Embed Size (px)
Citation preview
Achieving governAnce outcomes through risk mAnAgement And process AutomAtion thomson reuters
2 Achieving governAnce outcomes through risk mAnAgement And process AutomAtion September 2012
contentsintroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0
Building A frAmework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
the chAnging investor relAtionship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
A unified ApproAch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
for many insurance companies, the concept of governance has long focused on controlling costs, minimizing the risk of sudden or unexpected financial shocks and avoiding regulatory costs . in recent years, this task has become more complicated due to a rapidly shifting political and regulatory environment both domestically and overseas . this new environment is compounded by an increasingly informed and empowered activist shareholder community that has changed its expectations in terms of oversight, strategy and leadership – all of which has changed the way companies approach governance oversight .
the result has been a shift toward greater transparency and a desire to boost efficiencies through process automization and centralized risk management . nowhere is this truer than in the insurance industry, where an integrated and strategic approach to governance, risk and compliance issues is rapidly becoming the norm .
most current governance practices are derived from the global financial crisis and the resulting regulatory changes that took place in the us and globally . while it is true that, thanks in large part to strict solvency standards, the insurance sector weathered the financial crisis better than the banking and securities industries, significant reputational damage was done .
there is also evidence that the sector as a whole – at least in the us – had engaged in excessive risk taking . As shown by a national Association of insurance commissioners (nAic) report the sector as a whole had 22% of its bond portfolios in mortgage-backed securities (or 16% of total invested assets), a statistic that led to significant loss of value in the years following 2008 .
this is important because it is in the field of risk assessment that governance practices for insurance firms are changing most . shareholders and regulators alike are pushing for measures that provide greater transparency into day-to-day operations, help to identify potential risk exposures – especially those in overseas jurisdictions – and enable companies to react swiftly and accurately to emerging risks .
this white paper will address some of the changes that have taken place in regulatory regimes across the globe, the impact investors and others are having on governance in the sector and a few steps being taken by companies to respond to the new expectations .
perhaps the biggest challenge insurance companies face in terms of both management and governance is the capability to define a comprehensive map of risk
exposures at the enterprise level . it is here that the board of directors must focus its primary attention in order to support strategic decision-making and discharge its fiduciary responsibilities to shareholders .
creating a clear picture of enterprise-wide risk is made all the more difficult by the growing internationalization of the insurance business . for example, directors of us companies need not just concern themselves with local regulation but also the newly emerging rules being formulated internationally . effective governance will require a working knowledge of these rules, plus an understanding of the consequences for violating them .
the importance of international regulation is born out in comments made by michael mcraith, head of the newly formed federal insurance office, when he addressed the house financial services committee in may 2012 .
he explained: “fio’s immediate predominant focus is on international issues, involving key bilateral relationships and critical international initiatives… given the current fast-paced development of international insurance supervisory standards, and the explosive growth of premium volume in emerging markets, fio’s participation and engagement arrives at an opportune moment for u .s-based insurance consumers and industry .”
this internationalization will have regulatory consequences as various regimes attempt to standardize rules to allow “fairer” competition in the global market the european union (eu) and its related regulatory bodies, for example, are modernizing the region’s insurance regulatory regime through the solvency ii directive, which is due for full implementation in 2014 .
As mcraith explains, “solvency ii requires the ec to determine whether non-eu regulatory systems provide a similar level of solvency protection to policyholders as does solvency ii and, therefore, whether that system is “equivalent .” insurers based in an “equivalent” jurisdiction will be able to access the eu market without additional supervisory expectations, such as additional capital requirements .” discussions to determine equivalency of us and european jurisdictions are scheduled to be completed by december 2012 .
solvency ii is one of the most import developments for insurance and other financial organizations in europe . Although the rules have not been finalized, it will set tough new capital and risk management requirements . this will require insurers to analyze enterprise wide risks and to make an evaluation of the level of capital required to be held .
