Guidance 

☑ Interpretation     ☑ Approach     ☐ Information     ☐ Decision

No. PC0051INT

Download a copy in PDF format

 

Purpose

The Financial Services Regulatory Authority of Ontario’s (“FSRA”) Corporate Governance Guidance (“the Guidance”) for Ontario-incorporated Insurance Companies and Reciprocal Insurance Exchanges (collectively the “Insurers”) provides:

  1. FSRA’s interpretation of corporate governance requirements under the Insurance Act (Ontario) (the “Act”), Ont. Reg. 123/08, Corporate Governance – Part II.2 of the Act (“Corporate Governance Regulation”), O. Reg. 637/00, Reciprocal Insurance Exchanges (“Reciprocal Insurance Exchanges Regulation”) and the Corporations Act (Ontario).
  2. FSRA’s approach to assessing the Insurers’ corporate governance practices under FSRA Approach Guidance No. PC0045APP, Risk Based Supervisory Framework for Ontario-incorporated Insurance Companies and Reciprocals (“RBSF-I”) and intended outcomes for effective and prudent corporate governance practices that best protect members, subscribers, policyholders, and other relevant stakeholders.

As Interpretation, this Guidance sets out FSRA’s view of requirements under the applicable statutes and regulations referenced above so that non-compliance may lead to supervisory and/or enforcement actions.[1] In this Guidance the use of words “must,” “shall”, and “requires” indicates a compliance requirement (i.e., an express legislative requirement, and FSRA’s interpretation of a legislative requirement or both, rather than a common practice or recommendation).[2]

In contrast, the use of words such as “should”, “may”, or “can” reflect common industry practices of effective corporate governance that Insurers should consider demonstrating that they have met the intended outcomes identified in the Interpretation section of this Guidance. As FSRA will assess these common industry practices under the RBSF-I, not meeting the intended outcomes may result in an elevated level of supervisory engagement.

A failure to remediate ineffective corporate governance practices identified by FSRA’s supervision may, where widespread or prolonged, culminate in FSRA considering the Insurer to have failed to meet FSRA requirements and lead to sanctions.

The assessment of corporate governance is made in the context of the Insurer’s size, complexity, and risk profile, and may have implications for the Insurer’s Overall Risk Rating (ORR) under the RBSF-I.

Scope

This Guidance affects the following entities regulated or registered by FSRA under the Act:

  • Ontario-incorporated Insurers licensed by FSRA
  • Reciprocal insurance exchanges licensed by FSRA

This Guidance complements and must be read in conjunction with other FSRA Guidance and supporting publications on FSRA’s website, including the forthcoming Guidance PC0050INT Operational Risk and Resilience Guidance for Ontario-incorporated Insurance Companies and Reciprocal Insurance Exchanges.[3]

Rationale and background

Corporate governance is a set of relationships between an Insurer’s management, its Board, shareholders, and other stakeholders. Sound corporate governance provides the structure through which the objectives of the Insurer are set and the means of attaining those objectives and monitoring performance are determined. It helps formalize accountability and define the way responsibility is allocated and corporate decisions are made. As such, the quality, performance, and effectiveness of an Insurer’s corporate governance is a foundational and critical factor in maintaining the confidence of FSRA, members, subscribers, policyholders, stakeholders, market participants and consumers.

Insurers that demonstrate sound corporate governance practices, including accountability, transparency, and sound risk governance, are more likely to achieve and maintain public confidence and long-term sustainable business performance.

FSRA objects

This Guidance supports FSRA’s statutory objects under s. 3 of the Financial Services Regulatory Authority of Ontario Act, 2016 (the “FSRA Act”), including FSRA’s objects to:

  • 3(1)(a) regulate and generally supervise the regulated sectors
  • 3(1)(b) contribute to public confidence in the regulated sectors
  • 3(2)(a) promote high standards of business conduct
  • 3(2)(b) protect the rights and interests of consumers

Definitions

Terms used in this Guidance, unless otherwise defined in this Guidance, have the meaning given to these terms in the Act or its regulations. In this Guidance:

  • Affiliated Individual” means an individual who is affiliated with an Insurer due to the existence of a relationship with that Insurer set out in s. 2(2) of the Corporate Governance Regulation.
  • Board(s)” means an Insurer’s board of directors or a reciprocal insurance exchange’s advisory board.
  • “Senior Management” means an officer as defined under s. 1(2) of the Corporate Governance Regulation but does not include individuals excluded from that definition in s. 1(3) of the Corporate Governance Regulation.
  • Oversight Functions” means an Insurer’s (defined above to also include reciprocal insurance exchanges and incorporated insurers, including farm mutuals) functions that are responsible for providing independent, enterprise-wide oversight to operational management for each significant activity of the Insurer, including the Insurer’s: actuarial, compliance, risk management, internal audit, Senior Management, and the Board.

Interpretation 

This section sets out FSRA’s view of the requirements for Insurers’ effective corporate governance practices, policies, and procedures under the:

  • the Act
  • Corporate Governance Part II.2 of the Act (Ont. Reg. 123/08)
  • Reciprocal Insurance Exchanges (Ont. Reg. 637/00)
  • Corporations Act (Ontario)

FSRA interprets these requirements to clarify and set out practices for the composition of an Insurer’s Board and its independence, roles and responsibilities vis-à-vis Senior Management, ethical and responsible action, integrity in reporting and disclosure, Oversight Functions, and corporate culture.

Principles

Section 283 of the Corporations Act (Ontario) requires that the affairs of an Insurer incorporated under it be managed by its Board. Section 380.1 (a) of the Act requires that the agreement between subscribers of a reciprocal insurance exchange provide for the establishment of an advisory board to supervise the exchange (the “Oversight Provisions”). The Oversight Provisions demonstrate the rights and obligations of Boards to manage or supervise Insurers either directly or through delegation to Senior Management. FSRA’s view is that, to comply with the Oversight Provisions, the Board must direct and have oversight over the Insurer, including Senior Management. This should include setting the strategic direction of the Insurer. While the Board may delegate the responsibility for specific functions, it cannot delegate accountability. Throughout this Guidance, functions denoted as a full responsibility of the Board may be delegated to Board committees, but should not be delegated to Senior Management; whereas other responsibilities may be delegated in part to Senior Management. In all cases, the entire Board remains accountable for ensuring that its responsibilities are effectively discharged.

Amendment to FSRA MCT Guideline

Section 102(8) of the Act requires that “Every insurer licensed under this Act shall maintain capital or assets (in compliance with such requirements as may be prescribed by regulation governing the level of capital or assets to be maintained) in an amount that bears not less than a reasonable relationship to the outstanding liabilities, premiums and loss experience of the insurer.” Ontario Regulation 259/04 – Minimum Capital Test establishes the requirements for the purpose of s. 102(8) and incorporates FSRA’s Guidance No. PC0047INT, Minimum Capital Test Guideline for Property and Casualty Insurance Companies and Reciprocals – January 2023 (the “MCT Guideline”) by reference, making it mandatory for every insurer required to comply with s. 102(8) to maintain capital in compliance with the requirements set out in the MCT Guideline. FSRA can amend the MCT Guideline incorporated into O. Reg. 259/04 from time to time pursuant to s. 1(1) of O Reg. 259/04.

The MCT Guideline has been amended to include the following additional provision (the “Risk Management Requirement”):

Risk Management Requirement

Senior Management of an Insurer shall establish, develop, update, and implement, and the Board of the Insurer shall oversee and approve:

  1. a risk management program, which

    1. provides a reasonable basis for Senior Management and the Board to understand and manage the Insurer’s risks and potential liabilities;

    2. facilitates and protects the Insurer’s stability and viability, through the identification, assessment, management and monitoring of all risks which may arise from the business and operations of the Insurer and its subsidiaries and have a potentially material impact on the Insurer’s financial performance, capital, liquidity, stakeholders, reputation, operations or viability, and includes an enterprise-wide risk appetite framework which is appropriate relative to the risk profile of the Insurer on an enterprise-wide basis, its long-term strategic plan and its operating environment; and

    3. strategies, procedures, policies, and processes to understand and evaluate all such risks, and to facilitate direct reporting to the Board of the Insurer by the Senior Management.

