Corporate Governance 2015 Requirements for Insurance Undertakings 2015 Corporate Governance Requirements for Insurance Undertakings 2015 3 Table of Contents Section No. Contents Page No. 1 Scope 4 2 Definitions 5 3 Legal Basis 8 4 Reporting to the Central Bank 10 5 Effective date of the Requirements 11 6 General Requirements 12 7 Composition of the Board 14 8 Chairman 18 9 Chief Executive Officer 20 10 Independent Non-Executive Directors 22 11 Non-Executive Directors and Executive Directors 23 12 Chief Risk Officer 24 13 Role of the Board 26 14 Appointments 28 15 Risk Appetite 30 16 Meetings 32 17 Reserved Powers 33 18 Consolidated Supervision 34 19 Committees of the Board 35 20 General Requirements of Committees 37 21 Terms of Reference of Committees of the Board 38 22 Audit Committee 39 23 Risk Committee 41 24 Remuneration Committee 43 25 Nomination Committee 44 26 Compliance Statement 45 Appendix 1 Additional obligations on High Impact designated insurance 46 undertakings Corporate Governance Requirements for Insurance Undertakings 2015 4 1. Scope 1.1 The Requirements impose the following:  Minimum core standards upon all insurance undertakings authorised by the Central Bank (including reinsurers but excluding captives); and  Additional requirements (as set out in Appendix 1) upon insurance undertakings which are designated as High Impact by the Central Bank so as to ensure that appropriate and robust corporate governance frameworks are in place and implemented to reflect the risk and nature of those insurance undertakings. There is no bar on insurance undertakings deciding to implement the additional requirements should they wish to do so and indeed insurance undertakings are encouraged to do so. 1.2 The Requirements will not apply to foreign incorporated subsidiaries of an Irish insurance undertaking. Such insurance undertakings are encouraged, however, to adopt equivalent good governance practices. 1.3 The Central Bank has informed insurance undertakings of their Impact designation. Insurance undertakings are required to disclose in their annual report that they are subject to the Requirements and whether they are required to comply with the additional requirements for High Impact designated insurance undertakings. Corporate Governance Requirements for Insurance Undertakings 2015 5 2. Definitions The following is a list of definitions of terms used in the Requirements: Corporate governance: Procedures, processes and attitudes according to which an organisation is directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among the different participants in the organisation – such as the board, managers, shareholders and other stakeholders – and lays down the rules and procedures for decision-making. Insurance undertaking means: a) An insurance undertaking holding an authorisation within the meaning of paragraph (a) of the definition of ‘authorisation’ in Article 2(1) of the European Communities (Non- Life Insurance) Framework Regulations 1994 or Article 2(1) of the European Communities (Life Assurance) Framework Regulations 1994; b) a reinsurance undertaking as defined in Article 3 of the European Communities (Reinsurance) Regulations, 2006; c) the holder of an authorisation under the European Union (Insurance and Reinsurance) Regulations 2015 (S.I. No. 485 of 2015). The Requirements do not apply to Captive Insurance undertakings, Captive Reinsurance Undertakings and Special Purpose Reinsurance Vehicles (SPRVs). Credit Institution: A bank licensed under Section 9 of the Central Bank Act 1971 or a building society authorised under the Building Societies Act 1989 including a credit institution registered as a designated credit institution under the Asset Covered Securities Act 2001. Financial institution: An insurance undertaking and/or a credit institution. Corporate Governance Requirements for Insurance Undertakings 2015 6 High Impact, Medium-High Impact, Medium-Low Impact and Low Impact insurance undertaking: An insurance undertaking which is designated as a High Impact, Medium- High Impact, Medium-Low Impact and Low Impact insurance undertaking respectively under the Central Bank’s Probability Risk Impact SysteM (‘PRISM’)1. Non-executive director: A director without executive management responsibilities for the insurance undertakings or, in the case of an insurance undertaking which is part of a group, who may have executive management responsibilities assigned to him or her within the group. Independent non-executive director: A non-executive director who satisfies the criteria for director independence. Group director: A group director may be an executive, an executive director, a non- executive director or an independent non-executive director of an entity within the group. Director independence: Independence is defined as the ability to exercise sound judgement and decision making independent of the views of management, political interests or inappropriate outside interests. The following criteria shall be considered and given reasonable weight when determining if a director is independent: i. Any financial or other obligation the individual may have to the insurance undertaking or its directors; ii. Whether the individual is or has been employed by the insurance undertaking or a group entity in the past and the post(s) so held; iii. Whether the individual is or has been a provider of professional services to the insurance undertaking in the recent past; iv. Whether the individual represents a significant shareholder; v. Circumstances where the individual has acted as an independent non- executive director of the insurance undertaking for extended periods; vi. Any additional remuneration received in addition to the director’s fee, related 1 For further information on PRISM, please refer to the Central Bank publication entitled ‘PRISM Explained’ which can be found on the Central Bank’s website. Corporate Governance Requirements for Insurance Undertakings 2015 7 directorships or shareholdings in the insurance undertaking; and vii. Any close business or personal relationship with any of the insurance undertaking’s directors or senior employees. Control Functions: These shall include the internal audit, risk management, compliance, and actuarial functions. Corporate Governance Requirements for Insurance Undertakings 2015 8 3. Legal Basis 3.1 The Requirements are introduced as conditions to which insurance undertakings are subject pursuant to Section 24 of the Insurance Act 1989, Regulation 12 of the European Communities (Reinsurance) Regulations 2006 (S.I No. 380 of 2006) or Regulation 26 of the European Union (Insurance and Reinsurance) Regulations 2015 (S.I. No. 485 of 2015)2. 3.2 In addition, the Central Bank is of the opinion that the Requirements are necessary to insurance undertakings’ compliance with the following:  Article 10(3) of the European Communities (Non-Life Insurance) Framework Regulations 1994 (S.I. No. 359 of 1994);  Article 10(3) of the European Communities (Life Assurance) Framework Regulations 1994 (S.I. No. 360 of 1994); and  Regulation 20 of the European Communities (Reinsurance) Regulations 2006 (S.I. No. 380 of 2006).  Regulation 48 of the European Union (Insurance and Reinsurance) Regulations 2015 (S.I. No. 485 of 2015). 3.3 To the extent that an insurance undertaking is obliged under the Requirements to submit returns, statements and information to the Central Bank, such information and returns shall also be required under, Section 16 of the Insurance Act 1989 and Regulation 34 of the European Union (Insurance and Reinsurance) Regulations 2015 (S.I. 485 of 2015) , as applicable. 