The Office of the Commissioner of Insurance (OCI) has updated the 2002 Guidance Note on Corporate Governance for Authorized Insurers (GN10). Ms Joyce Chan and Ms Gillian Morrissey of Clyde & Co explain the key changes.
On 7 October 2016, a revised Guidance Note on the Corporate Governance of Authorized Insurers (Revised GN10) was issued by the Office of the Commissioner of Insurance (OCI). The Revised GN10 replaces the Guidance Note on the Corporate Governance Code for Authorized Insurers (GN10) which came into effect on 1 September 2003.
It sets out the minimum standards of corporate governance that the OCI expects of insurers authorised to carry on insurance business in and from Hong Kong, including the composition, role and responsibilities of the board; internal controls; and compliance with laws and regulations.
Revised GN10 will generally become effective on 1 January 2017. There is a one-year transitional period for the increased minimum number of independent non-executive directors (INEDs), remuneration requirements and establishment of a risk committee. The requirements relating to “key persons in control functions” (Key Persons), a concept familiar in other jurisdictions and to be introduced in Hong Kong under the Insurance Companies (Amendment) Ordinance (Amendment Ordinance) will necessarily not take effect until the relevant statutory provisions have commenced.
Revised GN10 largely reflects the International Association of Insurance Supervisors’ (IAIS) Insurance Core Principles 7 and 8 on corporate governance and internal control systems and risk management frameworks, respectively.
Who does it apply to?
The OCI has expanded the range of insurers which must comply with Revised GN10. Broadly, this captures all Hong Kong-incorporated insurers authorised to carry on insurance business in and from Hong Kong other than those in run-off. The run-off exemption applies to long term insurers that have ceased new business and whose renewal business annual gross premium income is less than HK$20 million (US$2.5 million) and all general insurers that have ceased new and renewal business.
Non-Hong Kong-incorporated insurers that are authorised to carry on insurance business in and from Hong Kong where their Hong Kong business exceeds 50% of their annual gross premium income must also comply with Revised GN10 unless they obtain a written exemption from the OCI. Under GN10, the threshold was 75%.
Captive insurers were expressly exempted from GN10. They will be “encouraged to adopt” Revised GN10 as appropriate.
Taking a practical approach, the OCI relaxes certain provisions of GN10 and Revised GN10 for small insurers whose annual gross premium income and total gross insurance liabilities the preceding financial year were each below HK$20 million. The financial threshold remains unchanged under Revised GN10 but it explicitly expands the category of small insurers to include qualifying composite insurers.
Synopsis of key changes
Revised GN10 introduces specific provisions on senior management which includes the chief executive. Their role is to carry out the insurer’s day-to-day operations and implement its controls and systems in accordance with the strategies, policies and procedures set by the board.
Senior management appointments should be authorised by the board, and their roles, responsibilities and delegated authority should be adequately documented, with appropriate reporting lines to the board.
GN10 envisages delegation of some responsibilities by senior management, in particular to Key Persons, maintaining clear accountability and reporting lines.
Revised GN10 introduces specific provisions on Key Persons. Under the Amendment Ordinance the regulator’s prior consent for the appointment of senior executives who carry out “control functions” of insurers (other than captives) will be required.
The Amendment Ordinance and Revised GN10 list the following control functions: internal audit, risk management, financial control, compliance, actuarial and intermediary management. Additional control functions can be specified by the Financial Secretary by notice. A control function is likely to enable the individual responsible for it to exercise significant influence over the business of the insurer.
Control functions will be an important part of an insurer’s risk management and internal control system, providing checks and balances, and supporting the board in fulfilling its oversight duties.
Following the global financial crisis, remuneration is an area of regulatory focus in many jurisdictions. Insurers are required to establish a board-approved risk-averse remuneration policy, in-line with their objectives, business strategies and long-term interests, and providing a clear relationship between performance and remuneration.
Revised GN10 requires multi-level involvement within the corporate governance structure of an insurer in the setting and monitoring of remuneration policy: the board, including the optional remuneration committee, senior management and risk management Key Persons.
Revised GN10 broadens the scope of application of the remuneration policy to cover all directors (including INEDs) and employees, focusing in particular on senior management, Key Persons and “material risk-taking employees” (the latter whom the IAIS refers to as “major risk-taking staff”, ie whose actions, individual or aggregated in groups of employees, may have a material impact on the insurer’s risk exposure through the assumption of material risk or by taking on material exposure).
Revised GN10 sets out detailed principles relating to remuneration, including required characteristics of performance-measuring criteria applicable to variable remuneration, and promoting a complete assessment of risk-adjusted performance.
The board has ultimate responsibility for setting the business objectives and strategies taking into account the long-term financial soundness of the insurer, fair treatment of policyholders, and the legitimate interests of its stakeholders. Policies are to be implemented by senior management.
Amongst its other duties, the board should set the risk appetite and strategy and provide appropriate risk management and internal control systems. It is responsible for providing a transparent and reliable financial reporting system and ensuring there is adequate governance and oversight of the external audit process.