To comply with the Risk Management Requirement, a Board must determine what risks are acceptable for the Insurer. Explicit delegation of oversight responsibilities to Board committees and the implementation of Board-approved policies to the Insurer’s Senior Management will help to ensure that there is a clear and consistent understanding of respective roles which is foundational to effective governance.

Principle 1: Defined roles and responsibilities

Roles and responsibilities are clearly understood and appropriately delegated, enabling effective oversight of the Insurer.

As stated above, the Board must direct and have oversight over the Insurer, including its Senior Management. This should include:

  • Strategy:
    • short-term and long-term business plan and strategy
    • significant strategic initiatives, including technological innovation (e.g., new business lines or products, change in distribution model, material changes to systems or processes).
  • Risk management (for Insurers subject to the Risk Management Requirement under Principle 3, this is a statutory requirement):
    • risk management and oversight
      • risk appetite framework
      • internal controls framework
      • significant policies and procedures, related to the management of, or that could materially impact capital and earnings (e.g., investments, capital targets).[4]
  • Oversight and management of Senior Management and Oversight Functions.
  • Audit plans:
    • external audit plan
    • internal audit plan
  • Human capital and resource planning:
    • appointment, performance review, and compensation of the key members of the senior management team and Oversight Functions
    • nomination, fitness, and suitability
    • training and onboarding
    • mandate, resources, and budgets of the Oversight Functions
    • compensation practices, including at-risk compensation

To achieve the intended outcomes, Boards should consider the following practices to achieve this principle:

I. Roles and responsibilities

It is critical that roles and responsibilities are clearly delineated. To achieve this, the Insurer should ensure Board committees are formed with a clear written mandate and terms of reference setting out their tenure, compositions, authorities and duties, and frequency and content of reporting back to the Board. Responsibilities delegated to the Senior Management, including implementation and operationalization of the Board-approved strategy and risk appetite, should be documented in related frameworks, policies, and mandates to ensure that the delineation of responsibilities is clearly understood.

Directors should have a process for determining and documenting which policies and procedures they should review and approve. The underlying methodology and rationale by which the Board determines which policies and procedures it should review and approve should be updated regularly to ensure that it continues to meet the Board’s needs to provide effective oversight.

Boards should ensure that they receive sufficient accurate and timely information to provide assurances that all parties have discharged their responsibilities as delegated.

II. Strategy

The Board must direct Senior Management and provide effective oversight to the Insurer. This should include establishing direction and the approval of the short-term and long-term strategic plans in alignment with the capital considerations and financial circumstances of the Insurer to ensure that the requisite resources are in place for the company to meet its strategic objectives. The Board should demonstrate this by holding strategy sessions and engaging Senior Management linkages between the Insurer’s strategy, risk appetite, and financial and capital plans. The Board should receive regular reporting from Senior Management that allows it to assess the Insurer’s alignment with the approved strategy and risk appetite on an ongoing basis.

III. Appointment, dismissal, and performance assessment of the Chief Executive Officer (CEO) 

The Board of the Insurer should appoint and assess the performance of the CEO or equivalent Senior Management position. The Board should ensure that performance measures, compensation and incentives are aligned with the Insurer’s short-term and long-term plans, incorporate an assessment of the effectiveness of enterprise-wide oversight and controls, and explicitly reference risk management activities as they relate to risk appetite. If circumstances warrant, the Board should assume responsibility for the dismissal of the CEO or equivalent.

To ensure progressive renewal of the Board, the Board should develop and maintain succession plans for the appointment and/or replacement of directors, heads of Oversight Functions, the CEO and Board chair.

Principle 2: Board independence and composition

The Board is appropriately structured to allow it to act independently. 

