Wisconsin adopted the National Association of Insurance Commissioners (NAIC) Corporate Governance Annual Disclosure (CGAD) model act in 2018, and is on track to adopt the NAIC CGAD model regulation so that the first filing will be due June 1, 2020. The filing is required from all Wisconsin domestic insurers - including HMOs, fraternals, and cooperatives - regardless of size, or from the insurer's holding company group.
The NAIC adopted the CGAD models after a study that compared existing governance requirements for U.S. insurers with established best practices, international standards, and U.S. regulatory needs. The NAIC study showed that corporate governance practices - the internal policies and procedures of an entity or group that set up a governance structure and provide oversight and accountability within that structure - play a key role in maintaining solvency.
With the move to risk-focused financial examinations, regulators began to collect a significant amount of information on corporate governance practices. However, those examinations usually occur only once every three to five years, and the CGAD allows regulators to monitor changes in such practices between onsite examinations.
I. CGAD Filing Issues
Identification of Level of Reporting. The insurer or its group (the filer) must choose whether to report at the ultimate controlling parent level, an intermediate holding company level, or the level of an individual legal entity, or some combination of these, but the NAIC expects most CGAD reporting to be at the ultimate controlling parent or intermediate holding company levels. The report must explain the criteria used to make this choice, which must include where the insurer or its system (1) determines its risk appetite; (2) collectively oversees earnings, capital, liquidity, operations, and reputation; and (3) places legal liability for failure to perform corporate governance duties. If there is a later change in the level of reporting, the filer must explain the change.
Use of Existing Documents. A filer may comply with CGAD filing requirements by referencing other documents provided to the Wisconsin Office of the Commissioner of Insurance (OCI), such as proxy statements and other state or federal filings, if such documents provide substantially similar information and the CGAD references the document that includes the information.
Filer Discretion. A filer has discretion regarding the CGAD disclosures, provided that they contain the information material to OCI's understanding of the filer's corporate governance structure, policies, and practices.
OCI Follow-up. OCI may request additional information from a filer to clarify a CGAD, and may hire consultants at the filer's expense to assist with OCI's review. When Wisconsin is not the lead state for one of its domestic insurers, the insurer must still provide a copy of the CGAD to OCI upon request; however, OCI must first request the CGAD and any follow-up information from the lead state.
Subsequent Annual Filings of Amended CGAD. By June 1 of each year following the initial CGAD filing, a filer must submit a CGAD indicating where changes have been made to the previously filed CGAD (or stating that no changes have been made).
Confidentiality. The CGAD is afforded one of the highest levels of confidentiality for OCI filings, as it is considered to be proprietary and privileged, and to contain trade secrets. As a result, there are numerous, stringent confidentiality protections intended to safeguard CGAD information and limit its use and disclosure.
II. Overview of CGAD Contents
Fundamentally, CGAD information is intended to provide regulators with a summary of the corporate governance structure, policies, and practices of an insurer and its system in order to convey and maintain an understanding of the filer's corporate governance framework.
A. Introduction Although a CGAD introductory section is not technically required, its use allows for efficient inclusion of the following: (1) identification of the applicable insurer or holding company system and their corporate structure; (2) a statement on the confidential nature of the report; (3) the level at which the report is completed (holding company or insurer); and (4) the criteria used to determine such level of disclosure. Use of an introductory section also provides an opportunity to reference any existing documents that are used to describe applicable corporate governance, as referenced above.
B. Board and Committee Framework, Policies, and Practices Because filers have discretion regarding format when providing CGAD information, simply repeating and responding to the rule requirements is sufficient if it adequately covers the filer's corporate governance framework and board and committee policies and practices:
1. Description of the board of directors and its committees ultimately responsible for overseeing the filer, including the rationale for the current board size and structure.
2. Duties of the board and each of its significant committees and how they are governed, as well as how the board’s leadership is structured.
3. Description of the policies and practices of the board and its significant committees, including:
- The qualifications, experience, and expertise of directors, and how these integrate to meet the needs of the filer;
- Board and significant committee independence, number of meetings, and attendance
- Nomination and election processes for the board and its committees, including the existence of a nomination committee, term limits on directors, elections and re-elections, and any board diversity policy.
