The Reserve Bank's approach to supervising insurers, and the role of directors
A speech delivered to Finity Consulting Directors Forum in Auckland
Thank you for the opportunity to talk to your Forum today.
The regulatory landscape for insurers has evolved markedly in recent years – shaped by natural disasters and lessons that emerged from the global financial crisis.
In 2010 the Reserve Bank was given the task of regulating and supervising the New Zealand insurance sector, with the passage of the Insurance (Prudential Supervision) Act, or IPSA. Since then we've introduced a licensing regime for insurers to help with promoting a sound and efficient insurance sector that people have confidence in. But our work is far from done, and we're now refining our approach to supervising licensed insurers. Today I'd like to update you on where we are at in this process, and where we are heading next.
My main focus will be to describe the Reserve Bank's approach to supervising licensed insurers under the IPSA. As well as touching on our recent licensing effort, I will also explain:
- our philosophical approach to insurance regulation and supervision;
- what insurers and their directors can expect from us as we implement supervision; and
- the characteristics we're looking for in boards and directors.
I'll discuss our current thinking on the approach that the Reserve Bank intends to follow in supervising insurers, and how we expect to interact with the industry. Please bear in mind that it's still very early days in our implementation of IPSA, and that the supervisory framework and processes to support "business as usual" supervision are still undergoing refinement. We will keep the sector informed of developments and seek input along the way.
Reserve Bank's role
Let me begin by firstly outlining the Reserve Bank's role in the insurance sector.
IPSA is primarily aimed at delivering a soundly functioning insurance sector. The Reserve Bank's role in the first instance is that of a "gatekeeper", to ensure that only suitably qualified insurers obtain a licence to undertake business. We then put in place minimum prudential standards that licensed insurers must comply with, and monitor and enforce compliance with these standards. Finally, where it is deemed necessary for system soundness reasons, we step in to help manage insurer distress.
We undertake our supervisory activities by trying to get the balance right between achieving public policy goals at reasonable cost to both insurers and taxpayers. Prior to implementing regulatory initiatives we consult with affected parties and undertake assessments of the benefits and costs of regulatory proposals.
The benefit of new regulations generally lies in the reduced likelihood of insurer failure, as a result of higher minimum standards. Both direct and indirect costs are considered. Direct costs arise from any additional compliance burden on insurers and resourcing required by the Reserve Bank. Indirect costs may arise from resulting misallocation of resources, loss of availability of services (if insurers choose to leave the market as a result of regulation) and costs from attempts to circumvent regulation. We publish regulatory impact assessments alongside every major new initiative and they cover in detail the expected costs of regulation.
It is important to note that IPSA is not a zero-failure regime. Our legislation does not require us to ensure that there will be no insurer failure or no losses to policyholders. Should insurers get into difficulty, there is no guarantee that government support will be forthcoming.
A system for licensing insurers was established when IPSA became law on 7 September 2010. This required those carrying on insurance business in New Zealand to be licenced by the Reserve Bank.
Licensing was a demanding exercise, and insurers had to satisfy 22 matters (such as adequacy of governance and solvency) before a licence could be issued. The licensing process took nearly three years and represented a major effort on the part of the insurance industry and the Reserve Bank. It was a significant achievement for all to have completed the process before the legislated deadline of 7 September 2013. The outcome was 96 full licences being issued, and three insurers in run-off continuing on a provisional licence.
In 2010 we had identified 151 potential insurers that might apply for a licence. Figure 1 shows what happened over the transition period to full licensing three years later. On closer investigation we determined that there were a number of entities that weren't captured by the IPSA definition of "insurer". And some insurers made changes to their business to fall outside the prudential regime. These first two groups accounted for 23 entities. Another 26 insurers exited by way of completed run-off or transfer of their whole portfolio to another insurer. We approved 15 such transfers of business over the licensing transition period, where the transfers were consistent with policyholders' interests. Six insurers exited by restructuring between related corporate entities. There were also three new entrants to the market.
