CedeOS

Compliance Shield

Reinsurance Compliance Automation — IFRS 17, IRA, NAICOM, SAMA.

Eight regulatory frameworks. IFRS 17 CSM calculations. Audit trails that satisfy external auditors — without rebuilding your reporting process.

The Compliance Condition

You signed the financial statements. The bordereaux was never audited.

Under IFRS 17, the CFO signs financial statements that include reinsurance positions derived directly from bordereaux data. That data was compiled in Excel by three different analysts over two years. Each applied their own interpretation of treaty terms. No system validated the figures at the row level.

The external auditor asks a simple question: “Trace this CSM figure back to the source policy and show me every transformation in between.”

The answer is a tour of shared drives. The file is ‘Q2_recon_v4_FINAL_actual.xlsx.’ There are three other versions in the same folder. Nobody knows which one was used for the submission.

This is not an IT risk. It is a personal liability event for the CFO. Since January 2023, it is also a regulatory requirement to have this trail.

Without CedeOS

Auditor asks for CSM trace

“Show me source policy → CSM figure”

Search begins

Q2_recon_v4_FINAL_actual.xlsx · shared drive · 4 versions in same folder

3 weeks of analyst time

Reconstructing transformations from memory and partial notes

Material finding

Inconsistent treaty application across 3 quarters — IFRS 17 CSM misstated

Prior period restatement

CFO signs restatement. Personal liability event.

3 weeks · restatement · CFO liability

With CedeOS

Auditor asks for CSM trace

“Show me source policy → CSM figure”

One query — 0.3 seconds

Policy → Bordereaux Row → Validation → Correction → CSM entry

Complete chain displayed

5 transformation steps · each with input, output, governing rule, timestamp

Export PDF — same day

Audit-ready package with clause citations and hash-signed trail

No finding

Errors caught at ingestion. CSM was never wrong. Restatement never happens.

1 click · complete chain · no restatement

The Cost

Compliance is not a feature. It is an operating licence condition.

01

IFRS 17 personal liability

The CFO signs statements derived from unvalidated bordereaux. If the CSM is misstated because treaty terms were applied inconsistently, the restatement is personal. Not the system's. Not the analyst's. The signatory's.

IFRS 17 effective Jan 2023 — audit trail requirement is not optional

02

Regulatory filing reformatting

IRA Kenya format ≠ NAICOM format ≠ SAMA format. Your team reformats the same data 4-5 different ways per quarter. Each reformatting introduces transcription risk. Each takes a week.

8 frameworks × 4 quarters = 32 manual reformatting exercises per year

03

Data residency violations

Your reinsurance platform processes data in the EU or US. POPIA requires South African data to stay in South Africa. SAMA requires Saudi data to remain in-kingdom. You may already be non-compliant.

Licensing risk — data residency is a condition of operating authority

Frameworks Covered

Eight frameworks. Automated.

East Africa

IRA Kenya

Treaty reporting. Cession rate validation. Quarterly filing format.

CBK

Banking insurance oversight. Capital adequacy reporting support.

West Africa

NAICOM Nigeria

40% minimum cession. Local currency reporting. Treaty compliance filing.

Southern Africa

FSCA South Africa

Prudential compliance. POPIA data residency. SAM framework alignment.

Gulf & Asia

SAMA Saudi Arabia

Takaful and conventional. In-kingdom processing. Risk-based capital.

SECP Pakistan

Reinsurance treaty filing. Local currency conversion. Quarterly reporting.

DIFC UAE

Dubai financial centre compliance. Cross-border treaty reporting.

International

IFRS 17

CSM/Loss Component native. Full audit trail. Prior period restatement prevention.

POPIA

South African data protection. In-country processing. Consent management.

CedeOS Coverage — Africa · Gulf · United Kingdom
Live Expansion

Nairobi

Kenya

Live

Framework

IRA Kenya

Coverage

IRA quarterly filing

Treaty cession validation

IFRS 17 CSM trace

All markets

8 live markets · 2 expansion · IFRS 17 all markets

Zero cross-border data egress

IFRS 17

CSM traceability is not optional. It is the audit requirement.

CSM Accuracy

Every bordereaux transformation that affects the CSM is validated against treaty terms before it enters the calculation. Incorrect treaty application caught before it becomes a CSM misstatement.

Prior Period Restatement Prevention

When errors are caught at ingestion rather than at audit, there is no prior period adjustment. The figure was never wrong. The restatement never happens.

Complete Audit Trail

Every transformation recorded: input value, output value, governing rule, treaty clause reference, timestamp, operator. Source policy to financial statement in one query.

Data Residency

Your data stays where your risk was written.

Data residency is not optional. CedeOS processes data regionally — not as a configuration option, but as the architecture.

South Africa — POPIA

✓ In-country

Client data processed within South African borders. Cloud region: af-south-1.

Saudi Arabia — SAMA

✓ In-country

Saudi insurance data processed in-country. Cloud region: me-central-1.

Kenya — IRA

✓ Within Africa

Data processed within Africa (af-south-1). No cross-border transfer outside the continent. Compliant with IRA data handling guidelines.

Nigeria — NAICOM

✓ Within Africa

Data processed within Africa (af-south-1). Quarterly filing infrastructure served from African region.

Data Residency Architecture — By Design, Not Configuration

Cede Core

Africa

ZERO EGRESS

Kenya

Uganda

Nigeria

South Africa

Tanzania

Zambia

Ghana

Data never leaves Africa

Gulf & Middle East

ZERO EGRESS

UAE

Saudi Arabia

Qatar

Data never leaves the region

Asia

ZERO EGRESS

Pakistan

Malaysia

Data never leaves the region

8

Regulatory frameworks covered

IRA, NAICOM, FSCA, SAMA, SECP, DIFC, IFRS 17, POPIA

0

Cross-border data egress

Regional processing enforced by architecture

100%

Audit trail coverage

Every transformation logged with field-level reasoning

Jan 2023

IFRS 17 effective date

Audit trail required from first reporting period

Compliance Architecture

What audit-readiness looks like from day one.

CedeOS generates a complete IFRS 17 audit trail as a natural output of the validation process — not as a post-hoc reconstruction. When the external auditor asks to trace a CSM figure to its source policy, the answer is a single query — not a tour of shared drives.

Architecture designed for the specific requirements of IRA Kenya, NAICOM Nigeria, FSCA South Africa, SAMA Saudi Arabia, SECP Pakistan, and DIFC UAE. Pilot validation in progress.

Expanding Coverage

Don’t see your regulatory framework?

We may already be building it. CedeOS is actively expanding framework coverage based on market demand across Africa, the Gulf, and Asia.

If your regulator is not listed above, tell us what you need. Your request helps us prioritize what to build next.

Frameworks in evaluation: Bank Negara Malaysia (BNM) · IRA Uganda · NIC Ghana · CBK banking insurance oversight.

The Path

From compliance assessment to automated filing in four weeks.

01

Day 0

Technical Brief

Architecture, IFRS 17 approach, data residency regions, framework coverage.

02

Week 1

Compliance Assessment

We map your current regulatory obligations and show you what CedeOS automates versus what you currently do manually.

03

Week 2

Live Demo

Your data, your frameworks. See the audit trail, the filing output, and the data residency confirmation.

04

Week 4

First Compliant Submission

Pilot go-live. First quarterly filing generated automatically. Full audit trail for external review.

Get started

The next time an auditor asks, the answer should take one click.