Management Structure

Regulatory framework

  1. Solvency II Law: Articles 40 and 41 (Management), 42, § 1, 1° (management structure); 44 to 53 (management bodies and specialised committees of the board of directors), 56 (position of the person responsible for the risk management function), 77 to 80 (specific tasks of the management body and management committee)
  2. Delegated Regulation 2015/35: Article 258(4) (two persons running the undertaking)
  3. Underlying thematic NBB Circulars: Communication CBFA 2009_22 of 25 May 2009 on the derogation policy with regard to audit committees (Communication amended[1] and supplemented by point 1.8.3. below as regards the risk committee and the remuneration committee)
  4. EIOPA Guidelines: Guidelines 1 to 7 and 10

The Solvency II Law contains a number of provisions on the management structure and management bodies that an insurance company should have.

[1]    Point 1 of this Communication, entitled “Derogation from the composition of an audit committee” has become redundant given that the Solvency II Law determines that the audit committee, the risk committee and the remuneration committee may only be composed of non-executive directors.

1.1. General requirements

1.1.1. Board of directors and management committee

The insurance company shall have a management structure that guarantees effective and prudent management, taking into account the nature, scale and complexity of the risks inherent to the company’s business model and activity. As a basic rule, this means that there must be a clear division at the highest level between the senior management of the insurance company and the supervision of this management (Article 42, § 1, 1° of the Solvency II Law).

In view of the new management structures provided for in the CAC (one-tier and two-tier structures and structure with a single director), the pre-existing two-tier structure, which consists of a board of directors and a management committee as stipulated in the Solvency II Law will be maintained. This structure could be considered a “specific” two-tier structure given that there are two differences with a fully-fledged two-tier structure: (i) the powers of the management committee are delegated by the board of directors and (ii) at least two or three members of the management committee are also directors, which creates a sort of overlapping between the board of directors and the management committee, enabling the establishment of a realistic general policy and strategy  as the persons responsible for their implementation are able to comment on them.

This means that there must be a distribution of competences at the highest level between:

  • the board of directors, which (i) determines the overall business strategy, the risk policy and the integrity policy and (ii) supervises activities;
  • the management committee, which is responsible for the specific management of the insurance company’s activity, the enforcement of the risk management system and the introduction of an organisation and operational structure.

The overall strategy, risk policy, integrity policy and the supervision of activities shall be conferred on the board of directors as a whole.

The management of the company’s activity shall be conferred on the management committee. Without prejudice to the authority to represent the company, all important decisions on the operational management must be made by at least two people, and before those decisions are implemented.

1.1.2. Interaction between the board of directors and the management committee

The board of directors and the management committee of the insurance company shall work appropriately together, both between themselves and with all committees they have set up (including the audit committee, risk committee and remuneration committee), as well as with those responsible for the company’s independent control functions. The board of directors may have access to the senior management.

1.1.3. Documentation of decisions and internal regulations 

Decisions made by the board of directors and management committee shall be properly documented by the company. This documentation must show how the information coming from the risk management system is incorporated into the decision-making process.  The management bodies (board of directors, including the specialist committees, management committee) shall also draw up internal regulations. 

1.1.4. Internal evaluation of the governance system 

The insurance company’s board of directors and management committee shall determine the scope and frequency of the internal evaluation of the governance system, taking into account the nature, scale and complexity of the company’s activity, both at an individual and group level, as well as the structure of the group. 

The company shall see to it that the scope, results and conclusions from the evaluation are properly documented and sent to the board of directors and management committee. The company shall have appropriate feedback procedures to guarantee that follow-up measures are taken and established.

It is also advisable to base the internal evaluation of the governance system on self-assessments performed by the company’s management bodies (board of directors, specialised sub-committees, management committee) with regard to their functioning and potential improvement.

1.1.5. Training

The company shall take appropriate measures to improve or refresh the knowledge of the members of the management bodies through training programmes. The Bank recommends that these training programmes cover all risks to which the company is exposed, including sustainability risks.

1.1.6. Dynamic discussions

The company shall ensure that the board of directors, its sub-committees and the management committee are organised in such a way as to promote dynamic discussions. For instance, the size of the board of directors and of the management committee should be proportionate to the size of the company (no excessively large board of directors or management committee) and companies should avoid having permanent invitees sitting on the board of directors and on the management committee – except in duly justified situations. The chairs of the board of directors and of the management committee also have an important role to play in maintaining the quality of the discussions.

