Transcript Corporate Governance, Internal Control and Compliance

Corporate Governance in a Group Context
Regional Seminar on Supervision of Insurance Groups
Santiago, Chile, 19-21 November 2013
Gunilla Löfvendahl
Senior Financial Sector Specialist
Restricted
ICP 7 Corporate Governance
The supervisor requires insurers to establish and implement a
corporate governance framework, which provides for sound and
prudent management and oversight of the insurer’s business, and
adequately recognises and protects the interests of the
policyholders.
Restricted
2
Why is it important?






Exposure to risk
 Decreases the risk of unexpected losses
 Create efficiency and value on a micro and macro level
Competitive markets
 Goals and objectives
 Reputation – legal entity and group
Inter-linkages
 Risk of contagion and damage to others’ reputation
Customer claims
 Confidence in the ability to meet future obligations
Compliance
 Facilitates compliance with detailed and complex requirements
Supervisory focus on management and governance aspects promote
prevention and early detection of problems
Restricted
3
Key notions and functions








Responsibility
Accountability
Separation of duties and checks and balances
Compliance with rules and corporate discipline
Management of risk
Independence
Knowledge
Transparency





Boards of directors
Senior management
Risk management and CRO
Internal audit and control
Compliance and actuarial functions
Restricted
4
Building-blocks of sound standards and practices
Clear lines of
Strategic
responsibility and objectives and
accountability
corporate values
Quality,
awareness,
knowledge and
independence of
board members
Quality and
duties of senior
management
Transparent and
manageable
structures
Proper
compensation
policy
Disclosure of
information and
market discipline
Risk
management,
internal audit and
other internal
control functions
Restricted
5
Clear lines of responsibility and accountability
 Define authorities and key responsibilities for board of directors and
senior management – create an accountability hierarchy for the staff
 Ultimate responsibility stays with the board
 Different responsibilities often requires different persons (conflicts of
interest and accountability)
 Good practice to have a separation between the Chair of the Board
and CEO
 How does the accountability hierarchy work for insurers being part of a
group?
 What about the responsibilities of the shareholders and the
accountability towards them?
Restricted
6
Available accountability models
 Several models of the accountability hierarchy are available but there





are two main key functions
 Overall strategy and oversight
 Execution and management
One-tier system with board and senior management
Two-tier system with Executive and Oversight Board, where the latter
consists of independent members (not employees, owners or other
stakeholders)
Committees of the board with different responsibilities (audit,
remuneration, compliance, investment, risk management, etc)
Elaborate systems of control can make decision-making more
complicated, time consuming and expensive
Could also provide a pseudo-comfort about risk – many risks are
uncertain and do not fit easily into control frameworks
Restricted
7
Strategic objectives and corporate values
 Well articulated corporate strategy that is implemented
 Should include risk strategy and appetite in line with the long
term interests and viability
 Corporate climate that prevents corruption and fraud (start
from the top)
 Interests of key stakeholders to be safeguarded
 System to avoid conflicts of interest
 Controlled lending and other forms of self-dealing, including
related parties and other favoured parties
 What about lending and other financial support within the
group?
Restricted
8
Quality, awareness, independence
and knowledge of board members
 Understand oversight role and duty of loyalty (fiduciary duty to
policyholders)
 Provide objective advice and recommend sound practices
 Independent – what does that mean in reality?
 Adequate knowledge and experience relevant to (each of) the material
financial activities – see also ICP 5 Suitability of Persons
 Power and structure to question management (information and
standing)
 Conflict between knowledge and independence?
 Independence of board members in a subsidiary and knowledge of
those in the parent company?
Restricted
9
Structure and governance of the board
 Appropriate number and mix of individuals to ensure an overall
adequate level of knowledge and skills that is commensurate to nature
scale and complexity
 Avoid conflicts of interest (sufficient number of non-executives)
 Power and structure to question management (information, size,
frequency, standing, evaluation etc)
 Appropriate internal practices to support the work of the board to
promote efficient and independent judgement and decision-making
 Adequate powers and resources to discharge its duties
 Robust enough to deal with crisis situations
 Meet regularly with senior management and internal audit
 Assess own performance and take corrective actions
Restricted
10
How to further improve board practices?
 Any ideas?
Restricted
11
Quality and duties of senior management
 Carry out day-to-day operations in line with strategies, policies and
procedures - necessary knowledge and experience
 Oversight duties consistent with board policy - exercise control over
key employees
 Involved in key decisions (should be made by more than one person)
 Not too involved in business-line decisions -policy defining the limits
and responsibilities
 Promote culture of sound risk management, compliance and fair
treatment of customers
 Provide timely and relevant information
 Board
 Supervisor
 Relevant stakeholders
Restricted
12
Transparent and manageable structures
 Board and senior management should know and understand
the operational structure of the company/group, including
SPVs and other special arrangements
 Also when operating in other jurisdictions - ensure that risks
are assessed and managed appropriately and that local rules
are followed
 Too big to fail? To big to manage?
 Supervisory tools: impose better structures or add
requirements (capital add-ons, living wills/resolution)
Restricted
13
Proper compensation policy







