The past ten years have resulted in numerous changes to the corporate governance requirements for insurance companies and, as appropriate, their parent companies and affiliates. In response to the 2008 financial crisis and increased federal scrutiny of the insurance industry, the NAIC undertook a comprehensive comparative analysis of the existing statutory and regulatory framework relating to corporate governance among US state insurance departments, international supervisors, other US functional regulators and the insurance industry itself. The results of that study led the NAIC to the conclusion that insurance regulators generally needed to collect additional information from insurance companies in order to more effectively assess their corporate governance practices. Accordingly, in November 2014, the NAIC adopted the Corporate Governance Annual Disclosure Model Act (the “CGAD Model Act”) and Corporate Governance Annual Disclosure Model Regulation (the “CGAD Model Regulation” and, together with the CGAD Model Act, “CGAD”).
Since its adoption by the NAIC, CGAD has steadily been incorporated into the insurance regulatory regimes of an increasing number of US jurisdictions. On October 24, 2018, Pennsylvania became the latest (and twenty-sixth) state to adopt the CGAD Model Act, as of the date of this article. At this time, the CGAD Model Regulation has been adopted by eighteen states. However, the NAIC has made adoption of the CGAD Model Act and the CGAD Model Regulation an “accreditation standard” with an effective date of January 1, 2020. Accordingly, a wave of adoptions of CGAD by US jurisdictions over the next year is expected, in order to comply with this required effective date. As CGAD does not include any de minimis threshold or exemption for filing, every insurer in a US jurisdiction will be required to provide a CGAD report annually to its applicable state insurance regulatory authority, though insurers have significant discretion in determining the format of the report. As it is expected that CGAD will soon be applicable to all insurance companies in all US jurisdictions, a firm understanding of CGAD and its requirements is essential for the boards and management of such companies. Individuals holding such positions should seek to educate themselves on these requirements.
CGAD provides insurance regulators with the ability to receive information necessary to review an insurance company’s governance structure and practices and to identify potential issues with respect to such practices. CGAD requires an insurance company (or the affiliated group of which it is a member) to provide a confidential disclosure of its corporate governance practices to its lead state regulator and/or domestic regulator by June 1 of each year. Importantly, CGAD does not mandate specific governance standards – rather, it requires insurance companies to report on their existing governance practices.
An insurance company or group has discretion regarding the content of its CGAD responses, so long as its CGAD contains the material information necessary to permit regulators to gain an understanding of its corporate governance structure, policies and practices. At a minimum, CGAD requires information on, among other subjects: (i) the insurance company’s corporate governance and structure; (ii) the policies and practices of the insurance company’s board of directors and significant committees; (iii) the policies and practices directing senior management; (iv) descriptions of board committees and senior management personnel; and (v) and the processes by which the board of directors, its committees and senior management ensure an appropriate level of oversight to the critical risk areas impacting the insurance company’s business activities. In addition, regulators have the ability to request additional information as deemed material and necessary to provide a clear understanding of a company’s or group’s corporate governance policies, reporting and information systems and controls implementing those policies.
Unlike other NAIC model laws and regulations, CGAD does not provide for exemptions or thresholds based upon size or type of entity. Given the variety in organizational structures among US insurance companies, such entities are afforded latitude in determining the appropriate format for the filing and the level of the specific company responsible for submitting such reports (for example, whether it is more appropriate for an ultimate controlling person to submit the report or an intermediate holding company or even an individual insurance company). The determination of the appropriate reporting entity is based upon where: (i) risk appetite is determined; (ii) the earnings, capital liquidity, operations and reputation of the insurance company are overseen; or (iii) liability for failures in governance will be placed. The decision of which is the correct reporting entity within an insurance holding company structure, while left to the discretion of such entities, requires a careful analysis and any changes to such reporting practices would require an explanation to be provided along with the requisite corporate governance report.
Generally speaking, the costs of complying with the requirements of CGAD are likely to be limited, as many insurance companies already summarize and describe their corporate governance practices to various stakeholders on a regular basis. Further, the CGAD contains strong confidentiality protections to safeguard sensitive information which may be submitted with the report. Accordingly, the widespread adoption of CGAD should be viewed as a low-cost measure that will improve communications between insurance companies and their regulators, by allowing tailored, confidential assessments that internal oversight mechanisms are in place and effective for those companies.