THE UPCOMING CORPORATE GOVERNANCE ANNUAL DISCLOSURE FILING

As reported in the Summer 2015 Edition of the FORC Journal, assuming adoption by the states, a new annual Corporate Governance Annual Disclosure (CGAD) filing would be required by insurers or insurer groups beginning in 2016. In this article I address questions that have been posed by insurers, provide an update on the status of state adoption, and discuss why — and what — insurers should be preparing for now -- even if CGAD has not yet been adopted in their domiciliary state.

The NAIC adopted the CGAD Model Law (Model 305) and Model Regulation (Model 306) (collectively, the CGAD Model) at its Fall 2014 meeting. The NAIC’s plan for implementation was aggressive: that CGAD would be adopted by states during 2015 for a January 1, 2016 effective date so that the first annual CGAD would be filed by June 1, 2016.

• What Is CGAD? CGAD is an annual filing by an insurer or insurer group to provide to insurance regulators detailed narrative and sample documentation on corporate governance structure, policies and practices for the specified purpose of permitting regulators to gain and maintain an understanding of the insurer’s corporate governance framework. The CGAD is intended to supplement corporate governance information that regulators already obtain as part of the risk-focused examination process. Indeed, the CGAD will provide detail behind the required governance and internal control statements that insurers have been making (and certifying to) on the Form B Registration Statement since implementation of recent revisions to insurance holding company act provisions:

  • That the insurer’s board of directors oversees corporate governance and internal controls; and

  • That the insurer’s officers or senior management have approved, implemented and will continue to maintain and monitor corporate governance and internal control procedures.
    
    The annual CGAD must be signed by the CEO or Corporate Secretary of the filing insurer or group and such person must attest that (1) to the best of his/her belief, the insurer or group has implemented the corporate governance practices set forth in the CGAD and (2) a copy of the CGAD has been provided to the Board or the appropriate committee thereof.
    
    In order to avoid redundancy with other regulatory filings, the CGAD need not duplicate, and may cross-reference to, information set forth in other documents filed with regulatory bodies, including the ORSA Summary Report, Insurance Holding Company Form B Registration Statement and Form F Enterprise Risk Report, SEC Proxy Statements, etc., but must attach the referenced documents if not already filed with or available to the state insurance regulator.

   

• Is CGAD Intended to Impose Mandated Governance Standards or Procedures on Insurers? The CGAD Model specifies that it is not intended to be construed to prescribe or impose corporate governance standards and internal procedures beyond that which is already required under state law (and, in accordance with the shift from a “rules based” to a “principles based” regulatory approach, regulators have acknowledged that the CGAD will not be analyzed with a “one size fits all” approach).
  
  However, this same provision in the CGAD Model includes an important caveat, i.e., that the CGAD law shall not be construed to limit a regulator’s authority under a state’s examination authority. This caveat is important for several reasons:
  
  

  • The CGAD Model provides that the regulator may retain, at the insurer’s expense, third-party consultants, including attorneys, actuaries, accountants and other experts that may be necessary to assist in reviewing the CGAD; and,

  • While the only penalty set forth in the CGAD Model is a daily financial penalty for a failure to timely file a CGAD, it is important to note that virtually all states have adopted revisions to their Standards to Define Insurers Deemed to Be in Hazardous Financial Condition regulation to specifically address insurer deficiencies with corporate governance (adoption by states is an accreditation standard). These provisions permit a regulator to issue an order or notice of deficiency to an insurer to correct deficiencies in corporate governance practices and adopt and utilize governance practices acceptable to the regulator if the regulator has reasonable cause to believe that an insurer’s operations are financially hazardous under the standards of the regulation.
    
    Thus, it is advantageous for insurers/insurer groups to assure that the first CGAD filed be as clear, rational, logical and meaningful as possible for each area of inquiry in the CGAD Model.