3.4 The obligation to submit an annual compliance statement to the Central Bank pursuant to Section 26 of the Requirements shall be imposed by notice under Section 2 Section 1 of the Requirements confirms that the scope of the Requirements is that they apply to all insurance undertakings authorised by the Central Bank (including reinsurers but excluding captives). Section 3 of the Requirements drills down into the specific legislative references upon which we rely as the legal basis for imposing the Requirements by way of condition. Section 3.1 of the Requirements published on 8 November 2010 has been amended to include a specific reference to Regulation 12 of the European Communities (Reinsurance) Regulations 2006 (S.I No. 380 of 2006) as of 23 February 2011. Corporate Governance Requirements for Insurance Undertakings 2015 9 25 of the Central Bank Act 1997. 3.5 The Requirements may be amended or supplemented by the Central Bank from time to time. 3.6 The Requirements are imposed in addition to, and shall not affect, any other corporate governance obligations and standards to which an insurance undertaking is subject otherwise than under these requirements and other conditions and/or requirements set out in the authorisation of insurance undertakings. 3.7 A contravention of the Requirements may be liable to the Central Bank using any of its regulatory powers, including, but not limited to, any or all of the following:  The imposition of an administrative sanction under Part IIIC of the Central Bank Act 1942;  The prosecution of an offence;  The refusal to appoint a proposed director to any pre- approval controlled function where prescribed by the Central Bank pursuant to Part 3 of the Central Bank Reform Act 2010; and/or  The suspension, removal or prohibition of an individual from carrying out a controlled function where prescribed by the Central Bank pursuant to Part 3 of the Central Bank Reform Act 2010. 3.8 Where a provision of the previous Requirements are amended or deleted by these Requirements, any legal proceedings, investigation, disciplinary or enforcement action in respect of a right acquired or obligation or liability incurred in respect of a contravention of or act of misconduct under the provision in force at the time may be instituted, continued or enforced and any sanction or penalty in respect of such contravention or act of misconduct may be imposed by the Central Bank as if the provision of the previous Requirements had not been amended or deleted by these Requirements. Corporate Governance Requirements for Insurance Undertakings 2015 10 4. Reporting to the Central Bank 4.1 The Central Bank will monitor adherence to the Requirements through its on-going supervision of insurance undertakings. 4.2 Any insurance undertaking which becomes aware of a material deviation from these Requirements shall within five business days report the deviation to the Central Bank, advising of the background and the proposed remedial action. 4.3 The Central Bank also requires each insurance undertaking to submit an annual compliance statement as set out at Section 26, in accordance with any guidelines issued by the Central Bank, specifying whether the insurance undertaking has complied with the Requirements. Corporate Governance Requirements for Insurance Undertakings 2015 11 5. Effective date of the Requirements 5.1 The Requirements apply to insurance undertakings with effect from 1 January 2016. The Corporate Governance Code for Credit Institutions and Insurance Undertakings 2013 was split in November 2015 and renamed to provide for requirements for Insurance Undertakings and Credit Institutions separately. Corporate Governance Requirements for Insurance Undertakings 2015 12 6. General Requirements 6.1 The Requirements contain the minimum requirements that an insurance undertaking shall meet in the interests of promoting strong and effective governance. 6.2 The board retains primary responsibility for corporate governance within the insurance undertaking at all times. Nevertheless, senior management plays an important part in ensuring effective governance and is therefore responsible for operating effective oversight consistent with board policy. 6.3 All insurance undertakings shall have robust governance arrangements which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks to which it is or might be exposed, adequate internal control mechanisms, including sound administrative and accounting procedures, IT systems and controls, remuneration policies and practices that are consistent with and promote sound and effective risk management both on a solo basis and at group level. The system of governance shall promote and communicate an appropriate risk and compliance culture at all levels of the insurance undertaking and shall be subject to regular internal review. 6.4 The governance structure put in place by each insurance undertaking shall be sufficiently sophisticated to ensure that there is effective oversight of the activities of the insurance undertaking taking into consideration the nature, scale and complexity of the business being conducted. 6.5 No one individual may have unfettered powers of decision. 6.6 The corporate governance structure and policies shall be articulated clearly and communicated to all appropriate staff within the insurance undertaking. 6.7 Without prejudice to any other legal obligations, any director who has any material concern about the overall corporate governance of an insurance undertaking shall Corporate Governance Requirements for Insurance Undertakings 2015 13 report the concern without delay to the board in the first instance and if the concern is not satisfactorily addressed by the board within five business days, the director shall promptly report the concern directly to the Central Bank advising of the background to the concern and any proposed remedial action. This is without prejudice to the director’s ability to report directly to the Central Bank. 6.8 An insurance undertaking shall comply with the Requirements on an individual basis. Accordingly, while an insurance undertaking may adopt policies or procedures developed at group level, the insurance undertaking shall satisfy itself that such policies or procedures meet all of the requirements of these Requirements. Corporate Governance Requirements for Insurance Undertakings 2015 14 7. Composition of the Board 7.1 The board of an insurance undertaking shall be of sufficient size and expertise to oversee adequately the operations of the insurance undertaking and shall have a minimum of five directors. 7.2 The majority of the board shall be independent non-executive directors (this may include the Chairman). However in the case of insurance undertakings that are subsidiaries of groups the majority of the board may also be composed of group directors or a combination of group directors and independent non-executive directors, provided that in all cases the subsidiary insurance undertaking shall have at least two independent non-executive directors or such greater number as is required by the Central Bank. Group directors shall act critically and independently so as to exercise objective and independent judgement. 7.3 The board shall satisfy itself as to a director’s independence prior to his or her appointment and shall document how it has satisfied itself in this regard. 