China Banking and Insurance Regulatory Commission (CBIRC): Insurance group members should avoid excessive reliance on specific assets, trading partners, customers, regions, or markets.

On February 8th, the Office of the National Financial Regulatory Bureau issued a notice on the issuance of the "Insurance Group Concentration Risk Management Guidelines". The guidelines mention that insurance group member companies should avoid excessive reliance on specific assets, counterparties, customers, regions, or markets, fully analyze and judge the impact of specific industries that may be vulnerable to macroeconomic policy and economic cycle fluctuations. For cases where the concentration risk limit is exceeded due to market price changes, relevant reports or approvals should be made according to regulations, and an effective mechanism for managing over-limit situations should be established, enhanced risk analysis for over-limit situations should be conducted, necessary risk diversification measures should be taken, and timely risk resolution and disposal should be carried out. The original text is as follows: Office of the National Financial Supervision and Administration Bureau Notice on Issuance of "Insurance Group Concentration Risk Management Guidelines" Jinbanfa [2025] No. 10 All Insurance Group (Holding) Companies: In order to further improve the risk management level of insurance groups, promote the stable operation of insurance groups, the Financial Regulatory Bureau has formulated the "Insurance Group Concentration Risk Management Guidelines", and it is hereby issued for implementation. Office of the National Financial Supervision Administration Bureau January 26, 2025 Insurance Group Concentration Risk Management Guidelines Chapter I General Provisions Article 1 In order to standardize the management of concentration risk in insurance group companies and promote the stable operation of insurance groups, these guidelines are formulated in accordance with the "Insurance Law of the People's Republic of China" and the "Insurance Group Supervision and Administration Measures" and other laws, regulations, and regulatory requirements. Article 2 The concentration risk referred to in these guidelines means that a single risk or risk combination of insurance group and consolidated member companies, when aggregated at the group level, may directly or indirectly have a significant impact on the normal operations of the group. Article 3 These guidelines apply to the management of concentration risk of insurance group companies lawfully established within the territory of the People's Republic of China. Article 4 The management of concentration risk in insurance groups follows the following principles: (1) Prudence principle. Insurance group companies, based on consolidated accounting, should effectively identify, assess, and prudently manage various types of concentration risks that insurance groups may face, in accordance with the principles of substance over form and transparency. (2) Matching principle. Insurance group companies establish concentration risk management strategies and systems that are adapted to their management model and business complexity, and set concentration risk indicators and limits prudently based on the capital levels and risk tolerance of the insurance group. (3) Unity principle. Concentration risk management adheres to the principle of top-down unity. Under the unified risk management policy of the insurance group, various concentration risk limits and management measures should be consistent and coordinated, so that the requirements of concentration management can be implemented in all member companies within the group, achieving a synergistic effect with the group's strategic development goals and consistent with comprehensive risk management objectives. (4) Dynamism principle. Insurance group companies should dynamically adjust their concentration risk control strategies based on regulatory policies and regulations, company operations, risk preferences, internal and external environmental changes, etc., establish a mechanism to update concentration risk indicators and limits, and achieve dynamic management of concentration risk. Article 5 Insurance group companies incorporate concentration risk management into their comprehensive risk management system, establish and improve organizational structures, management systems, and information systems that are appropriate for their business scale and complexity, effectively identify, measure, assess, monitor, report, control or mitigate concentration risks. Chapter II Concentration Risk Management System Article 6 Insurance group companies establish a sound concentration risk management organizational structure, clarify the responsibilities of the board of directors, senior management, relevant departments, and member companies, and construct a mutually interconnected and effective balancing management mechanism. Article 7 The board of directors of insurance group companies bears the ultimate responsibility for concentration risk management and performs the following responsibilities: (1) Approval of concentration risk management systems; (2) Approval of risk preferences and risk tolerance; (3) Supervision of senior management's effective management of concentration risks; (4) Review of concentration risk-related reports, understanding changes in concentration risks and management status, and providing management opinions and suggestions based on concentration risk conditions and trends, including but not limited to adjusting business structures, business development