German Insurance Supervisory Law

The Essentials in Brief:

1. Policyholder Protection: The core objective of insurance supervisory law is to ensure that insurance undertakings can meet their contractual obligations to customers at all times.
2. European Influence through Solvency II: German law is significantly shaped by the European supervisory regime, Solvency II, which is based on a three-pillar model of capital requirements, governance standards, and reporting obligations.
3. Strict Supervision by BaFin: The Federal Financial Supervisory Authority (BaFin) monitors compliance with the rules and has extensive intervention powers, from ordering additional capital requirements to dismissing members of the management board.
4. Dynamic Challenges: Current topics such as digitalization (DORA), sustainability (ESG), and an increased focus on consumer protection are forcing the industry to continuously adapt its business models and compliance structures.

What is Insurance Supervisory Law?

Insurance supervisory law is a complex and dynamic legal area that provides the framework for the activities of insurance undertakings and pension funds in Germany. At its core, it serves to protect policyholders by ensuring the long-term fulfillability of insurance contracts. German law is significantly shaped by the European supervisory regime Solvency II, which is based on a three-pillar model of quantitative capital requirements, qualitative governance standards, and comprehensive reporting obligations. The Federal Financial Supervisory Authority (BaFin) is the central supervisory authority that monitors compliance with the rules and has extensive intervention powers in case of violations. Current challenges such as digitalization (DORA), sustainability risks (ESG), and an intensified focus on customer value are shaping supervisory practice and require undertakings to continuously adapt their business models and compliance systems.

Foundation: The Three-Pillar Model of Solvency II

The foundation of modern insurance supervision is the European Solvency II regime, implemented by the German Insurance Supervision Act (VAG). It is based on three pillars:

1. Pillar 1 (Quantitative Requirements): Insurers must always have sufficient own funds to cover even extreme loss events. The calculation of this Solvency Capital Requirement (SCR) is a central and highly complex component of supervision.
2. Pillar 2 (Qualitative Requirements): This pillar aims at a proper business organisation. This includes an effective risk management system, an internal control system, and other key functions (e.g., compliance), specified in the "Minimum Requirements for the Business Organisation of Insurance Undertakings" (MaGo).
3. Pillar 3 (Reporting Requirements): Undertakings must report to BaFin comprehensively and regularly. The public "Solvency and Financial Condition Report" (SFCR) is also intended to provide transparency about the insurer's risk situation.

Typical Practical Questions

Supervisory law raises a multitude of questions that are crucial for corporate management:

• Authorization Procedures and Product Development: What are the requirements for market entry, and what demands does the product oversight and governance (POG) framework place on new insurance products?
• Investments and Outsourcing: In which assets may an insurer invest, and under what conditions can essential functions (e.g., IT) be outsourced to external service providers?
• M&A Transactions and Distribution: What special rules apply to the acquisition of insurance undertakings (owner control procedure), and what transparency rules must be observed in sales and distribution?

Pitfalls and Supervisory Risks

The complexity of supervisory law creates various risks that can lead to significant sanctions by BaFin:

• Inadequate Governance: Deficiencies in the business organisation (MaGo) or in risk management are a common reason for complaints and can lead to the dismissal of board members.
• Capital Requirements: An incorrect calculation or a breach of the solvency capital requirements can result in severe measures.
• Digitalization (DORA): The EU's Digital Operational Resilience Act (DORA), applicable since early 2025, places high demands on IT security. Timely implementation is a clear focus of supervision.
• Reporting: Failure to meet the diverse reporting obligations on time or correctly is a common and easily avoidable reason for supervisory action.