Under sections 140 (3), 141.2(2) and (3) of the Corporations Act, no more than two-thirds of the directors of an incorporated Insurer can be affiliated with the Insurer for the purposes of Part II.2 of the Act. Section 141.2(5) of the Corporations Act provides that a quorum of the Board of an Insurer must include at least one director not affiliated with the Insurer. Sections 3 and 4 of the Corporate Governance Regulation require that both the audit and, for an incorporated Insurer, conduct review committees of an Insurer have a minimum of three members with a majority of the members being directors who are not affiliated with the Insurer. In addition, s. 3(3) of the Corporate Governance Regulation prohibits any officer or employee of the Insurer from being a member of the audit or the conduct review committee of the Insurer (the “Independence Requirements”).

FSRA interprets the Independence Requirement to mean that, to effectively discharge its responsibilities, the Board must be independent from Senior Management who are responsible for the day-to-day operations of the Insurer. The Board should have the collective skillset and experience to provide direction, challenge, and advice to Senior Management.

I. Board independence

An “independent” director is a director who is not an affiliated individual of the Insurer. A director should also be independent in conduct, character, and judgement. The Act requires the Board of an incorporated insurer to have established or designated a Board committee to develop, monitor, review, and advise on conflict-of-interest procedures and practices as part of the committee’s mandate[5] and all Insurers should implement an equivalent structure. A Board can also demonstrate independence by adopting processes which demonstrate integrity, such as regularly conducting in-camera sessions without the CEO and leveraging external expertise to bolster the collective skills and knowledge of the Board when necessary.

The Board chair should set the right tone and encourage open dialogue, drawing out contributions from all directors so that the debate benefits from the full diversity of views from the directors. No one individual should have unfettered powers of decision-making over the Insurer. The Board chair should play a critical role in fostering appropriate relations within the Board, and between the Board and Senior Management, in particular, between the Board and the CEO.

II. Board composition

An Insurer must ensure its Board and Board committees are of a size consistent with statutory minimums.[6] The Board should be comprised of directors who provide the appropriate balance and mix of skills, knowledge, and experience to foster constructive debate, effectively challenge Senior Management and ensure that they are able to discharge their duties and responsibilities. The collective experiences and skillsets of the Board should reflect the scope and complexity of the Insurer’s activities and the characteristics of its membership, subscribers, or policyholders.

The Board should undertake a regular and formal assessment of its effectiveness and that of each of its Board committees and individual directors. This assessment may be conducted internally or with the support of external experts. This process should be comprehensive and identify areas for enhancement in the composition of the Board, its committees, and skillsets and contribute to developing and implementing training and succession plans for the Board.

III. Nomination, fitness, and suitability

The Board of an Insurer, with support from relevant Board committees, should develop and update the nomination, succession, onboarding, and training plans to guide the appointment and replacement of the CEO, Board directors, and the Board chair. These plans should include criteria that identify gaps in competencies relative to the current and projected future activities and the needs of the Insurer to best meet its strategic plans and understand the associated risks.

When a director is first nominated or appointed as a director, the Insurer should have adequate policies and processes to ensure that the Board is provided with sufficient information to determine that the individual possesses the suitability and integrity to adequately perform their duties and does not pose a risk to the organization. Subsequent to the initial appointment, the Insurer should conduct periodic assessments on factors that can change over time (e.g., changes in status in professional organizations or change in conflicts of interest) and have remediation mechanisms in place if adverse information is discovered.

Principle 3: Effectiveness of oversight structures

The Board is accountable for the governance of risk, including determining the nature and extent of the significant risks which the Insurer is willing to take to achieve its strategic objectives.

Insurers that must comply with the MCT Guideline and the 2023 Office of the Superintendent of Financial Institutions MCT guideline adopted by FSRA in the MCT Guideline must comply with the Risk Management Requirement because these requirements have the force of law pursuant to s. 2 of O. Reg. 259/04: Minimum Capital Test. Principle 3 of the Interpretation section of this Guidance contains FSRA’s views of the practices that Insurers, their Boards and Senior Management must engage in to comply with the Risk Management Requirement. 