speeds, and enhancing capital, etc.; (5) Approval of concentration risk disclosure content. Article 8 The senior management of insurance group companies bear the responsibility for the implementation of concentration risk management and perform the following responsibilities: (1) Reviewing and submitting the concentration risk management system to the board of directors for approval; (2) Reviewing risk preferences and risk tolerance, as well as the process for exceeding limits, and submitting them to the board of directors for approval; (3) Approval of various concentration risk indicators and limits; (4) Promoting the implementation of concentration risk management systems and limits by relevant departments; (5) Regularly reporting changes in concentration risks and management status to the board of directors; (6) Reviewing concentration risk disclosure content and submitting it to the board of directors for approval. Article 9 Insurance group companies clarify the leading department for concentration risk management, responsible for coordinating and overseeing all work. Specific responsibilities include: (1) Organizing relevant departments to fulfill specific concentration risk management responsibilities; (2) Formulating, revising concentration risk management systems, and submitting them to senior management for review; (3) Based on the group's risk preferences, formulating and updating the group's concentration risk indicators and limit management system, including calculation methods, data scope, etc., and submitting them to senior management for approval; (4) Continuously monitoring changes in concentration risks and management status, reporting to senior management and the Risk Management Committee of the board of directors regularly; (5) Formulating concentration risk exceeding limit disposal procedures and submitting them to senior management for review; (6) Formulating concentration risk disclosure content and submitting it to senior management for review; (7) Promoting the construction of information systems related to concentration risk management. Article 10 Insurance group companies coordinate and guide the concentration risk management of major member companies. Major member companies of insurance groups establish sound concentration risk management systems to effectively ensure the implementation of concentration risk management requirements at the member company level. Specific responsibilities include: (1) Clearly define their own concentration risk management architecture and division of responsibilities and report them to the group company for record; (2) Formulate and revise the concentration management system;Risk management system shall be reported and filed with the group company.() Organize the implementation of the group company's requirements for centralized risk management and limit control; (Four) Assist the group company in implementing centralized risk information disclosure work; (Five) Participate in the construction of information systems related to centralized risk management of the group company. Article 11 Insurance group companies shall establish centralized risk management systems in accordance with this guideline, regularly assess the system, and revise it in a timely manner when necessary. The system content should include at least: (1) Management structure and division of responsibilities; (2) Management methods and workflow; (3) Categories of centralized risks and measurement methods; (4) Risk limits and control measures; (5) Management information systems for centralized risk management and data governance mechanisms; (6) Supervision, audit, statistical reporting, and information disclosure requirements. Chapter III Centralized Risk Management Policies and Procedures Article 12 Insurance group companies establish a mechanism for identifying centralized risks, clarify methods and management requirements for identifying centralized risks, comprehensively identify the centralized risks that insurance groups may face, refine the dimensions and granularity of centralized risk management, and accurately reflect the overall centralized risks of the insurance group. Centralized risk identification should cover all relevant items on the balance sheet and off-balance sheet items with substantial risks such as guarantees, commitments, etc., covering all types of risks, business lines, and entities. Article 13 Insurance group companies establish a mechanism for measuring centralized risks, adopt differentiated measurement methods for various centralized risk characteristics, comprehensively use models or non-model methods, and measure the impact of centralized risks based on financial losses, investment income, operational stability, etc. Article 14 Insurance group companies establish a system of centralized risk indicators, set appropriate centralized risk limits for various types of centralized risks based on their risk preferences, risk conditions, management levels, and capital strengths, clarify the hierarchical limit transmission mechanism, layer control mechanisms, and rules for limit utilization of group member companies, etc. Insurance group member companies should avoid over-reliance on specific assets, counterparties, customers, regions, or markets, fully analyze and assess the potential impact of specific industries that may be affected by macroeconomic policy and economic cycle fluctuations. For situations where centralized risk limits are exceeded due to market price changes, etc., relevant reports or approvals should be requested in accordance with regulations, and an effective mechanism for