Corporate governance is an issue the FSA will be looking at in the insurance sector. Carole J Edrich explains the likely areas of its regulatory requirements
There are numerous different understandings of the meaning and implied interpretations of corporate governance, risk management and controls.
It has been held that the most effective approach concentrates on the views of the Financial Services Authority (FSA), which is under a statutory duty to maintain financial sector market confidence. The FSA does this by trying to avoid damage to the soundness of the UK financial system and is, therefore, particularly concerned about the conduct and collapse of organisations. This approach is likely to be extended to insurance organisations in the future.
Tight corporate governance requirements, such as KonTraG in Germany, and those in Japan and Denmark, are reflections of the mounting pressure from shareholders and regulators to improve business resilience and provide clear and unambiguous governance and controls.
In the UK, with the Turnbull recommendations also influencing the governance and supervisory regime, it is likely that the FSA will expect an evolutionary path towards formal corporate governance, company-wide risk management and controls.
Some believe that the only way to comply to such exacting standards is by aligning risk management purely with the strategic decision making process of the organisation and the relevant shareholder value drivers.
Others see the application of risk management, governance and controls as an important aspect of their continuity and decision support structure. They view the strategic aspect as a small set or component of a larger framework or scheme.
In a recent conference, the FSA's Jeremy Quick indicated that the authority does not look for a zero failure regime, because this is not realistic. Not only would this set itself up to fail, but any scheme that implemented such an approach would strangle the responsibility of management and any organisation's ability to innovate.
However, some areas of the financial sector, particularly that of insurance - soon to fall under the FSA's jurisdiction - believe that the FSA approach itself is likely to strangle their business anyway. This is partly due to the fact that, until now, much of the insurance industry has been self-regulating, and partly due to the form of regulatory control that, rightly or wrongly, it is anticipating. It is also due to the possibility that any new regime or supervision will elicit unanticipated consequences.
Reasonable and comprehensive measures are likely to be acceptable, provided the reasons for implementing each aspect of the regime are clear, fully documented and revised regularly. The FSA's essential concern is of customer loss and unwanted activity, be it criminal or as a result of negligence. It makes sense that other non-banking organisations share these concerns.
Further guidance from the FSA includes a formal set of standards for the conduct of business, an emphasis on adequate resources, systems and controls, a clear description and demonstrable process of the way that risks are initially identified and evaluated, as well as adequate systems and controls in place alongside appropriate records.
All these should be basic requirements for the corporate governance regime of any corporation, organisation or association, irrespective of geographic location or business sector.
Other regulatory requirements required in many countries with corporate governance regulation or legislation include:
The form and nature of the implementation must vary according to the priorities, technology and culture. Such protection should be intuitively important to any enterprise. It should reflect its current concerns, such as the importance of the component, process or information to the organisation or group as a whole.
If an organisation has no policy or plan for company-wide implementation of consistent risk management and governance standards and controls, it exposes itself to national and international threats as well as regulatory or legislative censure.
The Combined Code, and Turnbull recommendations in particular, indicate that risks should be reviewed by the board twice yearly as a minimum.
In the time-honoured tradition of implementation of regulatory and legislative requirements at minimum expense, some organisations have undoubtedly interpreted this as a review of existing and new risks once every six months. Not only does this fail to follow the spirit of Turnbull, but it is unlikely to be acceptable to the FSA.
A more sensible interpretation would be to implement a framework and processes that ensure risks are identified, assessed and evaluated on a six-month cycle, with periodic supervision from the risk committee. Others believe that a six-month cycle is too long and may choose periods varying between one day and six months. Others may perform all or part of the governance and risk management process as a continuous or dynamic process.
While everyone understands that corporate governance and the implementation of company-wide controls is a compliance issue, it is useful to find other stimulants to encourage the take-on, and participation of, corporate governance and control processes.
Select the exception. The FSA does not look for a zero failure regime because:
a to do so would be nearly impossible
b to do so would stifle innovation
c to do so would take up too many resources
d to do so would be setting itself up to fail.
Select the exception. Reasonable and comprehensive measures are likely to be acceptable provided that:
a reasons are fully documented
b there is a clear audit trail
c the measures are revised regularly
d they are appropriate to the organisation.
Select the exception. Guidance from the FSA includes:
a a clearly documented set of literature and references
b an emphasis on adequate resources and accountability
c an clear report on the standard FSA review process
d a formal set of standards for the conduct of business.
Further reading: www.fsa.gov.uk ; http://www.fsa.gov.uk/fsma/data/fsma/act/act_part_i.htm#7 ; Management of risk. Guidance for practitioners, The Stationery Office (2002); www.KaiCorporation.com ; ICAEW: Nigel Turnbull (1999). Internal control: guidance for directors on the combined code; London Stock Exchange (1998): The combined code: principles of good governance and code of best practice; Institute of Directors ( 2001): Standards for the board: improving the effectiveness of your board.
u This article was provided by Carole J Edrich, the founder and Principal of KAI Corporation (Risk). She can be contacted at cedrich@KAICorporation.com. Refer to the website www.KaiCorporation.com
How to use CPD
This free Insurance Times reader service is intended to help you improve your skills and understanding from the comfort of your office or home. All you have to do is read the text and answer the multiple-choice questions. The answers will appear in next week's issue.
Why CPD is important
The Financial Services National Training Organisation (FSNTO)'s mission is to improve the quality and skills of the workforce as a fundamental requirement for the sustainable competitiveness of the industry. We fully support the practice of continuing professional development (CPD) as a major contributor to achieving this aim. Many people across the sector are required to undertake CPD by virtue of the work they do or the professional body to which they belong, but everyone can benefit from continuing to develop their knowledge and skills.