With licensing of the industry now completed, we have turned our attention to completing the development of a supervisory framework to support "business as usual" supervision.
Our supervisory approach
Our supervisory framework is codified not only in IPSA but also in a wide range of material that the Reserve Bank has released over the last three years. Over this period we have issued 34 specific regulations, eight standards and 12 guidelines. There has also been a recent amendment to IPSA to improve aspects of the new legislation. These can all be found on the Reserve Bank's website.
Embodied in these documents and underpinning the insurance supervisory framework is the same philosophical approach that we have adopted in the banking sector. This approach has served New Zealand well to date in the promotion of financial system stability. Where appropriate we have modified the banking sector approach to fit the particular circumstances of insurance.
Our approach rests on three pillars: self-discipline, market discipline and regulatory discipline.
Self-discipline is closely linked with sound governance. Our regulatory framework places the responsibility and accountability for an insurance business primarily with the insurer's board and senior management. In addition, there are also important accountability disciplines built into the framework for insurance firms' actuaries and auditors. The framework has been designed to incentivise all of those in the governance chain to be focused on ensuring that business is carried on prudently.
We seek to enhance self-discipline in every way that we can. For instance, the Reserve Bank has issued governance guidelines on the independence and other characteristics that we expect from sound boards. We have required boards and chief executives to formally attest to the veracity of prudential information provided to us. We require actuaries to produce a Financial Condition Report as well as a published report that includes an opinion about whether the insurer is complying with its solvency requirements. We also require insurers, as well as their auditors and actuaries, to disclose directly to the Reserve Bank if the insurer is failing to meet its solvency requirement or is likely to fail within the next three years. These measures help strengthen insurers' internal governance.
While licensed insurers have met our minimum governance expectations, we see scope for further strengthening. For some insurers we have accepted − for the moment − proxies for independence where, for example, this characteristic is met by the director being an independent director of a parent or sister company. We have accepted longer tenure characteristics than we would prefer in a mature regime. The profile and processes around risk oversight at board level is also an area that we intend to look at more closely.
By market discipline, I mean the influence that the market place has on insurers to operate their business prudently. Purchasing and investment decisions by insurance buyers and investors have an impact on how insurers run their business. The idea here is that financially strong insurers with a reputation for sound management will find it easier to attract customers and funding than comparatively weaker companies. This incentivises insurance companies to operate their business prudently.
Market participants, though, are in a weaker position than management to understand the prudential position of an insurer. For example, insurance buyers do not have access to anywhere near as much information about the ability of the insurer to pay claims over time. They may not have either the financial experience or the time needed to appraise insurers' published financial statements, and so make an informed assessment of an insurer's solvency position. Even professional market participants such as advisors and insurance brokers are at an information disadvantage compared to the companies themselves.
Our supervisory framework seeks to reduce this information asymmetry by requiring insurers to disclose information to the public, in order to help policyholders and professional users of information make informed decisions. The disclosures for policyholders are in the areas of solvency and financial strength ratings. Ratings are simple aggregate metrics of the financial health of an insurer. To assist comparison, we publish on our website the ratings of all non-exempt insurers. For professional market participants, we require insurers to produce and disclose actuarial reviews and opinions of solvency alongside the published financial statements. The overall aim of these disclosures is to help incentivise insurers to operate prudently, and at the same time to ensure that a ‘fair game' is available to policyholders.
We recognise, though, that these two pillars are not always sufficient to achieve our objectives of promoting a sound and efficient insurance sector. This is where the regulatory- discipline pillar comes in. Our risk appetite (a proxy for the risk appetite of the public) is lower than that of market-players, because we take account of the externalities associated with insurer failure. Externalities are costs that are not borne by the insurers themselves, but by other ‘external' parties. This leads us to impose minimum requirements that are designed to be more conservative than an insurer's management would choose in the absence of regulation.
