropriate risk taking, is in line with the identified risk appetite and long term interests of the insurer, and has proper regard to the interests of its stakeholders”. Such a remuneration policy must cover at least:

• the members of the board of directors;
• senior management;
• key persons in control functions; and
• other employees whose conduct may have a material impact on the insurer’s risk exposure.

10 Change of control and transfers of insurance companies

10.1 How are the assets and liabilities of insurance companies typically transferred in your jurisdiction?

In Bermuda, the transfer of an insurer’s assets and/or liabilities, apart from ordinary contract (eg, sale/purchase agreement), are primarily regulated by company law. For present purposes, key provisions are those set out in the Companies Act 1981 (Companies Act) relating to:

• schemes of arrangement (‘schemes’) with creditors or members;
• reconstruction;
• acquisition and compulsory acquisition;
• consolidation of capital;
• selective reduction of capital;
• amalgamation; and
• merger.

In relation to all of the foregoing, the Companies Act includes provisions for the protection of dissenting members or creditors, as the case may be.

Turning to an insurance regulatory perspective concerning the transfer of the assets and/or liabilities of an insurer, there are relatively few requirements which are additional to those imposed by company law. They are set out in the Insurance Act 1978, to the following effect:

• 
  A scheme under which the whole or any part of the long-term business of any insurer is to be transferred to another insurer cannot lawfully occur unless:

• • a report by an approved actuary is served on the Bermuda Monetary Authority (BMA) and filed with the court;
  • sufficient notice of the scheme is given to each policyholder affected; and
  • that notice is published as prescribed.

• An insurer which conducts both long-term business and general business must not transfer assets from the former to the latter, unless immediately following the transfer the insurer continues to meet the enhanced capital requirement and minimum margin of solvency that are applicable to its long-term business. The converse requirements apply to a transfer of assets by such an insurer from its general business to its long-term business.
• 
  Certain events amount to a material change in respect of an insurer or an insurance group – namely:

• • the acquisition or transfer of insurance business as part of a scheme;
  • an amalgamation with or acquisition of another firm;
  • the transfer other than by way of reinsurance of all or substantially all of a line of business; and
  • the sale of an insurer.

• The insurer or designated insurer must give notice in writing to the BMA and the BMA has a right to object.

10.2 What requirements must be met in the event of a change of control?

The Insurance Act 1978 (Insurance Act) sets out its own provisions regulating changes of control in relation to an insurer and the reporting thereof. In that context, ‘controller’ means, among other things, any of the following:

• a person that holds 10% or more of the voting shares in the registered person, or that is entitled to exercise or control the exercise of such voting rights;
• a person that can exercise a significant influence over the management of the registered person by virtue of holding shares in the registered person, or by being entitled to exercise or control the exercise of voting power over such shares; and
• 
  a person in accordance with whose instructions any of the following persons are accustomed to act:

• • the directors of a registered person, or of another company of which the registered person is a subsidiary; or
  • persons who are controllers of the registered person by virtue of the first and second points above.

A person whose position in relation to an insurer is of a kind described in the first and second points above is defined to be a ‘shareholder controller’.

Under the Insurance Act, the Bermuda Monetary Authority (BMA) must be served with a notice in writing where a person:

• intends to become a 10%, 20%, 33% or 50% shareholder controller of an insurer;
• becomes such a shareholder controller; or
• intends to reduce or dispose of his holding of shares below any of those thresholds in an insurer of specified classes.

The statute provides for the required timing of such notice and for the possibility of objection by the BMA, depending on further criteria. Those criteria include whether the insurer in question is one whose shares, or the shares of its parent company, if any, are traded on a stock exchange.

An insurer must serve notice in writing on the BMA when any person has become or ceased to be a ‘controller’ of the insurer, subject to some exceptions. There is no corresponding notification requirement imposed on a designated insurer in respect of a change of controller of an insurance group.

From the perspective of Bermuda company law, beneficial ownership information must be disclosed, among other things, in respect of any application to the Registrar of Companies for the registration of a company under the Companies Act 1981 (Companies Act). For this purpose, ‘beneficial owner’ is defined to include, among other things:

• an individual or individuals who directly or indirectly own or control more than 25% of the shares, voting rights or interests in the company; or
• if no such individuals exist or can be identified, an individual or individuals who control the company by other means.

Corresponding information must be filed with the BMA at the time of, or in some circumstances shortly after, the registration of a company.

