1 / 37

General Governance Requirements incl some examples from insurers

General Governance Requirements incl some examples from insurers. Morten Thorbjörnsen, Financial Supervisory Authority of Norway Malta, April 8th 2010. ”The gods strike back” Feb 13th 2010.

orli
Download Presentation

General Governance Requirements incl some examples from insurers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. General Governance Requirements inclsome examples from insurers Morten Thorbjörnsen, Financial Supervisory Authority of Norway Malta, April 8th 2010

  2. ”The gods strike back” Feb 13th 2010 ”The idea that markets can be left to police themselves turned out to be the world’s most expensive mistake, requiring $15 trillion in capital injections and other forms of support. ”….. ……”Another lesson was that managing risk is as much about judgement as about numbers.”

  3. Outline for presentation onGeneral Governance Requirements Brief: The Norwegian FSA – organization, main tasks Governance concepts (corporate.., internal.., general.., …) Board of Directors’ responsibilities – Risk Management General governance as defined in art. 41 of Directive 2009/138/EC Cases – examples of bad governance, from Nordic insurance Norwegian financial supervision / regulation on internal controls & general governance – pre-Basel 2 & pre-Solvency 2 Present status of regulatory framework in Norway – insurance specific and common approaches/tools for banking & insurance Case study– Norwegian insurer: organizational framework for internal governance – present model and planned adaptation to Solvency 2 Bank & insurance : Convergence of supervisory approach to general governance The way ahead – incl. the 3L3 task force on internal governance

  4. Finanstilsynet – the Financial Supervisory Authority of Norway FSA – NO: Integrated supervisory authorithy in Norway since 1986 250 + employees, all in Oslo (Hereof: appr. 50 banking, 38 insurance) Entities under supervision • Banking and finance • Banks (140) • Financial companies (60) • Insurance and pension • Life insurers (12) • Non-life ins.companies & local fire ins.assoc. (78) • Insurance intermediaries (200) • Pension funds (115) • Securities markets • Investment firms (150) • Mgm. companies for sec. funds (26) • Clearing houses (4) • Regulated markets, incl. Stock exchanges (6) • Estate agencies • Debt collection agencies • Auditors • External accountants

  5. FSA, Norway– organization The Board Staff: General Counsel Head of Communications Head of International Relations Special Adviser / Controller Executive SecretaryBoard Secretary Director General Administration Finance and Insurance Supervision Accounting and Auditing Supervision Capital Markets Supervision Staff Staff Personnel and Organisation Financial Reporting Supervision Licensing, Laws and Regulations Securities Institutions Financial Reporting Supervision Financial Reporting Supervision Auditors and External Accountants Strategy and Finance Market Conduct Analysis and Reporting ICT (Internal) IT Supervision Estate Agencies and Brokers, Debt Collection Firms Banking Supervision IT Supervision Records Management and Archives Insurance Supervision Solvency Regulation and Risk Models

  6. Norway participates in several EU-fora, through membership in the EEA – European Economic Area • Observer in CEBS, CEIOPS, CESR and JCFC • Participates in most working groups under the level 3 committees • Participates along with or on behalf of the Ministry of Finance in a number of the committees at level 2 and working groups chaired by the EU Commission: • European Banking Committee, European Insurance and Occupational Pensions Committee, European Securities Committee, European Financial Conglomerates Committee • Expert groups on specific issues

  7. The main objectives of financial supervision are: • Preserve stability in the financial market • To verify compliance with rules and regulations • Ensure adequate solidity /solvency of institutions • Develop regulations and supervisory practices to promote high quality of risk management and control systems • Consumer protection

  8. Various concepts of governance • Corporate governance • Internal governance • General governance

  9. Corporate Governance • Corporate governance (CG): • “ . . . involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. Good corporate governance should provide proper incentives for the board and management to pursue objectives that are in the interests of the company and shareholders and should facilitate effective monitoring, thereby encouraging firms to use resources more efficiently” (OECD Principles of Corporate Governance 1999) • A supervisor’s view - different aspects of Corporate governance: • Owners’ perspective – the objective of having efficient capital markets • Solvency perspective – the objective of financial institutions having a conduct and solvency to secure their continous access to capital markets • Governance and control – the objective of institutions having a risk management and internal control system which can secure effective and efficient operations