4 Achieving governAnce outcomes through risk mAnAgement And process AutomAtion September 2012
the directive is having a major impact: A recent report performed by the economist intelligence unit (eiu) for deloitte found that 65% of companies will implement new risk mitigation strategies and 35% will do so in the next year .
with the capital rules still unclear, it is important for boards to question management about investment strategies, especially as the details about the directive emerge and inevitably change . one of the biggest challenges will be valuation, and at this point, there is widespread uncertainty among company boards and managers about how new capital adequacy ratios will be calculated .
According to the eiu study, 50% are considering a full internal model for doing the calculations, 30% will do a partial internal model and the remainder will use the standard formula . But half of all respondents have since changed their mind . the move is generally away from the standard model to internal models .
the directive presents further challenges beyond determining a calculation model . the own risk and solvency Assessment (orsA) requires management to prove they adequately understand the company’s internal risks as a whole . further, this assessment will be reported to the market . overall, getting a better understanding of enterprise-wide risk should allow for improved risk oversight and strategic decision-making, but there will be significant pain and financial costs involved in ensuring the company has systems in place to fulfill the orsA requirements . it is reminiscent in some ways to the implementation of section 404 of the
sarbanes-oxley Act that us-listed companies went through in the middle of the last decade .
this is all happening in parallel with pending changes to the uk corporate governance code . the frc in the uk is currently considering changes that require public company boards to confirm that they have considered the annual report and accounts, taken as a whole, to be fair and balanced and for audit committees to disclose more information about their activities .
globalization of the insurance markets will likely have impact beyond a mere merging of sector-specific legislation . many foreign markets are becoming more developed and the opportunity for new business development is enormous . many us-based insurers are rushing to take advantage of that growth . But history should offer a warning . emerging markets have proved to be a hotbed of corruption and bribery and many corporations have fallen foul of the foreign corrupt practices Act (fcpA) and the more aggressive uk Bribery Act .
while not traditionally an area of concern for insurance companies, a Boards’ directors must ensure that management have robust systems in place to monitor for violations of international bribery standards . us and foreign regulators are aggressively pursuing violators and fines can run to hundreds of millions of dollars . this overlaps with expanded regulation that has recently been enforced in countries such as china, Brazil and Japan, which restrict activities of foreign insurers and their subsidiaries .
Building a framework
effective governance of this form of risk exposure requires a sound understanding of the company’s footprint, regular updates on insurance and general corporate securities law in countries of operation and a method for centralizing that information to ensure no gaps are present .
it is a daunting task, but perhaps directors at us firms can take inspiration from a recently released framework from the corporate governance working group of the nAic . the nAic highlights seven broad principles of governance and should serve as guidance to directors when addressing governance challenges . each of the principles could also be considered by directors as the basis for questioning the management team to ensure all appropriate steps are being taken to manage and mitigate risk . some of the principles appear obvious, but since these elements are being used to assess the overall standing of the company it is worth addressing each individually .
1. regulatory reporting, disclosure and Transparency
insurers are required to file standardized annual and quarterly financial reports that are used to assess the insurer’s risk and financial condition .
directors should ask: what are the significant risks for the company? how are they being explained? does the report contain both qualitative and quantitative information? do the disclosures serve the intended audience – regulator, shareholder, and media?
2. off-site monitoring and analysis
off-site solvency monitoring is used to assess, on an ongoing basis, the financial condition of the insurer, as of the valuation date, and to identify and assess current and prospective risks through risk-focused surveillance .
there is a range of monitoring tools available to regulators, some of which are provided by nAic . is management familiar with those tools and how to use them to make their own assessments?
3. on-site risk-focused examinations
us insurance regulators carry out risk-focused on-site examinations in which the insurer’s corporate governance, management oversight and financial strength are evaluated, including the system of risk identification and mitigation, both on a current and prospective basis .
it should be noted that as part of this examination the background and experience of c-suite executives and the board of directors is assessed with a view to determining their suitability for service . many investors perform a similar analysis when deciding whether to re-elect a director to the board .