7.4 Board members shall attend each board meeting unless they are unable to attend due to circumstances beyond their control (for example, due to illness) and their attendance and eligibility to vote at each meeting shall be evidenced in the minutes of each meeting. 7.5 Directors should attend each board meeting in person wherever possible. However, due to the location of some directors, physical presence may not always be possible, in which case videoconferencing or teleconferencing is permissible. 7.6 An insurance undertaking shall ensure a majority of its directors are reasonably available to the Central Bank at short notice, if so required. 7.7 Each member of the board shall have sufficient time to devote to the role of director and associated responsibilities. The board shall indicate a time commitment expected from directors in letters of appointment. Corporate Governance Requirements for Insurance Undertakings 2015 15 7.8 The number of directorships held by directors of insurance undertakings shall be limited. The Central Bank requires that the number of financial directorships (i.e. directorships of insurance undertakings and credit institutions) held by a director of an insurance undertaking shall not exceed five and this shall include financial directorships of institutions authorised outside of the State. This restriction does not apply to other directorships held within the same group. The Central Bank considers that an individual holding more than five financial directorships creates a rebuttable presumption that the director has insufficient time available to fulfil his or her role and functions as a director of an insurance undertaking. However, the nature of the directorships and the time commitments required are also factors, hence five or fewer financial directorships may also indicate a possible constraint on the ability of a director to comply. Where it is proposed that a director of an insurance undertaking holds more than five financial directorships, the insurance undertaking shall satisfy itself as to whether this is appropriate and seek the prior approval of the Central Bank. The insurance undertaking shall also provide the Central Bank with a detailed rationale, together with supporting documentation, as to why it considers the number of financial directorships does not constitute an inordinate constraint on their time. Factors covered in such a submission shall include the degree to which the financial directorships held are with respect to companies actively trading, the degree of complexity of the operation of such companies and whether such companies are part of a group. 7.9 Where non-financial directorships are held (i.e. directorships outside of insurance undertakings and credit institutions) the Central Bank considers that an individual holding more than eight such directorships creates a rebuttable presumption that the director has insufficient time available to fulfil his or her role and functions as a director of an insurance undertaking. This restriction does not apply to other directorships held within the group. However, the nature of the directorships and the time commitments required are also factors, hence eight or fewer non-financial directorships may also indicate a possible constraint on the ability of a director to comply. Where it is proposed that a director of an insurance undertaking holds more than eight non-financial directorships, the insurance undertaking shall satisfy itself as to whether this is appropriate and seek Corporate Governance Requirements for Insurance Undertakings 2015 16 the prior approval of the Central Bank. The insurance undertaking shall also provide the Central Bank with a detailed rationale together with supporting documentation as to why it considers the number of directorships does not constitute an inordinate constraint on their time. Factors covered in such a submission shall include the degree to which the directorships held are with respect to companies actively trading, the degree of complexity of the operation of such companies and whether such companies are part of a group. 7.10 In calculating the number of directorships held, the Central Bank shall exclude directorships held in the public interest on a voluntary and pro bono basis provided that such directorships shall not interfere with the director’s ability to fulfil properly his or her role and functions as a director of an insurance undertaking. At the time of appointment, any such directorships shall be notified to the Central Bank. 7.11 In considering and/or proposing director appointments, the board shall assess and document its consideration of possible conflicts of interest among its members, including, but not limited to personal relationships, business relationships and common directorships among its members or proposed members. 7.12 Appointments shall not proceed where possible conflicts of interest may emerge which are significant to the overall work of the board. 7.13 Directors shall not participate in any decision making/discussion where a reasonably perceived potential conflict of interest exists. 7.14 Insurance undertakings shall review board membership at least once every three years. The frequency with which board membership is renewed shall be documented. The renewal frequency shall consider the balance of experience and independence sought. 7.15 Insurance undertakings shall formally review the membership of the board of any person who is an independent non-executive member for nine years or more and it shall document its rationale for any continuance and so advise the Central Bank in writing. Reviews shall be carried out annually where independent non-executive Corporate Governance Requirements for Insurance Undertakings 2015 17 directors have been members of the board for more than nine years. Corporate Governance Requirements for Insurance Undertakings 2015 18 8. Chairman 8.1 There shall be a Chairman appointed to the board of every insurance undertaking. 8.2 The Chairman shall lead the board, encourage critical discussions and challenge mind- sets. In addition, the Chairman shall promote effective communication between executive and non-executive directors. 8.3 The Chairman shall have relevant financial services expertise, qualifications and background or be required to undertake relevant and timely comprehensive training. The relevant financial services background or training shall ensure that the Chairman has the necessary knowledge, skills and experience and/or training required to comprehend each of the following:  The nature of the insurance undertaking’s business, activities and related risks;  His or her individual direct and indirect responsibilities and the board’s responsibilities; and  The insurance undertaking’s financial statements. 8.4 The Chairman shall have the necessary personal qualities, professionalism and integrity to carry out his or her obligations. 8.5 The Chairman shall attend and chair board meetings. 8.6 The roles of Chairman and Chief Executive Officer shall be separate. 8.7 The Chairman shall be an independent non-executive director except in the case of a subsidiary where the Chairman may be a group director. If a deputy Chairman is required, the role shall be taken by an independent non-executive director or in the case of a subsidiary, may be taken by a group director. Corporate Governance Requirements for Insurance Undertakings 2015 19 8.8 The Chairman of the board shall be proposed for election or reappointment on an annual basis. 