For insurance companies, risk comes in all shapes and sizes. It may stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, and natural disasters. In addition to forecasting financial risks and identifying procedures to avoid or minimize their impact, companies face challenges related to compliance with traditional corporate laws that govern how organizations are structured and managed. Corporate board members are also subject to fiduciary standards that require, among other things, that board members act reasonably and in the best interest of the insurance company and its investors.

Insurers must further comply with state insurance codes, which mandate specific requirements for starting, financing, operating, and winding down insurance operations. Importantly, state insurance laws further impose consumer protection standards, which broaden the scope of liability that insurance companies face under traditional legal principles. Companies must further protect themselves from risks associated with common law causes of action, such as those brought by policyholders for alleged violations of the duty of good faith and fair dealing, which automatically exists by operation of law in every insurance contract.

This article will focus on governance in the context of litigation and risk management. We begin by emphasizing the importance of adopting a governance framework that underscores compliance with statutory and regulatory reporting requirements. Next, we discuss the benefits of adopting a broad approach to corporate governance that emphasizes the flow of information from the operating level of the organization to the decision-makers at the higher- levels of the corporate ladder.

The adoption by the National Association of Insurance Commissioners (NAIC) of the Corporate Governance Annual Disclosure (CGAD) Model Act and Model Regulation, which sets forth corporate governance requirements insurers will need to implement and disclose, has increased the focus on risk and risk management in corporate reporting. Both the Model Act and Model Regulation provide that the insurer or insurance group is encouraged to make the CGAD disclosure at the level at which the insurer’s or insurance group’s risk appetite is determined. The new reporting requirements imposed by the CGAD Model Act and Model Regulation will become more significant as more states begin to adopt the Models. As of Nov. 27, 2017, 18 states (California, Connecticut, Delaware, Florida, Idaho, Indiana, Kansas, Louisiana, Maine, Montana, Nebraska, Nevada, New Hampshire, Ohio, Oregon, Rhode Island, Vermont, and Virginia) have adopted the CGAD Model Act and 11 states (California, Connecticut, Florida, Iowa, Indiana, Louisiana, Nebraska, Ohio, Rhode Island, Vermont, and Virginia) have adopted the CGAD Model Regulation. Regardless of whether an insurer does business in a state that has adopted the CGAD Models, the board should analyze its own governance framework and consider whether the company will be ready to comply with the Models’ reporting requirements once they are adopted in other states.

Because the issues that typically expose a company to the threat of litigation and similar risks often occur at the operational level, the board must ensure that the company’s corporate governance framework is structured in such a manner that will foster the free flow of information up the corporate ladder, while also facilitating decision-making at all levels of the organization. In an effort to effectively manage risks, boards should consider adopting an expansive view of corporate governance that focuses on more than the traditional compliance framework that is established by state-based corporate and insurance laws. In addition to adopting a culture of compliance with such laws, it is important to understand how an insurance company carries out its day-to-day business and claims handling practices, as well as how the company processes information to adapt to its business environment. In that regard, a corporate governance system should be viewed as information gathering and decision-making processes by which information flows from the operating level of an organization up through the chain of command to where decisions are made. Indeed, identification of risk is in many ways a “bottom up” process.

Boards do not have perfect knowledge of everything that happens within their organizations, but advances in the way boards receive and process information can help improve a company’s ability to effectively manage risks. Establishing a corporate governance framework that facilitates the flow of information and promotes decision-making at all levels of the organization can be vital for an insurance company to ensure it has effective processes in place to understand, identify, and manage risks. To do so, it is important to maintain a robust system of reporting mechanisms that allows information to flow from the operating level of the organization to decisions-making bodies, such as board committees. The right people in the organization should be empowered to feed information up, and need to have regular training as to how they are expected to react and what they are expected to report.

Viewed broadly, governance implies not only litigation exposure that typically arises from issues related to corporate control functions and fiduciary duty claims, but also from operational matters, including those related to claims handling and bad faith allegations. Harnessing good information flow and decision-making structures allows isolated pieces of information to be considered in their proper context. For example, an analysis of the company’s corporate governance system might reveal information related to particular claims practices and level of corporate review. Such an analysis, along with open channels for allowing lower-level personnel to escalate matters up the chain-of-command, provides a more measured, and potentially more reasonable and defensible, basis for an insurer’s claims defense and settlement decision-making.

Viewed in the larger governance framework, isolated information that may otherwise be portrayed as problematic from a bad faith or claims handling perspective may be addressed by recognizing that the appropriate decision- makers carefully considered all information at issue. Bad faith or extra-contractual lawsuits may become easier to defend (or avoid altogether) if the information upon which the litigation is based has been vetted through a system of appropriate decision-makers.

Originally published in The Demotech Difference –– Winter 2018.