1. Insurance and reinsurance undertakings shall establish, implement and maintain a risk management system which includes the following:
(a) a clearly defined risk management strategy which is consistent with the undertaking's overall business strategy. The objectives and key principles of the strategy, the approved risk tolerance limits and the assignment of responsibilities across all the activities of the undertaking shall be documented;
(b) a clearly defined procedure on the decision-making process;
(c) written policies which effectively ensure the definition and categorisation of the material risks by type to which the undertaking is exposed, and the approved risk tolerance limits for each type of risk. Such policies shall implement the undertaking's risk strategy, facilitate control mechanisms and take into account the nature, scope and time periods of the business and the associated risks;
(d) reporting procedures and processes which ensure that information on the material risks
…