Are you ready for the NAIC Corporate Governance Models? Corporate Governance Are you ready to respond? February 2015 Are you ready for the NAIC Corporate Governance Models? Thank you for the opportunity to present information about the NAIC’s new Corporate Governance models. The NAIC adopted these models on November 19th at the Fall Meeting in DC, so its very important for us to learn as much as we can about these models and how the industry will need to comply. The intent is for the states to pass legislation and implement regulations for these to become effective January 1, 2016, with reporting to begin June 1, 2016. Carol Stern, FLMI, AIRC, ACS Senior Consultant First Consulting & Administration, Inc. All Rights Reserved First Consulting & Administration, Inc.

Corporate Governance Models Status in the state legislatures Corporate Governance Are you ready to respond? February 2015 Corporate Governance Models Status in the state legislatures One state has already enacted the CGAD Models: Iowa – New Chapter 521H (§§ 521H.1 to 521H.8) Five states have proposed the CGAD Models: California - AB 553 (Section 1215.75 & Article 10.8) Louisiana – HB 199 (Section §§ 22:691.3 to 691.38) Rhode Island – SB 784 (Section §§ 27-1.2-1 to 27-1.2-10) Indiana - HB 1341 (SECTION 18. IC 27-1-4.1) Vermont HB 73 - (VT. Stat. Ann. 8, § 3316) IOWA HOUSE BILL 455 CORPORATE GOVERNANCE ANNUAL DISCLOSURE (CGAD) ACT As enacted, creates new Chapter 521H (Iowa Code §§ 521H.1 to 521H.8) to enact the NAIC Corporate Governance Annual Disclosure (CGAD) Model Act. New Chapter 521H applies to all insurers domiciled in Iowa and will apply beginning 1/1/2016, with the first CGAD filing due no later than 6/1/2016. Signed by Governor: 4/8/2015; Effective: 1/1/2016 All Rights Reserved First Consulting & Administration, Inc.

Corporate Governance Are you ready to respond? February 2015 Corporate Governance-part of NAIC Solvency Modernization Initiative (SMI) The SMI focuses on key issues such as capital requirements, governance and risk management, group supervision, statutory accounting, financial reporting, and reinsurance. The NAIC continues its push for new regulation and laws to complete SMI. SMI is a post-financial crisis critical self-examination to update the United States’ insurance solvency regulation framework. The SMI scope includes the entire U.S. financial regulatory system and all aspects relative to the financial condition of an insurer, and is not limited to the evaluation of solvency-related areas. The SMI focuses on key issues such as capital requirements, governance and risk management, group supervision, statutory accounting, financial reporting, and reinsurance. All Rights Reserved First Consulting & Administration, Inc.

Corporate Governance Are you ready to respond? February 2015 Corporate Governance-part of NAIC Solvency Modernization Initiative (SMI) New Models fit with other elements of SMI: 2014 – Enhancements to Holding Company Models Form F (Enterprise Risk) Reports filed and reviewed 2015 – Own Risk Solvency Assessment (ORSA) Model Act ORSA Summary Reports filed and reviewed 2016 – Corporate Governance Models Annual corporate governance disclosures filed and reviewed It’s important to remember that the three key models in the SMI suite are the Holding Company Model, which has been adopted by 23 states in revised version which includes a revised Risk Report Form F that all insurers in a Holding Company structure started filing as soon as their domiciliary state adopted this model in 2014. The ORSA Model, which 21 states have adopted so far and companies over $500 M in premium will begin filing the ORSA Risk report in 2015.The Corporate Governance models completes the SMI group and which has an effective date of June 2016 for the requirement to have all companies filing an annual CG disclosure. All Rights Reserved First Consulting & Administration, Inc.

Corporate Governance Defined Corporate Governance Are you ready to respond? February 2015 Corporate Governance Defined The Models do not define corporate governance, but here’s our working definition: A framework of rules and practices by which a board of directors helps ensure accountability, fairness and transparency in an insurer’s relationship with all its stakeholders. The CG models don’t define the term, but here’s our working definition and one that the regulators have stated they used when creating the model. Read definition. Read the slide All Rights Reserved First Consulting & Administration, Inc.