   

• Are There Any Exemptions to the CGAD Requirement? There are no exemptions to CGAD. The filing requirement applies to all domestic insurers in the state of CGAD adoption — regardless of size, organizational structure or other specific statutory exemption. Thus, insurers that have been exempt from other new filing requirements, like ORSA or the Form F Enterprise Risk Report, are not exempt from CGAD.

• Whose Governance Is Reported On? When an insurer is a standalone entity, the CGAD must report on the insurer’s governance. When an insurer is part of a group of companies (whether or not an insurer group), information provided in the CGAD is to be based on where the governance activities occur for the member insurer(s) in the group (e.g., ultimate controlling parent, intermediate holding company and/or individual insurer) and the insurer/insurer group is encouraged to make disclosures at one of the following levels (and then to disclose in the CGAD the level selected):

  • Where “risk appetite” is determined;
  • Where earnings, capital, liquidity, operations and reputation of the insurer(s) are overseen; or
  • Where legal liability for failure of corporate governance duties would be placed.

• Is There a Required Form/Format? No. CGAD is neither a “check the box” filing nor a response to a survey (like the Pre-Examination Planning Survey), and there is no specified form/format for providing information like that which exists for other filings, such as the Form B Registration Statement and the Form F Enterprise Risk Report. Instead, an insurer/insurer group “has discretion regarding the appropriate format [and is] permitted to customize the CGAD to provide the most relevant information necessary”1 to permit the regulator to gain and maintain an understanding of the governance structure, policies and practices. Thus, the CGAD is intended to be “your story” and with your selected approach to providing the “most relevant” information on the specific areas of disclosure set forth in the CGAD Model (the CGAD Model advises that an insurer/insurer group “shall be as descriptive as possible in completing the CGAD, with inclusion of attachments or example documents that are used in the governance process, since these may provide a means to demonstrate the strengths of their governance framework and practices”).2

• What Must Be Disclosed in the CGAD? The initial CGAD must include detailed narrative on information requested under the four topical areas listed and described below (subsequent CGAD filings are to be merely amended versions of the previous filing indicating where any changes have been made; if there are no changes, the filing must so indicate).
  
  It is important to note that the information disclosed in the CGAD must go beyond what is set forth in governance documents to provide descriptions of actual processes and practices (even if they differ from the provisions in the governance documents) and, in some cases, appropriateness of, rationale for and suitability of those practices. Thus, while information on a number of corporate governance topics is disclosed in the Pre-Examination Planning Survey and assessed as part of the risk-focused examination process,3 the disclosures in the CGAD are expected to be more extensive and beyond what has occurred in the examination process to date — and will be more similar to (and, in some ways, exceed) the corporate governance disclosures of publicly-traded companies in SEC filings.
  
  Information requested under the four topical areas is as follows:

  • Governance Framework & Structure: A description of: (1) the framework and structure of the Board and Board committees, including entity level of reporting; (2) the rationale for the current Board size and structure; (3) the duties of the Board and each committee and how each is governed (e.g., bylaws, charters, informal mandates, etc.); and (4) how the Board’s leadership is structured, including a discussion of the roles of the CEO and Board Chair.

  • Policies & Practices of the Most Senior Governing Entity’s Board & Board Committees: A discussion of: (1) how the qualifications, expertise and experience of each Board member meet the needs of the insurer or insurer group; (2) how an appropriate amount of independence is maintained on the Board and its committees; (3) the number of meetings held by the Board and its committees over the previous year and information on Director attendance; (4) how the insurer or insurer group identifies, nominates and elects members to the Board and its committees (including (a) whether there is a nomination committee in place; (b) whether term limits are placed on Directors; (c) how the election and re-election processes function; and (d) whether a Board diversity policy is in place and, if so, how it functions); and (5) the processes in place for the Board to evaluate its performance and the performance of its committees, as well as any recent measures taken to improve performance (including any training programs)).