8.9 The time requirement commitment for a Chairman may be significant. In light of this and to ensure that a Chairman has sufficient time to devote to his or her responsibilities as Chairman, the prior approval of the Central Bank shall be obtained prior to taking on any other directorships (other than within the group). 8.10 An individual who has been the Chief Executive Officer, executive director or member of senior management of an insurance undertaking during the previous 5 years shall not advance to the role of Chairman of that insurance undertaking. 8.11 The Chairman shall not hold the position of Chairman or Chief Executive Officer of more than one financial institution at any one time and this obligation also prohibits the holding of the position of Chairman or Chief Executive Officer of a financial institution authorised outside of the State at the same time as the holding of the position of Chairman or Chief Executive Officer of an insurance undertaking to whom these Requirements apply. However, in the case of insurance undertakings which are not designated as High Impact insurance undertakings and are subsidiaries of groups, the Chairman may also hold the position of Chairman of financial institutions, (including those authorised outside of the State) simultaneously provided that these roles reside within the group and the Chairman has sufficient time available to fulfil his or her role and function as the Chairman of the insurance undertaking. The prior approval of the Central Bank shall be obtained prior to the Chairman assuming any such additional roles. Corporate Governance Requirements for Insurance Undertakings 2015 20 9. Chief Executive Officer 9.1 The Chief Executive Officer3 (‘CEO’) is the top executive responsible for the insurance undertaking with ultimate executive responsibility for the insurance undertaking’s operations, compliance and performance. The CEO serves as the main link between the board and the executive. The board shall appoint a CEO. 9.2 The CEO shall not hold the position of CEO of more than one financial institution at any one time. This obligation also prohibits the holding of the position of CEO of a financial institution authorised outside of the State at the same time as the holding of the position of CEO of an insurance undertaking to whom these Requirements apply. However, in the case of insurance undertakings which are designated as Medium-Low or Low Impact insurance undertakings, the CEO may also hold up to two additional positions as CEO of a financial institution simultaneously provided each financial institution is also designated as a Medium-Low or Low Impact institution and the CEO has sufficient time available to fulfil his or her role and function as the CEO of each institution. The prior approval of the Central Bank shall be obtained prior to the CEO assuming any such additional roles. 9.3 The CEO shall have relevant financial expertise, qualifications and background or be required to undertake relevant and timely comprehensive training. The relevant financial services background or training shall ensure that the CEO has the necessary knowledge, skills and experience and/or training required to comprehend fully each of the following:  The nature of the insurance undertaking’s business, activities and related risks;  His or her individual direct and indirect responsibilities and the board’s responsibilities; and  The insurance undertaking’s financial statements. 9.4 The CEO shall have the necessary personal qualities, professionalism and integrity to 3 The term Chief Executive Officer encompasses other titles in this regard such as General Manager, Managing Director, President etc. Corporate Governance Requirements for Insurance Undertakings 2015 21 carry out his or her obligations. 9.5 The renewal of the CEO contract shall be reviewed at least every five years. 9.6 The CEO shall be appointed to the board. Corporate Governance Requirements for Insurance Undertakings 2015 22 10. Independent Non-Executive Directors 10.1 As an integral component of the board, independent non-executive directors represent a key layer of oversight of the activities of an insurance undertaking. It is essential for independent non-executive directors to bring an independent viewpoint to the deliberations of the board that is objective and independent of the activities of the management and of the insurance undertaking. 10.2 Independent non-executive directors shall be identified clearly in the insurance undertaking’s annual report. 10.3 The independent non-executive directors shall have a knowledge and understanding of the business, risks and material activities of the insurance undertaking to enable them to contribute effectively. 10.4 The independent non-executive directors shall comprise individuals with relevant skills, experience and knowledge (such as accounting, auditing and risk management knowledge) who shall provide an independent challenge to the executive directors of the board. 10.5 Dedicated support shall be available to independent non-executive directors on any matter requiring additional and/or separate advice to that available in the normal board process. Corporate Governance Requirements for Insurance Undertakings 2015 23 11. Non-Executive Directors and Executive Directors 11.1 The role of the non-executive directors, under the Chairman’s leadership is, inter- alia:  To ensure that there is an effective executive team in place;  To participate actively in constructively challenging and developing strategies proposed by the executive team;  To participate actively in the board’s decision-making process;  To participate actively in board committees (where established); and  To exercise appropriate oversight over execution by the executive team of the agreed strategies, goals and objectives and to monitor reporting of performance 11.2 The role of executive directors, led by the CEO, is to propose strategies to the board and, following challenging board scrutiny, to execute the agreed strategies to the highest possible standards. 11.3 The non-executive and executive directors shall have a knowledge and understanding of the business, risks and material activities of the insurance undertaking to enable them to contribute effectively. 11.4 The non-executive and executive directors shall comprise individuals with relevant skills, experience and knowledge (such as accounting, auditing and risk management knowledge, where appropriate) who shall provide an independent challenge to the executive directors of the board. 11.5 Dedicated support shall be available to non-executive and executive directors on any matter requiring additional and/or separate advice to that available in the normal board process. Corporate Governance Requirements for Insurance Undertakings 2015 24 12. Chief Risk Officer 12.1 There shall be a person appointed the Chief Risk Officer (‘CRO’) with distinct responsibility for the risk management function and for maintaining and monitoring the effectiveness of the insurance undertaking’s risk management system. Where an insurance undertaking is not designated as a High Impact insurance undertaking (except as provided for in Section 12.2) and where the nature, scale and complexity of the operations of the insurance undertaking do not justify a dedicated exclusive CRO function, another pre-approval control function4 may fulfil that role. The prior approval of the Central Bank shall be obtained prior to making any such arrangement. 