Pursuant to the Companies Act, in general, a company must:

• take reasonable steps to identify its beneficial owners; and
• keep and maintain up to date a corresponding register.

These preceding provisions need not be complied with duplicatively where beneficial ownership information is filed pursuant to any other statutory provision.

An insurer which is a registered person under the Insurance Act is exempt from the Companies Act requirements concerning beneficial ownership. Notably, this exemption does not apply at the time of filing an application for incorporating a company which is intended to become an insurer because, at that point, the applicant is not yet a registered person in the meaning of the Insurance Act.

11 Consumer protection

11.1 What requirements must insurance companies comply with to protect consumers in your jurisdiction?

The Insurance Act 1978 confers functions and powers on the Bermuda Monetary Authority (BMA) expressly “for the purpose of protecting the interests of clients and potential clients” of persons carrying on insurance business, and of insurance managers, brokers, agents, or salesmen. In carrying out its supervisory functions, the BMA considers, in relation to any concern, what steps to take in order to protect policyholders and potential policyholders.

The BMA assesses whether a person is fit and proper to be the controller or officer of a registered person, including by having regard to whether the person in question has previously contravened any enactment which appears to the BMA to be designed to protect members of the public.

In addition to the general insurance regulatory regime, and apart from the formality requirements referred to in question 2.3, a consumer protection objective appears in the following insurance laws, among others:

• Health Insurance Act 1970: Only an insurer licensed by the Bermuda Health Counsel may lawfully conclude a contract of health insurance falling within the scope of the act. That scope is limited to health insurance offered to the Bermuda public. Under the act, a licensed insurer may offer to the public a contract of health insurance only if the contract provides no less than ‘standard health benefit’. At any rate, in respect of such a contract of health insurance, regardless of its wording, the scope of liability of the insurer is subject to legislative minima.
• 
  Life Insurance Act 1978: The scope of this legislation is limited to a contract of insurance made in Bermuda, unless the parties agree that the law of another jurisdiction is to apply to the contract, and to contracts which by their terms are expressed to be governed by Bermuda law. Among other matters, the statute provides for:

• • a grace period for the payment of an insured’s premiums other than the initial premium and for the reinstatement of a lapsed contract, subject to certain criteria; and
  • an attenuation of the consequences of some forms of pre-contractual misrepresentation by the insured.

• Motor Car Insurance (Third Party Risks) Act 1943: The statute creates a scheme of compulsory insurance in respect of the use of a motor car on a highway or on an estate road in Bermuda. For a person to lawfully undertake insurance business of this kind, it must obtain authorisation from the minister of finance. A policy under the act must comply with legislative requirements as to minimum scope and content. Plus, the act provides that some conditions in such a policy are of no effect – for example, certain exclusions of liability.

11.2 What other measures has the state implemented to protect consumers in the insurance sector?

The Consumer Protection Act 1999 created the Consumer Affairs Board (CAB). The functions of the CAB include ensuring and protecting the rights of consumers. The statute primarily regulates two areas of consumer protection, of which one is relevant here – namely, the prohibition of ‘unfair business practices’ (UBPs). The act sets out a list of UBPs relating to goods and services, such as a false, misleading or deceptive consumer representation. Engaging in a UBP is a criminal offence. Remedies against a UBP include:

• the rescission of a resulting contract at the election of the consumer; and/or
• damages.

There are aspects of the general contract law of Bermuda which are relevant to consumer protection, and which are of interest from an insurance perspective:

• 
  At common law:

• • a contractual indemnity or exclusion clause is construed/interpreted in the same way as any other clause in a contract;
  • liability for negligence can be excluded by contract, including by general words, such as ‘however caused’; and
  • an ambiguous contract provision is construed/interpreted against the person who drafted or proposed it. This principle, which is known as ‘contra proferentem‘, has been held to apply with particular force in the context of an insurance contract.

• The Supply of Services (Implied Terms) Act 2003, while regarded as an item of consumer protection legislation, has been held merely to codify the pre-existing common law about the exclusion of liability. The act provides, among other things, that in a contract for the supply of a service, where the supplier is acting in the course of business, there is an implied term of ‘reasonable care and skill’. It has been held that, while this duty cannot be excluded by contract, liability in damages for breach of the duty can be excluded or indemnified against, subject to possible arguments that the scope of the exclusion/indemnity is unreasonable and thus void for public policy reasons.
• In relation to motor accidents, in 1990 the Bermuda insurers participating in the domestic market and licensed under the Motor Car Insurance (Third Party Risks) Act 1943 entered into a written agreement with the minister of transport for the creation of the Motor Insurers Fund (MIF). The purpose of the MIF is to compensate the victims of uninsured or untraceable drivers in specified circumstances and up to the limits provided.