1.2. The board of directors

1.2.1. Composition

a) Majority of non-executive directors

The board of directors shall be composed of non-executive directors and executive directors. For the exercise of supervisory and control tasks, the non-executive members of the board of directors, i.e. the ones that do not form part of the management committee, shall form the majority in the board of directors, and the chairs of the board of directors and management committee shall be two different people. In accordance with the Solvency II Law the (executive or non-executive) members of the board of directors must be natural persons (a legal person is prohibited from being appointed as director).

In terms of social status[1], a position of director of an insurance company cannot be exercised under an employment contract (obliged self-employed status) and a combination of two statuses (self-employed and employee) within the same company is not reconcilable with the principles of sound governance applicable to insurance companies[2].

For listed insurance companies or insurance companies of which the debt securities or subscription rights (warrants) are tradable on regulated markets, it is reminded that according to common law at least a third of the members of the board of directors are of a different sex from the other members (cf. Article 7:86 of the CAC).

[1] By identity of reasons, the same rules apply whether the business enterprise is in the form of a company or of a mutual insurance association.

[2] A link of subordination - supposing it to be proven - would jeopardize the effectiveness of the supervision of the Board of directors on the management of the company.

b) Independent directors within the meaning of the Solvency II Law

The role of independent directors is to ensure that all stakeholders of the company are adequately represented and, where appropriate, to reinforce technical expertise, particularly with regard to risk management.

Before the entry into force of the CAC, the Solvency II Law stipulated that insurance companies required to establish an audit committee, risk committee and remuneration committee[3] should have at least two directors meeting the independence criteria set out in Article 526ter of the former Companies Code, in particular to enable the company to comply with the obligation to have a majority of independent directors in the audit committee.

The CAC limits itself to stating the general principle that a director is considered independent if he does not have a relationship with the company or with one of its major shareholders that could jeopardise his independence. For the definition of the independence criteria, the CAC refers to provision 3.5 of the Belgian Code on Corporate Governance, which is not in itself a regulatory act but a recommendation for sound practices, even if its content is incorporated in the legal order by Royal Decree.

Pending a clarification of the legislation on this aspect, the Bank considers that the old criteria set out in the aforementioned Article 526ter shall continue to apply unchanged to insurance companies even if they do not formally appear in the CAC. The intention is to confirm this approach through an amendment to the Solvency II Law reintegrating the old criteria of Article 526ter but providing for a so-called “comply or explain” system (consequently, independent directors will hereinafter be referred to as “independent directors within the meaning of the Solvency II Law”).

The Bank expects that all aforementioned independence criteria are met and, if not, that the insurance company explains to it why it did not meet one or more of the independence criteria set out in the Belgian Code on Corporate Governance (comply or explain). Specifically, this explanation should be in the form of a formal statement of the board of directors or, where appropriate, the nomination committee, explaining why one or more of the criteria are not met. This statement should be sent with the Fit & Proper file of the director concerned.

The recommended number of independent directors shall depend on the nature, scale and complexity of the risks inherent to the company’s business model and activity. Based on this risk profile, on the structure of the group to which the company belongs and on the other aforementioned factors, it could be considered adequate to have more than two independent directors within the meaning of the Solvency II Law.

In insurance companies that are not obliged to have an independent director within the meaning of the Solvency II Law, it is nevertheless advisable to appoint an independent director meeting the criteria that are set out in provision 3.5 of the Belgian Code on Corporate Governance and that will be included in the Solvency II Law.

[3] Setting up an audit committee, a risk committee and a remuneration committee is not compulsory for insurance companies that fulfil, on a consolidated basis, at least two of the following three criteria: average number of employees during the financial year in question of less than 250, a balance sheet total equal to or less than € 43 million and an annual net turnover (premiums earned less reinsurance) equal to or less than € 50 million.

c) Selection of directors

Apart from a policy on expertise and fitness and propriety (cf. Chapter 2 below), the company shall establish a policy for the composition of its management bodies (board of directors and management committee) and for the selection of the directors and members of the management committee, not only taking into account the Fit & Proper aspects but also, for example, the number of directors, their age, their gender, accumulation of mandates, length and rotation of mandates, rules on conflicts of interest, etc. 

In this policy, the company shall establish the principles it will follow for the nomination for appointment, renewal, termination and removal of the directors.

1.2.2. Tasks

The board of directors has the final responsibility for the insurance company. More particularly, this concerns the following two functions.

a) Determining the general company strategy, risk policy and integrity policy

In accordance with Article 44 of the Solvency II Law, the board of directors shall determine “the company’s strategy and objectives and; the risk policy, including the overall risk tolerance; the integrity policy […]”.

