Suitability of Person and Sound Corporate Governance Practices Regional Seminar on Capital Adequacy and Risk-based Supervision for Supervisors in Latin America Rio de Janeiro, Brazil, 10-11 May 2007 Gunilla Borer Senior Financial Sector Specialist

ICP 7 Suitability of persons The significant owners, board members, senior management, auditors and actuaries of an insurer are fit and proper to fulfil their roles. This requires that they possess the appropriate integrity, competency, experience and qualifications

ICP 9 Corporate Governance The corporate governance framework should recognise and protect the rights of all interested parties. The supervisory authority should require compliance with all applicable corporate governance standards* * Applies to all insurers irrespective of organisational form

Other relevant Insurance Core Principles Internal control (10) Risk assessment and management (18) Information disclosure (26)

Suitability of key employees Whose suitability do we want to assess? Why? How can suitability be demonstrated or documented? Whose task is it to assess the suitability - ultimate responsibility?

Suitability of significant owners Defined as a person (legal or natural) that directly or indirectly, alone or with an associate, exercises control over the insurer Significance of control (and change in control) in ICP 8 (common target level is 10%) Fit and proper relates to the persons and their financial soundness (if legal, also look at the key functionaries) Responsibility for the fitness and propriety of key functionaries lies with the company itself

Suitability (fit and proper) Knowledge (theory) Professional experience - not necessarily insurance related (practice) Holistic approach Ethics and morals Integrity Individual approach - a lack cannot be compensated by another person’s qualities

Definition of Corporate Governance The manner in which boards of directors and senior management oversee the business and affairs of insurers. It encompasses the means by which they are held accountable and responsible for their actions. It includes corporate discipline, transparency, independence, accountability, responsibility, fairness and social responsibility. Timely and accurate disclosure on all material matters regarding the insurer, including the financial situation, performance, ownership and governance arrangements, is part of such a framework. Corporate governance also includes compliance with legal and regulatory requirements.

Why is corporate governance important? Financial institutions have a critical role and are exposed to risk Decreases the risk of unexpected losses (increasing complexity) Efficiency creates value and core competencies Competitive environment Ensure that the goals and objectives are met Decrease the risk of damage to the insurers’ reputation (and others’) Clients have claims on the institution for future payment Create confidence in the ability to meet the obligations Facilitate compliance with rules, policies and plans – if oversight framework does not work, more detailed requirements will not be effective Supports supervisory objectives of sound, safe, stable and efficient markets

Why do companies fail?* Poor management Lack of skills or integrity (non-suitability) Lack of clear objectives and how to measure the results Poor risk management Interactions and correlations of different risks not anticipated or assessed Complex corporate structures Groups (conflicting or irrelevant objectives) Mergers and acquisitions (poor overview and control) Outsourced key functions (poor instructions and control) * London Report

Poor corporate governance: cause or symptoms of larger problems Internal risks (management related) External risks (business related) Inadequate or failed internal processes. people or systems Inappropriate risk decisions Financial outcome Policyholder harm Incorrect evaluation of financial outcomes Risk appetite decisions

Clear lines of responsibility and accountability Define the authorities and key responsibilities for board of directors and senior management Create an accountability hierarchy for the staff* Different responsibilities require different persons being responsible, otherwise no accountability (conflicts of interest) Take into consideration that the ultimate responsibility stays with the board * Several models are available, e.g. two-tier system and committees

Separation of duties and checks and balances Delegation: Authority and duty (range of actions, limits) Control: Monitoring, reporting, review and revision Reporting line

Strategic objectives and corporate values The board should Define a well articulated corporate strategy Create a corporate climate that prevents corruption and fraud (start from the top - suitability) Safeguard the interests of key stakeholders Create a system to avoid conflict of interests Put systems in place to control lending and other forms of self-dealing Ban preferential treatment also to related parties and other favoured parties

Quality, awareness and independence of board members Understand oversight role and duty of loyalty Understand the fiduciary duty to policyholders Avoid conflicts of interest Not participate in day-to-day management (sufficient number of non-executives) Provide objective advice and recommend sound practices based on experience (suitability) Have power and structure to question management (information, size, frequency, standing, evaluation etc.) Robust enough to deal with crisis situations – supervisors will require the board to take remedial action Meet regularly with senior management and internal audit Assess own and others’ performance and take corrective actions

Appropriate oversight by senior management Oversight consistent with board policy Key decisions should never be made by a single person – however not be too involved in business-line decisions Exercise control over key employees Have the necessary prerequisite skills (suitability)

Proper use of internal auditors Recognise the importance of the audit process and communicate it throughout the company Take measures to enhance their independence Provide access to business and support areas Utilise findings effectively and in a timely manner Have external audit verify internal controls Correct problems identified by auditors Use auditors as independent check of information from management – direct reporting