12 Data security and cybersecurity

12.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for insurance companies?

In Bermuda law, issues related to data protection are addressed through:

• the Constitution;
• the common law; and
• the European Convention on Human Rights (ECHR).

Data protection issues will also be governed by the Personal Information Protection Act 2016 (PIPA), once it has been fully brought into force. Concerning an insurer, neither the Insurance Act 1978 nor the Statement of Principles issued thereunder by the Bermuda Monetary Authority (BMA) imposes any specific data protection requirements. The Insurance Code of Conduct addresses this topic only briefly, with a focus on the safeguarding of customer, policyholder and employee information.

Bermuda’s general constitutional position was referred to in question 1.2. The Constitution, which enjoys primacy over any enactment of the Bermuda Parliament, provides for fundamental rights and freedoms for every person in Bermuda. Three of those appear to be relevant to the topic of data protection:

• There is a right to a ‘fair hearing’ in court and similar legal proceedings. This encompasses the protection of legal privilege, which is otherwise a concept that has developed at common law.
• A right headed “protection for the privacy of a person’s home and other property” has been interpreted broadly – including, for example, to encompass seizure by the police from an attorney’s office of back-up tapes containing word-processing files.
• The right to freedom of expression includes “freedom from interference with [a person’s] correspondence”. The latter has been held to be analogous to the correspondence-related part of article 8 of the ECHR.

Aspects of the common law of Bermuda are relevant to data protection. Apart from legal privilege, which was referred to above, two causes of action deserve mention: breach of confidence and misuse of private information, both of which originate in English law.

The ECHR applies to Bermuda since 2010, but it does not form part of the domestic law of Bermuda. Therefore, the competent court in respect of an action relying on an ECHR right is the European Court of Human Rights. Nevertheless, the ECHR is regarded as persuasive authority in relation to domestic law. The ECHR is relevant to the topic of data protection, primarily due to article 8, which provides a right to respect for private and family life, including a person’s home and his or her correspondence. A company has also been held to benefit from this right, for example, in respect of its correspondence held at its business premises, even if no personal data is involved.

As to PIPA, at the time of its enactment in 2016, the Bermudian government stated that the statute would come into force in two years. As of the date of this Q&A, only a small proportion of PIPA had come into force, essentially limited to the establishment of the office of the privacy commissioner. PIPA has some conceptual similarity to the EU General Data Protection Regulation 2016/679. When the substantive provisions of PIPA are brought into force, this statute will be the most specific data protection legislation in Bermuda, applying to the ‘use’ of ‘personal information’ by an ‘organisation’, subject to the qualifications, exclusions and exemptions set out in PIPA.

12.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for insurance companies?

The Insurance Act 1978 includes only one provision specifically relating to information security. An insurer must notify the BMA of a ‘cyber reporting event’ upon learning of its occurrence. Thereafter, the insurer must provide to the BMA a written report of the particulars of the event in question. A cyber reporting event includes unauthorised access to, or disruption or misuse of, the electronic systems of the insurer, or of information stored thereon, and similar occurrences, where at least one of a list of further criteria is fulfilled. Those criteria include the following:

• The event is likely to have an adverse impact on policyholders or clients; or
• The insurer is of the view that there is a likelihood that its loss of system availability will have an adverse impact on its insurance business.

A ‘schedule of cyber risk management’ must be filed with the BMA as part of each statutory financial return of insurers in Class 1, 2, 3, IGB, ILT, A and B, and by a Special Purpose Insurer. It appears that the BMA interprets this legislative requirement to apply also to insurers of other classes. In addition, the BMA requires all insurers to comply with various high-level principles which are relevant to cybersecurity, as follows:

• According to the Statement of Principles, a registered person must have records and systems of a nature and scope “so that its business can be conducted without endangering its policyholders and potential policyholders”.
• The Insurance Code of Conduct requires an insurer’s risk management framework to address systems and operations risk, covering its ‘IT infrastructure’, among other things.

The BMA has published a code of conduct for operational cyber risk management (Cyber Code). The Cyber Code came into force on 1 January 2021 and registered persons must come into compliance with it by 31 December 2021.

13 Financial crime

13.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for insurance companies?