The MCT Guideline does not apply to Insurers that are reciprocal insurance exchanges pursuant to s. 4 of O. Reg. 259/04. Mutual insurance corporations that are members of the Fire Mutuals Guarantee Fund (“FMGF”) do not need to comply with s. 102(8) of the Act and, by extension, with the MCT Guideline incorporated into O. Reg. 259/04. For these insurers, all references to “must”, “shall”, and “requires” and similar words that state a requirement under Principle 3 of the Interpretation section of this Guidance are deemed to say “may”, “should”, “can” or similar words. Principle 3 of the Interpretation section of this Guidance does not create mandatory requirements for these Insurers. Rather, they indicate common industry practices that FSRA will assess against under the RBSF-I. Not meeting the intended outcomes of the principles may result in an elevated level of supervisory engagement.

S. 169(4)(a) of the Act allows FSRA the discretion to specify further amounts of assets that the FMGF must maintain beyond $1 million in book value. Under s. 169(3) of the Act, the purposes of the FMGF include paying the insurance claims of policyholders of members of FMGF, if a member of the FMGF is unable to meet its obligations. Weak risk management practices, including lack of effective Board oversight, can increase an Insurer’s exposure to losses. These losses increase the risk that a claim of a policyholder of an FMGF member will not be paid. Hence, for a mutual insurance corporation that is a member of the FMGF, FSRA can consider the Insurer’s adherence to the Principles in the Interpretation section of this Guidance to help determine the further amount of assets that the FMGF must have pursuant to s. 169(4)(a) of the Act. 

The Oversight Functions of an Insurer provide information to the directors to allow them to fulfill their responsibilities and effectively discharge their duties. Oversight Functions should identify, measure, and report on the Insurer’s risks, assess the effectiveness of the Insurer’s risk management processes and structures, and its internal controls, and determine whether its operations, results, and risk exposures are consistent with the Insurer’s risk appetite.

I. Approach to risk management

FSRA views that to comply with the Risk Management Requirement, the Board must oversee the governance of risk and ensure that Senior Management maintains a sound system of risk management and internal controls. The Board must undertake practices to satisfy itself that the approach to risk management is functioning effectively. Strategy and risk are closely related and must permeate all Board discussions and, as such, the Board must consider a range of plausible outcomes that could result from its decision-making and actions needed to manage those outcomes.

Where an Insurer lacks the risk management function due to its size and complexity, or it does not have enterprise-wide responsibility, in applying proportionality, FSRA expects other functions (for example, Senior Management) to provide risk oversight. The individual should still report to the Risk Committee or another committee that has risk oversight responsibilities to maintain independence.

II. Three lines of defence

FSRA interprets the Risk Management Requirement to mean that an Insurer must develop and maintain governance structures with well-defined accountabilities and responsibilities, reporting lines, and decision-making processes. FSRA also interprets the Risk Management Requirement to mean that the Insurers must establish processes and practices where risk management activities are conducted by operational management (“first line of defence”), are reviewed and challenged by risk management (“second line of defence”) and are subject to independent assurance provided by internal audit (“third line of defence”). These three lines of defence will facilitate effective governance, oversight, and risk management by the Board.

III. Assurance and effectiveness

FSRA considers that adherence with the Risk Management Requirement requires that the Board demonstrate how it obtains assurance through the oversight mechanisms (structures and functions) that risks are being appropriately managed. To this end, the Board must seek assurances that its Oversight Functions are sufficiently resourced, have access to appropriate skillsets, and have appropriate stature and authority.

FSRA interprets the Risk Management Requirement to mean that the Board, with the assistance of the appropriate Board committee, must review, at least annually, the adequacy and effectiveness of the Insurer’s risk management and internal control systems and provide commentary on same in the Insurer’s annual report. Such a review can be carried out internally or with the assistance of qualified third parties.

IV. Structures and functions

In circumstances where an Insurer finds itself in a position where it has to outsource some of its Oversight Functions due to its size and complexity, the Insurer and the Board remain accountable for those functions. Where Oversight Functions are outsourced, the Board must ensure that there are processes in place to assess their effectiveness.

Under the Risk Management Requirement, the Insurer must ensure that the Oversight Functions have free and unfettered access to the Board. To reinforce this access, the Board must have significant input into the determination of performance objectives, performance assessment, and compensation outcomes for these individuals or heads of functions.