NAIC adopts Corporate Governance Models November, 2014 Corporate Governance Are you ready to respond? February 2015 NAIC adopts Corporate Governance Models November, 2014 Corporate Governance Annual Disclosure (CGAD) Model Act Corporate Governance Filing Regulation Corporate Governance Annual Filing Guidance Manual – free of charge on the NAIC website Approved by the NAIC November, 2014 and effective June 1, 2016 These models are part of the state accreditation requirements so all states are expected to adopt without variations. The intent of these CG models is to provide more information annually to regulators on an insurers’ corporate governance practices. Currently, regulators obtain a significant amount of information on insurers’ corporate governance practices during full-scope examinations, which typically occur once every 3-5 years. However, information on governance practices, including changes that can have a substantial impact on current and prospective solvency, is not widely available to regulators in the period between onsite examinations. This reasoning was driving this new model’s adoption as part of SMI. Through the adoption of standards in this area, regulators can ensure that sufficient information on governance practices is available to assess the solvency of insurers on an annual basis. All Rights Reserved First Consulting & Administration, Inc.

Small Companies are not Exempt Corporate Governance Are you ready to respond? February 2015 Small Companies are not Exempt The NAIC has made an affirmative decision not to exempt small companies from any corporate governance requirements. In fact, the NAIC Corporate Governance Working Group highlighted the need for small companies to focus on improving their corporate governance structure, strengthening their risk management governance, and ensuring that knowledgeable and qualified Board members make decisions that impact the company’s risk and finances. With the Corporate Governance Annual Disclosure Model Act (CGAD) and supporting Model Regulation – the NAIC has made an affirmative decision not to exempt small companies from any corporate governance requirements. In fact, the Working Group highlighted the need for small companies to focus on improving their corporate governance structure, their risk management governance, and ensuring that knowledgeable and qualified Board members make these decisions. All Rights Reserved First Consulting & Administration, Inc.

Small Companies are not Exempt Corporate Governance Are you ready to respond? February 2015 Small Companies are not Exempt Susan Donegan, Commissioner of the Vermont Department of Financial Regulation, and Chair of the NAIC Corporate Governance Working Group explained: ”Some trade associations asked us to exempt the small companies, but the Working Group said the small companies needed the oversight in these models because there are few checks and balances of small firms’ governance. It was the intent of the NAIC to have no exemptions to these models.” Read the slide All Rights Reserved First Consulting & Administration, Inc.

Confidentiality Protection Corporate Governance Are you ready to respond? February 2015 Confidentiality Protection Same strong confidentiality language in CGAD as contained in other NAIC models, including the Insurance Holding Company Regulatory Act, the Risk-Based Capital Model Act and the Own Risk and Solvency Assessment. Documents are proprietary and contain trade secrets, are confidential by law and privileged and not subject to freedom of information laws. Documents are not subject to subpoena, discovery nor admissible in evidence in any private civil action. The Commissioner cannot make the documents, materials or other information public without the prior written consent of the insurer. Each of these SMI Models include strong protections for the highly sensitive and proprietary insurance company information that is required to be submitted to state insurance departments for regulatory review. All the industry associations jointly submitted a letter to the NAIC saying they are very disappointed that these mutually-agreed upon confidentiality provisions have been compromised or weakened by some states during their adoption of the HCA and the ORSA. As a result, the industry is pushing hard for the NAIC in its accreditation requirements for these models to require states to adopt its confidentiality provisions that are not just “similar” (or even “substantially similar”) to the provisions of Section 6 of the CGAD, but are “functionally equivalent” so they actually achieve the same level of protections that were intended and agreed by both regulators and industry. Florida submitted a separate letter stating that their legislature would not adopt the stronger confidentiality language and that there are other states in this same predicament. This will continue to be an open issue as this moves through adoption in 2015. These confidentiality provisions include: (read second bullet) All Rights Reserved First Consulting & Administration, Inc.

Purpose of these New Models Corporate Governance Are you ready to respond? February 2015 Purpose of these New Models The NAIC adopted CGAD and the supporting Model Regulation to give insurance regulators a means to receive additional information on the corporate governance practices of U.S. insurers on an annual basis. The NAIC believes that ultimate adoption by every jurisdiction will result in uniform application of the disclosure requirements to all U.S. insurers, which results in an even regulatory playing field and provides equivalent information for jurisdictions to utilize in assessing an insurer’s solvency position. In addition, uniform adoption across jurisdictions will assist the U.S. in meeting international standards relating to corporate governance and oversight. All Rights Reserved First Consulting & Administration, Inc.

