Restricted

Corporate Governance in a Group Context

Regional Seminar on Supervision of Insurance Groups

Santiago, Chile, 19-21 November 2013

Gunilla Löfvendahl Senior Financial Sector Specialist

Restricted 2

ICP 7 Corporate Governance

The supervisor requires insurers to establish and implement a corporate governance framework, which provides for sound and prudent management and oversight of the insurer’s business, and adequately recognises and protects the interests of the policyholders.

Restricted 3

Why is it important?

Exposure to risk Decreases the risk of unexpected losses Create efficiency and value on a micro and macro level

Competitive markets Goals and objectives Reputation – legal entity and group

Inter-linkages Risk of contagion and damage to others’ reputation

Customer claims Confidence in the ability to meet future obligations

Compliance Facilitates compliance with detailed and complex requirements

Supervisory focus on management and governance aspects promote prevention and early detection of problems

Restricted 4

Key notions and functions

Responsibility Accountability Separation of duties and checks and balances Compliance with rules and corporate discipline Management of risk Independence Knowledge Transparency

Boards of directors Senior management Risk management and CRO Internal audit and control Compliance and actuarial functions

Restricted 5

Building-blocks of sound standards and practices

Clear lines of responsibility and accountability

Strategic objectives and corporate values

Quality, awareness, knowledge and independence of board members

Quality and duties of senior management

Transparent and manageable structures

Risk management, internal audit andother internal control functions

Proper compensation policy

Disclosure of information and market discipline

Restricted 6

Clear lines of responsibility and accountability

Define authorities and key responsibilities for board of directors and senior management – create an accountability hierarchy for the staff

Ultimate responsibility stays with the board Different responsibilities often requires different persons

(conflicts of interest and accountability) Good practice to have a separation between the Chair of the

Board and CEO How does the accountability hierarchy work for insurers being

part of a group? What about the responsibilities of the shareholders and the

accountability towards them?

Restricted 7

Available accountability models

Several models of the accountability hierarchy are available but there are two main key functions Overall strategy and oversight Execution and management

One-tier system with board and senior management Two-tier system with Executive and Oversight Board, where

the latter consists of independent members (not employees, owners or other stakeholders)

Committees of the board with different responsibilities (audit, remuneration, compliance, investment, risk management, etc)

Elaborate systems of control can make decision-making more complicated, time consuming and expensive

Could also provide a pseudo-comfort about risk – many risks are uncertain and do not fit easily into control frameworks

Restricted 8

Strategic objectives and corporate values

Well articulated corporate strategy that is implemented Should include risk strategy and appetite in line with

the long term interests and viability Corporate climate that prevents corruption and fraud

(start from the top) Interests of key stakeholders to be safeguarded System to avoid conflicts of interest Controlled lending and other forms of self-dealing,

including related parties and other favoured parties What about lending and other financial support within

the group?

Restricted 9

Quality, awareness, independence and knowledge of board members

Understand oversight role and duty of loyalty (fiduciary duty to policyholders)

Provide objective advice and recommend sound practices Independent – what does that mean in reality? Adequate knowledge and experience relevant to (each of) the

material financial activities – see also ICP 5 Suitability of Persons

Power and structure to question management (information and standing)

Conflict between knowledge and independence? Independence of board members in a subsidiary and

knowledge of those in the parent company?

Restricted 10

Structure and governance of the board

Appropriate number and mix of individuals to ensure an overall adequate level of knowledge and skills that is commensurate to nature scale and complexity

Avoid conflicts of interest (sufficient number of non-executives)

Power and structure to question management (information, size, frequency, standing, evaluation etc)

Appropriate internal practices to support the work of the board to promote efficient and independent judgement and decision-making

Adequate powers and resources to discharge its duties Robust enough to deal with crisis situations Meet regularly with senior management and internal audit Assess own performance and take corrective actions

Restricted 11

How to further improve board practices?

Any ideas?