12.2 Where an insurance undertaking is designated as a High Impact insurance undertaking and where the nature, scale and complexity of the operations of the insurance undertaking do not justify a dedicated exclusive CRO function, the Head of Actuarial Function may fulfil that role. The prior approval of the Central Bank shall be obtained prior to making any such arrangement. 12.3 The CRO shall have relevant expertise, qualifications and background or be required to undertake relevant and timely training. The CRO shall have sufficient seniority and independence to influence proposals or challenge decisions which affect an insurance undertaking’s exposure to risk. 12.4 The CRO shall be responsible for ensuring that the insurance undertaking has effective processes in place to identify and manage the risks to which the insurance undertaking is or might be exposed. 12.5 The CRO shall be responsible for maintaining effective processes to monitor and report the risks to which the insurance undertaking is or might be exposed. 12.6 The CRO shall promote sound and effective risk management both on a solo and 4 Pre-approval control function means those functions set out in schedule 2 of the ‘Regulations’. The ‘Regulations’ means the Central Bank Reform Act 2010 (Sections 20 and 22) Regulations, 2011 (S.I. No. 615 of 2011). Corporate Governance Requirements for Insurance Undertakings 2015 25 consolidated basis5. The system of risk management shall promote an appropriate risk culture at all levels of the insurance undertaking and shall be subject to regular internal review. 12.7 The CRO shall be responsible for the facilitation of the setting of the risk appetite by the board. 12.8 The CRO shall be responsible for providing comprehensive and timely information on an insurance undertaking’s material risks which enables the board to understand the overall risk profile of the insurance undertaking. 12.9 The CRO’s primary responsibility is to the board and the CRO shall report to the board periodically with direct access to the Chairman of the board. The CRO shall report to the board risk committee on a regular basis. 5 Consolidated basis, where applicable, refers to the Irish regulated insurance undertaking and its subsidiaries. Corporate Governance Requirements for Insurance Undertakings 2015 26 13. Role of the Board 13.1 The board of each insurance undertaking is responsible for the effective, prudent and ethical oversight of the insurance undertaking. The board is responsible for, among other things, setting and overseeing : a) the business strategy for the insurance undertaking; b) the amounts, types and distribution of both internal capital and own funds adequate to cover the risks of the insurance undertaking; c) the strategy for the on-going management of material risks including, inter- alia, liquidity risk; d) a robust and transparent organisational structure with effective communication and reporting channels; e) a remuneration framework that is in line with the risk strategies of the insurance undertaking; and f) an adequate and effective internal control framework, that includes well- functioning risk management, compliance and internal audit functions as well as an appropriate financial reporting and accounting framework. 13.2 The role and responsibilities of the board shall be clearly documented. 13.3 The board shall have:  The necessary knowledge, skills, experience, expertise, competencies, professionalism, fitness, probity and integrity to carry out their duties;  A full understanding of the nature of the insurance undertaking’s business, activities and related risks;  A full understanding of their individual direct and indirect responsibilities and collective responsibilities; and  An understanding of the insurance undertaking’s financial statements. 13.4 The board may delegate authority to sub-committees or management to act on behalf of the board in respect of certain matters but, where the board does so, it shall have Corporate Governance Requirements for Insurance Undertakings 2015 27 mechanisms in place for documenting the delegation and monitoring the exercise of delegated functions. The board cannot abrogate its responsibility for functions delegated. 13.5 Where an insurance undertaking, being part of a larger group, applies group policies or uses group functions, the board shall satisfy itself as to the appropriateness of these policies and functions for the insurance undertaking and in particular that these policies and functions take full account of Irish laws and regulations and the supervisory requirements of the Central Bank. 13.6 The board shall be able to explain its decisions to the Central Bank. Corporate Governance Requirements for Insurance Undertakings 2015 28 14. Appointments 14.1 The board shall be responsible for appointing a CEO and senior management with appropriate integrity and adequate knowledge, experience, skill and competence for their roles. 14.2 The board shall be responsible for endorsing the appointment of people who may have a material impact on the risk profile of the insurance undertaking and monitoring on an on-going basis their appropriateness for the role. 14.3 The board shall be responsible for either the appointment of non-executive directors or where appropriate identifying and proposing the appointment of non-executive directors to shareholders. 14.4 The board shall ensure that new non-executive directors are provided with adequate induction training about the operations and performance of the insurance undertaking. The board shall ensure that adequate on-going training is provided to board members, which is routinely updated as necessary to ensure that they make informed decisions. 14.5 The board shall define and document the responsibilities of the board of directors, board committees and senior management to ensure that no single person has unfettered control of the business. 14.6 The board shall formally review its overall performance and that of individual directors, relative to the board’s objectives, at least annually. The review shall be documented. 14.7 The board shall ensure that there is an appropriate succession plan in place. 14.8 The removal from office of the head of a control function shall be subject to prior board approval. Any decision to remove the head of a control function shall be reported within five working days to the Central Bank with clear articulation of the Corporate Governance Requirements for Insurance Undertakings 2015 29 underlying rationale for the removal. An insurance undertaking shall not enter into any agreement with a head of control function that would purport to preclude, or would dis-incentivise, the provision of information to the Central Bank by the head of the control function. 14.9 The board, or nomination committee where one exists, shall establish a written policy on diversity with regard to selection of persons for nomination to become members of the board. Corporate Governance Requirements for Insurance Undertakings 2015 30 15. Risk Appetite 15.1 The board is required to understand the risks to which the insurance undertaking is exposed and shall establish a documented risk appetite for the insurance undertaking. The appetite shall be expressed in qualitative terms and also include quantitative metrics to allow tracking of performance and compliance with agreed strategy (e.g. Value at Risk, leverage ratio, range of tolerance for bad debts, acceptable stress losses, economic capital measures). It shall be subject to annual review by the board. 