  10. Internal Governance • The Committee of European Banking Supervisors – CEBS has set out it’s guidelines for internal governance: • Guidelines on the Application of the Supervisory Review Process under Pillar 2 • With particular emphasis on • risk control • compliance • internal audit

  11. General Governance Requirements – as defined in art. 41 of Directive 2009/138/EC • Member States shall require all insurance and reinsurance undertakings to have in place an effective system of governance…….. • …adequate transparent organisational structure with…. • clear allocation and appropriate segregation of responsibilities… • effective system for ensuring the transmission of information. The system of governance shall be subject to regular internal review. • The system of governance shall be proportionate to the nature, scale and complexity… • …written policies in relation to at least risk management, internal control, internal audit and…outsourcing. • …written policies shall be reviewed at least annually. • …contingency plans. • The supervisory authorities shall have appropriate means, methods and powers for verifying the system of governance of the insurance and reinsurance undertakings and for evaluating emerging risks identified by those undertakings which may affect their financial soundness. CEIOPS’ Advice for Level 2 Implementing Measures on Solvency II . System of Governance (.. CP 33)

  12. General Governance Requirements (cont.) • Article 44(1) of the Level 1 text states: • Insurance and reinsurance undertakings shall have in place an effective risk-management system comprising strategies, processes and reporting procedures necessary to identify, measure, monitor, manage and report…. the risks…. to which they are or could be exposed. • Article 46(1) requires undertakings to have in place a compliance function as part of the internal control system. It should identify, assess, monitor and report the compliance risk exposure of the undertaking. • Article 47 of the Level 1 text states: • - Insurance and reinsurance undertakings shall provide for an effective internal audit function. • i.e internal audit is a requirement – (so far without any qualifications by proportionality ?)

  13. From CEIOPS advice for …system of governance: • Internal control • CEIOPS refers to the definition of internal control in the COSO framework However, it is stated that this does not imply that CEIOPS advocates the use of the COSO Framework. • The COSO frameworks (COSO 1 and COSO –ERM (“COSO 2”) ) probably are the most internationally accepted and widely used models in this field. • In Norway, our national regulation on internal control and risk management for insurance companies since 1995 have been explicitly based on the COSO-model (http://www.coso.org/IC-IntegratedFramework-summary.htm.) (CEIOPS Oct 2009, former CP 33)

  14. Effective Boards of Directors – good processes • Board composition: the nomination process • Integrity and transparency: the Audit Committee • Related party transactions • Management evaluation and compensation: the Compensation Committee • Risk monitoring and the risk committee • The importance of Independent Directors • Audit, nomination and compensation committees Antonio M. Borges, European Corporate Governance Institute (ECGI)

  15. Corporate governance in financial institutions • Boards • performance of boards (challenge, time commitment, expertise, know your structure, diversity); • risk oversight (Risk Committee); • cooperation with supervisors. • Risk management • improve the standing and the authority of risk management; • improve the flow of information on risk; • risk culture. Source: European Commission , Internal Markets and Services DG

  16. Corporate governance in financial institutions Supervisors: involvement of supervisors with regard to oversight of corporate governance systems; role of the supervisor in the review the functioning of the board; supervisory review of the governance arrangements of risk management; “fit and proper” test. Auditors cooperation with supervisory bodies; compulsory reporting of serious facts by external auditors to both supervisors and the Board; role of auditors in the assurance providing connected to risk related financial information. Source: European Commission , Internal Markets and Services DG

  17. Some Issues from the Walker Review, FSA – UK • Failures in governance seen as a proximate cause of the financial crisis • Focus was largely on effectiveness of Boards of Banks & Other Financial Institutions, and how that could be improved • The review presents 39 recommendations under four main headings: • Role and functioning of the Board • Risk governance • Shareholder engagement • Remuneration • a further look at the first 2…. Chris Hibben, Financial Services Authority, UK

  18. Role and functioning of the Board (the Walker Review, UK) • Role of chairman of the board - greater emphasis on: • priority over all other business commitments • leadership skills in major institutions as key requirement • ability to lead discussion, challenge and decision-taking on matters of risk and strategy • accountability, proposing annual (re)election • Role of Non-executive Directors (NEDs): • greater time commitment, coupled with more training and support • more focus on ability to challenge and test proposals of executive • FSA should use “senior advisers” to help vet prospective NEDs for bank and insurer boards • Formal and rigorous annual evaluation of board performance, with annual statement on results, and periodic external facilitation

