The CG Model
Effective January 1, 2016, if adopted by the requisite number of states, the CG Model will require every insurer to submit an annual disclosure filing to its respective domestic regulator or, if a member of an insurance group, to the lead state regulator for the insurance group, containing at a minimum the following information:
- Description of corporate governance framework and structure including the Board and various committees that are responsible for overseeing the insurer along with the duties of the Board, its committees and its senior officers;
- Qualification, selection, independence and evaluation of the performance of Board members and how these Board members qualifications satisfy the needs of the insurer;
- Suitability standards for officers and key persons in control functions;
- Performance evaluation and compensation of senior management as it relates to risk management; and
- Procedures to ensure appropriate oversight to the critical risk areas that may impact an insurer’s business.
While a significant amount of this type of information is gathered in triennial examinations, the purpose of the CG Model is to require annual disclosure of these matters so that regulators have a more consistent flow of risk related information. The CG annual disclosure must include the signature of the insurer’s chief executive officer or corporate secretary attesting, to the best of their belief and knowledge, that the insurer has implemented corporate governance practices and that a copy of the disclosure filing has been provided to the Board of Directors. Once the initial disclosure filing is made, insurers must submit amended annual filings indicating any changes that may have occurred.
While the CG Model does permit an insurer or insurance group to satisfy the CG annual disclosure filing requirements through reference to other filed documents such as the Own Risk Assessment and Solvency Report (ORSA Report), and Holding Company Form F (ERM) filings, a significant amount of the information sought by the CG Model is not specifically addressed in the Risk Management and Own Risk and Solvency Assessment Model Act (ORSA Model), NAIC ORSA Guidance Manual (ORSA Manual), or Form F.
Confidentiality of Information in Corporate Governance Annual Filing
The new CG Model provides for the confidential treatment of the CG annual disclosure that contains “confidential and sensitive information relating to a reporting insurer or insurance group’s internal operations and proprietary and trade secret information which, if made public, could potentially cause the insurer or insurance group competitive harm or disadvantage.” Confidentiality was an issue during the deliberations of the NAIC’s Corporate Governance (E) Working Group, which proposed the CG Model. Following numerous objections by certain state regulators, the CG Model exempted the CG annual disclosure from “open records, freedom of information, sunshine or other similar laws, and also exempted it from subpoena and discovery or admission into evidence in a private civil lawsuit.
Sections 5 and 6 of the CG Model specifies that the CG annual disclosure may be shared with state, federal and international regulatory agencies, the NAIC and certain third party consultants, including members of any supervisory college as defined in the NAIC’s Insurance Holding Company Model Act (subject to an appropriate confidentiality and nondisclosure agreement). Section 6 specifies that third party consultants who are given access “must verify to the insurance commissioner, with notice to the insurer, that it is free of a conflict of interest and has internal procedures in place to monitor compliance with a conflict and to comply with the confidentiality standards and requirements of” the GC Model.
Comparison of CG Model to the ORSA Model, ORSA Manual and Holding Company Form F
The new CG Model, the ORSA Model and the Summary Report which it requires, and the Holding Company Form F filing were all developed starting with the NAIC’s Solvency Modernization Initiative, which also includes the ERM requirements. As defined by the Insurance Holding Company System Regulatory Act (Holding Company Model), “enterprise risk” is any activity, circumstance, event or series of events involving one or more affiliates of an insurer that, if not remedied promptly, is likely to have a material adverse effect upon the financial condition or liquidity of the insurer or the insurance holding company system as a whole. The Holding Company Model requires the filing of an enterprise risk report which is completed through Form F. The report, which is to be filed by the ultimate controlling person in the holding company system, is designed to identify the material risks within the holding company system that could pose an enterprise risk to the insurer. While Form F seeks disclosure of information such as, internal audit or other investigatory findings, business plans and strategies, capital resources and rating agency actions, it does not require the insurer to describe the manner in which these risks are identified or managed. In other words, it does not mandate discussion of the insurer’s corporate governance processes and procedures.
