Governance, risk and compliance: optimising your captive's strategy
A captive insurance entity is fundamentally different in comparison to a commercial insurer yet, as of today, the regulatory treatment and expectation between the two differs greatly across the global landscape.
Notwithstanding the fact that the commercial insurance industry establishes captive entities for internal capital optimisation or segregation of complex risks, most captives are consolidated by a non-financial parent organisation. Therein lies the regulatory challenge and what many captives owners consider to be a disproportionate treatment by supervisors.
At the heart of a regulator’s duties is to act as a final line of defence to ensure that insurance entities do not represent a systematic financial country risk or adverse impact to consumers.
A captive insurance entity fails both of these broad tests as described below:
- Systematic financial risk: by virtue of being consolidated in to numerous industry sectors, contributing to diversification, a failure of a captive is highly unlikely to affect the functioning of local or global financial markets; and
- Consumer risk: albeit in rare occasions where third party business is conducted, a captive’s strategy is that of providing insurance protection to group related entities. Therefore, the insured is a legal entity with little to no consumer risk.
A European perspective
The regulatory response to the financial crisis of 2007 and governance reforms in financial services have overall been positive for the economy. The accountability and responsibility of individuals running financial services firms has increased substantially.
However, for captives owners, particularly in Europe, the regulatory regime Solvency II (implemented in 2016) has resulted in an overwhelming deluge of what many owners see as an increasing amount of non-added value governance requirements.
The Directive has no less than 3,200 pages of regulatory text and guidelines, no less than 30 policies and an equal amount of processes and procedures. The requirement for independence across key functions challenges captives that often rely upon professional third-party service providers. This often inflates the cost of a running a captive with little added value in addition to distracting C-suite executives from the wider risk finance benefits a captive provides.
A US Perspective
The US responded by adopting the Annual Financial Reporting Model Regulation. This was a collaborative effort by the states through the National Association of Insurance Commissioners. It is usually referred to as the Model Audit Rule which was its working title while in Committee.
The Model Audit Rule was geared towards commercial insurers as it exempted those with less than 1,000 certificate holders. Compliance with the full rule was required for insurers with over $500 million of direct premium written.
Single parent captives were not included in the requirements as they are regulated only by their state of domicile, but risk retention groups (RRGs) were included. However, all but a few RRGs fell below the minimum threshold and were exempt.
Governance for RRGs was considered a few years later and the Model Risk Retention Act was modified to include corporate governance revisions. The revisions were fairly broad but required all owners to be insureds, a majority of the board with no material relationships with the RRG, establishment of an audit committee and business conduct and ethics policies.
Most US captive insurers escaped regulatory dictated corporate governance guidelines as they are regulated only by their state of domicile, and those captive domiciles focus more on financial solvency than governance policies. RRGs may meet the consumer test defined above in many instances as they may insure unsophisticated smaller entities.
While it appears that the US may be more insurer-friendly with regard to corporate governance dictates and captives, it came about more from the way captives are licensed rather than purposeful thought.
An offshore perspective
Most offshore captive domiciles have also implemented some form of corporate governance regulations, but with a recognition of the different nature of captive insurance from commercial insurance.
Bermuda implemented the Insurance Code of Conduct on July 1, 2011. The code, which was developed taking into account the core principles of the International Association of Insurance Supervisors, requires every insurer to establish and maintain a sound corporate governance framework having regard for international best practice.
The Bermuda Monetary Authority assesses compliance with the Code in proportion to the nature, scale and complexity of the insurer’s business, including the relationship between the policyholder and insurer, eg, captive versus commercial insurer.
The Cayman Islands implemented a Rule for Risk Management for Insurers in March 2015 which requires insurers to establish, implement, and maintain a documented risk management framework that is capable of promptly identify, measuring, assessing, reporting, monitoring and controlling all sources of risks that could have a material impact on its operations in a timely manner.
In April 2016, the Cayman Islands further implemented a Rule for Corporate Governance for Insurers which requires insurers to establish a corporate governance framework commensurate to the size, nature and complexity of its business.
In Barbados, mandatory governance for anti-money laundering and counter terrorism financing procedures is in place. Otherwise Barbados uses a perspective similar to that of the US in which the limited risk captives pose to the public purse is recognised. Nevertheless, the Financial Services Commission conducts a risk analysis by reviewing the annual filings and a biennial risk self-assessment; the expectation is the implementation of appropriate governance in the unlikely event of a change in a captive’s risk profile. A more formal approach is expected to evolve over the next few years.
Governance considerations for captives owners
There are a number of considerations that captive owners might wish to consider:
- Remember that the board should act as a board and oversee the direction of the captive;
- Continually review the risks the captive participates in and ensure that its strategy is aligned to that of the parent, including the consolidated risk appetite and tolerance;
- Develop a board reporting process that isn’t simply a mechanism to tick the regulatory boxes and meet the reporting requirements but that the investment in both monetary and time yields a return. This might include assessing the captive’s capital to assess new risks or developing capital projections and stress test scenarios;
- It is easy to implement policies but it is important to document their testing and reporting as in most instances a regulatory inspection will require documentation of the policy in operation. Building a solid board agenda and planning cycle of tasks can greatly help bring routine to reporting and enable board members to organise the decision-making process; and
- Monitor third-party administrators and seek assurance of their internal processes and procedures by requiring an independent review of their services or via the development of key performance indicators.
Compliance with the full scope of corporate governance regulations in the different captives domiciles can significantly increase the operating costs of the captive and compromise the benefit to be gained from their use. In most domiciles there is a recognition of the nature of captives business and the lesser need for consumer protection. We continue to monitor corporate governance activity in the hope that only reasonable policies that captives can benefit from are promulgated.
Notwithstanding the need for proportionality in the application in these regulations to captives, the regulations as they apply to commercial insurers can act as a source of best practices to captives in their own corporate governance.
Strategic Risk Solutions is consulting with clients to help them develop best practices with regard to corporate governance on an individual basis that serve as a platform to build their companies.
Stuart King is president of SRS Europe. He can be contacted at: email@example.com
Derick White is managing director of Strategic Risk Solutions. He can be contacted at: firstname.lastname@example.org