Firstly, as regards the company’s strategy and objectives, the Bank expects the board of directors at least to determine and validate:

  1. the company’s objectives (especially as regards the sales policy),
  2. the main lines of its organisational structure and its internal control structure (which must be in proportion to the intended objectives),
  3. the company’s policies on governance sensu stricto, i.e. the Fit & Proper policy, the remuneration policy, the outsourcing policy, the internal rules on external functions, the IT security and continuity policy and the charters of the independent control functions,
  4. the reportings intended for the public (particularly the Solvency and Financial Condition Report or SFCR).

Secondly, as regards the risk policy, the board of directors must specifically:

  1. determine the company’s risk appetite and general risk tolerance limits for all of its activities (risk appetite policy);
  2. approve the company’s general risk management policy (see below for the content of that policy), the specific risk management policies (i.e. the following relevant policies: a) the policy relating to the management of underwriting and reserve risk, b) the asset-liability management policy, c) the investment risk management policy, d) the liquidity risk management policy, e) the concentration risk management policy, f) the operational risk management policy, g) the reinsurance policy, h) where appropriate, the mortgage lending policy, i) the asset and liability valuation policy, j) the profit-sharing policy, k) the ORSA policy, and l) the capital management policy) and the policy guaranteeing that the information submitted to the Bank is always adequate (Article 77, § 7 of the Solvency II Law);
  3. be the first line as regards risk-based strategic decisions and be closely involved in the ongoing supervision of the development of the company risk profile (this requires the board of directors, or where applicable the audit committee and the risk committee, to always be in possession of relevant and comprehensive information on the risks the company faces);
  4. approve the Regular Supervisory Report (RSR) and the Own Risk and Solvency Assessment (ORSA). In this regard, the Bank highlights the fact that the annual and quarterly Quantitative Reporting Templates (QRTs) should not be approved by the board of directors as Articles 80, § 5, and 202 of the Solvency II Law explicitly state that this task falls to the management committee (except for the QRTs annexed to the SFCR).

Thirdly, the board of directors should also approve the integrity policy, which establishes the company’s fundamental ethical principles and includes at least the following: rules on conflicts of interest, rules on whistleblowing, rules on the prevention of money laundering and terrorist financing, codes of conduct, etc.

b) Supervision of activities

Supervising activities and regularly assessing the effectiveness of the insurance company’s governance system form another important pillar of the responsibilities of the board of directors. The supervision must relate to all of the insurance company’s areas of activity and in particular cover the management committee (supervision of the management committee’s decisions) and compliance with the risk policy.

This supervision on the operation of the company may be exercised through (i) reporting by the independent control functions, (ii) effective use of the investigative powers of the board of directors, (iii) reporting by the management committee on the development of the company’s activity and (iv) access to the minutes of the management committee. 

The Solvency II Law (Article 77) moreover determines that the board of directors as a minimum:

  1. must assess the effectiveness of the company’s governance system at least once a year and ensure that the management committee take the necessary measures to tackle any non-conformity;
  2. must regularly and at least once a year assess the proper functioning of the four independent control functions. Apart from the assessment it may make by virtue of its regular contacts and the information provided to it by these four functions, the board of directors shall base its assessments on the management committee’s periodic report which includes, in particular, the measures needed to remedy any non-conformity. It should also be noted that, from 2018 onwards and pursuant to the Law of 5 December 2017 modifying the Solvency II Law, the board of directors is required to annually submit a report on the assessment of the proper functioning of the compliance function to the Bank;
  3. must determine which measures must be taken as a result of the findings and recommendations in the internal audit and must ensure that these measures are taken;
  4. must regularly and at least once a year assess the general principles of the remuneration policy and is responsible for the supervision of the implementation thereof;
  5. must assess whether the policy for reporting to the Bank approved by the board of directors on the basis of Article 77, § 7 of the Solvency II Law is complied with; and
  6. must bear the responsibility for the integrity of the accounting and financial reporting systems, including the rules for operational and financial control, and ensure that these systems offer a reasonable degree of certainty as to the reliability of the financial reporting process.

1.3. Management committee

Every insurance company must set up a management committee irrespective of its legal form (subject to exceptions, see below). A management committee enhances the efficiency of plural supervision and of collegial decision-making as regards the company’s operations. Unlike the management board provided for in the CAC, the powers of the management committee are not conferred by law but delegated by the board of directors.

1.3.1. Composition

At least three members of the management committee must be directors to maintain the link with the board of directors. In accordance with the explanatory memorandum of the Solvency II Law, the Chief Executive Officer (CEO - Chair of the management committee, person tasked with the day-to-day management) and the Chief Risk Officer (CRO) must be directors, the Bank recommends that the Chief Financial Officer (CFO), the third member of the management committee, be a director.

