Insurance Licence Authorisation: Part IV - The Application Pack

In Part III of this series we examined the regulatory focus areas that shape how authorisation applications are assessed in Ireland. Those priorities — business model credibility, governance, capital strength, outsourcing control, and operational resilience — ultimately determine whether an application succeeds or fails.

Part IV translates those supervisory expectations into application reality. It sets out the full authorisation pack required by the Central Bank of Ireland, explaining how regulatory priorities are evidenced in practice through documentation, governance structures, financial projections and control frameworks.

Contact Details for the Applicant

Point of Contact

The Applicant should clearly designate an individual who will serve as the primary liaison for all correspondence related to the application process. This contact will be responsible for receiving communications, responding to queries, and coordinating information between the Applicant and the relevant authorities.

Professional Advisors

The Applicant should identify and provide details of any professional advisors who are supporting the application process. This includes, but is not limited to, legal advisors, regulatory consultants, financial advisors, and auditors.

Legal Structure

Place of Business / Infrastructure

The Applicant’s principal place of business and supporting infrastructure should be clearly identified. This includes specifying the physical office location. 

Certificate of Incorporation / Constitution

The Applicant must confirm it will be registered in Ireland and subject to Irish law. The Applicant must outline its full legal structure. A copy of the Certificate of Incorporation, draft copies of the constitutional documents should also be provided.

Other Regulatory Applications / Declinatures

The Applicant must provide full transparency on any recent or ongoing regulatory application, approved or declined, in Ireland and other jurisdictions.

The CBI will liaise with overseas regulators throughout the process.

External Auditor Details

The Applicant will need to appoint a reputable external auditor. The auditor’s details, including firm name, primary contact, position, and contact information should be provided.

Ownership Structure

Ownership Structure & Group Org Chart

Details of the Applicant’s parent company and its background should be included in the business plan. If the parent company is part of a wider group, the Applicant should also submit an organisation chart and provide an overview of the ownership and structure of both the parent and the group as a whole. This overview should include an outline of each entity’s legal structure, a breakdown of each shareholder’s holdings, audited documents, and details regarding the main activities of the group and its principal business areas.

Any potential conflicts of interest between the group and the holders of qualifying holdings in the Applicant must also be clearly outlined in the business plan.

Correspondence with Home Country Supervisor

The Applicant must provide proof that it has consulted with its home supervisory authority (where applicable) regarding its plan to apply to the CBI for authorisation. The business plan must include details of the group’s regulated entities in other jurisdictions.

Group Solvency / Financials

The Applicant will be required to provide clear, transparent and unrestricted access to all financial information of the Group.

Regulatory Business Plan

Classes of Business

The business plan should set out the classes of insurance being applied for, as well as details of the business and products and the target financial objectives of the group and of the Applicant.

Financial Objectives

Information should be provided regarding the following:

• the nature of the risks the Applicant proposes to cover;

• the guiding principles for reinsurance and retrocession; and

• estimates of the costs associated with establishing administrative services.

Additional information should be supplied for the first three financial years, including forecast balance sheets and estimates for the future Solvency Capital Requirement (‘SCR’), management expenses, as well as projected premiums and claims. Furthermore, the Applicant should articulate its financial objectives, such as the targeted return on equity, to demonstrate the anticipated profitability and capital efficiency of the business. These financial objectives must be aligned with the group’s overall strategy and should underpin the rationale for establishing operations in Ireland, as well as support the sustainability of the Applicant’s business model under both baseline and stress scenarios.

Freedom of Services

The Applicant must set out the countries in which business will be written, whether this will be on a freedom of services or establishment basis, and the rationale for this proposed structure. Separate documentation is required for each country.

Distribution Arrangements

The Applicant should detail the intended distribution channels for its insurance products, specifying whether these will include direct sales, intermediaries, brokers, or digital platforms. The business plan must clearly articulate the rationale behind the selected distribution methods and explain how these channels support the overall strategic objectives. Additionally, an overview of any key partnerships or agreements established to facilitate distribution should be provided. This information will demonstrate the Applicant’s capability to effectively access target markets and achieve the projected financial objectives.

Financial Projections

Under Solvency II, the SCR represents the operational regulatory capital that insurers and reinsurers are required to maintain. The CBI generally expects Irish insurers and reinsurers to hold a buffer above 100% of the SCR, with the specific buffer level determined during the authorisation process. The SCR is calculated using a prescribed formula under Solvency II and is intended to reflect the actual risk profile of the entity.

Funding

In the context of the Applicant’s submission, it is necessary to provide comprehensive details regarding both Basic and Ancillary Own Funds. This should include clear identification of the sources of funding, such as shareholder contributions, retained profits, or external guarantees. Additionally, supporting documentation must be provided, including a profit and loss account, a detailed breakdown of own funds, a list of assets, and projections of future cash flows. This information is essential to demonstrate the sufficiency and sustainability of the Applicant’s capital resources under a range of scenarios.

It is important to note that Basic Own Funds are of significantly higher quality than Ancillary Own Funds. Reliance on Ancillary Own Funds may introduce added complexity into the authorisation process.

Systems of Governance

Details of the proposed organisational structure should be provided in the business plan, including a clear outline of reporting lines. The segregation of responsibilities must be demonstrated, with the identities of executive, non-executive, and independent non-executive directors specified. Additionally, a list of individuals who will perform Pre-Approval Controlled Functions should be included. The Applicant must confirm compliance with the Corporate Governance Code and provide comprehensive details regarding the audit and risk committees, as well as any other relevant committees.