Controlled risk management (RM) Find the right balance between the opportunity to take risk and create value for the company and the threat risk poses to the survival of the firm through: Qualitative RM Sound valuation and risk measurement Quantitative risk limit monitoring system Reliable capital adequacy framework Risk governance Clearly defined responsibilities for risk taking and RM Sound and well documented RM policies and guidelines; and operating, reporting, limit monitoring and control procedures Regulatory compliance Internal and external audit of processes and figures Transparency Risk, objectives, issues, performance etc. Financial and risk disclosure Company culture demonstrating disciplined and controlled risk taking

Special control functions (not exhaustive) Appointed or responsible actuary Compliance officer Proactive (information and education) Reactive (complaints) Know-Your-Customer procedures Committees, e.g. Audit Committee: Review financial reporting and internal control systems Independence and financial, accounting or auditing knowledge Direct access to the Board

The role of the compensation policy Smart people who are doing stupid things are often being paid for it It is never good to have a system of incentives that you have to resist in order to avoid going in the wrong direction (suitability is not a guarantee) Short-term incentives can be contrary to long-term interests Should create the right incentives and be consistent with Ethical values Long-term objectives and strategy Control environment (should only risk be rewarded, not control?) Should be approved by the board

Shareholders’ interests and responsibilities Corporate governance practices are in general designed to protect shareholders’ interests, i.e. balance potential conflicts of investors (outsiders) and those who control the company (insiders) - Supervisors need to take an interest (capital base is solvency buffer) but should focus on the interests of the policyholders (does not have to be contradictory) Do shareholders also have responsibilities? Majority shareholders Too influential/insufficient independence? Minority shareholders Too passive/insufficient focus on accountability?

Know-your-structure Board and senior management should understand the operational structure of the company/group Also when operating in jurisdictions and through structures that impede transparency (impose better structures?) Ensure that risks are assessed and managed appropriately

Foreign companies’ operations Subsidiaries of foreign companies are locally incorporated and follow national rules Branches are not legal entities and need to follow the corporate governance rules of the foreign company Potential conflict between the need for uniform rules applicable to all operations within a jurisdictions and the need for consistent rules in a company or group International standards and best practice, as well as some flexibility in the application

Supervisory focus Prevent and identify problems at the earliest possible stage Preventive tools Off- and on-site supervision Access to information must be unimpaired Look at individual companies and group structure Take action when necessary (early)

Preventive tools Check fitness and propriety of significant owners and key functionaries Initially through licensing Continuously through notification of change Pose relevant questions and require certified answers (liability promotes true information) Soundness should be demonstrated by the company at any time (awareness of relevant circumstances) Require policies and procedures related to good corporate governance and internal control to be in place

Market and off-site analysis Board structure and membership Regulatory filings on board related issues (suitability etc.) Company documents on financial position (regulatory and public) Individual and group structure Reactions to public disclosure (news etc.)

On-site inspection Boardroom performance: Minutes of board Information provided to the board Minutes of board committees, where relevant Quality of audit and control functions: Reports of internal auditors – to be discussed with audit staff and staff in areas affected Reports of external auditors Policies and procedures: Assess if effective and implemented Effects of group structures

Enforcement Enforcement mechanisms promote adherence to rules and principles Take supervisory action when the requirements are not fulfilled (lack of soundness needs to be demonstrated by the supervisor) Supervisory action may also be needed in cases of conflicts of interest Alert board and senior management to problems and take actions as necessary and appropriate

The role of market discipline Market discipline provides an important incentive when it comes to adherence to rules and principles Market forces can raise the cost or restrict the volume of funding - deters excessive risk taking and inappropriate behaviour (rewards good behaviour and punishes bad behaviour) Markets are vulnerable to reputational risk - discipline promotes financial stability Financial markets should be sound, stable and effective

ICP 26 Information, disclosure and transparency towards the market Insurers need to disclose relevant information on a timely basis in order to give stakeholders a clear view of: Business activities Financial position Risks to which they are exposed Quantitative (e.g. audited financial information) and qualitative information Periodical and ad hoc

Information related to suitability and corporate governance Board and senior management Basic organisational structure Incentive structure Nature and extent of transactions with affiliates and related parties Major events and decisions (possibilities of altered risks) Significant risk exposures, their effects and how they are being managed and controlled Off-balance sheet transactions (e.g. guaranties) Compliance

Internal transparency External transparency requires internal transparency Visible operations, activities, risk exposures Clearly defined responsibilities, processes Risk disclosure and dialogue among people, business/corporate areas, board and senior management Market discipline can promote good corporate governance structures, risk management practices and internal control

Accountability and liability CEOs and CFOs should be aware of all operational information that is material to the financial results of their companies and should therefore take all the necessary steps in order to get this information Requiring CEOs and CFOs to certify the information disclosed promotes better internal control and due diligence Combining this with liability and criminal sanctions could promote enhanced analysis and transparency

Conclusions Sum up by identifying the key words and notions (suggestions by the participants)