15.2 The risk appetite definition shall be comprehensive and clear. The definition shall clearly define the appetite and address separately the short, medium and long term horizons. 15.3 The board shall ensure that the risk management system and internal controls reflect the risk appetite and that there are adequate arrangements in place to ensure that there is regular reporting to the board on compliance with the risk appetite. 15.4 In the event of a material deviation from the defined risk appetite measure, the details of the deviation and of the appropriate action to remedy the deviation shall be communicated to the Central Bank by the board promptly in writing and no later than five business days of the board becoming aware of the deviation. 15.5 The board shall satisfy itself that all key control functions such as internal audit, compliance, actuarial and risk management are independent of business units, and have adequate resources and authority to operate effectively. 15.6 The board shall ensure that it receives timely, accurate and sufficiently detailed information from control functions. 15.7 The board shall ensure that the insurance undertaking’s remuneration practices do not promote excessive risk taking. The board shall design and implement a remuneration policy to meet that objective and evaluate compliance with this policy. Corporate Governance Requirements for Insurance Undertakings 2015 31 15.8 The board shall ensure that it identifies risks to be addressed by contingency plans based on, inter-alia:  the areas where it considers the insurance undertaking to be especially vulnerable;  the risk appetite of the insurance undertaking; and  the risk management system of the insurance undertaking. Contingency plans shall be reviewed, updated and tested on a regular basis. Corporate Governance Requirements for Insurance Undertakings 2015 32 16. Meetings 16.1 The board shall meet as often as is appropriate to fulfil its responsibilities effectively and prudently, reflective of the nature, scale and complexity of the insurance undertaking. In any event, the board shall meet at least four times per calendar year and at least once in every six month period. 16.2 A detailed agenda of items for consideration at each board meeting together with minutes of the previous board meeting shall be circulated in advance of the meeting to allow all directors adequate time to consider the material. Sufficient and clear supporting information and papers shall also be circulated. 16.3 Detailed minutes of all board meetings shall be prepared with all decisions, discussions and points for further actions being documented. Dissensions or negative votes shall be documented in terms acceptable to the dissenting person or negative voter. The minutes of meetings shall provide sufficient detail to evidence appropriate board attention, the substance of discussions and their outcome and shall be agreed at the subsequent board meeting. Minutes shall also document the attendance or nonattendance of members of the board. 16.4 The board shall establish a documented ‘conflict of interest’ policy for its members and where conflict of interests arise the board shall ensure that they are noted in the minutes. 16.5 If on-going conflicts of interest arise, consideration shall be given to changing the membership of the board. Corporate Governance Requirements for Insurance Undertakings 2015 33 17. Reserved Powers 17.1 The board shall establish a formal schedule of matters specifically reserved to it for decision. This schedule shall be documented and updated in a timely manner. Corporate Governance Requirements for Insurance Undertakings 2015 34 18. Consolidated Supervision 18.1 The board shall exercise adequate control and oversight over the activities of its subsidiaries whether incorporated in Ireland or overseas. Corporate Governance Requirements for Insurance Undertakings 2015 35 19. Committees of the Board 19.1 The board is responsible for oversight of each of its committees. Subject to paragraph 19.2 below, the board shall establish, at a minimum, both an audit committee and a risk committee. Where the board comprises only 5 members, the full board, including the Chairman and the CEO, may act as the audit committee and/or the risk committee. In such cases Section 22.3 and Section 23.3 will continue to apply. Minutes of these meetings shall reflect that the board was sitting as the audit committee or risk committee. 19.2 Where an insurance undertaking is part of a wider group which has a group audit committee and a group risk committee, it may rely on those committees provided that the board is satisfied that they are appropriate to the specific circumstances of the insurance undertaking. 19.3 Committees shall have documented terms of reference evidencing all functions delegated to them. 19.4 The non-executive directors and in particular independent non-executive directors shall play a leading role in these committees or where the functions are carried out at group level; they shall play a leading role in satisfying the board that the insurance undertaking’s audit and risk functions are adequately carried out. 19.5 In deciding whether or not to establish board sub-committees, the board shall ensure that in the absence of establishing a sub-committee it continues to have appropriate time available to it to adequately discharge its responsibilities. 19.6 Where appropriate, the board should consider the appointment of a remuneration committee and/or nomination committee. 19.7 Board consideration of risk-related issues may be enhanced by members serving on more than one board sub-committee, as members may gain a greater appreciation of Corporate Governance Requirements for Insurance Undertakings 2015 36 risk considerations across the insurance undertaking. Cross memberships between key sub-committees of the board should be encouraged. The audit committee and the risk committee shall have at least one shared member. Corporate Governance Requirements for Insurance Undertakings 2015 37 20. General Requirements of Committees 20.1 Insurance undertakings shall adhere to the following general requirements in relation to the activities of committees of the board: a) Agendas and all relevant material for the meeting shall be circulated to all committee members in a timely manner in advance of the meeting; b) Detailed minutes of all committee meetings shall be prepared recording time of meeting, location held, attendees, all key discussions and decisions; c) When appointing committee members, the board shall review and satisfy itself as to the relevant expertise, skill of members and their ability to commit appropriate time to the committee; d) Committee members shall attend committee meetings regularly. Where a member is unable to provide sufficient time to attend over the medium to long term, the board shall remove such member from the committee and replace him or her with a member with appropriate availability, experience and expertise; e) For the committee(s) of which they are a member, directors should attend each committee meeting in person wherever possible. However, due to the location of some directors, physical presence may not always be possible, in which case videoconferencing or teleconferencing is permissible; f) Cross-committee membership by an individual shall be managed by the insurance undertaking to ensure that no one individual exercises excessive influence or control; g) Committee membership shall be reviewed by the insurance undertaking and subject to renewal by the insurance undertaking with an appropriate frequency. The renewal frequency shall consider the balance of experience and independence sought; and h) Committees shall report regularly to the board and the minutes of all sub- committees shall be circulated to the board in advance of board meetings. Corporate Governance Requirements for Insurance Undertakings 2015 38 21. Terms of Reference of Committees of the Board 21.1 The authority, functions, membership and reporting lines of the committees as well as meeting frequency, voting rights and quorums shall be clearly outlined in written terms of reference established by the board. 