Importance of Corporate Governance Corporate Governance Are you ready to respond? February 2015 Importance of Corporate Governance Key elements of effective corporate governance at the Board level include the following: Clearly defined roles and responsibilities Independent and active board members Individuals who are suitable for their roles Directors who act in good faith, and exercise a duty of care, loyalty and candor Board that provides sufficient oversight for all significant company activities The new model act and regulation will require all companies to tighten their governance structures, by-laws, charters, policies and procedures in order to assure that the Board of Directors and any of the Board committees have been assigned the ultimate responsibility for governing the insurer. An annual filing is required to document how the corporate governance of the Company is providing proper leadership, including documentation of the roles and responsibilities of the Board, the CEO and Chairman of the Board. The NAIC models require a governance structure that facilitates the Board and key executive roles to act in good faith and in a manner the Director or Board of Directors reasonably believes to be in the best interests of the Company. All Rights Reserved First Consulting & Administration, Inc.

What are regulators saying about these models? Corporate Governance Are you ready to respond? February 2015 What are regulators saying about these models? “This model act was developed to promote regulatory oversight as well as protect the confidentiality of the insurer.” “Annual and transparent disclosure of corporate governance practices of insurers will ensure that state regulators have a comprehensive understanding of the corporate governance structure, policies and practices utilized by the insurer.” Joseph Torti, III, Rhode Island Deputy Director and Superintendent of Insurance and Banking. Chair of the NAIC Financial Condition Committee, which oversees the work of the NAIC Corporate Governance Working Group. All Rights Reserved First Consulting & Administration, Inc.

Stronger Qualification Requirements for Board Directors Corporate Governance Are you ready to respond? February 2015 Stronger Qualification Requirements for Board Directors Regulators will be reviewing the makeup of the Board for appropriate background, experience and integrity to fulfill their prospective roles. The Board as a whole should possess the core competencies needed to oversee the insurance company. Examples of core competencies: financial literacy, accounting; business judgment; industry knowledge; management; leadership; vision and strategy. Financial literacy is a requirement for Board as a whole and the Board as whole needs to possess all of what the NAIC calls “core competencies” of accounting or finance, business judgment, industry knowledge, management; leadership, vision and strategy. The Board will also need to create suitability standards (position descriptions) for officers and key persons in control functions like the CEO, the Board Chair and the committee chairs, to assure they have the appropriate background, experience and integrity to adequately fulfill their responsibilities. The Company charter or other Board documents must clearly articulate the responsibilities of the Directors, including such basic requirements as attendance at board meetings and reviewing the meeting materials in advance in order to ask questions and evaluate the issues knowledgeably. Financial literacy is a requirement for each Board member and the Board as whole needs to possess all of what the NAIC calls “core competencies” of accounting or finance, business judgment, industry knowledge, management; leadership, vision and strategy with each Board member having skills in at least one of these areas of expertise. The Board will also need to create suitability standards (position descriptions) for officers and key persons in control functions like the CEO, the Board Chair and the committee chairs, to assure they have the appropriate background, experience and integrity to adequately fulfill their responsibilities. The Company charter or other Board documents must clearly articulate the responsibilities of the Directors, including such basic requirements as attendance at board meetings and reviewing the meeting materials in advance in order to ask questions and evaluate the issues knowledgeably. All Rights Reserved First Consulting & Administration, Inc.

What will Insurers need to report? Corporate Governance Are you ready to respond? February 2015 What will Insurers need to report? U.S. insurers will be required to provide a detailed narrative describing governance practices to their domestic regulator by June 1st of each year. The strict confidentiality measures should encourage insurers to be open and transparent in describing their governance practices to regulators. Insurers will be allowed some discretion in determining the level within the organization at which to report their corporate governance practices, depending upon their structure and organization. As with the ORSA model, companies will be able to determine at what level they will report their CG: At the company level or the holding company level or so The insurer’s corporate governance framework and structure; The policies and practices of its board of directors and significant committees; The policies and practices directing senior management; and The processes by which the board of directors, its committees and senior management ensure an appropriate level of oversight to the critical risk areas impacting the insurer’s business activities. me other configuration that makes sense for your specific entity structure. (read slide bullets 1 and 2) All Rights Reserved First Consulting & Administration, Inc.

What will Insurers need to report? Corporate Governance Are you ready to respond? February 2015 What will Insurers need to report? To eliminate some duplicative filings, CGAD gives the ability to reference information provided in other filings (e.g. SEC Proxy Statement, ORSA Summary Report, any other regulatory filing). The industry has been very concerned about the duplication in filings and has documented extensively which other models require similar filings. The NAIC has made an effort in the CGAD to say that any existing filings can be referenced and a company does not need to duplicate that information. All Rights Reserved First Consulting & Administration, Inc.