In Bermuda law, money laundering and/or other financial crimes are addressed in about a dozen statutes, plus related secondary legislation. In this Q&A, only the key items of legislation are highlighted, particularly as they apply to insurers.

The Bermuda Monetary Authority Act 1969 defines ‘financial crime’ to mean any offence which involves any of the following:

• dishonesty or fraud;
• unlawful activity connected with a financial market;
• dealing with the proceeds of ‘criminal conduct’ as defined by the Proceeds of Crime Act 1997 (‘PoC Act’); or
• terrorist financing as defined in the Anti-Terrorism (Financial and Other Measures) Act 2004.

In turn, the principal objectives of the Bermuda Monetary Authority (BMA) are stated to include:

• assisting with the detection and prevention of financial crime; and
• performing duties conferred on it by anti-money laundering (AML) and anti-terrorist financing (ATF) legislation.

For an insurer, the most salient provisions of the PoC Act are those in Part V, which concerns money laundering. ‘Money laundering’ is defined to include, among other things, the acquisition, possession, transfer and use of ‘criminal property’. Related legal requirements include the following:

• 
  A person must make a disclosure when:

• • he or she knows, suspects or has reasonable grounds to suspect that any funds or other assets are derived from criminal conduct, or a money laundering offence has been or is being committed or has been attempted; and
  • the information in question has come to that person in the court of his or her trade, profession, business or employment.

• Such disclosure must be made to the Financial Intelligence Agency, which was established by the Financial Intelligence Agency Act 2007.




• The minister responsible for justice has made regulations for the purpose of detecting and preventing money laundering – namely the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008 (AML/ATF Regulations). The AML/ATF Regulations apply to a ‘relevant person’, which includes an insurer (but not a reinsurer) registered under the Insurance Act 1978, if the insurer carries on specified types of long-term business and/or certain other investment-related insurance, as defined. As to subject matter, the AML/ATF Regulations apply to situations, among other things, where a relevant person establishes a ‘business relationship’ with a customer or carries out an occasional transaction with a customer. In such situations, a relevant person must apply ‘customer due diligence measures’ in respect of the customer. Instead, subject to specified criteria, ‘simplified due diligence’ or ‘enhanced due diligence’ may be required. A relevant person must also conduct ‘ongoing monitoring’ and comply with legislative requirements concerning record keeping, the establishment and maintenance of appropriate policies and procedures and so on.
• In relation to insurers, the BMA has supervisory and enforcement powers regarding the AML/ATF Regulations. These powers are conferred on the BMA by the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing Supervision and Enforcement) Act 2008.

Apart from the legislation above, which deals specifically with financial crime, the topic is also addressed by Bermuda’s insurance regulatory instruments – most prominently, under the Insurance Act 1978, in relation to the minimum criteria referred to in questions 5.2 and 8.3. When the BMA determines for the purposes of the minimum criteria whether a registered person is conducting its business in a prudent manner, it must take into account any failure by a registered person to comply with the provisions, among other things, of any AML/ATF legislation, including the PoC Act and the ATF Act.

14 Competition

14.1 What specific challenges or concerns does the insurance sector present from a competition perspective? Are there any pro-competition measures that are targeted specifically at insurance companies?

There are no provisions of Bermuda law applicable to insurers which could be regarded as being comparable in nature to competition law in the European Union or the United Kingdom, to antitrust law in the United States or to the regulatory systems which exist in those jurisdictions for the control of acquisitions, mergers and takeovers.

For insurers, the following aspects of Bermuda law can be said to be relevant to the regulation of anti-competitive conduct.

Under the Insurance Act 1978, the statutory functions and powers of the Bermuda Monetary Authority (BMA) have been conferred on it “for the purpose of protecting the interests of clients and potential clients” of persons carrying on insurance business and of certain other persons operating in the insurance sector. The interest of clients and potential clients are also among the factors relevant to the BMA’s determination of whether a person is fit and proper to hold any particular position in relation to a registered person. Therefore, in principle, anti-competitive activity by an insurer, which is a risk to the interests of clients or potential clients, could be regarded by the BMA as a matter going to the fitness and propriety of the persons responsible for the conduct of the insurer’s business, such as its directors and/or controller(s). However, neither the Statement of Principles published by the BMA nor its Insurance Code of Conduct refers to anti-competitive conduct as a factor in the BMA’s insurance regulatory approach.