21.2 The terms of reference shall be reviewed regularly by the committees to ensure continuing appropriateness. Recommendations on revisions shall be provided to the board, where necessary. Such reviews shall be documented and shall take place at least annually. Corporate Governance Requirements for Insurance Undertakings 2015 39 22. Audit Committee 22.1 The number of members of an audit committee shall be sufficient to handle the nature, scale and complexity of the business conducted by it and shall be composed of at least three members. 22.2 An audit committee shall be composed of non-executive directors, the majority of directors being independent. 22.3 The Chairman of the audit committee shall be an independent non-executive director. 22.4 The audit committee as a whole shall have relevant financial experience and at least one member shall have an appropriate qualification. 22.5 Subject to the provision contained in Section 19.1, neither the Chairman of the board nor the CEO shall be a member of the audit committee. The attendance by the CEO or board Chairman at audit committee meetings shall be by invitation and shall be managed to ensure the independence of the committee and the maintenance of appropriate relationships with other parties especially external auditors. 22.6 Audit committee meetings shall be held at regular intervals and, where appropriate, to coincide with important financial reporting dates. They shall usually only be attended by the Chairman and members of the audit committee. However, members may also request the attendance of key individuals such as the external auditor, head of internal audit and the finance director. The audit committee shall operate in a manner consistent with ensuring its independence and shall report its activities and decisions to the board of directors. 22.7 Without prejudice to the responsibility of the board of directors, the responsibilities of the audit committee shall include at least the following: Corporate Governance Requirements for Insurance Undertakings 2015 40 a) Monitoring the effectiveness and adequacy of the insurance undertaking’s internal control, internal audit and IT systems; b) Liaising with the external auditor particularly in relation to their audit findings; c) Reviewing the integrity of the insurance undertaking’s financial statements and ensuring that they give a “true and fair view” of the financial status of the insurance undertaking; d) Reviewing any financial announcements and reports and recommending to the board whether to approve the insurance undertaking’s annual accounts (including, if relevant, group accounts); and e) Assessing auditor independence and the effectiveness of the audit process. Corporate Governance Requirements for Insurance Undertakings 2015 41 23. Risk Committee 23.1 The board shall establish a risk committee separately from the audit committee with responsibility for oversight and advice to the board on the current risk exposures of the insurance undertaking and future risk strategy. Insurance undertakings may propose to the Central Bank that the board itself carry out the functions which would otherwise be delegated to a risk committee. The Central Bank’s prior approval in writing shall be obtained if an insurance undertaking wishes to fulfil this requirement without creating a separate committee of the board. 23.2 The number of members of a risk committee shall be sufficient to handle the nature, scale and complexity of the business conducted by it and shall be composed of at least three members. 23.3 The Chairman of the risk committee shall be a non-executive director or an independent non-executive director. 23.4 The risk committee shall be composed of a majority of non-executive directors, independent non-executive directors or a combination of both. 23.5 The risk committee as a whole shall have relevant risk expertise. 23.6 The role of the risk committee shall be to advise the board on risk appetite and tolerance for future strategy, taking account of the board’s overall risk appetite, the current financial position of the insurance undertaking and, drawing on the work of the audit committee and the external auditor, the capacity of the insurance undertaking to manage and control risks within the agreed strategy. The risk committee shall oversee the risk management function, which is managed on a day to day basis by the CRO. 23.7 The risk committee shall liaise regularly with the CRO to ensure the development and on-going maintenance of an effective risk management system within the insurance undertaking that is effective and proportionate to the nature, scale and complexity of the risks inherent in the business. Corporate Governance Requirements for Insurance Undertakings 2015 42 23.8 The risk committee shall advise the board on the effectiveness of strategies and policies with respect to maintaining, on an on-going basis, amounts, types and distribution of both internal capital and own funds adequate to cover the risks of the insurance undertaking. Corporate Governance Requirements for Insurance Undertakings 2015 43 24. Remuneration Committee 24.1 Where a remuneration committee has been established, the number of members of the remuneration committee will depend on the nature, scale and complexity of the insurance undertaking. 24.2 Where possible, all members of the remuneration committee shall be independent non-executive directors but, in any event, the majority of members of the committee shall be independent non-executive directors. 24.3 The Chairman of the board shall not be the Chairman of the remuneration committee. 24.4 The remuneration committee shall establish remuneration policies and procedures within the insurance undertaking based on best practice and any requirements which the Central Bank may issue. Corporate Governance Requirements for Insurance Undertakings 2015 44 25. Nomination Committee 25.1 Where a nomination committee has been established, the number of members of the committee will depend on the nature, scale and complexity of the insurance undertaking, but the majority of members of the committee shall be independent non-executive directors. 25.2 The nomination committee shall make recommendations to the board on all new appointments of both executive and non-executive directors. 25.3 In considering appointments the nomination committee shall prepare a comprehensive job description, taking into account for board appointments, the existing skills and expertise of the board and the anticipated time commitment required. 