  19. Risk governance (the Walker Review, UK) • Largest firms (listed banks and insurers) should establish Board-level risk committee, separate from audit committee • The board risk committee should: • be supported by an independent chief risk officer (CRO), with tenure and remuneration subject to Board approval • seek and take external advice/ input where appropriate • ensure adequate due diligence undertaken for any proposed strategic transactions • Separate risk report should accompany annual report and accounts

  20. Some cases in poor corporate governance – 1. Uni Storebrand, Norway • In a large merger of Uni and Storebrand in 1991, the company was set up with a complex governance structure, • a strong CEO tried to acquire Skandia (SE) through a 28% stake, with short term financing, attempted to form nordic insurance giant with Hafnia (DK) & Pohjola (FIN): • Overlooked/Underestimated limitations on voting rights on shares i Skandia!!! • in-fighting between intended partners, shareholder opposition, etc ….. • Uni Storebrand lost appr EUR 400 million on the intended deal, unable to renew short term financing, • August 1992 taken under public administration, reestablished, sold off general insurance (if…) • Strong CEO, weak board, hesitating supervisors….., • In a few months, the oldest, best known brand name in Norwegian insurance industry as ruined (slowly reestablishing …) Following banking crisis in 1980/90ies and the Uni Storebrand crash the Norwegian FSA was considerably stengthened, new legislation, new regulation on internal control etc

  21. Cases (cont.)2. European Insurance Agency (EIA), Norway In 2005 a small, local insurance agent in Norway sold car and other private insurance to thousands of Norwegian policyholders, - presumably covered at Lloyds, - No such cover existed, all fraud, hidden accounts etc, apparently ”one man show” by CEO and main shareholder, The CEO was convicted of fraud and fined EUR 2,5 mill The Chairman of the board was fined EUR 1,2 mill plus legal expenses, without proof of his actual participation in or personal gain from the fraud, – the highest fine ever for BoD responsibility, - due to his lack of control, few board meetings, no formal minutes of the meetings, lack of written reports etc, -

  22. Governingbodies Independentcontrolbodies Control committee • General assembly*** • Committee ofrepresentatives External auditor Election committee Board of Directors Internal auditor • Audit committee • Compensation committee • Others Managing director

  23. The Board of Directors’ responsibility for risk management and internal control The board of directors shall ensure the institution has appropriate systems for risk management and internal control, including: 1. ensuring a clear division of responsibilities between the board and the day-to-day management 2. ensuring the institution has a clear organisational structure, 3. setting goals and strategies for the institution, and general guidelines for its activities. (stating)..the risk profile the institution .. 4. stipulating principles for the institution's risk management and internal control .. 5. ensuring the risk management and internal control are established pursuant to legislation and regulations,…. decisions, … 6. ensuring the risk management and internal control are implemented and monitored, 7. deciding whether or not the institution should have an internal audit function… 8. evaluating the board of directors own work and competence in relation to the institution's risk management and internal control at least once a year. Norwegian Regulations on Risk Management and Internal Control (2008)

  24. Important, ”emerging” issues in BoD work NPEP-processes: Board’s involvement in risk assessment before launching new products, - i.e. including risks to institution and to customers, - also reputational risk Self assessment of BoD competence and activity, -extra challenge for smaller, local institutions, - coping with quantity of new, complex legislation Remuneration policy & practices

  25. Importance of Board dialogue and involvement in On-site supervison Pre-insp. Analysis 3) FSA undertakes ON-SITE INSPECTION 2) Bank forwards written DOCUMENTATION 2 weeks 4 weeks 1) FSA-letter to notify ON-SITE INSPECTION to bank’s BoD Post-insp. Analysis Risk- analysis 6 weeks 4) FSA gives PRELIMINARY REPORT to bank’s BoD (exempt publ.access) 6)FSA gives FINAL REPORT to bank’s BoD (publ.access) 4 weeks 4 weeks 5) BoD gives written REPLY Final evaluation

  26. Off site supervision – some Pilar 2 experiences from supervision of Norwegian banks ICAAP – the Basel 2 equivalent of ORSA - very useful exercise – for banks and for supervisory authority,- particularly 2. year of ICAAP-submission Full, written response to ICAAP from FSA-NO to all banks, stressing i.a. importance of BoD involvement FSA-NO has developed and published on our web-site risk modules specifying our procedures for evaluating the various risk areas in banking and in insurance (assessing risk exposure and internal control & governance) – developed primarily as our on-site working-tool, but serves as guidelines for industry in developing their control environment

