Corporate Governance in a Group Context Regional Seminar on Supervision of Insurance Groups Santiago, Chile, 19-21 November 2013 Gunilla Löfvendahl Senior Financial Sector Specialist Restricted ICP 7 Corporate Governance The supervisor requires insurers to establish and implement a corporate governance framework, which provides for sound and prudent management and oversight of the insurer’s business, and adequately recognises and protects the interests of the policyholders. Restricted 2 Why is it important? Exposure to risk Decreases the risk of unexpected losses Create efficiency and value on a micro and macro level Competitive markets Goals and objectives Reputation – legal entity and group Inter-linkages Risk of contagion and damage to others’ reputation Customer claims Confidence in the ability to meet future obligations Compliance Facilitates compliance with detailed and complex requirements Supervisory focus on management and governance aspects promote prevention and early detection of problems Restricted 3 Key notions and functions Responsibility Accountability Separation of duties and checks and balances Compliance with rules and corporate discipline Management of risk Independence Knowledge Transparency Boards of directors Senior management Risk management and CRO Internal audit and control Compliance and actuarial functions Restricted 4 Building-blocks of sound standards and practices Clear lines of Strategic responsibility and objectives and accountability corporate values Quality, awareness, knowledge and independence of board members Quality and duties of senior management Transparent and manageable structures Proper compensation policy Disclosure of information and market discipline Risk management, internal audit and other internal control functions Restricted 5 Clear lines of responsibility and accountability Define authorities and key responsibilities for board of directors and senior management – create an accountability hierarchy for the staff Ultimate responsibility stays with the board Different responsibilities often requires different persons (conflicts of interest and accountability) Good practice to have a separation between the Chair of the Board and CEO How does the accountability hierarchy work for insurers being part of a group? What about the responsibilities of the shareholders and the accountability towards them? Restricted 6 Available accountability models Several models of the accountability hierarchy are available but there are two main key functions Overall strategy and oversight Execution and management One-tier system with board and senior management Two-tier system with Executive and Oversight Board, where the latter consists of independent members (not employees, owners or other stakeholders) Committees of the board with different responsibilities (audit, remuneration, compliance, investment, risk management, etc) Elaborate systems of control can make decision-making more complicated, time consuming and expensive Could also provide a pseudo-comfort about risk – many risks are uncertain and do not fit easily into control frameworks Restricted 7 Strategic objectives and corporate values Well articulated corporate strategy that is implemented Should include risk strategy and appetite in line with the long term interests and viability Corporate climate that prevents corruption and fraud (start from the top) Interests of key stakeholders to be safeguarded System to avoid conflicts of interest Controlled lending and other forms of self-dealing, including related parties and other favoured parties What about lending and other financial support within the group? Restricted 8 Quality, awareness, independence and knowledge of board members Understand oversight role and duty of loyalty (fiduciary duty to policyholders) Provide objective advice and recommend sound practices Independent – what does that mean in reality? Adequate knowledge and experience relevant to (each of) the material financial activities – see also ICP 5 Suitability of Persons Power and structure to question management (information and standing) Conflict between knowledge and independence? Independence of board members in a subsidiary and knowledge of those in the parent company? Restricted 9 Structure and governance of the board Appropriate number and mix of individuals to ensure an overall adequate level of knowledge and skills that is commensurate to nature scale and complexity Avoid conflicts of interest (sufficient number of non-executives) Power and structure to question management (information, size, frequency, standing, evaluation etc) Appropriate internal practices to support the work of the board to promote efficient and independent judgement and decision-making Adequate powers and resources to discharge its duties Robust enough to deal with crisis situations Meet regularly with senior management and internal audit Assess own performance and take corrective actions Restricted 10 How to further improve board practices? Any ideas? Restricted 11 Quality and duties of senior management Carry out day-to-day operations in line with strategies, policies and procedures - necessary knowledge and experience Oversight duties consistent with board policy - exercise control over key employees Involved in key decisions (should be made by more than one person) Not too involved in business-line decisions -policy defining the limits and responsibilities Promote culture of sound risk management, compliance and fair treatment of customers Provide timely and relevant information Board Supervisor Relevant stakeholders Restricted 12 Transparent and manageable structures Board and senior management should know and understand the operational structure of the company/group, including SPVs and other special arrangements Also when operating in other jurisdictions - ensure that risks are assessed and managed appropriately and that local rules are followed Too big to fail? To big to