“The insurance sector plays a vital role in the economy and society, providing protection and risk transfer for individuals, businesses, and public entities. However, the insurance industry also faces various challenges and risks, such as market volatility, cyber threats, regulatory changes, climate change, and pandemics. These challenges and risks can potentially disrupt the provision of insurance services and affect the solvency and reputation of insurers.
Therefore, it is essential for insurers to have a sound and effective corporate governance system that ensures the proper management and oversight of their activities, as well as a robust operational resilience framework that enables them to prevent, adapt, respond, recover, and learn from operational disruptions. Corporate governance and operational resilience are closely related and mutually reinforcing concepts that contribute to the risk-adjusted performance, long-term sustainability, and solvency of insurers.
Corporate governance refers to the system of rules, including policies, practices, and processes, by which an insurance company governs itself. It includes not only the corporate structure (board of directors, senior management, business functions, etc.) but also the organizational culture (values, ethics, etc.), strategies, controls, as well as the governing documents that capture the spirit and the letter of the company’s guiding principles and mandates. Corporate governance defines all organizational roles, responsibilities, and accountabilities at all levels. It also provides corrective action for non-compliance or weak oversight, controls, and management.
Operational resilience refers to the ability of an insurance company to restore key products and services in the event of disruption within an acceptable timeline. Operational resilience has become increasingly important for insurers as they deal with potential challenges ranging from global pandemics to cyber-attacks. Operational resilience requires insurers to identify their important business services, set impact tolerances for the maximum tolerable disruption, and carry out mapping and testing to assess their vulnerabilities and capabilities. Operational resilience also requires insurers to have contingency plans, recovery strategies and learning mechanisms in place.
The European Insurance and Occupational Pensions Authority (EIOPA) is an independent advisory body to the European Commission, the European Parliament, and the Council of the European Union. EIOPA is responsible for ensuring effective and consistent regulation and supervision of the insurance and occupational pensions sectors in the European Union. One of the main tasks of EIOPA is to issue guidelines on various aspects of the system of governance for insurance and reinsurance undertakings. The guidelines on system of governance aim to promote sound and prudent management of the business of undertakings, as well as to reinforce efficiency in the full exercise of the powers legally entrusted to EIOPA at the level of supervision of the governance system. The guidelines are based on the Solvency II Directive and the Commission Delegated Regulation 2015/35, which establish the general legal framework for the system of governance. The guidelines cover various topics, such as: (i) The general governance requirements, including the proportionality principle, the documentation requirements, and the outsourcing policy; (ii) The fit and proper requirements, which apply to all persons who effectively run the undertaking or have other key functions, such as compliance, actuarial, risk management, and internal audit; (iii) The risk management system, which comprises the strategies, the processes and the reporting procedures necessary to identify, measure, monitor, manage and report on a continuous basis the risks to which undertakings are or could be exposed; (iv) The own risk and solvency assessment (ORSA), which is a forward-looking assessment of the overall solvency needs related to the specific risk profile of undertakings; (v) The internal control system, which consists of all policies, procedures and mechanisms that ensure compliance with laws and regulations, as well as with internal rules and standards; (vi) The actuarial function, which coordinates the calculation of technical provisions, ensures their reliability and adequacy, assesses their uncertainty, expresses an opinion on underwriting policy and reinsurance arrangements, and contributes to risk management; (vii) The outsourcing policy, which defines how undertakings outsource critical or important functions or activities to external service providers; (viii) The remuneration policy, which sets out how undertakings remunerate their staff in a way that is consistent with sound and effective risk management; (ix) The internal audit function, which provides independent assurance on the adequacy and the effectiveness of the internal control system.
The guidelines are addressed to the supervisory authorities of each member state, who are expected to comply with them or explain why they do not intend to do so. The guidelines are also relevant for insurance and reinsurance undertakings, who are expected to follow them or justify why they deviate from them. The guidelines are not legally binding, but they reflect EIOPA’s view on how undertakings should apply the Solvency II requirements on system of governance.
In this context, it is commendable that the Insurance and Pension Funds Supervisory Authority (ASF) of Portugal has issued the Regulatory Rule No. 4/2022-R on 26 April 2022, which establishes the general requirements and principles that should govern the development of the governance system to be implemented by insurance and reinsurance undertakings in Portugal. The Regulatory Rule covers various aspects of corporate governance and operational resilience, such as risk self-assessment and solvency, prevention, communication and resolution of conflicts of interest, policy for the prevention, detection and reporting of insurance fraud, remuneration policy and internal reporting of irregularities. The Regulatory Rule aims to promote sound and prudent management of insurance and reinsurance undertakings, as well as to reinforce efficiency in the full exercise of the powers legally entrusted to the ASF at the level of supervision of the governance system. The Regulatory Rule also updates the regulatory regime in line with the national and European legal framework and the best practices of supervision. The Regulatory Rule is expected to increase the level of demand and establish the basis for the implementation of mechanisms and practices of prospective, proportional, consistent, and assertive supervision. The Regulatory Rule is a welcome initiative that reflects the ASF’s commitment to enhancing the corporate governance standards and practices in the insurance sector. The Regulatory Rule also contributes to strengthening the operational resilience of insurers in Portugal by providing them with guidance on how to identify, manage and mitigate their operational risks. The Regulatory Rule is therefore a positive step towards ensuring the stability, competitiveness, and sustainability of the insurance industry in Portugal.
However, corporate governance and operational resilience are not static concepts that can be achieved once and for all. They are dynamic and evolving processes that require constant monitoring, evaluation, and improvement. They also depend on the collaboration and coordination among all stakeholders involved in the insurance sector, such as regulators, supervisors, insurers, intermediaries, customers, investors, and employees. Therefore, it is not enough to have good rules and guidelines on paper; they need to be effectively implemented and enforced in practice. Moreover, they need to be regularly reviewed and updated to reflect the changing realities and challenges of the insurance market.
In conclusion, corporate governance and operational resilience are essential elements for the success and survival of insurers in a complex and uncertain environment. They can help insurers to protect their assets, liabilities, reputation, and customers from operational disruptions. They can also help insurers to seize new opportunities, innovate new products and services, and enhance their competitive advantage. Therefore, insurers should not see corporate governance and operational resilience as mere compliance obligations or costs; they should see them as strategic investments that can generate long-term value for their business and stakeholders.
As Winston Churchill once said: “”To improve is to change; to be perfect is to change often.””.”