What will Insurers need to report? Corporate Governance Are you ready to respond? February 2015 What will Insurers need to report? Insurers are required to provide information in the following areas: Corporate Governance Framework & Structure • Rationale for current Board size and structure and discussion of the roles of CEO and Chair Board of Director Policies & Practices • Qualifications and experience of board members, as well as the processes for electing members of the board and evaluating the board’s performance There four areas will make up the key elements of the CGAD – framework and structure (read slide), BOD Policies and Practices (read the slide) Management policies and practices (read the slide) and oversight of critical risk areas. The insurer’s corporate governance framework and structure; The policies and practices of its board of directors and significant committees; CONTINUED ON NEXT SLIDE All Rights Reserved First Consulting & Administration, Inc.

What will Insurers need to report? Corporate Governance Are you ready to respond? February 2015 What will Insurers need to report? Insurers are required to provide information in the following areas (continued): Management Policies & Practices • Utilization of suitability standards, code of business conduct and ethics, and the process for overseeing compensation and succession planning Oversight of Critical Risk Areas • May include actuarial function, investment and reinsurance decision-making processes, market conduct and compliance, and risk management function oversight (CONTINUED) …Management policies and practices (read the slide) and oversight of critical risk areas. The policies and practices directing senior management; and The processes by which the board of directors, its committees and senior management ensure an appropriate level of oversight to the critical risk areas impacting the insurer’s business activities. me other configuration that makes sense for your specific entity structure. (read slide bullets 1 and 2) All Rights Reserved First Consulting & Administration, Inc.

What will Insurers need to report? Corporate Governance Are you ready to respond? February 2015 What will Insurers need to report? Model regulation instructs insurers to update disclosures each year on changes to corporate governance practices, framework, committees, policies and procedures to show changes from the prior year. This update requires an attestation from the CEO or corporate secretary. All Rights Reserved First Consulting & Administration, Inc.

12 Components of effective corporate governance Programs Corporate Governance Are you ready to respond? February 2015 12 Components of effective corporate governance Programs Twelve Components of effective corporate governance programs 1. Adequate competency (industry experience, knowledge, skills) of members of the board of directors; 2. Independent and adequate involvement of the board of directors; 3. Multiple informal channels of communication among board, management and internal and external auditors to create a culture of openness; 4. A code of conduct established in cooperation between the board and management, which is reviewed for compliance and is formally approved by senior management; 5. Identification and fulfillment of sound strategic and financial objectives, giving adequate attention to risks; What should the CGAD narrative describe? So let’s look more closely at what the regulators will expect to see in your narrative about the CG framework and your program. Read the slide All Rights Reserved First Consulting & Administration, Inc.

12 Components of effective corporate governance Programs Corporate Governance Are you ready to respond? February 2015 12 Components of effective corporate governance Programs 6. Support by relevant business planning and proactive resource allocation; 7. Support by reliable risk management processes across business, operations and control functions; 8. Reinforcement of corporate adherence to sound principles of conduct and segregation of authorities; 9. Independence in assessment of programs and assurance as to their reliability; 10. Objective and independent reports of findings to the board or appropriate committees thereof; 11. Adoption of Sarbanes-Oxley provisions, whether or not mandated, including, but not limited to, auditor independence and whistle-blower provisions; and 12. Board oversight and approval of executive compensation and performance evaluations. Giving some specific examples by citing your policies and practices for these components will give the regulators assurances of that you have implemented them. All Rights Reserved First Consulting & Administration, Inc.

Examinations of Corporate Governance Corporate Governance Are you ready to respond? February 2015 Examinations of Corporate Governance Financial Examination: Exhibit M of Financial Condition Examiners Handbook Onsite review of corporate governance and risk management Interviews of Directors and Senior Management Review of Board minutes and activities Overall Corporate Governance (CG) Assessment Market Conduct exams: Possible review of CG Issues that might affect the market conduct of the company With the new governance requirements, Department of Insurance financial examiners and even market conduct examiners will now review the overall governance structure, including written corporate governance guidelines, charters and documentation of roles and responsibilities including the risk-management function. The exam will cover the insurer’s processes for identification of solvency risks, risk-mitigation strategies, internal controls, market conduct reporting by compliance officers to the BOD and control implementation. The examiners handbook revisions gives these examples of what the examiners will be looking at. Since the examiners handbook has been updated, I think you will see these new questions being asked on your next financial exam even before the states adopt the new CG models. With the new governance requirements, Department of Insurance financial examiners will now review the overall governance structure, including written corporate governance guidelines, charters and documentation of roles and responsibilities including the risk-management function. The exam will cover the insurer’s processes for identification of solvency risks, risk-mitigation strategies, internal controls, and control implementation. Purpose of these reviews: Frequency at which critical information is reported to and reviewed by senior management and the Board; Risk management processes; Board review and approval of the ORSA Summary Report; Actuarial function on the adequacy of reserve provisions; Prospective solvency position of the insurer; Investment decision-making processes; Reinsurance decision-making processes; Business strategy/finance decision-making processes; Compliance function; Financial reporting/internal audit processes; Major marketing initiatives; Results of negotiations; Information on reasonably foreseeable prospective risks; and Market conduct decision-making process. All Rights Reserved First Consulting & Administration, Inc.