If the company has received authorisation from the Bank to designate a person with ‘N1’ level as the person responsible for the risk management function (see the conditions under point 1.3.3. below), the management committee may be composed of only two directors[4].  

As regards the requirements regarding integrity and expertise, professional bans, exercise of external functions, availability of managers or agreements with managers, the same provisions apply to the members of the management committee who are not directors as those that apply to directors.

The members of the management committee may only be natural persons.

In terms of social status[5], a position of member of the management committee of an insurance company cannot be exercised under an employment contract (obliged self-employed status) and a combination of two statuses (self-employed and employee) within the same company is not reconcilable with the principles of sound governance applicable to insurance companies[6].

The size of the management committee should always be adapted to the complexity of the company. An overly large management committee impairs the quality of the discussions and the proper functioning of the decision-making process. In this regard:

  • the Bank notes that the majority of the members of the board of directors should not be members of the management committee, in accordance with Articles 45 and 46, § 2 of the Solvency II Law;
  • considering the fact that the management committee can be composed of members who are not directors, the Bank expects the management committee to have less members than the board of directors so as not to compromise the latter’s supervision of the former.

In addition to the Fit & Proper policy (cf. Chapter 2), The company shall establish a policy with regard to the composition of its management bodies, including the management committee, in which it formulates the principles it will follow for nomination for appointment, renewal, termination and removal of the members of the management committee.

 

[4] In such a situation, the following conditions must be met: (i) the company must be able to convincingly justify in a formal file submitted to the Bank that it is advisable to grant a derogation to appoint a CRO at ‘N1’ level on the basis of Article 56, § 3, second paragraph, 1°, and that therefore no conflicts of interest exist with regard to the CRO at ‘N1’ level; ii) Article 54 of the Solvency Law relating to the separation of control functions and operational functions should be complied with at the level of the persons responsible for the operational functions at ‘N1’ level who are in charge of the control functions (flexibility at management committee level); and (iii) tasks should be distributed evenly between the two members of the management committee.

[5] By identity of reasons, the same rules apply whether the business enterprise is in the form of a company or of a mutual insurance association.

[6] A link of subordination - even if it is proven - would compromise the proper functioning and collegiality of the management committee since the member of the management committee concerned would be in a relationship of subordination compared to his colleagues.

1.3.2. Collegiality and distribution of tasks between the members of the management committee

Members of the management committee (directors and non-directors) shall be loyal to the decisions made. These shall be included in the minutes. Collegiality does not prevent members from being allocated specific, albeit non-exclusive, areas of responsibility.

The reference situation for the distribution of tasks against which each individual situation will be assessed, is based on the following guiding principles (naturally without prejudice to compliance with the legal fit and proper requirement):

  1. preference for the model where the CRO is a member of the management committee, in compliance with the provisions of Article 56 of the Solvency II Law;
  2. strict separation between Risk Management and Investment as well as between Risk Management and Commercial (Underwriting);
  3. assignment of the internal audit to a member of the management committee who is not responsible for the Commercial function (Underwriting) but combines this function with operational functions that generate less risk[15]; and
  4. even distribution of tasks between the different members of the management committee.

To translate these guiding principles, standard schemes were established for the distribution of tasks between members of the management committee of significant insurance companies[16]. These schemes are indicative schemes that translate the expectations of the Bank regarding the distribution of tasks for these significant companies. However, insurance companies are free to adopt another model insofar as they comply with the size recommendations included in point 1.3.1. above (the management committee may not be too large as this would be detrimental to the quality of the discussions).

Model with CRO in the management committee:

Derogatory model without CRO in the management committee:

Less significant companies are free to comply with the standard schemes. However, the Bank accepts that the (N-1) persons responsible for the control functions report to a member of the management committee who also performs operational tasks. As indicated above, the following limits should be complied with: (i) there is a strict separation between Risk Management and Investment as well as between Risk Management and Commercial (Underwriting) and (ii) internal audit is assigned to a member of the management committee who is not also responsible for Commercial (Underwriting) but combines this function with operational functions that generate less risk.

Furthermore, the Bank shall be notified of the distribution of tasks between the members of the management committee and any change thereto. As regards the suitability test of the members of the management committee, the Bank may, in the event of an incident, take account of the personal shortcomings of the managers in its individual assessment.

1.3.3. Availability of the Chief Risk Officer in the management committee

The Solvency II Law stipulates that the head of the risk management function shall be a member of the management committee, the risk management function being the only function for which he/she is individually responsible.

