1. Insurance and reinsurance undertakings shall establish, implement and maintain a risk management system which includes the following:

(a) a clearly defined risk management strategy which is consistent with the undertaking's overall business strategy. The objectives and key principles of the strategy, the approved risk tolerance limits and the assignment of responsibilities across all the activities of the undertaking shall be documented;

(b) a clearly defined procedure on the decision-making process;

(c) written policies which effectively ensure the definition and categorisation of the material risks by type to which the undertaking is exposed, and the approved risk tolerance limits for each type of risk. Such policies shall implement the undertaking's risk strategy, facilitate control mechanisms and take into account the nature, scope and time periods of the business and the associated risks;

(d) reporting procedures and processes which ensure that information on the material risks faced by the undertaking and the effectiveness of the risk management system are actively monitored and analysed and that appropriate modifications to the system are made where necessary.

2. Insurance and reinsurance undertakings shall ensure that the persons who effectively run the undertaking or have other key functions take into account the information reported as part of the risk management system in their decision making process.