Restricted 12

Quality and duties of senior management

Carry out day-to-day operations in line with strategies, policies and procedures - necessary knowledge and experience

Oversight duties consistent with board policy - exercise control over key employees

Involved in key decisions (should be made by more than one person)

Not too involved in business-line decisions -policy defining the limits and responsibilities

Promote culture of sound risk management, compliance and fair treatment of customers

Provide timely and relevant information Board Supervisor Relevant stakeholders

Restricted 13

Transparent and manageable structures

Board and senior management should know and understand the operational structure of the company/group, including SPVs and other special arrangements

Also when operating in other jurisdictions - ensure that risks are assessed and managed appropriately and that local rules are followed

Too big to fail? To big to manage? Supervisory tools: impose better structures or add

requirements (capital add-ons, living wills/resolution)

Restricted 14

Proper compensation policy

A system of incentives that rewards excessive risk taking is like paying smart people to do stupid things

Active board involvement in the design and operation of the compensation system – arm’s-length negotiations and decisions

Create the right incentives and being consistent with Ethical values Long-term objectives and strategy of the company (two-sided and

only once the performance has been realised) Prudent risk-taking

Appropriate mix of fixed and variable components, also based on non-financial criteria as appropriate

Established through an explicit governance process with roles and responsibilities clearly defined

Subject to shareholders approval at the annual meeting Also supervisory process?

Restricted 15

ICP 8 Risk Management and Internal Control

The supervisor requires an insurer to have as part of its overall corporate governance framework, effective systems of risk management and internal controls, including effective functions for risk management, compliance, actuarial matters and internal audit

Restricted 16

Risk management

Effective risk management is to ensure that risks are understood, managed and communicated

Risk should be linked to strategy - board has an oversight role Risk managers should be an essential part in the

implementation of the strategy (risk tolerance, appetite etc) Independent risk management function, including CRO or

equivalent, with sufficient authority, stature and resources – ideally reporting directly to board

Implications for companies belonging to a group? Centralised and decentralised structures – outsourcing

and cost-sharing Consistent or individual risk modelling – large exposures Internal reinsurance and other risk transfers

Restricted 17

Internal audit and other internal control systems

Assist the board and senior management in the fulfilment of their respective responsibilities - consistent with strategy and risk appetite

At a minimum provide assurance over Key business and IT Financial polices and procedures (accounting, financial reporting) Risk management and compliance measures in place

Provide expertise, leadership, objectivity and independence (avoid conflicts of interest) Communicate on own initiative with any employee, and have unrestricted access to senior

management as well as business and support areas Remuneration: Head of internal audit set by the board Disciplining and dismissal: Head of a control function approved by the board Performance of the control functions assessed by the board External audit to verify internal controls - board to oversee the process for hiring, removing

and assessing their performance Use findings timely and effectively and correct problems identified by internal/external

auditors Use auditors as independent check of information from management – meet with Chair of

Board and Audit Committee without management present Regular meetings between board and external auditors Direct reporting to the board or Audit Committee

Restricted 18

Compliance function

Assist the insurer in meeting its legal and regulatory obligations and promote and sustain an ethical corporate culture of compliance and integrity

Well positioned, resourced and authorised function – led by Chief Compliance Officer or similar

Identify and address key legal and regulatory obligations Keep senior management informed on developments Educate staff on compliance issues Pro-active identification of compliance risk (new business etc) Report to the board on performance against compliance standards

and goals Ensure that adequate disciplinary actions are taken and relevant

authorities are informed

Restricted 19

Actuarial function

Evaluate and provide advice to the insurer regarding technical provisions, premium and pricing activities, and compliance with related statutory and regulatory requirements

Report to the board on circumstances that may have a material effect from an actuarial perspective (adequacy of technical provisions, prospective solvency position etc)

Evaluate and provide advice on the distribution of policy dividends or other benefits, underwriting policies, reinsurance arrangements, sufficiency and quality of data, and risk modelling in ORSA/use of internal modelling

Appointed actuary providing certified actuarial opinions could be required Should not hold positions within or outside that may create

conflicts of interest Resignation or replacement should be notified to the supervisor

Restricted 20

Supervisory tools and market discipline

Risk- and principles-based supervisory methodology – why? Supervisory assessment of if effective and implemented – company needs to demonstrate

the adequacy and effectiveness – what are the supervisory challenges? Initial and on-going assessment of suitability (licensing, reporting and on-site) On-going assessment of boardroom performance:

Minutes of board: Information provided and discussed Minutes of board committees, where relevant

Quality of audit and control functions – appropriate supervisory skills and resources, including in risk management and actuarial matters

Reports of internal auditors to be discussed with audit staff and staff in affected areas Reports of external auditors

Information from external auditors to supervisors without prior consent of insurers – possibility to require further auditors or replacement of one chosen by an insurer

Follow-up on important changes in companies (eg the CRO is leaving) Effects of group structures and how they are being managed and controlled (management

structure could differ from legal entity structure) Where material deficiencies have been found - require effective and timely remedial action

by the board Examples of more informal tools that could be useful? Disclosure and market discipline

Material risks Governance, including remuneration Risk management and internal control