This is most apparent in our solvency standards, which are conservatively set. For example, property insurers will be required to hold enough capital or reinsurance for the financial consequences of a 1-in-1000 year earthquake. This reflects that post-catastrophe is the very time when we most need the insurance sector to be resilient and able to meet all claims. It also reflects the revealed preference of the government with AMI in 2011. This capital or reinsurance requirement is more conservative than overseas equivalents, but we make no apology for that. Our role is to ensure that capital settings are suitably calibrated for New Zealand conditions and aligned with the revealed preference of our government.
The externality being addressed here is as follows: insurers are an integral part of New Zealand's financial system and economy but in managing their own commercial imperatives, insurers will not typically consider the full range of implications for the wider financial system and economy. Insurer failure could undermine the ability of households and businesses to transfer risk to those able and willing to bear it (i.e. well-resourced insurers), with broader implications for the sound functioning of the financial system and economy. Our framework expects private sector insurers to bear some of the economy-wide burden of positioning for uncertain future events.
We also use the regulatory-discipline pillar to strengthen the effectiveness of the other pillars. The self-discipline pillar, for example, is strengthened by our Fit and Proper Standard that establishes what factors an insurer must take into account when determining whether a director or key officer is fit and proper for the role. And the market-discipline pillar is bolstered by our disclosure requirements. In this sense, the three pillars function interactively to achieve the outcomes that we are after.
Another key feature of our supervisory approach is that it is risk-based.
Risk-based supervision recognises that not all insurers are equally important from a risk perspective and that the supervisor can deliver most value by focussing its resources on the insurers that have the most impact on the economy, and on the risks that pose the greatest threat to the soundness and efficiency of the insurance sector.
Risk-based supervision acknowledges that resources are finite, that there is no unlimited pool of public funding on which to draw, and that the supervisor has to make choices about what it will and will not do.
These themes are reflected in the design of IPSA, which allows for supervisory intensity to vary by different types of insurers. For example, IPSA is welcoming of overseas insurers where the Reserve Bank is satisfied that these insurers come from countries that deliver prudential outcomes that are broadly equivalent to the outcomes sought for New Zealand. This has resulted in solvency exemptions being granted to 30 overseas insurers where, in effect, we are outsourcing solvency requirements to their home supervisor. Implementation of supervision along these lines allows us to deploy scarce resources where they can add the most value.
So what can insurers expect from us as we implement the supervision approach that I have outlined?
Directors and senior management of insurers can expect that we will hold them accountable for full compliance with IPSA requirements.
Compliance with IPSA is achieved by continuously meeting all of the relevant requirements associated with qualifying for a licence. These are outlined in detail in section 19 of IPSA. The requirements that an insurer must meet include such matters as:
- complying with conditions that the Reserve Bank has applied to a licence;
- carrying on business in a prudent manner;
- being solvent, as measured by the Reserve Bank's solvency standard;
- having satisfactory risk management arrangements;
- having suitable ‘fit and proper' arrangements;
- having suitable ownership and governance; and
- maintaining a financial strength rating from an acceptable rating agency.
We monitor compliance. Supervisors do this by scrutinising solvency returns, financial statements, and financial condition reports that insurers must provide to us. Supervisors also review ad-hoc returns prompted by changes, such as fit and proper certificates for new appointments, disclosure of changes to financial strength ratings and requests to approve material changes to risk-management programmes. Supervisors also have systems in place to keep track of compliance with other requirements, such as financial strength rating disclosures and that independence is retained on boards as the composition of boards change over time.
In most cases where a breach of IPSA occurs or a potential breach is identified as imminent, our expectation is that we will hear about it first from the insurer. We expect insurers to inform us immediately when a compliance issue is identified. We will want sufficient information to be able to quickly establish whether the issue represents a serious prudential matter, an isolated incident, or is a symptom of a more fundamental weakness. We will also want to know what the insurer's plan is to rectify the breach.
We expect our requests for information to be dealt with promptly. In situations where the information we require is not forthcoming or we need independent input, we would use the powers in IPSA to obtain information or conduct investigations. We are well practised in using these powers, as a number of them had to be exercised during licensing.
With the three-year transition period to full licences now over, compliance breaches are being dealt with more stringently.
