Compliance Shield
Reinsurance Compliance Automation — IFRS 17, IRA, NAICOM, SAMA.
Eight regulatory frameworks. IFRS 17 CSM calculations. Audit trails that satisfy external auditors — without rebuilding your reporting process.
Auditor: “Trace the CSM figure for policy CA-LIF-00441 back to its source.”CedeOS: one click. Complete chain below.
Source Policy
CA-LIF-00441
Bordereaux Row
USD 563 × 30% = USD 169 ceded
Treaty Validation
FAIL — Article 3: 35% required
Correction Applied
USD 563 × 35% = USD 197 ceded
CSM Entry
CSM +USD 28 · LC USD 0
IFRS 17 CSM adjustment for corrected cession. Loss component: nil. Period Q3 2025.
IFRS 17 · Group: Life Credit · Cohort: 2025
The Compliance Condition
You signed the financial statements. The bordereaux was never audited.
Under IFRS 17, the CFO signs financial statements that include reinsurance positions derived directly from bordereaux data. That data was compiled in Excel by three different analysts over two years. Each applied their own interpretation of treaty terms. No system validated the figures at the row level.
The external auditor asks a simple question: “Trace this CSM figure back to the source policy and show me every transformation in between.”
The answer is a tour of shared drives. The file is ‘Q2_recon_v4_FINAL_actual.xlsx.’ There are three other versions in the same folder. Nobody knows which one was used for the submission.
This is not an IT risk. It is a personal liability event for the CFO. Since January 2023, it is also a regulatory requirement to have this trail.
Without CedeOS
Auditor asks for CSM trace
“Show me source policy → CSM figure”
Search begins
Q2_recon_v4_FINAL_actual.xlsx · shared drive · 4 versions in same folder
3 weeks of analyst time
Reconstructing transformations from memory and partial notes
Material finding
Inconsistent treaty application across 3 quarters — IFRS 17 CSM misstated
Prior period restatement
CFO signs restatement. Personal liability event.
3 weeks · restatement · CFO liability
With CedeOS
Auditor asks for CSM trace
“Show me source policy → CSM figure”
One query — 0.3 seconds
Policy → Bordereaux Row → Validation → Correction → CSM entry
Complete chain displayed
5 transformation steps · each with input, output, governing rule, timestamp
Export PDF — same day
Audit-ready package with clause citations and hash-signed trail
No finding
Errors caught at ingestion. CSM was never wrong. Restatement never happens.
1 click · complete chain · no restatement
The Cost
Compliance is not a feature. It is an operating licence condition.
IFRS 17 personal liability
The CFO signs statements derived from unvalidated bordereaux. If the CSM is misstated because treaty terms were applied inconsistently, the restatement is personal. Not the system's. Not the analyst's. The signatory's.
IFRS 17 effective Jan 2023 — audit trail requirement is not optional
Regulatory filing reformatting
IRA Kenya format ≠ NAICOM format ≠ SAMA format. Your team reformats the same data 4-5 different ways per quarter. Each reformatting introduces transcription risk. Each takes a week.
8 frameworks × 4 quarters = 32 manual reformatting exercises per year
Data residency violations
Your reinsurance platform processes data in the EU or US. POPIA requires South African data to stay in South Africa. SAMA requires Saudi data to remain in-kingdom. You may already be non-compliant.
Licensing risk — data residency is a condition of operating authority
Frameworks Covered
Eight frameworks. Automated.
East Africa
IRA Kenya
Treaty reporting. Cession rate validation. Quarterly filing format.
CBK
Banking insurance oversight. Capital adequacy reporting support.
West Africa
NAICOM Nigeria
40% minimum cession. Local currency reporting. Treaty compliance filing.
Southern Africa
FSCA South Africa
Prudential compliance. POPIA data residency. SAM framework alignment.
Gulf & Asia
SAMA Saudi Arabia
Takaful and conventional. In-kingdom processing. Risk-based capital.
