Canada: Oversight Overhaul

On January 28, 2013, the Office of the Superintendent of Financial Institutions for Canada (OSFI) released the final version of its revised Guideline on Corporate Governance: Sound Business and Financial Practices (the "Revised Guideline"). The Revised Guideline sets out OSFI's expectations for corporate governance of federally regulated financial institutions (FRFIs). It applies to all FRFIs, other than branch operations of foreign banks and foreign insurance companies; however, as OSFI requires the chief agent or principal officer to provide prudential oversight for the branch, OSFI has indicated that the principles espoused by the Revised Guideline are relevant to branches. Brokers should also become aware of and understand the corporate governance and risk management regulations affecting insurers, as brokers (although indirectly) influence the corporate strategy and risk profile of their insurer partners.

The Revised Guideline clarifies the importance of sound corporate governance for FRFIs due to their unique nature and circumstances and the risks underwritten by them relative to other corporations. OSFI recognizes that individual FRFIs will have different corporate governance practices depending on their size, ownership structure, nature, scope and complexity of operations, corporate strategy and risk profile. However, all FRFIs are expected to conduct self-assessments in compliance with the Revised Guideline, establish plans to address any deficiencies, and retain the self-assessments reports so that they may be available to OSFI upon request. OSFI expects that all FRFIs will fully implement the Revised Guideline by January 31, 2014.

OSFI has observed that the quality of an FRFI's corporate governance practices is an important factor in maintaining the confidence of its policyholders as well as overall market confidence. The Revised Guideline focuses on three fundamental components of corporate governance: (1) the Role of the Board of Directors; (2) the Role of the Audit Committee; and (3) Risk Governance.

The Role of the Board

While the board is responsible for providing stewardship, senior management is accountable for implementing the board's strategic decisions and for directing and overseeing the FRFI's operations. The Revised Guideline outlines the essential duties that boards must discharge in addition to the roles and responsibilities outlined in federal legislation. It also expressly differentiates between matters to be approved by the board and matters to be reviewed and discussed by the board, the latter being functions that are the responsibility of senior management. However, the Revised Guideline notes that the board has a critical role in providing high-level guidance to senior management with respect to these matters.

The Revised Guideline sets out a number of recommendations to ensure an effective board, including regularly conducted self-assessments of the effectiveness of board and committee practices (occasionally with the assistance of independent external advisors) and reasonable representation of relevant financial industry and risk management expertise at the board and committee levels. Furthermore, the Revised Guideline provides that demonstrable board independence is the key to effective FRFI governance. Board independence can be achieved by creating a corporate governance structure where the board has the ability to act independently from senior management and separating the role of the chair of the board from the CEO. Beyond the principle of role separation, OSFI does not view any one board structure or process as guaranteeing independence. The Revised Guideline recommends that the board document and approve a director independence policy that takes into consideration the specific shareholder/ownership structure of the institution, and that factors in director tenure where appropriate. FRFIs are expected to establish oversight functions that are independent from operational management. The heads of the oversight functions should have sufficient stature and authority within the organization, be independent from operational management and have unfettered access and a direct reporting line to the board. The board should regularly assess the effectiveness of the oversight functions and processes, and conduct a benchmarking analysis with the assistance of independent external advisors.

Role of the Audit Committee

Each FRFI must establish an audit committee comprised of non-employee directors, a majority of whom are not affiliated with the institution. The Revised Guideline provides that the audit committee should be responsible for at a minimum (1) approving the scope and terms of the audit engagement and the external audit fees, (2) reviewing and approving the internal and external audit plans to ensure that they are appropriate and risk-based and (3) probing, questioning and holding regular in camera meetings with the external auditor, chief internal auditor and appointed actuary to understand all the relevant issues and resolution of them. Moreover, the audit committee will recommend to the shareholders the appointment, reappointment, removal and remuneration of the external auditors and annually report to the board on the effectiveness of the external auditor.

Risk Governance

OSFI views risk governance as a distinct and crucial element of corporate governance. As risk taking is fundamental to an FRFI's business, the board of directors and its senior management must identify, manage and mitigate an FRFI's risks. Risks may arise from direct exposure or through exposures taken by subsidiaries, affiliates or counterparties. FRFIs must assess the potential impact of these risks and have policies and controls in place to effectively manage them.