Certain types of breaches that are of a material non-compliance nature will be referred by supervisors to a specialised enforcement team at the Reserve Bank, to apply the various penalties and sanctions that are available in IPSA. If a breach is serious, or if it is minor but part of an emerging pattern of non-compliance, then insurers should assume that our enforcement powers will be used forcefully.
However, intelligent prudential supervision is about much more than compliance monitoring - just as we would not expect you to run your companies in a way that aimed for bare minimum compliance with requirements. Both you and we have an interest in assessing risks holistically.
To give full effect to our risk-based approach, we are developing a structured and systematic tool to assess insurer risks. This work draws on a framework used by our bank supervisors and on frameworks used by well-established and highly regarded insurance supervisors globally.
At their core, these frameworks identify the risks that supervisors need to focus on, by assessing an insurer's impact and probability of failure.
Impact is about the degree of damage an insurer could cause to financial stability and the economy, should it fail. Probability of failure is an indication of the likelihood of an insurer failing, regardless of the damage such a failure might cause. Combining the two assessments allows insurers to be categorised according to the risk that they pose for the system. This, in turn, helps determine where our supervisory effort will be directed.
The likely outcome is that the Reserve Bank will concentrate its resources on high-impact insurers. If there were a failure of a high-impact insurer, it is important for financial stability and the economy that resolution of the failure is not disorderly and does not entail government support. The Reserve Bank will proactively and rigorously deal with risks to high-impact insurers that are assessed as threatening their ongoing viability. Such action would include the use of distress management powers in IPSA, to ensure that failures of these insurers, if unavoidable, are at least managed in an orderly way.
For low-impact insurers, our likely approach will be to supervise more reactively, accompanied by strong enforcement where there is non-compliance with licence requirements. If a low-impact insurer were to fail, the Reserve Bank is likely to limit its role to ensuring that a liquidator is appointed, and that there is an orderly winding-up in line with insolvency legislation.
The Reserve Bank has a broad responsibility for financial stability, without the separation between prudential supervision and financial stability that is seen in some other countries. As a full-service central bank, we have access to information and policy thinking that can inform us of system-wide threats to the soundness of the insurance sector. Insurers can expect us to deal with such threats across the sector, or the part of the sector concerned. This might include thematic reviews that would involve investigating the same concern across a number of insurers.
To support our risk assessment of insurers and system-wide vulnerabilities, we are likely to require additional reporting of financial and prudential information by way of a regular information return to the Reserve Bank. This is currently being scoped and we anticipate sharing our proposals with the industry sometime around the middle of 2014.
To support our assessment of risk, we are currently developing an engagement programme with insurers. This will be guided by our risk-based approach, with the Reserve Bank's insurance supervision team having regular and frequent interaction with management of high-impact insurers. Similarly, the boards of high-impact insurers can expect the Bank's Governors to seek engagement with them reasonably frequently. Low-impact insurers can expect more reactive interaction from us. Details will be provided to the industry in due course.
Insurance supervision is the specific responsibility of the Insurance Oversight Team within the Reserve Bank's Prudential Supervision department. The team has 10 full-time staff, comprising insurance industry experience, including three actuaries and staff with supervisory experience. The team is supported by policy development teams, an enforcement team, and a legal team.
External professional resources will be utilised as needed during ‘business as usual supervision' to supplement our own skills and to assist with workloads, as was the case during the licensing process.
Let me now turn to the characteristics and qualities that the Reserve Bank is looking for in boards and directors of insurers.
In essence, what we want is for board arrangements and the collective skills of directors to be up to the task of overseeing an insurer's activities, and the actions it takes to mitigate the risks it faces. We want a board to continuously reflect in its actions and behaviours that it has control over governance, and particularly risk governance of the insurer.
For there to be effective governance, it is important that governance of an insurer be kept separate from its ownership. Separation is achieved through having independent directors on boards. This assists with bringing objectivity and impartial judgement to board deliberations.