Principle 4: Integrity in reporting and disclosure

In support of its oversight role, the Board works to ensure that appropriate reporting processes are implemented to achieve quality and effectiveness in reporting that enable informed decision-making.

Under s. 3 (5) 1 of the Corporate Governance Regulation and, for reciprocal insurance exchanges, s. 0.1 of the Reciprocal Insurance Exchanges Regulation, the audit committee is required to review and make recommendations to the directors of the Insurer concerning: (i) the annual financial statements of the Insurer, before the annual financial statements are considered for approval by the directors; (ii) the annual statement of the condition of the affairs of the Insurer, any interim statement under clause 102(1); and (iii) any other financial statement or return of the Insurer specified by the Chief Executive Officer of FSRA. Under s. 108 of the Corporations Act, the Board of an incorporated Insurer must approve the financial statements of the Insurer. Under s. 102(5) of the Act, members of the Board of an incorporated Insurer and of the Insurer’s management must verify an Insurer’s statements under s. 102 of the Act. Under s. 102(3), an Insurer's annual statement must also be accompanied by an auditor’s report (the “Review Provisions”).

It is FSRA’s view that, to comply with these Review Provisions, the Board must oversee, review and, if required, verify or approve timely and reliable corporate disclosures for members, subscribers, policyholders, regulators and other relevant stakeholders relating to the Insurer’s financial position, business model, strategy, performance, and long-term prospects. It should also ensure that Senior Management provide the Board with timely and accurate reporting that enables effective decision-making on the direction and risk profile of the Insurer.

I. Governance structures and reporting lines

The Board should develop and maintain governance structures with well-defined accountabilities and responsibilities, reporting lines, and decision-making processes to adequately oversee reporting and disclosure. This includes establishing practices and activities to ensure effective communication within the Insurer and that the Board is receiving unfiltered information from Senior Management and the Oversight Functions at the requisite quality and frequency to enable informed decision-making.

The Board should be able to satisfy itself that it has an accurate and up-to-date understanding of the nature, types, and sources of risks faced by the Insurer. The Board should indicate in the annual report of the Insurer that they have collectively reviewed, challenged, and approved Senior Management’s information on the financial position, business model, and performance of the Insurer in light of the Insurer’s strategy.

II. Integrated reporting

The reporting of relevant and material financial and non-financial information is vital to provide insights and enable relevant stakeholders (including regulators) to make informed decisions. The Board should review and approve an integrated report that puts historical performance into context and portrays the risks, opportunities and prospects for the Insurer’s future, helping stakeholders understand the Insurer’s strategic objectives and progress towards meeting them.

It is FSRA’s view that, to adhere to the Review Provisions, the Board must determine the materiality and relevance of the issues covered in the annual reporting and disclosure process, and should consider the Insurer’s circumstances, including the sector in which it operates, its stakeholders, and size and complexity.

Senior Management should proactively report to the Board at a time of significant business or strategic change, or when activities and associated risks deviate from the direction approved by the Board.

III. Risk reporting

To disclose the risks facing the Insurer and its approach to risk management, a Board should satisfy itself that Senior Management can effectively identify, explain, and assess strategy and risk oversight processes at the level the Board requires and that the risk reporting provided to the Board is complete, accurate, and timely. Risk reporting to the Board should include a description of the principal risks (including financial, operational, compliance, and non-financial risk and resilience categories) facing the Insurer and how they are being managed or mitigated to prudently meet corporate objectives. The Board should have access to information from Senior Management about the risks facing the Insurer.

Boards should ensure that there are appropriate internal controls on, and oversight of the inputs to the Insurer’s reporting, including controls to ensure data quality and the integrity of any calculations and models used to process the data.