manage? Supervisory tools: impose better structures or add requirements (capital add-ons, living wills/resolution) Restricted 13 Proper compensation policy A system of incentives that rewards excessive risk taking is like paying smart people to do stupid things Active board involvement in the design and operation of the compensation system – arm’s-length negotiations and decisions Create the right incentives and being consistent with Ethical values Long-term objectives and strategy of the company (two-sided and only once the performance has been realised) Prudent risk-taking Appropriate mix of fixed and variable components, also based on non-financial criteria as appropriate Established through an explicit governance process with roles and responsibilities clearly defined Subject to shareholders approval at the annual meeting Also supervisory process? Restricted 14 ICP 8 Risk Management and Internal Control The supervisor requires an insurer to have as part of its overall corporate governance framework, effective systems of risk management and internal controls, including effective functions for risk management, compliance, actuarial matters and internal audit Restricted 15 Risk management Effective risk management is to ensure that risks are understood, managed and communicated Risk should be linked to strategy - board has an oversight role Risk managers should be an essential part in the implementation of the strategy (risk tolerance, appetite etc) Independent risk management function, including CRO or equivalent, with sufficient authority, stature and resources – ideally reporting directly to board Implications for companies belonging to a group? Centralised and decentralised structures – outsourcing and costsharing Consistent or individual risk modelling – large exposures Internal reinsurance and other risk transfers Restricted 16 Internal audit and other internal control systems Assist the board and senior management in the fulfilment of their respective responsibilities - consistent with strategy and risk appetite At a minimum provide assurance over Key business and IT Financial polices and procedures (accounting, financial reporting) Risk management and compliance measures in place Provide expertise, leadership, objectivity and independence (avoid conflicts of interest) Communicate on own initiative with any employee, and have unrestricted access to senior management as well as business and support areas Remuneration: Head of internal audit set by the board Disciplining and dismissal: Head of a control function approved by the board Performance of the control functions assessed by the board External audit to verify internal controls - board to oversee the process for hiring, removing and assessing their performance Use findings timely and effectively and correct problems identified by internal/external auditors Use auditors as independent check of information from management – meet with Chair of Board and Audit Committee without management present Regular meetings between board and external auditors Direct reporting to the board or Audit Committee Restricted 17 Compliance function Assist the insurer in meeting its legal and regulatory obligations and promote and sustain an ethical corporate culture of compliance and integrity Well positioned, resourced and authorised function – led by Chief Compliance Officer or similar Identify and address key legal and regulatory obligations Keep senior management informed on developments Educate staff on compliance issues Pro-active identification of compliance risk (new business etc) Report to the board on performance against compliance standards and goals Ensure that adequate disciplinary actions are taken and relevant authorities are informed Restricted 18 Actuarial function Evaluate and provide advice to the insurer regarding technical provisions, premium and pricing activities, and compliance with related statutory and regulatory requirements Report to the board on circumstances that may have a material effect from an actuarial perspective (adequacy of technical provisions, prospective solvency position etc) Evaluate and provide advice on the distribution of policy dividends or other benefits, underwriting policies, reinsurance arrangements, sufficiency and quality of data, and risk modelling in ORSA/use of internal modelling Appointed actuary providing certified actuarial opinions could be required Should not hold positions within or outside that may create conflicts of interest Resignation or replacement should be notified to the supervisor Restricted 19 Supervisory tools and market discipline Risk- and principles-based supervisory methodology – why? Supervisory assessment of if effective and implemented – company needs to demonstrate the adequacy and effectiveness – what are the supervisory challenges? Initial and on-going assessment of suitability (licensing, reporting and on-site) On-going assessment of boardroom performance: Minutes of board: Information provided and discussed Minutes of board committees, where relevant Quality of audit and control functions – appropriate supervisory skills and resources, including in risk management and actuarial matters Reports of internal auditors to be discussed with audit staff and staff in affected areas Reports of external auditors Information from external auditors to supervisors without prior consent of insurers – possibility to require further auditors or replacement of one chosen by an insurer Follow-up on important changes in companies (eg the CRO is leaving) Effects of group structures and how they are being managed and controlled (management structure could differ from legal entity structure) Where material deficiencies have been found - require effective and timely remedial action by the board Examples of more informal tools that could be useful? Disclosure and market discipline Material risks Governance, including remuneration Risk management and internal control Restricted 20