  • Policies & Practices for Directing Senior Management: A discussion of: (1) the processes/practices (i.e., suitability standards) for determining whether officers and key persons in control functions have appropriate background, experience and integrity to fulfill their roles (including (a) identification of specific positions for which suitability standards have been developed and a description of the standards employed; and (b) any changes in an officer’s or key person’s suitability as outlined by the standards and procedures to monitor and evaluate such changes); (2) any code of business conduct and ethics for compliance with laws, rules and regulations as well as proactive reporting of any illegal or unethical behavior; (3) the plans for CEO and Senior Management succession; and (4) the processes for performance evaluation, compensation and corrective action to ensure effective senior management throughout the organization (note that this is considered a critical area of reporting in the CGAD and must include sufficient detail to allow the regulator to understand how the organization ensures that compensation programs do not encourage and/or reward excessive risk taking (including discussion of (a) the Board’s role in overseeing management compensation programs; (b) the elements of compensation awarded and how the insurer/group calculates the amount of each element of compensation; (c) how compensation programs are related to both company and individual performance over time; (d) whether compensation programs include risk adjustments and how those adjustments are incorporated into programs for employees at different levels; (e) if there are any clawback provisions to recover payments if the performance measures are restated or adjusted; and (f) other factors relevant to understanding how the insurer/group monitors compensation policies to determine whether its risk management objectives are met by incentivizing its employees).

  • Oversight of Critical Risk Areas: Information provided must describe the processes by which the Board, its committees and Senior Management ensure an appropriate amount of oversight to the critical risk areas impacting the insurers’ business activities, including (1) how oversight and management responsibilities are delegated between the Board, its committees and Senior Management; (2) how the Board is kept informed of the insurers’ strategic plans, the associated risks, and steps that Senior Management is taking to monitor and manage those risks; and (3) how reporting responsibilities are organized for each critical risk area, including frequency at which information on each critical risk area is reported to and reviewed by Senior Management and the Board. Note that the CGAD Model identifies the following critical risk areas: risk management (the ORSA Summary Report can be referenced); the actuarial function; decision-making processes for investment, reinsurance, business strategy/finance and market conduct; compliance; and financial reporting/internal auditing — and, although not referenced in the CGAD Model, with the NAIC’s recent activities on cyber risk, it is likely that regulators will want to see information on the processes for ensuring an appropriate amount of oversight of this emerging critical risk area.

   

• Is the CGAD Confidential? As for Form F Enterprise Risk Reports and ORSA Summary Reports, the CGAD Model includes strong confidentiality provisions that are designed to ensure that the CGAD and any additional information requested by state insurance regulators under the CGAD Model’s provisions are to be used by regulators in their role as regulators/financial examiners of insurers and that confirm that such information is not subject to subpoena or discovery in any private civil action. Under these provisions, specific confidentiality standards, procedures, protocols and prohibitions are set forth for any sharing by the regulator of the CGAD and related information with third-party consultants retained by the regulator as well as with the NAIC and other regulatory bodies.

• Where is the CGAD Filed? The CGAD Model places the filing requirement on all insurers domiciled in the state of adoption. Thus, an insurer that is not part of an insurer group must file the CGAD with its domestic regulator. However, if an insurer is part of an insurer group and the CGAD is completed at the insurer group level, a similar approach is taken as was taken with the Form F Enterprise Risk Report and the ORSA Summary Report: the CGAD is to be filed with the lead state of the group as determined under the NAIC Financial Analysis Handbook (a copy of the CGAD must also be provided to the domestic regulator in each insurer’s state of domicile upon request). However, as has occurred with other filing requirements where the NAIC Model included lead state provisions, individual state variations may occur in the adoption of the CGAD Model. So, it is important to check on the adopted the CGAD Model -- not only in each state of domicile of the insurers in an insurer group, but also the CGAD Model as adopted in states of licensure.

• What Is the Status of State Adoption? While adoption of the CGAD Model is a proposed accreditation standard, to date, only five states have adopted the CGAD Model — either verbatim or with slight modification — for a first filing to be due by June 1, 2016 in each state: California, Indiana, Iowa, Louisiana and Vermont.4 Regulations are in the process of being promulgated in three of these states: Iowa, Louisiana and Vermont.5 One additional state (Rhode Island) has proposed CGAD legislation.6
  
  Thus, despite an aggressive intent by the NAIC for the first CGAD to be filed in 2016, it is more likely that the CGAD Model will become effective in most states during 2016 with a first CGAD filing due in 2017.