Although as a principle, the risk management function is the only function for which the Chief Risk Officer — who is a member of the management committee — is responsible, the Solvency II Law allows the risk management function, the actuarial function and the compliance function, which form the second line of defence of the insurance company, to come under the responsibility of the Chief Risk Officer — who is a member of the insurance company’s management committee—insofar as these three functions (i) are exercised separately from each other[7] and (ii) this does not give rise to any conflicts of interest[8]. For insurance companies with a balance sheet total of less than € 3 billion, the aforementioned accumulation of functions is permitted ex officio. Companies with a balance sheet total of more than € 3 billion must submit a formal written request for such authorisation explaining the reasons for this request and provide evidence that this accumulation does not give rise to issues of conflicts of interest and availability.

By virtue of the nature, scale and complexity of the risks inherent to the company’s business model and activity, and taking into account the appropriate organisation of the function at the level of the group concerned, the Bank may allow the risk management function to be fulfilled by a member of the senior staff (‘N1’), as long as the exercise of this independent control function does not give rise to conflicts of interest vis-à-vis this person, in view of the other functions that he/she would otherwise exercise. In order to be granted such an exception, the insurance company must submit a formal written request to the Bank, explaining in detail why it wishes to be granted such an exception and in what way the aforementioned criteria are complied with.

Where the Chief Risk Officer is a member of the management committee, the company must ensure that this does not compromise the independence of the risk management function. For instance, if the CRO finds himself in a situation where he must choose between “his loyalty to the non-executive directors as independent control function” and “his loyalty as member of the management committee as a collegial body”, the CRO should prioritise his loyalty to the non-executive directors. Furthermore, for the sake of good order, the Bank stresses that the presence of the CRO in the management committee should not lessen the collective expertise regarding risk management expected of the non-executive directors. In this respect, the Bank notes that Article 51 of the Solvency II Law stipulates that non-executive directors who are members of the risk committee should “individually possess the necessary knowledge, expertise, experience and proficiency to understand and comprehend the insurance or reinsurance company’s strategy and risk tolerance”.

1.3.4. Tasks of the management committee

The following tasks come under the responsibility of the management committee (non-exhaustive list):

  1. Implementing the strategy laid down by the board of directors and management of the business:
  • implementing the strategy developed and approved by the board of directors,
  • undertaking the management of the company in accordance with the strategic goals established and with due regard to the risk tolerance limits laid down by the board of directors;
  • supervising line management (‘CD1’), and compliance with the allocated competences and responsibilities;
  • making proposals and giving advice to the board of directors for determining the general policy and strategy of the company;
  1. Implementing the risk management system:
  • translating the risk appetite framework, the general risk management policy and the specific risk management policies established by the board of directors into procedures and processes;
  • implementing the necessary measures to control risks;
  • making sure, based on the reports of the independent control functions, that all relevant risks to which the company is exposed (financial risks, insurance risks, operational and other risks) are appropriately identified, measured, management, controlled and reported;
  • supervising the development of the company’s risk profile and overseeing the risk management system;
  1. Introducing, monitoring and assessing the organisational and operational structure:
  • Implementing the governance policies sensu stricto established by the board of directors (Fit & Proper policy, remuneration policy, outsourcing policy, internal rules on external functions, security and continuity policy, integrity policy) by translating them into concrete procedures and processes;
  • setting up an organisational and operational structure to support the strategic goals and ensuring uniformity with the framework established by the board of directors for risk appetite, especially by determining the powers and responsibilities of each section of the company and specifying the reporting policies and procedures;
  • setting up appropriate internal control mechanisms at every level of the company and assessing the appropriateness of those mechanisms,
  • implementing the necessary framework for the organisation and the proper functioning of the independent control functions, and assessing — based on the work of those control functions — the effectiveness and efficiency of the policies on risk management, internal control and governance established by the company;
  • supervising the correct implementation of the remuneration policy;
  • setting up an internal reporting system that gives a reasonable degree of certainty as to the integrity of the financial information and prudential reporting;
  1. Implementing the integrity policy established by the board of directors (covering in particular conflicts of interest, whistleblowing, rules on the prevention of money laundering and terrorist financing) by translating them into concrete procedures and processes;
  2. Reporting to the board of directors and the Bank
  • communicating the relevant information and data to the board of directors and/or where applicable to one of its sub-committees, to allow them to monitor the company’s activity;
  • implementing the policy established by the board of directors for reporting to the Bank (Article 77, § 7 of the Solvency II Law) and, in this context, submitting the expected prudential information to the Bank. In this respect, the Bank highlights the fact that it is the task of the management committee to approve and provide the Bank with the reporting on the annual and quarterly Quantitative Reporting Templates (QRTs) in accordance with Articles 80, § 5, and 202 of the Solvency II Law. Moreover, the management committee should formally declare annually and half-yearly that the information provided to it in accordance with Articles 312 to 316 of the Solvency II Law (i) is complete, (ii) accurately reflects the situation of the company, taking into account its risk profile, and (iii) is established in accordance with the legal rules and the instructions of the Bank; and
  • providing a report at least once a year to the board of directors, the accredited statutory auditor and the Bank on the effectiveness of the governance system (cf. Chapter 14 of this Circular). 