SECP Pakistan
Reinsurance treaty filing. Local currency conversion. Quarterly reporting.
DIFC UAE
Dubai financial centre compliance. Cross-border treaty reporting.
International
IFRS 17
CSM/Loss Component native. Full audit trail. Prior period restatement prevention.
POPIA
South African data protection. In-country processing. Consent management.
Nairobi
Kenya
Framework
IRA Kenya
Coverage
IRA quarterly filing
Treaty cession validation
IFRS 17 CSM trace
All markets
8 live markets · 2 expansion · IFRS 17 all markets
Zero cross-border data egress
IFRS 17
CSM traceability is not optional. It is the audit requirement.
CSM Accuracy
Every bordereaux transformation that affects the CSM is validated against treaty terms before it enters the calculation. Incorrect treaty application caught before it becomes a CSM misstatement.
Prior Period Restatement Prevention
When errors are caught at ingestion rather than at audit, there is no prior period adjustment. The figure was never wrong. The restatement never happens.
Complete Audit Trail
Every transformation recorded: input value, output value, governing rule, treaty clause reference, timestamp, operator. Source policy to financial statement in one query.
Data Residency
Your data stays where your risk was written.
Data residency is not optional. CedeOS processes data regionally — not as a configuration option, but as the architecture.
South Africa — POPIA
✓ In-countryClient data processed within South African borders. Cloud region: af-south-1.
Saudi Arabia — SAMA
✓ In-countrySaudi insurance data processed in-country. Cloud region: me-central-1.
Kenya — IRA
✓ Within AfricaData processed within Africa (af-south-1). No cross-border transfer outside the continent. Compliant with IRA data handling guidelines.
Nigeria — NAICOM
✓ Within AfricaData processed within Africa (af-south-1). Quarterly filing infrastructure served from African region.
Data Residency Architecture — By Design, Not Configuration
Cede Core
Africa
ZERO EGRESSKenya
Uganda
Nigeria
South Africa
Tanzania
Zambia
Ghana
Data never leaves Africa
Gulf & Middle East
ZERO EGRESSUAE
Saudi Arabia
Qatar
Data never leaves the region
Asia
ZERO EGRESSPakistan
Malaysia
Data never leaves the region
Regulatory frameworks covered
IRA, NAICOM, FSCA, SAMA, SECP, DIFC, IFRS 17, POPIA
Cross-border data egress
Regional processing enforced by architecture
Audit trail coverage
Every transformation logged with field-level reasoning
IFRS 17 effective date
Audit trail required from first reporting period
Compliance Architecture
What audit-readiness looks like from day one.
CedeOS generates a complete IFRS 17 audit trail as a natural output of the validation process — not as a post-hoc reconstruction. When the external auditor asks to trace a CSM figure to its source policy, the answer is a single query — not a tour of shared drives.
Architecture designed for the specific requirements of IRA Kenya, NAICOM Nigeria, FSCA South Africa, SAMA Saudi Arabia, SECP Pakistan, and DIFC UAE. Pilot validation in progress.
Expanding Coverage
Don’t see your regulatory framework?
We may already be building it. CedeOS is actively expanding framework coverage based on market demand across Africa, the Gulf, and Asia.
If your regulator is not listed above, tell us what you need. Your request helps us prioritize what to build next.
Frameworks in evaluation: Bank Negara Malaysia (BNM) · IRA Uganda · NIC Ghana · CBK banking insurance oversight.
The Path
From compliance assessment to automated filing in four weeks.
Day 0
Technical Brief
Architecture, IFRS 17 approach, data residency regions, framework coverage.
Week 1
Compliance Assessment
We map your current regulatory obligations and show you what CedeOS automates versus what you currently do manually.
Week 2
Live Demo
Your data, your frameworks. See the audit trail, the filing output, and the data residency confirmation.
Week 4
First Compliant Submission
Pilot go-live. First quarterly filing generated automatically. Full audit trail for external review.
Get started