• With so Few States Having Adopted CGAD Model for 2016, What if an Insurer is Part of an Insurer Group and the Insurer’s State of Domicile Has Adopted the CGAD Model -- but the Group’s Lead State Has Not? As has occurred with other filing requirements that have the “lead state” approach, an issue arises when an insurer’s state of domicile has adopted the CGAD Model, but the lead state of the insurer group has not. In such circumstance, any CGAD filing made with the lead state will not be protected by the confidentiality provisions of the CGAD Model. Thus, the best approach is to discuss the situation with the domiciliary regulator to determine the regulator’s stance on the CGAD filing and to assure that, if not making the filing with the state of domicile, the regulator will not impose financial penalties.

• What Should Insurers Be Doing Now -- and Why? Despite the adoption of the CGAD Model by only a few states to date, and the likelihood that the CGAD filing will be delayed until 2017 in many states, the time to start preparing for CGAD is now. Why?

  • As discussed above, due to the examination authority (and the right of regulators to retain consultants at the insurer’s expense) under the CGAD Model as well as regulator authority under the Standards to Define Insurers Deemed to Be in Hazardous Financial Condition regulation, it is advantageous for insurers/insurer groups to assure that the first CGAD filed be as clear, rational, logical and meaningful as possible for each area of inquiry.
  • Change takes time — especially in adopting and implementing corporate governance changes — and some areas of inquiry in the CGAD are “backward looking” and reporting on policies and actions that occurred prior to the date of reporting.

   

• What Should Insurers/Insurer Groups Be Doing Now? A first step is to learn about all that must be reported on in the CGAD and to review materials published by the NAIC on what it considers “best practices” in corporate governance (including “implied” best practices in the provisions of the CGAD Model itself as well as discussions in the NAIC’s White Paper on High-Level Corporate Governance Principles for Use in U.S. Insurance Regulation and Proposed Responses to a Comparative Analysis of Existing U.S. Corporate Governance Requirements). Then an insurer/insurer group should evaluate and determine the following:

  • Could you provide now clear, rational, logical and meaningful information and documentation on each of the CGAD inquiries?

  • Is your governance structure appropriate for your needs and objectives?

  • Do your governance documents accurately say what you want them to say?

  • Are your actual practices/policies/procedures in accordance with your governance documents?

  • Are your governance structure, documents, policies and practices effective for your needs?

  • If an insurer/insurer group has not recently analyzed the appropriateness of its corporate governance structure, documents, policies and practices for its operations, the time to do so is now and not when the CGAD filing is imminent.

   

1. Corporate Governance Annual Disclosure Model Regulation § 4(C) (NAIC 2014).

2. Id. at § 5(A) (emphasis added).

3. See NAIC Financial Condition Examiners Handbook, Exhibit M (“Understanding The Corporate Governance Structure”).

4. Respectively, Cal. Ins. Code § 936.1 et seq. (effective August 17, 2015); Ind. Code § 27-1-4.1-1 et seq. (effective July 1, 2015); Iowa Code § 521H.1 et seq. (effective July 1, 2015); La. Rev. Stat. § 22:691.31 et seq. (effective January 1, 2016); 8 V.S.A. § 3316 (effective May 1, 2015).

5. Respectively, 38 Iowa Admin. Bull. 583 (Oct. 14, 2015) (Notice of Intended Action, Iowa Admin. Code r. 191-111.1); 41 La. Reg. 1871 (Sept. 20, 2015) (Notice of Intent, La. Admin. Code §37:XIII.201); Vt. Gov’t Reg. (Notice of Regulatory Activity, Regulation 2015-XX (Sept. 9, 2015).

6. H.B. 5907, 2015 Gen Assem. (R.I. 2015), S.B. 784, 2015 Gen Assem. (R.I. 2015).