Scope of regulation
Risks and internal controls and structures
Agents and brokers


In March 2010 the Bank of Italy issued a consultation document on money laundering and terrorist financing, which was addressed to financial intermediaries and institutions. On February 16 2011 Italy's insurance regulator, ISVAP, published a draft of Regulation 42/2011 to implement Article 7 of the Anti-money Laundering Decree (231/2007). The draft regulation addresses organisational procedures and internal controls to prevent insurance undertakings and intermediaries from being exploited for money laundering and terrorist financing.

The regulation sets forth rules that affect the procedures, organisational structures and functions of insurance undertakings and their intermediaries. They are consistent with the provisions of ISVAP Regulation 20/2008 on internal controls, risk management, compliance and outsourcing.

In addition to Chapter IV, which deals mainly with the cancellation of previous rules, the regulation is divided in three main parts.

Scope of regulation

Chapter I contains general provisions and a description of the regulation's scope of application. The regulation applies to:

  • Italian insurance undertakings;
  • branches of foreign insurance undertakings (including EU insurance undertakings) that are authorised to undertake life insurance business in Italy pursuant to Article 2(1) of the Insurance Code (Legislative Decree 209/2005);
  • insurance intermediaries under Sections 109(2)(a) and b) of the code that undertake life insurance mediation activities (ie, agents and brokers); and
  • insurance intermediaries under Section 116(2) of the code (ie, EU insurance and reinsurance intermediaries), with respect to activities carried out within the Italian territory.

Risks and internal controls and structures

Chapter II represents the core of the regulation. It sets out rules on:

  • internal controls (Section I);
  • the duties of management and supervisory bodies with regard to internal controls and risk management (Section II);
  • organisational structures to prevent money laundering (Section III); and
  • insurance groups (Section IV).

Responsibilities of corporate bodies, management bodies and executives
The regulation provides that corporate bodies must:

  • define internal policies and implement organisational and operational measures with the aim of avoiding involvement in money laundering and terrorist financing; and
  • carry out compliance monitoring, applying the relevant rules and procedures for risk prevention.

Among other things, the management body must:

  • approve internal procedures and any updates thereto;
  • ensure that the flow of internal information between corporate bodies is appropriate and effective; and
  • define the initiatives and procedures whereby it may discharge the duty of notification to the competent authorities and the financial intelligence unit, as required by the anti-money laundering rules.

Among other things, senior executives must:

  • determine the internal procedures required to comply with the rules on prevention of money laundering, in accordance with the strategic plans and the risk management policies approved by the management body;
  • determine the procedures for collecting information on irregularities or omissions detected by the monitoring system;
  • approve training and updating programmes for personnel and other parties with which they work (including intermediaries in their distribution networks) regarding anti-money laundering duties; and
  • if the relevant insurance business is carried out remotely (eg, online), ensure that specific IT procedures are implemented to comply with the anti-money laundering rules, with particular reference to the automatic notification of potentially unlawful transactions.

Among other things, the body in charge of monitoring must ensure that the procedures are implemented to collect, record and store information in the centralised computer archive or other electronic archive.

Creation of anti-money laundering unit
Article 10 of the regulation introduces a significant new provision, requiring that a specific anti-money laundering office or unit be instituted within the monitoring body by an appropriate board resolution. In instituting the unit, regard must be had to the independence and professional skill and authority of its members, and conflicts of interest must be avoided.

The regulation provides that the unit must:

  • identify the applicable rules in relation to anti-money laundering and terrorist financing and examine their impact on internal policies and procedures;
  • verify that the company's organisational models are appropriate and recommend organisational and procedural changes required to monitor and prevent risks; and
  • test the application of the procedures in place and the relevant monitoring of anti-money laundering and terrorist financing.

In addition, the regulation requires that the board appoint an individual to take charge of the unit. This individual may not have responsibility for operational functions; nor may he or she be under the authority of an individual with such responsibility.

Based on the size of the company, the responsibility for the anti-money laundering and terrorist financing unit may be outsourced or entrusted to a non-executive director where appropriate.

The legal representative of the insurance undertaking or intermediary (or an attorney-in-fact of such representative) must examine notifications of possible illegal transactions received from employees or the intermediary network.

Insurance undertakings must adopt measures to ensure that their networks comply with the anti-money laundering provisions and are adequately and regularly trained. Therefore, insurance undertakings must verify that such networks have adequate instruments and procedures to guarantee effective compliance with the applicable rules; such procedures must be recorded in the relevant agreements between insurers and their intermediaries.

Agents and brokers

Chapter III provides that agents and brokers must:

  • implement specific procedures to verify compliance by their collaborators, producers and employees with the above rules; and
  • ensure that such parties are properly trained.

Comments on the draft regulation may be submitted to ISVAP until March 31 2011.

For further information on this topic please contact Marco Zechini or David Maria Marino at DLA Piper Italy by telephone (+39 02 80 61 81), fax (+39 02 80 61 82 01) or email ([email protected] or [email protected])