Board of Directors

The Board of Directors section of the business plan should provide a clear outline of the proposed board's composition and structure, including the names and roles of executive, non-executive, and independent non-executive directors. Additionally, the plan should detail the establishment and responsibilities of key committees. The Irish Corporate Governance Code for Insurance Undertakings sets out stringent criteria for board composition and the functioning of supporting committees.

Management Responsibility Maps / Organisation Chart

The business plan will include a detailed organisation chart that clearly illustrates reporting lines and the segregation of key responsibilities throughout NewCo.

In addition to the above, the governance arrangements should reflect the requirements introduced by the Individual Accountability Framework (‘IAF’) and the Senior Executive Accountability Regime (‘SEAR’), both of which place significant emphasis on the clear allocation of responsibilities and accountability among senior management and board members. The business plan should articulate how the Applicant will ensure compliance with these requirements, including the preparation and ongoing maintenance of Management Responsibility Maps and Statements of Responsibilities for all relevant roles.

Furthermore, all individuals performing Pre-Approval Control Functions (‘PCFs’) must satisfy the Fitness & Probity (‘F&P’) standards set out by the CBI. This ensures that they are competent and capable, act with honesty and integrity, and are financially sound.

Oversight of Service Companies

This should involve implementing clear, well-documented procedures for the ongoing monitoring and review of service providers’ performance, ensuring adherence to both regulatory requirements and contractual obligations.

Additionally, the business plan should include a detailed register of all engaged service companies, providing the relevant contact details for each.

Outsourcing Arrangements

The business plan must include the following:

• the activities being outsourced;

• the identity of the service provider; and

• the measures the Applicant has in place with regard to the oversight of the service provider.

Copies of the draft outsourcing agreements and service level agreements should also be included within the business plan.

Conflicts of Interest

Organisations must identify and disclose any potential or actual conflicts arising from relationships with service companies. This involves maintaining a register of interests and ensuring that board members, senior executives, and other relevant personnel declare any personal, financial, or professional connections to service providers. Clear procedures should be established for managing and mitigating conflicts, which may include recusal from related decision-making processes where appropriate.

Risk Management & Internal Control

Risk Appetite Statement

A copy of the Risk Appetite Statement (‘RAS’) should be provided. The RAS must clearly articulate the Applicant’s approach to risk, specifying the types and levels of risk the organisation is prepared to accept in pursuit of its objectives. In accordance with the Corporate Governance Code requirements, the RAS is subject to board approval and should be reviewed regularly.

Own Risk & Solvency Assessment (ORSA)

The Own Risk and Solvency Assessment (‘ORSA’) directly links the Applicant’s financial projections, Risk Appetite Statement, and broader risk management system, ensuring that strategic decisions and capital planning are fully aligned with the entity’s actual risk profile and appetite.

A copy of the proposed ORSA report should be provided, showing (together with written policies) how the Applicant’s risk management system will cover the following:

• underwriting and reserving;

• asset liability management;

• investment;

• liquidity and concentration risk;

• operational risk; and

• reinsurance and other risk mitigation techniques.

The ORSA process is expected to be amongst the most significant time investments required as part of the application process.

Internal Controls Framework

This section requires insurers to deliver a comprehensive overview of their Internal Controls Framework. Insurers must clearly detail the control processes and reporting mechanisms in place to ensure that all material risks—including those associated with underwriting, reserving, asset-liability management, investments, liquidity, operational risk, and reinsurance—are systematically identified, managed, and monitored. Additionally, insurers should specify how responsibility for these controls is distributed throughout the organisation, ensuring clarity in roles.

Climate Risk

Insurers must consider climate-related risks as part of their risk management framework, in line with the CBI’s climate change risk management guidance for insurers.

Reinsurance / Retrocession Arrangements

Applicants are expected to provide a clear outline of their reinsurance policy and strategy within their business plan. This should specify whether reinsurance is being used primarily to mitigate risk, optimise capital, or both. The rationale behind the chosen approach, as well as details on how reinsurance arrangements align with the overall risk management framework and regulatory expectations, should be clearly articulated.

Where a reinsurance arrangement is intra-group, the CBI’s Guidance for Re/Insurers on Intragroup Transactions and Exposures (January 2023) remains applicable.

Anti-Money Laundering

Insurers are required to maintain appropriate policies and procedures to address Anti-Money Laundering (AML) obligations in accordance with relevant regulatory requirements. This includes implementing robust systems for the identification, assessment, and management of money laundering risks associated with their business activities.

Operational Resilience & DORA

Applicants are expected to demonstrate a robust approach to operational resilience, in accordance with the CBI’s Cross-Industry Guidance on Operational Resilience. This involves establishing and maintaining systems and controls that ensure critical business services can continue, recover, and adapt in the face of disruptions, whether technological, cyber-related, or otherwise.

Applicants should clearly document the processes for identifying and mapping critical business functions, assessing potential vulnerabilities, and implementing contingency arrangements. Essential components include regular testing of response and recovery capabilities, the clear allocation of responsibilities, and ongoing staff training.

Furthermore, compliance with the requirements of the Digital Operational Resilience Act (DORA) is mandatory, ensuring the organisation’s ability to withstand, respond to, and recover from operational disruptions.

Part IV Summary

The authorisation application pack is not simply a regulatory submission. It establishes the governance, controls, and operating commitments against which the undertaking will be supervised once approval is granted.

The fifth and final part of the series examines how those commitments are tested in practice, focusing on the role of control functions and ongoing supervision, and why authorisation represents a transition into a long-term regulatory relationship rather than the end of a project.