Finologee RegTech Know-How Series | #1

On 22 October 2018, the Luxembourg insurance sector regulator, the Commissariat aux Assurances (CAA), issued an impactful text in the form of CAA Circular 18/9 introducing new harmonized evaluation questionnaires relating to risks of exposure to money laundering and terrorism financing for life-insurance companies.

October 22, 2021

3-year anniversary of Circular CAA 18/9
How life insurers can leverage digitalisation to fine-tune their risk scoring

Circular 18/9 turns three years old today – and now that the initial push by life insurance companies for preliminary scoring of contract portfolios is over and that the next 2024 deadline is in sight, it is a great time to look back at its key requirements and contemplate as to how life insurers can make the most of the opportunities which digitalisation offers in order to enhance their assessment, risk-scoring and score lifecycle management methodology.

  1. A look back at the key requirements stemming from Circular 18/9

In a nutshell, the CAA asked all Luxembourg life insurers to ensure that each contract in their portfolio be reviewed and assigned an Anti-Money Laundering (AML) risk score by relying on a new standardized evaluation questionnaire. Furthermore, the CAA wanted initial visibility on the overall risk scoring of all Luxembourg life insurance contracts by the end of 2019. To make meeting this deadline feasible, a two-step approach was implemented with the following key dates:

  • End of 2019: by then, life insurers had to score all existing contracts, but had the possibility for eligible contracts (i.e. individual insurance contracts which did not exceed a certain risk level) to either carry out a full manual assessment upfront, or to apply a temporary risk-based “model point” approach. In practice, the “model point” approach meant grouping contracts with homogenous risk profiles together, define a representative sample of contracts within each group, evaluating manually those sample contracts, and applying the mean score obtained for the sample to the group.
  • End of 2024: all sensitive contracts assessed through the model point approach must be manually re-assessed by then.
  • End of 2027: all less sensitive contracts assessed through the model point approach must be manually re-assessed by then.

However, these are deadlines and life insurers are expected to have an “action plan” before then enabling them to review all contracts within a “reasonable delay”.

In addition, insurers must do the following on an ongoing basis:

  • New subscriptions: the new questionnaires must be used for all new subscribed insurance contracts
  • Contract movements/changes: every movement in a contract (g. additional payment, partial or total surrender, etc.), significant change (e.g. update of beneficiary clause, guarantee, transfer, etc.), or significant modification of an AML risk factor triggers:
    • a full manual re-assessment for contracts assessed through the transitory model point approach in 2019,
    • an update of the questionnaire for contracts already fully manually assessed in 2019 (based on the risk level resulting from the movement/change, there is the possibility to only update relevant questions).
  • Periodic reviews in the absence of movement: There must also be internal procedures setting risk levels/criteria for carrying out periodic reviews of contracts even if there is no movement over a given period.
  1. Challenges and opportunities:

Circular 18/9 has therefore, on top of the obligation to review all stock contracts, created an ongoing obligation for life-insurers to integrate the new CAA questionnaire within their standard client onboarding process. On top of this, a process is also needed for monitoring and updating the information with each contractual or AML risk evolution.

It is therefore strategic to build an efficient, resilient and sustainable processes to ensure compliance.

Below are a few considerations as to how digitalisation could be utilised to maximise efficiency and fluidity in meeting the Circular’s requirements:

  1. Using digital tools to enable quick score calculation: completing questionnaires and performing scores calculation efficiently is important. Although calculating scores manually may be feasible for an individual contract, doing so for all portfolio contracts can increase substantially operational risk. A digital transposition of the standard assessment questionnaires, with an automated score calculation, improves the overall efficiency and robustness of this sensitive process. The standard CAA questionnaire is a perfect candidate for digitalisation, with pre-defined answer possibilities and pre-attributed scores per response.

Tip: although this may also be done using widely available digital tools (e.g. an excel sheet), implementation of a module in a dedicated contract portfolio management tool could be a robust and reliable alternative, as it improves reliability and facilitates control and maintenance of risk scorings. It has the additional benefit of enabling direct linking of the obtained score and questionnaire responses to the full contract/policyholder profile, as well as facilitating archiving and future updates.