A system of incentives that rewards excessive risk taking is like paying smart
people to do stupid things
Active board involvement in the design and operation of the compensation
system – arm’s-length negotiations and decisions
Create the right incentives and being consistent with
 Ethical values
 Long-term objectives and strategy of the company (two-sided and only
once the performance has been realised)
 Prudent risk-taking
Appropriate mix of fixed and variable components, also based on non-financial
criteria as appropriate
Established through an explicit governance process with roles and
responsibilities clearly defined
Subject to shareholders approval at the annual meeting
Also supervisory process?
Restricted
14
ICP 8 Risk Management and Internal Control
The supervisor requires an insurer to have as part of its overall
corporate governance framework, effective systems of risk
management and internal controls, including effective functions
for risk management, compliance, actuarial matters and internal
audit
Restricted
15
Risk management
 Effective risk management is to ensure that risks are understood,
managed and communicated
 Risk should be linked to strategy - board has an oversight role
 Risk managers should be an essential part in the implementation of
the strategy (risk tolerance, appetite etc)
 Independent risk management function, including CRO or equivalent,
with sufficient authority, stature and resources – ideally reporting
directly to board
 Implications for companies belonging to a group?
 Centralised and decentralised structures – outsourcing and costsharing
 Consistent or individual risk modelling – large exposures
 Internal reinsurance and other risk transfers
Restricted
16
Internal audit and other internal control systems

Assist the board and senior management in the fulfilment of their respective responsibilities - consistent
with strategy and risk appetite

At a minimum provide assurance over

Key business and IT

Financial polices and procedures (accounting, financial reporting)

Risk management and compliance measures in place

Provide expertise, leadership, objectivity and independence (avoid conflicts of interest)

Communicate on own initiative with any employee, and have unrestricted access to senior management as
well as business and support areas

Remuneration: Head of internal audit set by the board

Disciplining and dismissal: Head of a control function approved by the board

Performance of the control functions assessed by the board

External audit to verify internal controls - board to oversee the process for hiring, removing and assessing
their performance
Use findings timely and effectively and correct problems identified by internal/external auditors
Use auditors as independent check of information from management – meet with Chair of Board and Audit
Committee without management present
Regular meetings between board and external auditors
Direct reporting to the board or Audit Committee




Restricted
17
Compliance function

Assist the insurer in meeting its legal and regulatory obligations and promote
and sustain an ethical corporate culture of compliance and integrity

Well positioned, resourced and authorised function – led by Chief Compliance
Officer or similar


Identify and address key legal and regulatory obligations
Keep senior management informed on developments
Educate staff on compliance issues
Pro-active identification of compliance risk (new business etc)

Report to the board on performance against compliance standards and goals

Ensure that adequate disciplinary actions are taken and relevant authorities are
informed


Restricted
18
Actuarial function

Evaluate and provide advice to the insurer regarding technical provisions,
premium and pricing activities, and compliance with related statutory and
regulatory requirements

Report to the board on circumstances that may have a material effect from an
actuarial perspective (adequacy of technical provisions, prospective solvency
position etc)

Evaluate and provide advice on the distribution of policy dividends or other
benefits, underwriting policies, reinsurance arrangements, sufficiency and
quality of data, and risk modelling in ORSA/use of internal modelling

Appointed actuary providing certified actuarial opinions could be required
 Should not hold positions within or outside that may create conflicts of
interest
 Resignation or replacement should be notified to the supervisor
Restricted
19
Supervisory tools and market discipline











Risk- and principles-based supervisory methodology – why?
Supervisory assessment of if effective and implemented – company needs to demonstrate the adequacy
and effectiveness – what are the supervisory challenges?
Initial and on-going assessment of suitability (licensing, reporting and on-site)
On-going assessment of boardroom performance:
 Minutes of board: Information provided and discussed
 Minutes of board committees, where relevant
Quality of audit and control functions – appropriate supervisory skills and resources, including in risk
management and actuarial matters
 Reports of internal auditors to be discussed with audit staff and staff in affected areas
 Reports of external auditors
Information from external auditors to supervisors without prior consent of insurers – possibility to require
further auditors or replacement of one chosen by an insurer
Follow-up on important changes in companies (eg the CRO is leaving)
Effects of group structures and how they are being managed and controlled (management structure could
differ from legal entity structure)
Where material deficiencies have been found - require effective and timely remedial action by the board
Examples of more informal tools that could be useful?
Disclosure and market discipline
 Material risks
 Governance, including remuneration
 Risk management and internal control
Restricted
20