1.3.5. Exemption from the obligation to set up a management committee/senior management

The Bank may grant less significant companies an exemption from the obligation to set up a management committee by virtue of their size and risk profile or of the group to which they belong. Insurance companies that request such an exemption must submit a request, including the reasons, and providing evidence that a ‘senior management’ model is appropriate in view of the nature, scale and complexity of the risks inherent to their business model and their activity.

The company’s management model must in any case pass the test of the following general quality requirements regarding sound governance:

  • there is an appropriate segregation between the functions that manage the company’s business and those that supervise it;
  • the function of management is entrusted to at least two persons who, without prejudice to an adequate distribution of tasks, operate on a collegial basis[9];
  • the specific delegation of competences related to senior management is clearly regulated (for example in the articles of association);
  • there is a structured dialogue between the functions that determine the general policy, those that manage the company’s business, and those that supervise it.

 

[7] The requirement to have the functions exercised separately from each other must be applied proportionally. For significant insurance companies, this means that the three independent control functions should be separated from an organisational perspective (no single person holding multiple control functions simultaneously) and that Chief Risk Officers who are members of the management committee should only be responsible for the compliance function and the actuarial function in a hierarchical sense. For less significant companies, this means that the functions must be separate but that they can be held simultaneously by a single person who is thus appointed as person responsible for multiple control functions, provided that (i) there are no conflicts of interest between these control functions (e.g. avoid having a single person be both ‘maker’ and ‘checker’, and (ii) that this person meets the fitness requirements.

[8]    In the event of accumulation, except in the case of outsourcing, the person responsible for the compliance function (‘N1’) as the person with the most senior operational responsibility for the compliance function, the person responsible for the actuarial function (‘N1’) as the person with the most senior operational responsibility for the actuarial function, and, for the function of risk management, the Chief Risk Officer member of the MC (‘N’) shall be subjected to the Bank’s Fit & Proper screening.

[9] The concept of “senior management” means persons who participate at the highest level in the management of the company, i.e. the executive directors as well as persons who, without having the as directors, are considered by the company to be effective managers because of the direct and decisive influence they can exercise on the management of all or part of the activities of the insurance company. In terms of their social status, senior managers who have the status of director are subject to the same rules as those set out in point 1.2.1. above. The other senior managers will necessarily have employee status, except in the capacity of ‘delegate for daily management’ (for corporate forms where it exists or may exist) and that their quality of senior manager derives exclusively from this quality of ‘delegate to the daily management’.

1.4. Specialised committees within the board of directors - general aspects

In order to enhance the effectiveness of the supervision and control of the activity, the operation and the risk profile of the company by the board of directors, the Solvency II Law provides for the set-up of three specialised committees within the board of directors:

  •  an audit committee;
  •  a risk committee; and
  •  a remuneration committee.

These committees are tasked with preparing the decisions of the board of directors in their respective areas, without this derogating from the latter’s powers.

Other committees may be set up by the board of directors. Setting up a nomination committee, whose task is to assess the level of knowledge, commitment, availability and independent spirit of the directors, and to determine the needs and profile for future directors is deemed a best practice.

1.4.1. Composition of specialised committees - general rules

The specialised committees to be set up pursuant to the Solvency II Law should comprise at least 3 directors.

Only the non-executive members of the board of directors may form part of these committees, who reinforce the control function of the board of directors.

Risk and remuneration committees are required to have at least one member who is an independent director within the meaning of the Solvency II Law. For the audit committee, the majority of its members should be independent directors within the meaning of the Solvency II Law. The members shall be collectively skilled in the area of the specific tasks of the committee and have the requisite objectiveness and independence in the fulfilment of their task as regards the management committee.

Moreover, the Solvency II Law provides for specific requirements for the audit committee and the risk committee (see below).

1.4.2. Operation of the specialised committees

The board of directors must draw up internal regulations for each committee, detailing the role (tasks), composition and operation of each committee (including minutes). 

