Newsletter


Shutterstock.com_1537288370/Darryl Brooks
9 March 2026Re/insurance

Strengthening insurance governance in 2026: eight questions every Bermuda insurer should be asking

Bermuda’s insurers are operating in an environment where expectations of boards have never been higher. With a front-row view of how these pressures are reshaping governance standards across the market, Bermuda:Re+ILS  asked Jenny Farrer (pictured left), EVP and head of corporate governance and risk management services and Brittany Pitcher (pictured right), client risk management consultant at Artex Capital Solutions, to provide critical insight into what can help boards test the strength, agility and future-readiness of their governance frameworks.

As Bermuda’s insurance sector continues to grow in sophistication and global significance, boards are finding the governance expectations placed on them are evolving just as quickly. Regulators are sharpening their focus; international bodies are setting higher standards and the industry itself is transforming through technology, climate risk and shifting business models. Against this backdrop, directors are being asked to play a more hands-on role in ensuring their organisations are resilient, compliant, and forward-looking.

This year, that context is even more important. Bermuda is preparing for the Caribbean Financial Action Task Force (CFATF) 5th Round Mutual Evaluation, a process that comes with a substantially higher bar than before. The jurisdiction has been a top performer in previous rounds and there is strong motivation to maintain that position. At the same time, expectations in areas ranging from AML/ATF/APF to climate risk, cyber oversight, operational resilience and data protection have all increased. Boards need to be ready.

With that in mind, Artex’s corporate governance and risk management services team has highlighted eight questions directors should be asking themselves and their management teams throughout 2026.

1. Has management reviewed the 2025 National Risk Assessment and explained its implications?

The 2025 National Risk Assessment (NRA), issued late last year, sets out Bermuda’s jurisdiction-wide ML/TF risk picture. For insurers, its findings are particularly meaningful. The NRA classifies long-term (life) insurers, insurance intermediaries and managers as the “Regulated Insurance Sector”, assigning this group a medium-high inherent money laundering risk rating. That rating reflects the nature of long-term products, globalised client bases and the potential for high-value policies to store or move value.

Boards should expect management to have taken a close look at these findings, not simply by reading the report, but formally assessing what parts of it apply to the insurer’s operations. Policies, procedures and AML/ATF controls might need updating as a result. Even insurers sitting outside this regulated category, such as captives, reinsurers, SPIs and general commercial insurers, should keep an eye on developments and themes of ‘best practice’, as Bermuda’s authorities have signalled future consideration of whether these sectors should come under the AML/ATF umbrella.

2. When did the board last thoroughly review its own composition and governance structure?

Good governance starts with the board itself. The Bermuda Monetary Authority (BMA) encourages insurers to carry out full board evaluations at least once every three years, and in practice many insurers revisit these questions more frequently, especially when business models shift. In a landscape where underwriting strategies evolve, reinsurance structures grow more complex and new technologies reshape operations, the board’s skills must keep pace.

This means taking time to consider whether the board still has the right mix of expertise, actuarial knowledge, underwriting experience, cyber and technology understanding and a strong grasp of enterprise risk management (ERM). It also means revisiting director role descriptions, succession planning and conflicts-of-interest disclosures to ensure they still reflect reality.

3. Has climate risk been genuinely embedded into the CISSA and the broader risk management framework?

Climate risk is no longer a disclosure box to tick; it is increasingly intertwined with solvency, strategy and risk appetite. The BMA expects commercial insurers to demonstrate how climate considerations shape underwriting, investment decisions, capital assessments and stress testing. The Commercial Insurer’s Solvency Self-Assessment (CISSA) should reflect this integration clearly.

For directors, this means confirming not only that climate risk appears in the CISSA, but that it is actively informing decision-making. Boards should be discussing the quality of climate-related data, the assumptions behind scenario modelling and whether climate exposures align with business strategy. For property catastrophe reinsurers, this scrutiny becomes even more central due to uncertainty in catastrophe models and climate-driven volatility.

4. Has the insurer examined the robustness of its outsourced providers and third-party arrangements?

Outsourcing is deeply embedded in Bermuda’s insurance sector. Whether through insurance managers, MGAs, catastrophe modelling firms, IT providers, TPAs or other specialist partners. But as outsourcing arrangements become more sophisticated, the BMA’s expectations around oversight continue to expand.

Boards should take a close look at how management oversees these relationships. This includes understanding whether due diligence on providers has been refreshed, whether contracts still protect the insurer’s interests and whether data protection, cybersecurity and operational resilience are being properly addressed. Directors should also feel confident that the insurer has mapped out its critical service dependencies and has clear contingency plans if a major vendor experiences disruption.