The ORSA Model and ORSA Manual provide that insurers must maintain a risk management framework in order to classify enterprise risks and direct insurers to conduct an annual internal ORSA audit. The results of this audit are to be reported through the annual filing of an ORSA Summary Report. The ORSA Summary Report must contain a narrative regarding the insurer’s risk management framework, an assessment of the insurer’s risk exposure and, where the insurer is part of a holding company system, an assessment of the risk capital and solvency outlook for the insurer as part of the holding company system. Certainly, an insurer’s description of this process may very well include a discussion of the board of directors, senior management and the role that each of these parties play in managing risk. However, neither the ORSA Model nor the ORSA Manual specifically require the level of detail or scope of information regarding the board of directors and senior management that will be required if the CG Model goes into effect.
For example, the CG Model mandates that the insurer relate how the qualifications of each member of the Board of Directors meet the needs of the insurer. While the qualifications of board members may be part of an ORSA Summary Report and are provided through biographical affidavits routinely submitted to the regulators, the linkage between these qualifications and the needs of the insurer have not been a required element in previous NAIC Models related to enterprise risk. Additionally, the CG Model seeks information as to whether suitability standards have been developed for senior management in order to ensure that they possess the proper experience to perform the risk control function. Also, the CG Model states that the insurer must provide information as to how reporting responsibilities are handled within departments (i.e., actuarial, investments, market conduct decision-making and the frequency with which these “critical risk” areas of the company are reporting information to the Board or senior management). Even if the insurer’s ORSA Summary Report includes some of this information, it is likely not described within the context sought by the CG Model.
As a result, insurers need to review the CG Model requirements in detail and begin to develop policies and procedures that demonstrate how their boards of directors, senior management and reporting mechanisms relate to their corporate governance structure and the identification and management of risk. In large organizations, the CG Model requirement regarding reporting responsibilities within departments and how often that information is reported to the board or senior management may present a significant challenge. Where certain functions within a particular department are performed in different locations and perhaps pursuant to different standards, there may not be a common understanding of what type of information should be reported to the Board and senior management and with what degree of frequency. Insurers may have to develop enterprise-wide standards as to what categories of information need to be reported to the Board and senior management and through what mechanism in order to ensure consistent review and reporting throughout the organization.
Once an insurer has analyzed the CG Model, it would be beneficial for insurers to evaluate all of the information required by the CG model, the ORSA Model and Form F and develop a corporate governance policy and reporting mechanism that integrates the requirements of each of these models in order to ensure overall compliance and streamline the regulatory filing process.
Impact on Smaller Insurance Companies
Insurer review of the CG Model is even more important for smaller insurance companies since the CG Model does not contain the ORSA exemption based upon premium written. Specifically, the ORSA Model does not apply to individual insurers whose annual direct written and unaffiliated assumed premium is less than $ 500 million or to an insurer that is a member of a holding company system where the group of insurer’s annual direct written and unaffiliated assumed premium is less than $ 1 billion. Insurers that are exempt from ORSA have not had to provide extensive enterprise risk reporting and may not have developed the types of policies and procedures designed to respond to ORSA mandates or to the new CG Model. While these insurers would still be exempt from ORSA, the CG annual disclosure requirements would present a new regulatory challenge for these smaller companies.
There is no doubt that the NAIC will continue to expand the scope of regulatory oversight of insurance companies and the new CG Model is evidence of that. The CG Model contemplates that insurers need not only to develop adequate corporate governance procedures but also to inform the regulator as to how and why the personnel that the insurer selects to perform corporate governance functions are sufficiently equipped to address the needs of the insurer. Insurance companies should evaluate their corporate governance procedures, justifications for their board and senior management selection processes and the coordination of risk identification and reporting between departments within their organization in preparation for the CG Model’s January 1, 2016 effective date. The NAIC’s Corporate Governance (E) Working Group intends to recommend that state adoption of the Corporate Governance Model Law and Regulation be made an NAIC accreditation standard.