managing exceedances should be established, risk analysis of exceedances should be strengthened, necessary risk diversification measures should be taken, and timely risk resolution and disposal should be carried out. Article 15 Insurance group companies establish a mechanism for monitoring centralized risks, clarify the responsibilities, reporting paths, and other management norms for monitoring various centralized risks, continuously monitor the implementation of centralized risk limits and centralized risk events, conduct forward-looking analyses of potential impacts, and adjust relevant investments and operational activities in a timely manner. Article 16 Insurance group companies should set warning values for centralized indicators, establish a centralized risk warning mechanism, clarify the responsibilities, triggering standards, investigation and control, reporting paths, and other management norms for various centralized risk warnings. Article 17 Insurance group companies establish mechanisms for centralized risk emergency management and mitigation, clarify the responsibilities, emergency management procedures, risk mitigation tools, and other normative requirements for emergency management of centralized risks. In cases where significant risks of various centralized risks have occurred or are expected to occur, which may have significant impacts on the group's liquidity, solvency, reputation, etc., insurance group companies must formulate emergency management and risk mitigation plans and strictly implement them to effectively control and mitigate risks. Insurance groups should hold sufficient capital and liquidity buffers against centralized risks. Article 18 Insurance group companies establish a mechanism for evaluating centralized risk management, comprehensively use quantitative and qualitative methods, and conduct evaluations of the overall centralized risk situation of the group at least every six months. Risk assessments include the effectiveness of the centralized risk management mechanism, centralized risk conditions, risk management levels, and optimization measures or programs, with assessment results serving as important basis for insurance group operating decisions and continuous improvement of centralized risk management. Article 19 In the process of centralized risk identification, measurement, and evaluation, insurance group companies should fully utilize stress testing tools to conduct stress tests on the impact of centralized risks under different stress scenarios, interactions and mutual impacts between centralized risks and other risks, assess potential adverse effects on the company's operations in extreme situations, and timely optimize centralized risk management mechanisms based on stress test results. Article 20 Insurance group companies incorporate centralized risk management into internal audit supervision, conducting internal audit work on centralized risk management at least once a year, supervising the implementation of centralized risk management systems, evaluating the operation and effectiveness of centralized risk management. Chapter IV Management Information Systems and Reporting Disclosure Article 21 Insurance group companies establish a mechanism for centralized risk data governance, clarifying various centralized risk data statistical calibers, information sources, reporting standards, timeliness norms, organizing and supervising insurance group member companies to implement centralized risk data governance requirements, ensuring the quality of centralized risk data. Article 22 Insurance group companies should establish information systems related to centralized risk management, realize systematic and online management of centralized risk identification, measurement, monitoring, alerting, reporting, etc., and strengthen centralized risk management through information system construction. Article 23 Insurance group companies establish a mechanism for reporting centralized risks, clarifying reporting paths and frequency requirements for centralized risks, reporting the overall centralized risk situation and management situation of the group to the board of directors or the board of directors' risk management committee at least every six months, and timely reporting significant centralized risk events and risk control situations to the board of directors. Article 24 Insurance group companies incorporate centralized risk indicator tables into quarterly report management and submit them to the China Banking and Insurance Regulatory Commission on time. Article 25 Insurance group companies incorporate centralized risk management into the annual consolidated management report. The report includes basic information on the management of centralized risk, implementation of centralized risk limits and management policy procedures, centralized risk situation, etc. Article 26 Insurance group companies establish a mechanism for disclosing centralized risk information, disclosing annual centralized risk management information on the official website before June 15th each year.Information, including but not limited to the organization structure of concentration risk management, management strategies and their implementation, risk situation, and significant concentration risk events.Chapter Five Supplementary Provisions Article 27 This guideline is interpreted by the China Banking and Insurance Regulatory Commission. Article 28 This guideline shall be effective from the date of issuance. This article is excerpted from the official website of the China Banking and Insurance Regulatory Commission. Editor: Liu Jiayin.