IV. Integrity of financial statements

Section 0.1(1) paragraphs 1 and 2 of the Reciprocal Insurance Exchanges Regulation require that the agreement between the subscribers of a reciprocal insurance exchange appoint an audit committee and authorize and direct that audit committee to, amongst other things, exercise the powers and duties of an audit committee described in s. 3(10) of the Corporate Governance Regulation. Section 3 (10) of the Corporate Governance Regulation requires that the directors and Senior Management must promptly notify the audit committee and the Insurer’s current auditor if they become aware of any material error or misstatement in a financial statement on which a current auditor or former auditor of an Insurer has reported.

It is FSRA’s view that, to comply with the Review Provisions the audit committee must: i) review the assurance from the CEO and chief financial officer on the financial records and statements of the Insurer, and ii) review the adequacy, effectiveness, independence, scope and results of the external audit and the Insurer’s internal audit function because the assurances and audits are a part of the processes that the audit committee must use to fulfill its obligations in reviewing and making recommendation regarding the financial statements of the Insurer pursuant to s. 3(5) 1. i. of the Corporate Governance Regulation.

V. Effectiveness and assurance 

The Board should determine the level of assurance that it requires for the Insurer’s financial and corporate reporting to be considered credible. Moreover, it should also regularly question its satisfaction with the Insurer’s current approach to financial and non-financial reporting and the last time the approach was assessed by a third party.

Principle 5: Corporate Culture

An Insurer’s corporate culture is fostered by its Board. An appropriate corporate culture promotes integrity and transparency and drives behaviour that is in the long-term best interests of the Insurer.

An Insurer’s corporate culture can reinforce or undermine the effectiveness of its governance and risk management systems, processes, and controls. Boards should ensure that through their communications and actions, they are fostering a culture that supports the Board’s ability to provide effective oversight. Moreover, with the support of Senior Management and external expertise as necessary, Boards should ensure that their frameworks and policies, including those governing the Insurer’s compensation program, incentivize desired behaviours and account for the long-term best interests of the Insurer.

In support of the desired culture, the Insurer should have an effective whistleblowing policy that is aligned with its risk culture and incentivizes the right behaviour, consistent with the Act, applicable laws, the Insurer’s strategic objectives, ethics, and mission. This policy should be publicly disclosed and clearly communicated to employees and the procedures for raising such a concern.

Principle 6: Effective subsidiary governance

The Board oversees the full scope of an Insurer’s operations by establishing governance processes for the Insurer’s subsidiaries that are commensurate with each subsidiary’s impact on the Insurer’s enterprise-wide strategy and risk profile.

An Insurer’s Board must manage or oversee the Insurer’s activities.[7] The Act, in Part XVII, imposes restrictions on an Insurer’s investments that extend to subsidiaries of the Insurer in some circumstances and Part XVII.1 imposes restrictions on related party transactions that extend to subsidiaries of the insurer under s. 437.17 of the Act. FSRA interprets these provisions to mean that the Board must exercise enough oversight over the Insurer’s subsidiaries to ensure that they comply with the Insurer’s obligations under the Act. The Board’s oversight over subsidiaries should be appropriate given the materiality of that subsidiary with respect to the Insurer’s broader strategy and enterprise-wide risk profile. To achieve this, the Board should develop a full understanding of the impact of a subsidiary’s activities on the Insurer and determine to what extent Principles 1-5, articulated above, should apply to the subsidiary.

Approach 

This section of the Guidance describes FSRA’s approach for assessment of the Insurer’s corporate governance practices. It describes the processes and supervisory practices that FSRA will use to assess the Insurer’s adoption of the principles identified in the Interpretation section of this Guidance to meet intended outcomes. Refer to FSRA’s RBSF-I for details on the Risk Assessment Process.

FSRA uses the RBSF-I to identify imprudent or unsafe business practices that may impact members, subscribers, and policyholders of the Insurer and will intervene on a timely basis if warranted. FSRA will exercise supervisory judgement and assess the most important risks posed by the Insurer to supervisory objectives and the extent to which the Insurer can identify, assess, and manage these risks as well as achieve resilience. In assessing the effectiveness of the Insurer’s corporate governance practices, FSRA will seek to determine whether the Board, through its composition and the systems, processes, and practices that it oversees, is positioned to make informed decisions on the direction and risk appetite of the Insurer that promote its long-term viability.