The Protection of Trading Interests Act 1981 (PTI Act) provides various protections to Bermudian trading interests against certain measures taken by an overseas country. Under the PTI Act, ‘trade’ includes any activity carried on in the course of business of any description, and ‘trading interests’ is to be construed accordingly. The PTI Act appears not yet to have been considered in detail by the courts of Bermuda. However, in relation to a very similarly worded item of UK legislation, the courts of both England and Scotland have found that Parliament’s intention for its enactment was mainly to protect that country’s trading interests from the extra-territorial effects of legal measures and court judgments under US antitrust legislation. The provisions of the PTI Act include the following:

• In specified circumstances, the minister of finance may make orders to prohibit any person in Bermuda from complying with an overseas country’s measures regulating or controlling international trade which apply to things done outside the territorial jurisdiction of that country by persons carrying on business in Bermuda or the United Kingdom.
• 
  A judgment given by a court of an overseas country cannot be enforced by a Bermuda court, among other things, if it:

• • is for multiple damages; or
  • is based on a provision or rule of law concerned with business competition and the minister makes a relevant order in respect of it.

The common law of Bermuda recognises the concept of restraint of trade. Related Bermudian judgments have cited with approval the corresponding English case law. Thus, a restrictive covenant in a contract, such as an anti-competition covenant, may in some circumstances be held to be unreasonable for being prejudicial to the public interest. If so, then the covenant in question is void.

15 Restructuring and insolvency

15.1 What provisions govern insolvency in your jurisdiction and what specific implications do these have for insurance companies?

The insolvency of companies in Bermuda law reflects the diversity of recognised corporate forms, the latter of which were discussed in question 4.2. Here, discussion is limited to the insolvency of companies registered under the Companies Act 1981 (Companies Act). One way to address the insolvency of such a company is a scheme of arrangement – that is, a compromise arrangement between a company and its creditors (or any class of them), pursuant to a procedure provided by the Companies Act and related legislation.

Otherwise, the only form of insolvency procedure available is winding up, also known as liquidation. A characteristic feature of Bermuda insolvency practice is the extensive use of provisional liquidators. Upon the presentation of a winding-up petition, or at any time thereafter and before the first appointment of a liquidator, the court may appoint a provisional liquidator. The court may limit the provisional liquidator’s powers by the order appointing it. Thus, winding-up petitions are not infrequently presented not with the intention to liquidate a company, but to have a provisional liquidator appointed to oversee a restructuring.

Pursuant to the Companies Act, liquidation can take two main forms: winding up by the court or voluntary liquidation.

Winding up by the court must be initiated by the presentation of a petition. It is available in circumstances including if:

• a company is unable to pay its debts; or
• the court is of the opinion that it is ‘just and equitable’ for the company to be wound up.

In this context, a company is deemed to be unable to pay its debts when they fall due, not only in a literal sense of being cash-flow insolvent. Various other circumstances defined in the Companies Act also suffice, which have been held to include balance-sheet insolvency.

The most common scenario in which voluntary winding up is available is where a company resolves in general meeting that it should be wound up voluntarily. A voluntary liquidation is referred to as a ‘member’s voluntary winding up’ or a ‘creditors’ voluntary winding up’, depending on whether, once voluntary winding up is proposed, each person among a majority of the directors makes a requisite statutory declaration concerning the company’s solvency.

Bermuda has no legislation to provide for judicial cooperation in cross-border insolvency cases. The common law of Bermuda enables some such cooperation, including:

• the facilitation of parallel insolvency proceedings in another jurisdiction, such as under Chapter 11 of the US Bankruptcy Code; and
• the recognition of foreign winding-up orders.

However, the Bermuda court cannot assist a foreign court at common law by extending the scope of the Bermuda insolvency legislation to situations to which that legislation does not apply.

Turning to the aspects of Bermuda insolvency law which are of interest specifically in relation to insurers, some of the key legislative provisions are as follows:

• The court may wind up an insurer on the petition of 10 or more policyholders owning policies of an aggregate value of not less than $50,000 if the insurer is a company which could be otherwise wound up under the Companies Act and subject to further requirements. While a policyholder is by definition a contingent creditor of an insurer, that status does not allow a policyholder to present a winding-up petition. However, this does not apply an actual creditor which also happens to be policyholder of an insurer.
• 
  The Bermuda Monetary Authority (BMA) may present a petition to wind up an insurer if the latter is a company which could be otherwise wound under the Companies Act on any of the following grounds:

• • The insurer is unable to pay its debts, as provided by the Companies Act;
  • The insurer has failed to satisfy an obligation to which it is, or was, subject by virtue of the Insurance Act 1978; or
  • It appears to the BMA that it is expedient in the public interest to wind up the insurer, unless the insurer is already being wound up by the court. The court may then wind up the insurer if it thinks that it would be ‘just and equitable’ to do so.