We have issued a Governance Guideline, to help insurers understand the Reserve Bank's minimum expectation around independence. This can be found on our website. Our minimum expectations are that:
- at least half of the directors will be independent;
- the board chair is to be independent;
- the audit committee chair is to be independent and not the same person as the board chair; and
- a majority of the audit committee is to be independent.
The Guideline also outlines the criteria that the Reserve Bank considers in forming a view about whether a director is free from associations that could materially interfere with the exercise of independent judgement.
On fitness and propriety, we require each director to meet the high standards outlined in the Fit and Proper Standard that has been issued by the Reserve Bank, and to follow the process in the insurer's fit and proper policy − a policy that must be approved by the Reserve Bank. The Fit and Proper Standard and our Guideline on Fit and Proper Policy can also be found on our website.
On board committee structures, given the diversity of insurers in New Zealand, we have only stipulated that a separate audit committee should be established. We see this committee having responsibility for reviewing the effectiveness of an insurer's financial reporting, internal audit and risk management framework. We expect other committees to be established by larger, more complex or specialised insurers. In particular, for larger and more sophisticated insurers we would expect risk governance to be separately overseen by a risk committee, comprising mainly independent directors.
As mentioned earlier, licensed insurers have satisfied the Reserve Bank that they meet minimum governance criteria, as part of licensing. I also noted, though, that we had identified areas where improvement is needed, such as: independence, tenure and risk control.
We will be returning to these matters in our ongoing supervision of individual insurers.
On risk control, we are likely to embark on an early thematic review of the quality of risk governance across the sector. Because this is on a single theme across the entire industry, we call it a "thematic review." We expect to undertake one or two such reviews every year. A lesson arising from the global financial crisis is that there were significant shortcomings in risk governance in many financial institutions. In separate analyses of the global financial crisis, both the Financial Stability Board and the Group of Thirty (G30) concluded that the main governance failure leading to the crisis was an inability of many boards to accurately identify and understand the risks inherent in their businesses, and to ensure there were robust structures in place for managing and reporting on these risks.
Our upcoming thematic review of risk governance will likely involve a one-off gathering of new information by interviewing the Chair of the Risk Committee or equivalent, reviewing board and risk committee papers and minutes, and reviewing board self-assessments of performance. We expect to review this information alongside existing documentation and knowledge about the risk management framework, including information obtained from the licensing process.
Such a review will assess whether a board is providing clear leadership on risk governance through a risk management strategy and risk appetite statement. It would also look at whether there is effective reporting to the board, showing performance against board policies, and whether the board's actions and behaviour promote a prudent approach to risk throughout the insurer.
The overall aim of such an exercise is as much about establishing whether the right culture, behaviours and values are in place as it is about processes. Both culture and processes are critical for risk governance to be successful.
Let me conclude by reiterating that the implementation of our supervisory model is a work in progress. That said, the three key messages I would like to leave you with are:
- That our evolving approach will be risk-based, and that we will focus more of our limited resources on those insurers that are large and / or at higher risk of failure;
- That we see strong boards and governance as critical to the success of the industry and of our role as prudential supervisor;
- That you can expect an early supervisory thematic focus on governance and risk management. I hope you will work with us to make sure we and you get the very best outcome from that review.
I hope that the information I have shared with you today explains the way we intend to implement our responsibilities, and informs you about the role we see directors performing.
We will continue to keep the sector informed as our processes develop, using industry updates posted on our website and through information distributed through our email subscription service.
Thank you for your attention today. I'll now take questions.
- Toby Fiennes, Head of Prudential Supervision, Reserve Bank of New Zealand, speech ‘Regulation and the Financial System', delivered to Law and Economics Association of New Zealand in Wellington on 19 June 2013.
- PRISM Explained, Central Bank of Ireland, November 2011.
- Financial Stability Board, Thematic Review on Risk Governance, February 2013.
- Group of Thirty, Toward Effective Governance of Financial Institutions, April 2012.
- John Laker, APRA Chairman, speech ‘The importance of good governance', delivered to Australian British Chamber of Commerce in Melbourne, Australia on 27 February 2013.