Documenting a Corporate Governance Framework Corporate Governance Are you ready to respond? February 2015 Documenting a Corporate Governance Framework Audit, Risk & Compliance Committee Charter (one, two or three committees) Corporate Governance Committee Charter (board level) Board of Directors Corporate Governance Guidelines To document your CG framework, most companies have by-laws but in addition each key committee should have a charter and in many cases you might have a CG committee that handles all the governance oversight responsibilities including updating the by-laws and charters and creating guidelines for governance. All Rights Reserved First Consulting & Administration, Inc.

Documenting a Corporate Governance Framework Corporate Governance Are you ready to respond? February 2015 Documenting a Corporate Governance Framework Suitability Criteria for Chief Executive Officers Suitability Criteria for Board of Director Candidates Enterprise Risk Governance Team Charter (Company level team) Corporate Risk Policy (part of Code of Conduct) It is important to think about your role as compliance officers and Corporate Governance and depending on the size of your company, that role will vary. My experience is that in small and medium companies, Compliance Officers must understand the new law’s requirements and assist with updating and/or drafting the new documentation needed for regulatory scrutiny. Such as written corporate governance guidelines, selection criteria (suitability guidelines)for the CEO and Board members, charters for an Audit, Risk and Compliance Committee (or just adding language to an existing charter), and position descriptions documenting the roles and responsibilities for the CEO and Board members, which must include the risk-management function from ORSA. Perhaps a revision of the company charter or other Board documents, Corporate Governance Guidelines that document established key governance principles and are ready for a regulator’s examination. All Rights Reserved First Consulting & Administration, Inc.

CGAD and ORSA have the same governance requirements Corporate Governance Are you ready to respond? February 2015 CGAD and ORSA have the same governance requirements Effective Governance with structures, policies and processes through which an organization or entity is managed and controlled; A governance structure that clearly defines and articulates roles, responsibilities and accountabilities; Documentation in by-laws, charters, policies and procedures to assure that the Board of Directors and any Board committees have been assigned the responsibility for governing the insurer; and High level company personnel that help assure the Company has effective governance and ERM programs. For those companies that will be filing an ORSA risk report and have implemented the ERM framework, you should notice when reading the CG models that the governance requirements for ORSA and the CG models are exactly the same. The NAIC did this intentionally. Documentation of roles and responsibilities which includes oversight by the board of the risk management policy and risk appetite is critical. For companies not filing an ORSA report, the ERM aspects of the CG models should be looked at very carefully. All Rights Reserved First Consulting & Administration, Inc.

CGAD and ORSA have the same governance requirements Corporate Governance Are you ready to respond? February 2015 CGAD and ORSA have the same governance requirements Commissioner Donegan of Vermont: “The NAIC made a conscious decision to make the governance framework in ORSA and the CGAD exactly the same. Every member of the Board should be able to explain the Company’s risk appetite, risk profile and how risk management fits into the overall corporate governance framework.” The ORSA model and CG models have created the same emphasis on the importance of governance. In ORSA the BOD is given ultimately authority to set overall risk policy and appetite but the day to day risk management is given to the senior officers, who create the risk committee or enterprise risk governance team. Making sure the Board can articulate the risk policy and risk appetite of the company even for company’s who don’t have to file and ORSA report appears necessary under the new CGAD, which does not exempt small companies. Risk management for all size companies in now a Board level responsibility. All Rights Reserved First Consulting & Administration, Inc.

QUESTIONS??? Contact Carol Stern at carol.stern@firstconsulting.com or 816-391-2746 with any additional questions or if you would like more information about the Corporate Governance Kit. All Rights Reserved