4. reserves, Capital adequacy and Solvency
to ensure that legal obligations to policyholders, contract holders and others are met when they come due, insurers are required to maintain reserves, capital and surplus at all times and in such forms so as to provide an adequate margin of safety .
is management aware of the current regulations bearing in mind that the rules will likely be different in each country? what processes are in place to monitor changes to the rules?
5. regulatory Control of Significant, Broad-based risk-related Transactions/activities
the regulatory framework recognizes that certain significant, broad-based transactions/activities affecting policyholders’ interests must receive regulatory approval . these transactions/activities encompass licensing requirements; change of control; the amount of dividends paid; transactions with affiliates; and reinsurance .
6. Preventive and Corrective measures, including enforcement
the regulatory authority takes preventive and corrective measures that are timely, suitable and necessary to reduce the impact of risks identified during on-site and off-site regulatory monitoring . these regulatory actions are enforced as necessary .
7. exiting the market and receivership
the legal and regulatory framework defines a range of options for the orderly exit of insurers from the marketplace . it defines solvency and establishes a receivership scheme to ensure the payment of policyholder obligations of insolvent insurers subject to appropriate restrictions and limitations .
while your company may not be anywhere near the zone of insolvency, it would be considered prudent to have a plan for conducting an orderly exit from the markets and an understanding of the implications .
nAic also explains that: Beyond state-based insurance regulation, there are other corporate governance requirements, standards and practices that are applicable either to all insurers through state corporate laws or to certain insurers (primarily public companies and their subsidiaries) through federal law . in addition, other bodies, such as stock exchanges, have established minimum corporate governance standards that their members must follow .
6 Achieving governAnce outcomes through risk mAnAgement And process AutomAtion September 2012
The Changing inveSTor relaTionShiP
the general governance challenges in the insurance industry are similar in many ways to those of the greater public company community . As with the rest of the market, shareholders are driving the conversation and the relationship is defined by a desire for greater transparency, access to directors, and accountability of both management and the board .
in fact, many experts suggest that regulatory changes increasing the rights of investors are having a more profound impact on the overall standards of governance at public companies than many of the rules specifically targeting companies . one thing is certain; the relationship between investor and issuer has been permanently altered .
newly embolden shareholders are consistently raising questions about executive compensation packages, directors duties and board structure, the importance of risk management, and the impact of regulation .
with this new relationship and increasing activism it is worth examining the impact of investor engagement on publicly-listed insurance companies . in their 2011 study Institutional Ownership Stability and Risk Taking: Evidence from the Life-Health Insurance Industry, cheng, elyasiani and Jia examined the link between risk-taking behavior and the level of institutional investor ownership . looking specifically at life/health insurance firms and property/casualty insurers they determined that institutional ownership reduces overall risk . As reported in the Journal of risk and insurance “institutional investors owned 54 percent of life–health insurers’ stocks and 59 percent of property–casualty insurers’ stocks over the period 1992–2007 . cheng, elyasiani, and Jia show that these blockholders contribute to reduce market risk, as well as the investment and underwriting risk of property–casualty insurance companies .”
there are several possible reasons for why this might be the case . this finding is certainly not indicative of the market at large, but it is fair to conclude that some institutional investors are well informed, highly motivated, and willing to pressure management to address any issues they may have . this could involve ensuring an overall reduction of risk in order to smooth severity of market downturns and to minimize the possibility of the insurer running foul of regulatory requirements . the authors suggest that, “institutional investors are generally more risk averse and thus have additional incentives to play an active monitoring role in overseeing managers’ activities .”
shareholder engagement and its impact on corporate risk taking are also being hotly debated in other jurisdictions . the kay report, which emerged in the uk in July 2012, urges companies that manage other people’s money to hold more focused portfolios and move toward a more long-term focused strategy . it is recommended that shareholders take a more active role in overseeing company and asset manager behavior . in particular the report suggests:
• opening channels of communication for investors to engage with each other and with companies .
• creation of a fiduciary standard in the uk and eu for any company managing people’s money or providing investment advice .
• A review of how investment firms calculate financial risk and process data .
