In the context of Brexit planning, the emphasis placed by the Central Bank of Ireland (the "Central Bank") on ensuring that an applicant's "heart and mind" (or "substance") is located in Ireland is a key focus for attention. Although there is not a specific formula for meeting the "heart and mind" requirement, the clear message from the Central Bank is that the insurer established in Ireland must have a substantive presence here. Essentially, this means that the Central Bank will need to be satisfied that it is authorising an operation that will be run from Ireland and in a manner that will enable the Central Bank to supervise it effectively.
What does "substance" mean in practical terms?
It is important to remember that the Central Bank will examine each application for an insurance authorisation based on its own particular circumstances so there may be some degree of flexibility afforded on a case-by-case basis. In general, an applicant seeking to meet the Central Bank's "substance" expectations will (amongst other things) need to demonstrate that:
- a strong senior management team under the direction and oversight of the board of directors is located in the Irish head-office such that the business is run from Ireland i.e. the main decision-making in respect of the business is based in Ireland. There is no requirement for any particular individual to be resident in Ireland; however, ideally, key personnel would operate primarily out of Ireland.
- the level of staffing with relevant expertise and experience in the Irish head-office is appropriate to ensure that the particular risks that are associated with the applicant's business are governed, monitored, managed and mitigated by the authorised entity. In this regard, the Central Bank invites the applicant in its authorisation submission to determine what it considers to be adequate resourcing for the Irish head-office having regard for Solvency II requirements (including outsourcing).
- the governance and reporting line structure ensures appropriate segregation of responsibilities and oversight of all activities taking particular account of Solvency II requirements and the Central Bank's Corporate Governance Requirements for Insurance Undertakings 2015. Depending on the business, there is a certain degree of flexibility in terms of how this can be achieved having regard to board committees, sub-committees or other matrix management structures.
An applicant will need to earmark responsibility for the four key functions under Solvency II, namely, the risk, compliance, internal audit and actuarial functions. To the extent that these functions are outsourced, the applicant must appoint an appropriate senior person internally who is responsible for oversight of the relevant outsourced provider.
In addition, the Central Bank's Corporate Governance Requirements for Insurance Undertakings 2015 state that the board of directors must have a minimum of five directors (which must include the CEO of the Irish entity). The majority of the board must be composed of group directors (i.e directors who are employees of the group but who are not executives of the Irish entity) or a combination of group directors and independent non-executive directors ("INEDs") provided that there is a minimum of two INEDs. The Central Bank places significant emphasis on INEDs as integral components of the board and committees in terms of ensuring independent oversight and challenge.
How much outsourcing is acceptable?
Achieving an appropriate balance between "substance" and "outsourcing" will be a key challenge for applicants and is likely to be an area of focus for the Central Bank in assessing an authorisation application. The Central Bank accepts that Solvency II envisages the outsourcing of a (re)insurer's activities as part of its business model but with the clear caveat that this does not mean the outsourcing of responsibility for those activities.
The Central Bank will focus on the level of expertise and seniority within the applicant entity to ensure effective oversight and management of the outsourcing is in place. In particular, recent regulatory enforcement activity has demonstrated that outsourcing can be the source of material risks to a business and, accordingly, the Central Bank will seek to ensure that it clearly understands how an applicant will manage and mitigate the risks involved.
In line with Solvency II, the Central Bank will allow some level of greater flexibility in the approach to intra-group outsourcing reliances.
Outsourcing under Solvency II
From a Solvency II perspective, it is important for applicants to identify what activities to be outsourced may be considered critical or important functions or activities ("CIFAs") and ensure that appropriate due diligence is carried out and documented when selecting a service provider. In all such cases, a written outsourcing agreement containing specific Solvency II requirements must be entered into with the service provider. In addition, an applicant intending to engage in outsourcing will need to put in place a written outsourcing policy (to be reviewed at least annually).
Many applicants wishing to retain back-office / support functions in the UK will need to ensure that an appropriate Solvency II compliant outsourcing agreement is in place between the UK-based entity and the new Irish entity. For instance, the Central Bank will expect all such agreements to contain a provision ensuring that it will have full and unrestricted access to all information relating to the outsourced activity as well as to the service provider's premises if an on-site inspection or audit is to be performed.
On an ongoing basis, a newly-authorised Irish insurer will need to be mindful of the Central Bank's guidance on the notification process for CIFAs under Solvency II if a decision is made to implement a new CIFA or materially change an existing one. Amongst other prescribed requirements, the Central Bank requires at least six weeks notice before the change takes effect. Significantly, the Central Bank has stated that outsourcing will continue to be a key theme in 2017 with a range of onsite reviews of third party service providers planned. The Central Bank's focus will be on governance risk and the inherent operational issues arising from outsourcing arrangements.