  27. Governance framework - Gjensidige Insurance, Norway Board of directors / Audit Committee Group Management Chief Risk Officer Group Risk Committee ORSA-report Actuary Internal Audit Operational Management Compliance ORSA-process Internal-model 3. line 1. line 2. line Audits framework for risk management and internal control, reports to Board of Directors Executes risk management and internal control Considers, monitors, surveys, - gives advice & quality assurance, quantifies & aggregates risk

  28. ”Three lines of defence” – new tasks & responsibilities [1] First line: Board of directors • Sets risk appetite with clear links to strategy • Approves ORSA, SFCR and RTS Group management • Prepare and present ORSA to BoD • Presents SFCR and RTS for BoD’s approval

  29. ”Three lines of defence” – new tasks & responsibilities [2] Second line: Chief Risk Officer [CRO] – (group level and subisidiaries) • Participates in ORSA,SFCR & RTS process • Checks appropriateness og system for RM & Internal control,- participates in updates and control of internal models Actuary • More formal and more extensive statements on reinsurance and UW • QA of calculations and assumptions in internal models • Assurance of consistency and validity of data for reserve calculations Compliance Officer [CO] • Testing and reporting on compliance risk • Responsibility for CO-tasks in subsidiaries

  30. ”Three lines of defence” – new tasks & responsibilities [3] Third line: Internal Audit [IA] • Checks line 2 fulfilment of tasks and testing of compliance • Audit of ORSA and internal models NB! Solvency 2 will require all insurance companies to have an Internal Audit-function, – under present Norwegian regulation only the larger companies (with total assets > appr EUR 1,2 billion) were required to have IA

  31. Some lessons learnt in the Soc Gen case (Rogue trading)- general governance & internal controls – • Failed segration of duties at all levels of control (front/middle/back) • Lack of IT-related controls (change of passwords) • Weak business routines (minimum 2 weeks consecutive holiday) • Inadequate reporting (counterparty limits, exceptional cases) • Weak escalation processes (lack of consequences, no follow-up of signals) Source: CEBS July 2008: A summary of the results of stock-take of banks’ and supervisors’ reactions to the operational risk loss event at Société Générale

  32. The hazards of inductive knowledgeBertrand Russell, 1872-1970 January 2008 Société Générale trading loss incident Appr. €4.9 billion Disaster ! variable AMA approval time ”Best in the world on risk mng” Risk Magazine

  33. Lessons learnt…. Lessons for supervisors SG had just had their AMA-model approved by supervisors, Awards for best governance….

  34. Main Common & Specific Risk Factors Banking vs. Insurance SPECIFIC RISK FACTORS BANKING SPECIFIC RISK FACTORS INSURANCE Underwriting Risk Credit Risk Reinsurance Risk Market Risk Liquidity Risk Asset / Liab. Matching Risk Reputational Risk Other Insurance Risks (Underprovisioning, Actuarial, etc.) Other Banking Risks Operational Risk (IT, Fraud, HR, External etc) Legal Risk

  35. Several cross sector initiatives to integrate regulations and supervisory practices • Principles for enhancing corporate governance - (Basel committee - BCBS 168) • P.2: … a number of corporate governance failures and lapses, many of which came to light during the financial crisis that began in mid-2007. These included, for example, insufficient board oversight of senior management, inadequate risk management and unduly complex or opaque bank organisational structures and activities. • P. 4: Many of the corporate governance shortcomings identified during the financial crisis that began in mid-2007 have been observed not only in the banking sector but also in the insurance sector.

  36. Several cross sector initiatives…. • 3L3 TASK FORCE ON INTERNAL GOVERNANCE (TFIG) Cross-sectoral stock-take and analysis of internal governance requirements - a joint report by CEIOPS, CEBS & CESR – to identify areas where harmonisation might be required, - • Identified areas where some guidance would be beneficial, incl.: • Management of conflicts of interest; • Policies, processes and procedures related to the risks covered by the risk management systems; • How the risk management, compliance and internal audit functions might be “independent” in the light of their different sectoral requirements; • The supervisory review process.

  37. Thank you Morten Thorbjörnsen, FSA - Norway mot@finanstilsynet.no

More Related