• discontinue the practice of issuing quarterly reports .
• companies should consult with major shareholders over board appointments before they happen .
• company executive pay – and fund manager pay – should be designed to focus on long-term performance, including company shares to be held until after the executive has retired from the business .
•many of these recommendations, and especially the idea of companies no longer focusing on quarterly guidance, are designed to break the cycle of short- termism that many experts feel is driving unsafe risk taking .
with greater shareholder rights being enacted in jurisdictions across the globe, companies need to ensure they are not just complying with the changing rules, but have an overall culture of engagement that goes all the way to the board .
some ways this can be achieved include regularly monitoring institutional views on the company’s strategy and performance . this requires open lines of communication between the board and shareholders, and perhaps even a formalized process . greater engagement means that the company must understand its message and deliver it in a consistent and positive fashion . no conflicting messages should be presented to the market .
interestingly, there is a growing realization that governance is not just a one-way street . companies have to take responsibility for performance and strategy but also investors need to be responsible in their dealings and work with companies to develop long-term structures and financially sustainable growth .
a unified aPProaCh
this overarching focus on risk is, in turn, leading to a discussion of monitoring mechanisms that could curtail excessive risk-taking behavior . given the insurance industry’s long standing reputation for adopting technology, it is reasonable to expect that new tools will be employed to assist in process automation not just in day-to-day operations of the company, but all the way to the management suite and the board . the magnitude of the challenge and the importance of being seen to be moving in the right direction require the identification and implementation of such mechanisms .
Achieving a unified enterprise view of financial processes – and thus risks – remains an elusive goal for many insurance companies in large part because the traditional siloed structure and operational autonomy of business units . complex procedures, inconsistent methodologies and incompatible technology are a common obstacle, therefore companies can benefit from consistent use of practices and tools across the enterprise .
Apart from the challenges it presents in developing a clear understanding of risk, this structure can also make disseminating the governance message more difficult because a segmented approach makes securing buy-in from division managers unlikely .
throughout the industry higher levels of automation have yielded faster processes with fewer errors . By embedding risk assessments into financial processes, most managers are able to achieve greater efficiency and make higher-quality decisions . the same is true for the board of directors, which is tasked with overseeing governance and strategic direction .
despite this, very few insurers have overcome either the cost and difficulty barriers to achieving enterprise risk management and governance capabilities . too often risk portfolios are dealt with independently and few companies can produce accurate, near-real-time information necessary to support decision making and strategic oversight .
the degree of uniformity necessary to ensure like risks from different jurisdictions are being reported, is impossible without a commitment to risk management from top management . risk culture must be instituted throughout every level of the organization, in order to fully understand risk at local and corporate levels .
perhaps the most enduring lesson of the financial crisis is the need for a holistic view of risk, not just for insurance companies but also for all organizations, public and private .
© 2012 thomson reuters grc00044/9-12
thomson reuters governance, risk & compliance (grc) business unit provides comprehensive solutions that connect our customers’ business to the ever-changing regulatory environment . grc serves audit, compliance, finance, legal, and risk professionals in financial services, law firms, insurance, and other industries impacted by regulatory change .
the Accelus suite of products provides powerful tools and information that enable proactive insights, dynamic connections, and informed choices that drive overall business performance . Accelus is the combination of the market-leading solutions provided by the heritage businesses of complinet, integrascreen™, northland solutions, oden®, paisley®, west’s capitol watch®, westlaw® Business, westlaw compliance Advisor® and world-check® .
BoardlinkBoardlink is a secure, web-based board portal, with an optional ipad app . it enables board members to communicate and share documents, create topic-specific workspaces, compile and share board books, and provides single, secure portal for corporate secretaries and board members to access critical and business intelligence and board committee documents .
Boardlink is designed to enable corporate secretaries and board members to manage the quarterly business activities of the board, stay up to date on the latest business news and regulatory changes, manage multiple layers of risk,and optimize governance disclosure initiatives .
ThomSon reuTerS aCCeluS™
for more information, visit accelus.thomsonreuters.com