4. Description of any performance review or training processes for the board or its committees.
C. Policies and Practices Directing Senior Management Again, filers may repeat and respond to the rule headings if that approach adequately covers the filer's policies and practices for directing "C" level executives (senior management):
1. Determination of the experience, skills, background, integrity, and education that senior management must possess, including the specific positions for which suitability standards have been developed and any monitoring of changes in an executive's suitability.
2. Description of the filer's code of business conduct and ethics.
3. Description of the filer's processes for senior management performance evaluation, compensation, and corrective actions.
4. Description of the filer’s senior management succession planning.
D. Management Processes for Oversight of Critical Risk Areas
The filer must describe how the board, its committees, and senior management ensure that there is an appropriate amount of oversight of the risk areas critical to the insurer, which must include at least:
1. How oversight and management responsibilities are delegated among the board, its committees, and senior management.
2. Reporting responsibilities for critical risk areas, such as risk management, actuarial, compliance, financial reporting, internal auditing, and decision-making processes for investment, reinsurance, business strategy, finance, and market conduct.
III. CGAD Differences by System Type
As is evident from the description above, the CGAD will vary from group to group, depending on size, traditions, ownership structure, and other factors. For example, the company level that is the focus of the CGAD will be the ultimate holding company parent for many insurance holding company systems, but may be an intermediate holding company for the insurance business in a diversified holding company system. On the other hand, a stand-alone mutual insurance company will report at the level of the insurance legal entity. Some basic considerations for public holding company systems, privately held systems, and nonprofit systems are described further below.
A. Public Holding Company System A publicly held holding company system, including mutual holding companies that have a publicly held subsidiary, will probably report at the level of the publicly held entity because that is likely to be the focus of governance and operations for the system. Moreover, the publicly held entity will be the one making filings with the SEC, which may be cross referenced for many components of the CGAD.
Of course, the insurance business is so different from other businesses; therefore, a diversified holding company might use an intermediate holding company for insurance operations as the focus for oversight and risk assessment for those operations. In this case, the diversified holding company might designate that intermediate insurance holding company as the CGAD reporting level.
B. Privately Held System Insurance operations may be held by an individual or a group of individuals such as a family or a private equity fund. Such a system will probably report at the level of a holding company which has been formed to be the focus of governance and operations for the system and separate those functions from the individual owners. Like a publicly held system, a private system may hold only insurance operations or it may be diversified so, with respect to the latter, there is likely to be a separate holding company limited to insurance operations that should be the level of reporting for CGAD.
Given that a privately held system is controlled by one or a small number of individuals, regulators will probably be interested in policies and practices that prevent the owners from exercising their control to the detriment of the enterprise. For example, regulators may be more interested in efforts to include independent, expert voices on the board; to link management compensation to objective factors; and to build independent power centers around functions such as risk management, financial reporting, and compliance.
C. Nonprofit system Nonprofits are often mutual, service, or fraternal insurers which, in turn, will often be the ultimate parent and thus the likely level of CGAD reporting. However, there are many examples of insurers, whether for-profit or nonprofit, that are owned by nonprofits such as health systems or trade associations. For insurers owned by nonprofits, the CGAD reporting level may be the nonprofit or, if the insurer's operations are not integrated with those of the nonprofit, at the insurer level or the level of an intermediate holding company.
Because policyholder voting is not an effective governance device for mutuals, see J.A.C. Hetherington, Fact v. Fiction: Who Owns Mutual Insurance Companies, 1969 Wis. L. Rev. 1068, regulators will probably be interested in policies and practices that provide a substitute check on management. And because nonprofits that own insurers are often engaged in efforts that do not involve insurance expertise, regulators will probably be interested in governance policies and practices that provide such expertise and insulate insurance management from nonprofit management to some extent. Thus, as with privately held systems, regulators may be more interested in efforts to include independent, expert voices on the board; to link management compensation to performance of insurance operations; and to build independent power centers around functions such as risk management, financial reporting, and compliance.
The CGAD is a complex report that will be due for the first time for many insurers this summer. Moreover, the process of preparing the CGAD for the first time may indicate the need for changes in corporate governance that could take some time to implement. Finally, OCI has emphasized the importance of a thorough initial CGAD, as follow-on filings are only updates (and changes must be explained). In short, now is the time to get started on an initial CGAD filing.