GN10 requires a minimum of four, properly minuted, board meetings per year, at least two of which must take place by participation, rather than by written resolutions. Revised GN10 clarifies that the frequency of these meetings should be approximately quarterly. Revised GN10 acknowledges participation by means of video/teleconferencing.
Insurers, other than small insurers, will continue to be required to have a minimum of five directors, one third of whom have knowledge and experience of insurance business. Going beyond finance and investment expertise that that were highlighted in GN10, Revised GN10 requires that the board’s adequate spread and level of expertise should cover areas such as claims, actuarial and underwriting, in addition to the areas of finance and investment as set out in GN10.
An important check and balance against the influence of controllers and management is the requirement to have a sufficient number of INEDs on the board. Small insurers must have at least one INED, otherwise, the requirement for the proportion of INEDs on the board has been increased in Revised GN10 from 1/5th to 1/3rd.
On a practical note, Revised GN10 allows for a temporary exemption for the reduction of INEDs where there is a valid justification.
There are amendments to the independence criteria of INEDs. In particular, former employees of the insurer or its group will be required to wait three years, whereas GN10 focuses on current roles only. Under Revised GN10, the OCI is unlikely to consider a proposed director to be independent if he is a director or controller of a company that has significant financial interest with the insurer or any group company, for example, a major service provider.
Duties of individual directors
A new section on duties of individual directors builds on the previous requirements. It will require individual directors, in particular, to:
- exercise due care and diligence;
- act reasonably, in good faith and honestly;
- act in the best interests of the insurer and its policyholders;
- exercise independent judgement and objectivity in decision-making; and
- not use his position to gain undue personal advantage or cause detriment to the insurer.
Additionally, directors should avoid actual, potential or perceived conflicts of interest, and those who have other directorships must ensure they have sufficient time to carry out their duties to the insurer, including attending board meetings.
Separation of role of Chairman/CEO
Under GN10, the Chairman and CEO should be separate unless there are appropriate controls. This requirement has been bolstered further in Revised GN10. Going forward, the Chairman should not be the CEO, appointed actuary or serve as chair of any board committee.
If the chief executive is temporarily unable to carry out his duties due to temporary absence from Hong Kong, sickness or other exceptional reason, the board should ensure the continued proper functioning of the insurer’s operations. In order to achieve this, a director or, despite the general restriction noted in the preceding paragraph, the Chairman, with proper control measures in place, can take on this role.
Under GN10, other than for small insurers, the establishment of an audit committee is mandatory, unless the insurer is part of a group which has a group audit committee. A new requirement is that the audit committee should be chaired by an INED. It should preferably have an INED majority.
Revised GN10 also makes the establishment of a risk committee mandatory for insurers other than small insurers.
The optional committees which the board of an insurer should consider where appropriate having regard to the insurer’s size, practical needs and business activities have not changed. The optional specialised board committees are the: investment committee; nomination committee; remuneration committee; underwriting committee; reinsurance committee; and claims settlement committee.
Under Revised GN10 the functions of committees can be combined so long as their effectiveness and integrity is not compromised.
The remuneration committee should include INED members and be chaired by an INED. The nomination committee should include at least one INED. The responsibilities of the nomination committee have been expanded to nominating suitable candidates for senior management appointments as well as board roles.
Group committees can be relied on if they take account of the insurer and the requirements of Revised GN10 – otherwise, the board should establish its own committees.
It may be necessary to consider rotating the membership of committees to avoid undue concentration of powers.
Revised GN10 requires the board to review, at least annually, each of its board committees collectively and their individual members to determine that they remain effective to carry out their delegated responsibilities. Revised GN10 does not have an explicit requirement requiring an equivalent annual evaluation of the board collectively and the individual directors, but insurers might consider this as best practice. There is a requirement to address identified weaknesses at board level, including through director
Appropriate systems of control should provide for the evaluation of senior management performance of objectives set by the board.
- Group policies– Revised GN10 expressly permits the use of appropriate group policies and procedures by insurers.
- Business continuity planning – Insurers will be required to establish a business continuity policy and business continuity plan covering the aspects set out in Revised GN10. Interestingly, this relates not only to going-concern situations but also gone-concern. If an insurer needs to use its business continuity plan, it must notify the OCI promptly, providing information of the disruption, actions taken, potential impact and target timeline. Progress reports will be required until business resumes as normal.
- Cyber security – Taking into account technological advancements since GN10 was issued, a new section on cyber security obligations has been added.
- Record-keeping – This expands on existing statutory record-keeping obligations.
- Customers – The provisions relating to the servicing of customers have been strengthened and further detail added.
As 2017 is just around the corner, insurers operating in or from Hong Kong should undertake prompt steps to perform a gap analysis of their corporate governance, risk management and internal control systems framework against the revised requirements.
Ms Joyce Chan is a Partner and Ms Gillian Morrissey is a Registered Foreign Lawyer, both at Clyde & Co in Hong Kong.