  1. Optimising the communication channels used to obtain up-to-date and streamlined information: it may be especially challenging to collect all required information to properly fill in questionnaires (ideally whilst minimising the risk scoring) for existing contracts subscribed. In this case especially, but even for newly subscribed contracts, a fluid information stream between involved parties (end-client-broker-insurance company) is paramount. This can be optimised using digital channels, for example by creating remediation campaigns addressed either to brokers and/or directly to end-customers. These can be carried out via email or paper mail complemented by other means such as SMS channels letting the customer select the preferred approach.


See our article: How to choose the right communication channels to retrieve data from your clients? – Finologee


[colored_box color=”blue”] Tip n°1 [/colored_box] some sections of Circular 18/9 standard questionnaires may justify triggering a remediation process for existing stock contracts, geared towards obtaining up-to-date documents/information from end-customers and/or brokers to be able to insert up-to-date responses generating a lower risk score. For instance, up-to-date pre-obtained identification documents adds zero risk points, whereas, if this documentation is absent, four risk points are added to the overall score for the contract. The CAA also recommends this for tax compliance documentation, stating that “a good practice consists notably in obtaining a tax compliance statement from the client”.

 [colored_box color=”blue”] Tip n°2 [/colored_box] for most standard questions in Circular 18/9, a delegation to brokers could be envisaged, for instance by making completion a mandatory part of the onboarding process for a new client contract. Although ultimate responsibility for compliance and risk assessment remains with the life insurance company, this can save precious back-office time by stream-lining the obtention of most required information.

1.Using digital platforms to fluidify internal communication streams:

communication platforms connecting different departments can facilitate interactions and in turn, compliance with Circular 18/9 obligations, for instance by triggering an automatic assessment review by the compliance department in the event of a contract modification notified by back-office teams – which is important to comply with the ongoing obligation to update the questionnaire assessment where there is a movement on the contract.

2.Efficient score lifecycle management:

Circular 18/9 requests life insurers to have a high traceability of assessments carried out and resulting scoring. Section 3.6 of the Circular imposes the following:

It is essential that companies can identify at any time in their management systems the contracts that have been scored through the “model point” approach.

In addition, the initial score of each contract (and each question), whether it is derived from manual or automatic scoring, as well as all successive scores, must be stored in an electronically usable system and be accessible at a given date in order to ensure a reliable audit trail.”

Life insurance companies should look to use tools that will improve the process efficiency in storing and updating scores, as well as be sufficiently reliable over time to avoid loss of data/difficulties in retracing score and assessment updates (e.g. avoid manual encoding).

3. Optimised use of pre-existing information:

Some of the information needed to complete the 18/9 questionnaire is information that would have been already collected for other reporting/regulatory purposes, or simply for back-office contract management purposes. For example, the type of investment profile of the contract and the premium amount are information elements that are also required to comply with the risk categorisation obligations pursuant to CAA Circular 15/3. Beneficiary clause characteristics, meanwhile, would likely already be collected for legal/compliance purposes.

[colored_box color=”blue”] Tip n°3 [/colored_box] Having a centralised database containing the source information, which can be used from there for multiple purposes, is a good way of maximising efficiency whilst avoiding potential errors resulting from duplicating information (especially manually), therefore also improving data/information quality

About the author:
Finologee is a Luxembourg RegTech specialist serving more than a hundred banks, insurance companies and institutional clients with its Luxembourg-regulation compliant hosted platforms for KYC, payments and bank compliance.

Finologee can assist you with its KYC Manager platform, a digital onboarding and KYC file lifecycle management tool. It helps Luxembourg-based entities subject to anti-money laundering obligations to optimise the management of their KYC and AML-related processes connecting with their end-customers (i.e., natural persons and legal structures), front-office and compliance departments.

KYC Manager can provide you with a centralised tool where segregated environments (e.g. Back Office – Broker – End-Client) enable various stakeholders to have dedicated workflows thereby streamlining the flow of information between the relevant parties while maintaining an appropriate level on independence.

Watch video

In the same category