In October 2016, the Office of the Commissioner of Insurance (OCI) revised the Guidance Note on the Corporate Governance of Authorised Insurers (Revised GN10). Under Revised GN10, the OCI not only enhanced the minimum standards of corporate governance that is expected of authorised insurers, but it also widened the scope of application of such standards.
Most of the amendments which are set out in detail below will come into effect on 1 January 2017. Implementation of the requirements relating to the minimum number of independent non-executive directors (INEDs), the risk committee and remuneration will be delayed until 1 January 2018.
SCOPE OF APPLICATION
Revised GN10 applies to all authorised insurers incorporated in Hong Kong. It also applies to 'applicable overseas insurers', the definition of which has been widened. Applicable overseas insurers are now defined as authorised insurers incorporated outside Hong Kong, where 50% or more of the annual gross premium income pertains to their Hong Kong insurance business, unless they are expressly exempted. The threshold to be an 'applicable overseas insurer' used to be 75% or more of annual gross premium income.
In addition, captive insurers (insurance companies that are wholly owned and controlled by their insureds) which were previously expressly exempted are now encouraged to adopt Revised GN10.
DETAILS OF THE KEY CHANGES
The changes made to Revised GN10 mainly focus on increasing the independence of the board of directors (Board), enhancing risk management, establishing clear lines of accountability and ensuring appropriate remuneration.
(i) Governance Structure
Revised GN10 focuses on increasing the independence of the governance structure of authorised insurers. In particular:
- Insurers are required to increase the number of INEDs on their Board from one-fifth to one-third of the Board. Further, small authorised insurers with less than five directors should now have at least one INED;
- The test for independence has also been tightened. In addition to the previous requirements which existed under GN10, a director will not be considered independent if: (i) he has been an employee of the insurer or of a one of its group companies within the last three years, or (ii) if he is a director or controller of a corporation that has significant financial interests with the insurer or one of its group companies eg, he is a major service provider of the insurer; and
- Some of the committees established by the Board (eg the Audit Committee and the Nomination Committee) have stricter independence requirements, either by mandating that there be a larger number of INEDs or a larger proportion of INEDs.
In addition, while it used to be 'preferable' for the Chairman and Chief Executive roles to be held by different individuals, they now cannot be held by the same individual. Similarly, the Appointed Actuary cannot hold the role of the Chairman or the Chief Executive.
Finally, there are new provisions relating to those in senior management and key persons in control functions. In relation to senior management, among other things, the Board should authorise the appointment of individuals as senior management and clearly set out and document their roles and responsibilities. Senior management should have appropriate reporting lines to the Board and provide information to the Board in a timely manner. Further, the authorised insurer should also ensure that it has adequate controls in place to allow the Board to assess the performance of senior management.
The provisions relating to key persons in control functions will come into effect as part of Stage 2 of the commencement of the Insurance Companies (Amendment) Ordinance 2015 which is expected in Q1/Q2 2017. Revised GN10 provides that key persons in control functions (such as actuarial, financial control, internal audit, compliance, risk management and intermediary management) should be 'fit and proper' and the Board should set appropriate authority and independence for each control function to enable them carry out their functions effectively. These individuals should also report to the Board, board committees or senior management and these reporting lines should be designed so as to avoid any conflicts of interest.
(ii) Board of directors
Consistent with the general theme of the revisions, the provisions relating to the role and responsibilities of the Board have been revised to focus on control and risk management, with an emphasis on the "checks and balances" of power. Revised GN10 clearly sets out the duties that each individual director owes to the authorised insurer and also includes specific provisions relating to the Chairman of the Board providing that he/she is responsible for the "stewardship" of the authorised insurer and "has a leading role to ensure the Board's proper and effective functioning".
In relation to Board matters, the following revisions have been made:
- The process for the appointment of board members should be formal, documented and transparent, and should preferably be overseen by a Nomination Committee.
- Conflicts of interest should be avoided but where they are inevitable they should be effectively managed by clear and well-defined procedures, eg by way of disclosure, abstention, prior approval, etc.
- Provisions relating to delegation have been included. The Board is permitted to delegate to designated committees or groups but it should ensure that the delegation is appropriate, made under a clear mandate and can be effectively monitored and assessed.
(iii) Risk management and internal controls
Revised GN10 contains more detailed provisions regarding risk management and internal controls. In particular:
- Where an authorised insurer belongs to a group of companies, the insurer should pay attention to the risks associated with intra-group transactions, as well as inter-relationship and interdependence of risks among group members;
- An authorised insurer should designate responsible person(s) to be in charge of the risk management function and they should have direct reporting line to the Board and/or the Risk Committee;
- As a best practice, the Chief Risk Officer should not report to the Chief Financial Officer, or vice versa, to avoid conflicts of interest and ineffectiveness in carrying out the risk management functions; and
- Authorised insurers must also establish a Risk Committee to independently oversee the establishment and operation of their risk management system. Its duties should include advising the Board on the insurer's risk appetite, reviewing the adequacy and effectiveness of the risk management policies on a regular basis and ensuring sufficient resources are in place for risk management. The majority of the members of the Risk Committee should preferably be INEDs. Revised GN10 confirms that authorised insurers may rely on a Group Risk Committee where appropriate and that small authorised insurers are exempted from this requirement.
Revised GN10 also contains additional provisions relating to keeping proper books and records, cybersecurity and business continuity indicating that these are important issues which should now be carefully considered by authorised insurers.
Revised GN10 contains a new section on remuneration which states that "sound remuneration practices are vital to sound corporate governance". Insurers are required to establish a prudent and effective remuneration policy which is in line with their objectives, business strategies and long-term interests but which does not induce inappropriate or excessive risk taking. The policy, which should be in writing and approved by the Board, should cover all directors and employees, with specific regard to directors (including INEDs), senior management, key persons in control functions and material risk-taking employees.
It is recognised that a good remuneration policy should motivate directors and employees to pursue the long-term growth and success of the authorised insurer and should evidence a clear relationship between performance and remuneration. In this regard, there are also specific provisions relating to the structure of remuneration and the criteria for measuring performance.
Further, in order to mitigate the potential conflicts of interest that may compromise the integrity and objectivity of the key persons in control functions, Revised GN10 specifically provides that their remuneration should be adequate to attract and retain staff with the relevant skills, knowledge and expertise, it should be based on the effective achievement of appropriate objectives, and it should not be solely linked to the performance of any business units which are subject to their control or oversight.
OTHER RELATED DEVELOPMENTS
Corporate governance and senior management accountability are hot topics in Hong Kong at the moment and Revised GN10 is another example of the steps which are being taken to ensure that financial services firms and insurers move towards better governance of their Hong Kong entities.The Hong Kong Monetary Authority's Supervisory Policy Manual module on the "Corporate Governance of Locally Incorporated Authorised Institutions" is currently under consultation with many of the same types of amendments, eg in relation to independence and remuneration, being made and the HKMA recently also issued a circular on the empowerment of INEDs (we will issue a briefing on this topic shortly). The Securities and Futures Commission of Hong Kong is also focused on senior management accountability and recently issued a circular on its new "Manager in Charge" regime, please see our briefing on this topic here.