Suitability of Person and Sound Corporate Governance Practices

Regional Seminar on Capital Adequacy and Risk-based Supervision

for Supervisors in Latin America

Rio de Janeiro, Brazil, 10-11 May 2007

Gunilla Borer

Senior Financial Sector Specialist

2

ICP 7 Suitability of persons

The significant owners, board members, senior management, auditors and actuaries of an insurer are fit and proper to fulfil their roles. This requires that they possess the appropriate integrity, competency, experience and qualifications

3

ICP 9 Corporate Governance

The corporate governance framework should recognise and protect the rights of all interested parties. The supervisory authority should require compliance with all applicable corporate governance standards*

* Applies to all insurers irrespective of organisational form

4

Other relevant Insurance Core Principles

Internal control (10) Risk assessment and management (18) Information disclosure (26)

5

Suitability of key employees

Whose suitability do we want to assess? Why? How can suitability be demonstrated or

documented? Whose task is it to assess the suitability -

ultimate responsibility?

6

Suitability of significant owners

Defined as a person (legal or natural) that directly or indirectly, alone or with an associate, exercises control over the insurer

Significance of control (and change in control) in ICP 8 (common target level is 10%)

Fit and proper relates to the persons and their financial soundness (if legal, also look at the key functionaries)

Responsibility for the fitness and propriety of key functionaries lies with the company itself

7

Suitability (fit and proper)

Knowledge (theory) Professional

experience - not necessarily insurance related (practice)

Holistic approach

Ethics and morals Integrity Individual approach -

a lack cannot be compensated by another person’s qualities

8

Definition of Corporate Governance

The manner in which boards of directors and senior management oversee the business and affairs of insurers. It encompasses the means by which they are held accountable and responsible for their actions. It includes corporate discipline, transparency, independence, accountability, responsibility, fairness and social responsibility. Timely and accurate disclosure on all material matters regarding the insurer, including the financial situation, performance, ownership and governance arrangements, is part of such a framework. Corporate governance also includes compliance with legal and regulatory requirements.

9

Why is corporate governance important?

Financial institutions have a critical role and are exposed to risk– Decreases the risk of unexpected losses (increasing complexity)– Efficiency creates value and core competencies

Competitive environment– Ensure that the goals and objectives are met– Decrease the risk of damage to the insurers’ reputation (and others’)

Clients have claims on the institution for future payment– Create confidence in the ability to meet the obligations

Facilitate compliance with rules, policies and plans – if oversight framework does not work, more detailed requirements will not be effective

Supports supervisory objectives of sound, safe, stable and efficient markets

10

Why do companies fail?*

Poor management– Lack of skills or integrity (non-suitability)– Lack of clear objectives and how to measure the results

Poor risk management– Interactions and correlations of different risks not anticipated or

assessed Complex corporate structures

– Groups (conflicting or irrelevant objectives)– Mergers and acquisitions (poor overview and control)– Outsourced key functions (poor instructions and control)

* London Report

11

Poor corporate governance: cause or symptoms of larger problems

Inadequate or failed internal

processes. people or systems

Inappropriate risk decisions

Financial outcome

Policyholder harm

Incorrect evaluation of financial outcomes

External risks (business related)Internal risks (management

related)

Risk appetite decisions

12

Clear lines of responsibility and accountability

Define the authorities and key responsibilities for board of directors and senior management

Create an accountability hierarchy for the staff* Different responsibilities require different persons being

responsible, otherwise no accountability (conflicts of interest)

Take into consideration that the ultimate responsibility stays with the board

* Several models are available, e.g. two-tier system and committees

13

Separation of duties and checks and balances

Shareholders

Boardof

Directors

Senior Management

Line Managers

Staff

Delegation: Authority and duty (range of actions, limits)

Control: Monitoring, reporting, review and revision

Reporting line

14

Strategic objectives and corporate values

The board should Define a well articulated corporate strategy Create a corporate climate that prevents corruption and

fraud (start from the top - suitability) Safeguard the interests of key stakeholders Create a system to avoid conflict of interests Put systems in place to control lending and other forms of

self-dealing Ban preferential treatment also to related parties and other

favoured parties

15

Quality, awareness and independence of board members Understand oversight role and duty of loyalty Understand the fiduciary duty to policyholders Avoid conflicts of interest Not participate in day-to-day management (sufficient number of

non-executives) Provide objective advice and recommend sound practices based

on experience (suitability) Have power and structure to question management (information,

size, frequency, standing, evaluation etc.) Robust enough to deal with crisis situations – supervisors will

require the board to take remedial action Meet regularly with senior management and internal audit Assess own and others’ performance and take corrective actions

16

Appropriate oversight by senior management

Oversight consistent with board policy Key decisions should never be made by a single

person – however not be too involved in business-line decisions

Exercise control over key employees Have the necessary prerequisite skills

(suitability)

17

Proper use of internal auditors

Recognise the importance of the audit process and communicate it throughout the company

Take measures to enhance their independence Provide access to business and support areas Utilise findings effectively and in a timely manner Have external audit verify internal controls Correct problems identified by auditors Use auditors as independent check of information from management – direct

reporting

18

Controlled risk management (RM)

Find the right balance between the opportunity to take risk and create value for the company and the threat risk poses to the survival of the firm through:

Qualitative RM– Sound valuation and risk measurement– Quantitative risk limit monitoring system– Reliable capital adequacy framework

Risk governance– Clearly defined responsibilities for risk taking and RM– Sound and well documented RM policies and guidelines; and operating,

reporting, limit monitoring and control procedures– Regulatory compliance– Internal and external audit of processes and figures

Transparency– Risk, objectives, issues, performance etc.– Financial and risk disclosure– Company culture demonstrating disciplined and controlled risk taking

19

Special control functions (not exhaustive)

Appointed or responsible actuary Compliance officer

– Proactive (information and education)

– Reactive (complaints)

– Know-Your-Customer procedures Committees, e.g. Audit Committee:

– Review financial reporting and internal control systems

– Independence and financial, accounting or auditing knowledge

Direct access to the Board

20

The role of the compensation policy

Smart people who are doing stupid things are often being paid for it

It is never good to have a system of incentives that you have to resist in order to avoid going in the wrong direction (suitability is not a guarantee)

Short-term incentives can be contrary to long-term interests Should create the right incentives and be consistent with

– Ethical values– Long-term objectives and strategy– Control environment (should only risk be rewarded, not

control?) Should be approved by the board

21

Shareholders’ interests and responsibilities

Corporate governance practices are in general designed to protect shareholders’ interests, i.e. balance potential conflicts of investors (outsiders) and those who control the company (insiders) - Supervisors need to take an interest (capital base is solvency buffer) but should focus on the interests of the policyholders (does not have to be contradictory)

Do shareholders also have responsibilities? Majority shareholders

– Too influential/insufficient independence? Minority shareholders

– Too passive/insufficient focus on accountability?

22

Know-your-structure

Board and senior management should understand the operational structure of the company/group

Also when operating in jurisdictions and through structures that impede transparency (impose better structures?)

Ensure that risks are assessed and managed appropriately

23

Foreign companies’ operations

Subsidiaries of foreign companies are locally incorporated and follow national rules

Branches are not legal entities and need to follow the corporate governance rules of the foreign company

Potential conflict between the need for uniform rules applicable to all operations within a jurisdictions and the need for consistent rules in a company or group

International standards and best practice, as well as some flexibility in the application

24

Supervisory focus

Prevent and identify problems at the earliest possible stage

– Preventive tools

– Off- and on-site supervision Access to information must be unimpaired Look at individual companies and group

structure Take action when necessary (early)

25

Preventive tools

Check fitness and propriety of significant owners and key functionaries

– Initially through licensing

– Continuously through notification of change

– Pose relevant questions and require certified answers (liability promotes true information)

Soundness should be demonstrated by the company at any time (awareness of relevant circumstances)

Require policies and procedures related to good corporate governance and internal control to be in place

26

Market and off-site analysis

Board structure and membership Regulatory filings on board related issues

(suitability etc.) Company documents on financial position

(regulatory and public) Individual and group structure Reactions to public disclosure (news etc.)

27

On-site inspection

Boardroom performance: Minutes of board

– Information provided to the board

– Minutes of board committees, where relevant Quality of audit and control functions: Reports of internal

auditors – to be discussed with audit staff and staff in areas affected

Reports of external auditors Policies and procedures: Assess if effective and

implemented Effects of group structures

28

Enforcement

Enforcement mechanisms promote adherence to rules and principles

Take supervisory action when the requirements are not fulfilled (lack of soundness needs to be demonstrated by the supervisor)

Supervisory action may also be needed in cases of conflicts of interest

Alert board and senior management to problems and take actions as necessary and appropriate

29

The role of market discipline

Market discipline provides an important incentive when it comes to adherence to rules and principles

Market forces can raise the cost or restrict the volume of funding - deters excessive risk taking and inappropriate behaviour (rewards good behaviour and punishes bad behaviour)

Markets are vulnerable to reputational risk - discipline promotes financial stability

Financial markets should be sound, stable and effective

30

ICP 26 Information, disclosure and transparency towards the market

Insurers need to disclose relevant information on a timely basis in order to give stakeholders a clear view of:

– Business activities

– Financial position

– Risks to which they are exposed Quantitative (e.g. audited financial information) and

qualitative information Periodical and ad hoc

31

Information related to suitability and corporate governance

Board and senior management Basic organisational structure Incentive structure Nature and extent of transactions with affiliates and

related parties Major events and decisions (possibilities of altered risks) Significant risk exposures, their effects and how they are

being managed and controlled Off-balance sheet transactions (e.g. guaranties) Compliance

32

Internal transparency

External transparency requires internal transparency Visible operations, activities, risk exposures Clearly defined responsibilities, processes Risk disclosure and dialogue among people,

business/corporate areas, board and senior management Market discipline can promote good corporate governance

structures, risk management practices and internal control

33

Accountability and liability

CEOs and CFOs should be aware of all operational information that is material to the financial results of their companies and should therefore take all the necessary steps in order to get this information

Requiring CEOs and CFOs to certify the information disclosed promotes better internal control and due diligence

Combining this with liability and criminal sanctions could promote enhanced analysis and transparency

34

Conclusions

Sum up by identifying the key words and notions (suggestions by the participants)