5. Has the organisation fully addressed its obligations under Bermuda’s PIPA framework?

The Personal Information Protection Act (PIPA) is another area where expectations are rising. PIPA applies whenever an insurer “uses” personal information in Bermuda, a definition broad enough to include collecting, accessing, storing, sharing or even deleting data. Even if information is stored overseas, accessing it from within Bermuda might trigger obligations.

Boards should ensure they understand whether their organisation falls within scope. Reinsurers that only handle fully anonymised or aggregated data might be exempt, but even one instance of identifiable policyholder data could bring them into scope of PIPA. Where the Act applies, insurers are required to appoint a privacy officer, establish robust privacy policies and ensure data protection is integrated across operations. Directors should confirm that PIPA compliance appears regularly on the board’s agenda and receives the attention it requires.

6. Has the board assessed the insurer’s use of AI and the related risks around data, privacy and governance?

AI is quickly becoming part of the insurance operational fabric. From underwriting and pricing tools to claims triage, capital modelling and even the preparation of board materials. With these opportunities come new responsibilities.

The BMA has already signalled that cyber governance will be a key supervisory priority in 2026, reinforcing the need for boards to understand how AI interacts with data handling, cyber controls, privacy and risk management. Insurers should be developing AI usage policies, monitoring for potential bias and ensuring sensitive commercial or personal data is used appropriately. For boards, this means asking the right questions and ensuring that AI governance frameworks evolve as technology adoption accelerates.

7. Has the business plan been reviewed recently and does it still match today’s market realities?

A well-crafted business plan anchors strategy, risk appetite, staffing needs, reinsurance structures and capital management. But given recent market volatility, shifting interest rates and climate-related uncertainty, updating business plans and ensuring the regulator is kept updated as the business grows is paramount.

Given the current ongoing market volatility, hard/soft insurance cycles, climate trends, geopolitical risks and interest rate changes, the business plan should be reassessed at least annually. Such a review should be undertaken with a view to ensuring it continues to align with emerging risks, strategic growth areas, resource and staffing requirements, risk mitigation tools and the adoption of AI across the business.

8. Has the insurer completed a comprehensive gap analysis against the BMA’s Insurance Code of Conduct in the past two years?

The Insurance Code of Conduct remains one of the BMA’s most important supervisory tools. Insurers are expected to maintain compliance across governance, internal controls, outsourcing oversight, risk and compliance functions and business continuity arrangements. A thorough gap analysis ensures nothing has fallen through the cracks.

This exercise becomes even more important for organisations undergoing growth, expanding into new jurisdictions or integrating new lines of business. Conducting a gap analysis not only prepares an organisation for BMA on-site inspections, it strengthens operational resilience and governance maturity across the board.

Conclusion

For Bermuda insurers, 2026 presents both a challenge and an opportunity. The regulatory environment is demanding greater sophistication, foresight and accountability from boards. Asking and acting on these eight questions helps directors demonstrate strong governance, reinforces organisational resilience and positions insurers to thrive in an increasingly complex and competitive landscape.

The Artex Corporate Governance & Risk Management Services team is available to guide and assist your organisation in navigating evolving governance expectations. Our specialists support insurers across the full spectrum of governance, compliance and risk management needs. From board effectiveness reviews and gap analysis to AML/ATF preparedness, outsourcing oversight, PIPA compliance and governance/risk frameworks. We work closely with boards and senior management to strengthen governance structures, enhance regulatory readiness and build future‑proof risk management capabilities tailored to your business.

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.



Editor's picks

Fidelis Q4 results soar, CoR down 47 points ahead of rebrand
Re/insurance
Fidelis Q4 results soar, CoR down 47 points ahead of rebrand
27 February 2026

Editor's picks

Re/insurance
Fidelis Q4 results soar, CoR down 47 points ahead of rebrand
27 February 2026   Net income rebounds as company prepares strategic name refresh.
Re/insurance
IGI profit slips, combined ratio rises after portfolio reset
26 February 2026
Re/insurance
Hamilton lifts net income 44% on Bermuda casualty and property re growth
26 February 2026
Re/insurance
Willis taps former Guy Carpenter SVP Richard Hornett
26 February 2026
Re/insurance
Ancient Financial to acquire F&G Life Re
24 February 2026
ILS
Casualty, duration and total return fuel ILS’s next phase: Artex
11 February 2026



Related content

Building what’s next at Bermuda’s Risk Summit 2026
Ariel Re reshuffles leadership, names Sarah Morgan head of property
Lancashire growth slows in 2025, flags flat outlook for 2026
QBE launches Bermuda primary insurance, appoints Savory and Jackson
White Mountains invests $125m in Bishop Street Underwriters
Fidelis Insurance completes $163m buyback of remaining CVC stake
Hamilton appoints Marc Roston to board
Fidelis Q4 results soar, CoR down 47 points ahead of rebrand