• If an insurer has been proved to be unable to pay its debts, then instead of making a winding-up order, the court may, if it thinks fit, reduce the amount of the insurer’s contracts on such terms and conditions as the court thinks ‘just’.
• 
  The BMA may present a petition for the winding up of a company which:

• • is or has been a registered person;
  • is carrying on or has carried on business in contravention of certain anti-money laundering or anti-terrorist financing legislation; or
  • has failed to comply with international sanctions obligations.

16 Trends and predictions

16.1 How would you describe the current insurance landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

Since 2020, there has been a widely reported hardening of the Bermuda insurance market – that is, an increase of premiums. This has been driven not only by the COVID-19 pandemic, but also by various high-value natural catastrophes. In response, existing and start-up insurers in Bermuda raised an estimated $15 billion of new capital during the year by issuing equity and/or debt. Also, there was significant new issuance of insurance-linked securities listed on the Bermuda Stock Exchange, totalling $15.8 billion.

In 2020, the Bermuda Monetary Authority (BMA) published a volume of new insurance regulatory guidance, much of which focused on special purpose insurers (SPIs) and incorporated segregated accounts companies (ISACs):

• In relation to SPIs, the BMA has stated that it considers such structures to be appropriate only for ‘sophisticated’ cedants and investors. It has also given a detailed definition of what it means for an SPI to be ‘fully collateralised’, as required.
• Regarding ISACs, the BMA’s guidance elaborates the requirements it expects of an ISAC for registration purposes, as well as in relation to its ongoing management, governance, regulatory reporting and other matters.

Regarding developments expected in the next 12 months, as of the time of writing, the Bermuda Parliament has no significant draft legislation concerning insurance before it. However, the BMA’s consultation pipeline indicates that further regulatory activity may be imminent in three respects:

• The BMA is proposing to implement a ‘conduct of business’ regulatory regime to promote what it calls the ‘fair and equitable’ treatment of financial services customers in Bermuda.
• The BMA has consulted on the introduction of the concept of ‘internationally active insurance group’, to reflect an international regulatory initiative.
• The BMA is proposing to amend some of the secondary legislation relating to the supervision of insurance groups, to insert requirements about cyber risk management.

In addition, a report on climate change risk published by the BMA in March 2021 highlighted this topic as a short to medium-term regulatory priority. The BMA’s related objectives include:

• performing a climate change risk exposure assessment and vulnerability analysis ‘trial run’; and
• providing guidance to insurers about how to integrate climate change into their corporate governance and risk management.

Shortly thereafter, the Association of Bermuda Insurers and Reinsurers announced an initiative aimed at closing the global under-insurance ‘protection gap’ it has identified in respect of climate risk.

17 Tips and traps

17.1 What are your top tips for insurance companies operating in your jurisdiction and what potential sticking points would you highlight?

The Bermuda Monetary Authority’s (BMA’s) most recent yearly report on Bermudian insurers’ cyber risk underwriting shows an ongoing rapid increase in this line of business. In addition, according to the BMA, the majority of all-risk, general liability policies written by Bermuda insurers do not contain cyber risk exclusions. The BMA has expressed concern that insurers may be unaware of the magnitude and nature of their full cyber-exposures, particularly through non-affirmative policies.

The BMA is therefore requiring insurers to implement adequate systems to identify, measure, mitigate and monitor those exposures, including by ongoing model review and model validation exercises. The BMA will require greater disclosure by insurers in their regulatory filings on how they manage both affirmative and non-affirmative cyber risk exposures. For policy renewals from January 2022, policy wordings will need to clearly state this, either in the form of exclusions or by adding relevant endorsements.

In October 2020, the BMA published a code of conduct for operational cyber risk management (Cyber Code). The Cyber Code came into force on 1 January 2021 and registered persons are required to come into compliance with it by 31 December 2021. Failure to comply with the Cyber Code will be taken into account by the BMA in assessing whether a registered person conducts its business in a prudent manner, as required by the minimum criteria under the Insurance Act 1978.

To achieve compliance with the Cyber Code, as with all other regulatory requirements, we suggest that insurers s seek advice from experienced Bermuda service providers. Where necessary, we also suggest that insurers engage in early and active discussion with the BMA.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.