How governance is assessed within the RBSF-I

Consistent with its view that the Board is accountable for the direction and oversight of the Insurer, FSRA will assess the effectiveness of the Board’s oversight of the Insurer’s significant activities as well as enterprise-wide. At the enterprise-wide level, FSRA’s assessment will include the oversight of processes to manage capital and liquidity, and resilience of the Insurer.

In undertaking its assessment, FSRA will review the Insurer’s frameworks, policies, processes and reporting to understand the Insurer’s strategy, risk appetite, how responsibilities are delegated, and what information is made available to the Board. This understanding will be supplemented by meetings with directors to gain insights into the nature of the discussions that are occurring at the Board level, key areas of focus for directors, and the extent to which management assertions are challenged.

FSRA’s assessment of the Board’s performance

FSRA’s view of the effectiveness of the Board is informed by both its characteristics and performance. Board characteristics are captured in the Interpretation section of this Guidance; however, FSRA will ultimately put more weight on performance. In assessing the performance of the Board, FSRA will seek to understand, among other things, the extent to which:

  • The Board can demonstrate that it effectively directs and challenges the Insurer’s Senior Management regarding the direction and risk profile of the Insurer
  • The delegation of roles and responsibilities is clearly understood and consistently applied across all of the Insurer’s operations
  • The Insurer’s risk appetite statement is articulated in a way that this meaningful to decision makers throughout the Insurer
  • The Board is able to articulate the linkages between strategic plans, financial and capital plans, and the Insurer’s risk appetite statement
  • The Board can demonstrate why it is comfortable that its Oversight Functions and structures are able to act effectively and independent of day-to-day operations
  • The Board is able to objectively assess the effectiveness of critical functions including Oversight Functions and structures whether they are outsourced or in-house
  • There is evidence that potential conflicts of interest or a lack of independence are acknowledged and addressed
  • Information flows throughout the Insurer are sufficient to enable directors to seek assurances from Senior Management that the Insurer continues to operate within the Board-approved strategy and risk appetite and to understand remediation plans put in place to address instances where the Insurer is operating outside of those boundaries
  • The Insurer’s compensation program can reasonably be expected to promote desired behaviours that are linked to risk and the best interests of, members, subscribers, policyholders, and the long-term viability of the Insurer.

Effective date and future review

This Guidance became effective on (TBD) and will be reviewed no later than (TBD).

About this Guidance

This document is consistent with FSRA’s Guidance Framework. As Interpretation guidance, it describes FSRA’s view of requirements under its legislative mandate (i.e. legislation, regulations and rules) so that non-compliance can lead to enforcement or supervisory action. As Approach guidance, it describes FSRA’s internal principles, processes, and practices for supervisory action and application of CEO discretion where applicable. The Approach section of this Guidance may refer to compliance obligations but does not in and of itself create a compliance obligation.

Effective date: TBD

[1] See FSRA Guidance Framework
[2] The Principles should be read in their entirety and Insurers should seek to demonstrate all the elements detailed in each Principle. 
[3] There are specific requirements and accountabilities for Insurers’ Boards that are set out in the Investments by Insurers Guideline (Superintendent’s Guideline No. 1/02).
[4] See below under Principle 3 of the Interpretation section of this Guidance.
[5] Under s. 121. 24 (1) (d) of the Act, the directors of an incorporated Insurer “shall establish procedures to resolve conflicts of interest, including procedures for the identification of potential conflict situations, and establish or designate a committee of the directors to monitor the application of the procedures and the results of their application”.
[6] S. 141.2(1) of the Corporations Act requires that incorporated Insurers have at least six Board members. S. 0.1 of the Reciprocal Insurance Exchanges Regulation and s. 3 of the Corporate Governance Regulation require that Insurers have an audit committee with at least three members. The Corporate Governance Regulation, in s. 4, also requires that an Insurer have a conduct review committee with at least 3 members.
[7] Pursuant to s. 283 of the Corporations Act for the Board of an incorporated Insurer and s. 380.1 (a) of the Act for the Board of a reciprocal insurance exchange.