25.4 The nomination committee shall be involved in succession planning for the board, bearing in mind the future demands on the business and the existing level of skills and expertise. Corporate Governance Requirements for Insurance Undertakings 2015 45 26. Compliance Statement 26.1 An insurance undertaking shall submit to the Central Bank a compliance statement specifying, in accordance with any relevant guideline issued by the Bank, whether the insurance undertaking has complied with these Requirements during the period to which the statement relates. This compliance statement shall be submitted to the Central Bank on an annual basis or with such other frequency as the Central Bank may notify to the insurance undertaking from time to time. The report shall be submitted with the insurance undertaking’s annual report. Where an insurance undertaking does not have a financial reporting period coinciding with the calendar year it may submit a compliance statement for the period of its financial year. In the event of the insurance undertaking deviating materially from the Requirements, the compliance report shall include a report on any material deviations, advising of the background to the breach and the actual or proposed remedial action. Corporate Governance Requirements for Insurance Undertakings 2015 46 Appendix 1 to the Corporate Governance Requirements for Insurance Undertakings 2015 (“The Requirements”) Additional obligations on High Impact designated insurance undertakings The following additional obligations apply to High Impact designated insurance undertaking. The numerical references relate to those used throughout the Requirements. High Impact designated insurance undertaking shall substitute these requirements for those contained in the Requirements. 7. Composition of the Board 7.1 The board of an insurance undertaking shall be of sufficient size and expertise to oversee adequately the operations of the insurance undertaking. The board shall have a minimum of seven directors. The board of a High Impact designated insurance undertaking shall consider whether a larger board is appropriate and shall record such considerations in writing. In particular, the board should comprise sufficient representation by executive directors to ensure that it is not dominated by one individual executive. 7.2 The board shall have a majority of independent non-executive directors (this may include the Chairman). However in the case of insurance undertakings that are subsidiaries of groups the majority of the board may also be composed of group directors or a combination of group directors and independent non-executive directors, provided that in all cases the subsidiary insurance undertaking shall have at least three independent non-executive directors or such greater number as is required by the Central Bank. Group directors shall act critically and independently so as to exercise objective and independent judgement. 7.8 The number of directorships held by directors of insurance undertakings shall be Corporate Governance Requirements for Insurance Undertakings 2015 47 limited. The Central Bank requires that the number of financial directorships (i.e. directorships of insurance undertakings and credit institutions) held by a director of an insurance undertaking shall not exceed three where one of the directorships held is in a High Impact designated financial institution and this shall include directorships of financial institutions authorised outside of the State. This restriction does not apply to multiple directorships within the same group. 7.9 Where non-financial directorships are held (i.e. directorships outside of insurance undertakings and credit institutions), the Central Bank considers that an individual holding more than five such directorships creates a rebuttable presumption that the director has insufficient time available to fulfil his or her role and functions as a director of an insurance undertaking. This restriction does not apply to other directorships held within the group. However, the nature of the directorships and the time commitments required are also factors, hence five or fewer non-financial directorships may also indicate a possible constraint on the ability of a director to comply. Where it is proposed that a director of an insurance undertaking hold more than five non-financial directorships, the insurance undertaking shall satisfy itself as to whether this is appropriate and seek the prior approval of the Central Bank. The insurance undertaking shall also provide the Central Bank with a detailed rationale together with supporting documentation as to why it considers the number of directorships does not constitute an inordinate constraint on their time. Factors that shall be covered in such a submission include the degree to which the directorships held are with respect to companies actively trading, the degree of complexity of the operation of such companies and whether such companies are part of a group 14. Appointments 14.6 The board shall formally review its overall performance and that of individual directors, relative to the board’s objectives, at least annually. The review shall be documented. Every three years an evaluation by an external evaluator shall be undertaken. Where the external evaluation is critical of the performance of the board, the Central Bank reserves the right to increase the frequency of subsequent evaluations until acceptable performance is noted. Any such evaluation shall be Corporate Governance Requirements for Insurance Undertakings 2015 48 provided to the Central Bank. 14.10 The board shall put in place a formal skills matrix to ensure that there is an appropriate skills mix across members of the board and potential new members should be assessed against the skills matrix during the appointment process. 16. Meetings 16.1 The board shall meet as often as is appropriate to fulfil its responsibilities effectively and prudently, reflective of the nature, scale and complexity of the insurance undertaking. In any event, the board shall meet at least six times per calendar year and at least three times in every six month period. The Central Bank reserves the right to require an insurance undertaking to increase the frequency of its board meetings should it deem this necessary. 19. Committees of the Board 19.16 High Impact designated insurance undertakings are required to establish audit, risk, remuneration and nomination committees. Where an insurance undertaking is part of a wider group where remuneration and nomination committees exist, it may not need separate such committees. The Central Bank shall be informed of this decision promptly and retains the discretion to require the establishment of these committees. No single individual may hold the position of Chairman of the audit committee and risk committee simultaneously. 19.7 Board consideration of risk-related issues may be enhanced by members serving on more than one board sub-committee, as members may gain a greater appreciation of risk considerations across the insurance undertaking. Cross memberships between key sub-committees of the board should be encouraged. The audit committee and the risk committee shall have at least one shared member. The remuneration committee and the risk committee shall have at least one shared member. 6 High Impact designated insurance undertaking shall substitute this requirement for the requirements contained in each of Section 19.1, 19.2 and 19.6 of the Requirements. Corporate Governance Requirements for Insurance Undertakings 2015 49 This sheet is intentionally left blank www.centralbank.ie Bosca PO 559, Sráid an Dáma, Baile Átha Cliath 2, Éire PO. Box No 559, Dame Street, Dublin 2, Ireland