The Revised Guideline recommends that FRFIs develop and implement a board-approved risk-assessment framework (RAF). The RAF should be enterprise-wide and tailored to its domestic and international business activities and operations. It must be well-understood throughout the organization, embedded within the culture, and supported by operational, financial and corporate policies, practices, and procedures. The RAF should also set basic goals, benchmarks, parameters and limits as to the amount of risk the FRFI is willing to accept. Moreover, it should consider the material risks to the FRFI, including the goodwill and reputation of the institution with regard to its policyholders, stakeholders, service providers and brokers. The RAF should be forward-looking and consistent with the FRFI's business model, overall philosophy, short-term and long-term strategic plan, capital plan, financial plan, business objectives and corresponding risk mitigation strategy. The RAF should provide boundaries on the ongoing operations of the FRFI with respect to asset class and liability choices, activities and participation in markets that are not consistent with the FRFI's stated risk appetite.

The Revised Guideline also directs that the board should establish a dedicated risk committee to oversee risk management on an enterprise-wide basis. Committee members should be "non-executives," and an adequate number of members should have sufficient knowledge in the risk management of financial institutions. The committee should seek assurances from the chief risk officer (the CRO), or equivalent, that the oversight of risk management activities is independent from operational management, adequately resourced, and has appropriate status and visibility. Moreover, the risk committee should provide input to the approval of material changes to the insurer's strategy and corresponding risk appetite. Smaller, less complex insurers are not required to create a dedicated risk committee. Rather, the board should merely ensure that it has the collective skills, time and information to provide effective oversight of risk management on an enterprise-wide basis.

Broker Awareness

It would be prudent for brokers to educate themselves about the RAFs of the primary insurers they work with, and to implement the key elements of those RAFs to better align risk governance goals and strategies and to ensure that risk appetite and risk tolerance are mutually acceptable. Brokers are the main contact with customers and the gatekeeper of all underwriting information. As such, brokers should ensure they have in place strict record keeping and personal information privacy standards, policies and procedures. Brokers should regularly audit and monitor each line of business and product written through their primary insurers to ensure they are continuously working with the companies to improve risk profiles in light of changing circumstances and risks, to ensure they are in compliance with delegated authorities and not breaching the risk boundaries set by the insurers, and to ensure that are ready and able to take advantage of new opportunities.

Raising the Bar for Corporate Governance

The Revised Guideline raises the bar for corporate governance by introducing a number of significant new regulatory expectations for insurance companies in Canada. Although OSFI has made an effort to incorporate flexibility into the Revised Guideline, there is a concern that the guidance is too heavily targeted towards large FRFIs, and that the new expectations will be onerous and burdensome for smaller FRFIs to implement. Moreover, according to industry feedback, the expectation for FRFIs to conduct occasional independent third-party reviews may prove onerous, expensive and intrusive. The main challenge for many FRFIs will be in determining how to implement the expectations set out in the Revised Guideline given their own particular circumstances. For subsidiaries of foreign parents that may have limited Canadian operations and a minimum number of non-affiliated directors, it may be a real challenge to fully comply with the Revised Guideline. The Revised Guideline may be perceived by some as creating another reason why it may be preferable for foreign financial institutions to operate in Canada as a branch rather than by incorporating a subsidiary. However, it is likely that OSFI already has heightened expectations with respect to branch corporate governance and will eventually develop similar guidance for branches, if only to avoid the perception of an unlevel regulatory playing field in Canada.

By understanding the demands OSFI is now imposing on FRFIs, brokers as gatekeepers to the policyholder can be better poised to influence underwriting strategy, determine coverage limits and retentions, provide better security with respect to privacy of personal information, ensure accurate record keeping and reporting to insurers, assist with prompt claims handling and continue to assist companies with their underwriting results. There is no better ally to an insurance company than a broker who can put a face to risk.

Originally published in the May 2013 issue of Canadian Insurance Top Broker, copyright Rogers Media.