The Bank instructs insurance companies to ensure that the chairs of the audit committee and the risk committee do not chair the board of directors.    

1.5. Audit committee

1.5.1. Tasks

The audit committee has an essential role to play as regards the supervisory function carried out by the board of directors. In accordance with the Solvency II Law (Article 49), which was amended by the Law of 7 December 2016 on the organisation of the profession and the public supervision of auditors, the audit committee is at least responsible for the tasks listed in Article 7:99, § 4 of the CAC, namely:

1° notifying the board of directors of the results of the statutory audit of the annual accounts and, where appropriate, of the consolidated annual accounts as well as clarifying the manner in which the statutory audit of the annual accounts and, where appropriate, of the consolidated annual accounts contributed to the integrity of the financial reporting, and specifying the role of the audit committee in this process;

2° monitoring the financial reporting process and formulating recommendations or proposals to guarantee its integrity;

3° monitoring the effectiveness of the company’s internal control and risk management systems[10] and monitoring the internal audit and its efficiency if there is any;

4° monitoring the statutory audit of the annual accounts and the consolidated annual accounts, which includes following up on the questions and recommendations formulated by the statutory auditor and, where appropriate, by the external auditor responsible for the audit of the consolidated annual accounts;

5° assessing and monitoring the independence of the statutory auditor and, where appropriate, of the external auditor responsible for the audit of the consolidated annual accounts, particularly regarding the merit of providing additional services to the company. The audit committee, together with the statutory auditor, specifically analyses risks to its independence and the safeguards applied to mitigate these risks when the total fees received from a public-interest entity as referred to in Article 1:12 of the CAC exceed the criteria laid down in Article 4(3) of Regulation (EU) No. 537/2014;

6° making recommendations to the company’s board of directors with regard to the appointment of the statutory auditor and, where appropriate, of the external auditor responsible for the audit of the consolidated annual accounts, in accordance with Article 16(2) of Regulation (EU) No. 537/2014.

Additionally, Article 7:99, § 5 of the CAC specifies that the audit committee should report regularly to the board of directors on the performance of its tasks, in any case when the board of directors establishes annual accounts, consolidated annual accounts and, where appropriate, summarised financial statements for publication purposes.

1.5.2. Specific skills profile

In addition to the aforementioned general rules, Articles 48 and 49 of the Solvency II Law stipulate that:

(i) the majority of the members of the audit committee should be independent within the meaning of the Solvency II Law;

(ii) the members of the committee must have collective expertise in the field of the company’s activity as well as in the area of audit and accounting; and

(iii) at least one member of the audit committee must be an expert in the field of audit and/or accounting.

 

[10]    As regards the relationship between the task of the audit committee to assess the effectiveness of the risk management system and the tasks of the risk committee, it should be noted that these two committees work from a different perspective and base their assessments on different reports: (i) the audit committee assesses the suitability of the internal control processes and procedures, especially on the basis of the reports of the internal audit function and in this respect ensures that the internal control measures contribute to an effective risk management, while (ii) the risk committee is responsible for the assessment of the risk strategy used by the company, the appropriateness of the process for monitoring the risks, the quality of the reports provided by the risk management function (etc.). The tasks of the audit committee and the risk committee that relate to the assessment of the risk management system thereby complement each other: the risk committee assesses the company’s risk strategy and the proper functioning of the risk management function, whilst the audit committee assesses the effectiveness of the internal control system (assessment of the appropriateness of the existing arrangements), as part of the notion of “risk management system”.

1.6. Risk committee

1.6.1. Tasks

In accordance with the Solvency II Law, the risk committee must provide advice to the board of directors on all aspects connected to the current and future risk strategy and risk tolerance, and support the board of directors in exercising supervision of the implementation of that strategy by the management committee. More specifically, the tasks of the risk committee consist as a minimum of the following:

  1. As regards the risk strategy:
  2. giving its opinion to the board of directors on:
  • the sufficiency of the organisation of the resources available and powers for the identification, measurement, control and reporting of the main risks to which the company is exposed;
  • the appropriateness of the procedure for monitoring the risks on the basis of the challenges for the company in its various areas of business and especially of the segregation between the executive and control functions;
  1. providing advice to the board of directors on all aspects relating to the current and future risk strategy and risk tolerance. The committee shall support the board where this supervision relates to the execution of this strategy by the management committee or where applicable the senior management;
  • overseeing that the strategic decisions of the board of directors regarding entering into underwriting obligations, forming technical provisions, providing for transfers for reinsurance, investment policy, asset-liability management and liquidity management, take into account the risks incurred by the company in view of it business model and risk strategy — especially the reputational risks — that could arise from the types of products that are offered to clients;
  1. determining the nature, scale, form and frequency of the risk information that must be forwarded to the committee;
  2. working with the remuneration committee, in particular to supervise that the total amount allocated for variable compensation and the performance targets included in the remuneration policy are compatible with the company’s risk profile;
  3. As regards the operation of the risk management function:
  4. researching the procedures used by the company in accordance with the strategy laid down by the board of directors, to provide for hedging the risks associated with its assets, transactions, and its liability as a result of amended insurance policies;
  5. requesting all necessary information (at least the annual report) from the risk management function and finding out about the action plan and the follow-up of this plan by the risk management function;
  • listening to the Chief Risk Officer, providing advice to the board of directors on the organisation of the risk management function and finding out its work programme; where applicable asking the board to impose specific tasks to the risk management function.

 

The work of the risk committee relating to the risk strategy and the proper functioning of the risk management function, and the work of the audit committee with regard to internal control[11], should enable the board of directors to form an opinion as to the effectiveness of the risk management system set up by the management committee.

1.6.2. Specific skills profile

The Solvency II Law stipulates that the members of the risk committee shall individually possess the necessary knowledge, expertise, experience and proficiency to understand and comprehend the company’s risk strategy and risk tolerance. This requirement does not exclude certain education or backgrounds but rather means that these members must possess the necessary professional or academic baggage to be able to approach the subjects handled by the aforementioned committee with a critical mind.

 

[11]    As regards the relationship between the tasks of the risk committee and the audit committee that relate to assessing the effectiveness of the risk management system, reference is made to the footnote in point 1.5.1. above.

1.7. Remuneration committee

1.7.1. Tasks

The remuneration committee shall provide advice to the board of directors so that the incentives created by the remuneration policy are not of a nature so as to induce excessive risks being taken within the company, or behaviour that pursues interests other than the interest of the company and its stakeholders. In accordance with the Solvency II Law, the remuneration committee has the following tasks:

  1. giving advice on the company’s remuneration policy;
  2. preparing decisions on remuneration, in particular decisions that have consequences for the risks and risk management of the company and on which the board of directors must decide; and
  3. exercising direct supervision of the remuneration of those responsible for the independent control functions.

1.7.2. Specific skills profile

In addition to the aforementioned rules, the Solvency II Law stipulates that the remuneration committee must be composed in such a way so as to be able to form a competent and independent opinion on the remuneration policy and supervision thereof. If no remuneration committee has been set up (because the company is not obliged to do so or because it is eligible for an exemption), the board of directors takes on the tasks that would otherwise have been allocated to the remuneration committee, and prevents conflicts of interest arising.

1.8. Exemption and derogation from the obligation to set up and compose specialised committees

1.8.1. Exemption from an insurance company’s obligation to set up an audit committee, a risk committee and a remuneration committee based on size

Setting up an audit committee, a risk committee and a remuneration committee is not compulsory for insurance companies that fulfil, on a consolidated basis, at least two of the following three criteria: average number of employees during the financial year in question of less than 250, a balance sheet total equal to or less than € 43 million and an annual net turnover (premiums earned less reinsurance) equal to or less than € 50 million.

In the absence of specialised committees, the whole board of directors is tasked with exercising the functions allocated to those committees. It follows from this that the standards laid down in the Solvency II Law for each of the committees concerned apply in that case to the board of directors, irrespective of the internal structure set up by this body.

1.8.2. Derogation from the obligation to set up a remuneration committee

The Bank may grant a derogation from setting up a remuneration committee to insurance companies that do not meet the conditions of the aforementioned derogation insofar as these companies clearly show that they are organised internally in such a way that the board of directors and management committee are supported in their respective tasks as regards the remuneration policy. In their application for derogation (addressed to the Bank) these companies must demonstrate that their internal organisation is of a nature so as to sufficiently support the management committee and board of directors in remuneration matters.

1.8.3. Derogation from the obligation to set up one or more sub-committees in a group context

Taking into account the group context, the Bank may grant a derogation from the obligation to set up one or more of the three committees laid down by law for insurance companies that do not meet the aforementioned conditions to be able to obtain the exemption referred to in point 1 above. The insurance company must be the subsidiary or sub-subsidiary of one of the following companies:

  • a mixed financial holding company,
  • a mixed-activity insurance holding company:
  • an insurance holding company:
  • a financial holding company,
  • another insurance or reinsurance company,
  • a credit institution,
  • an investment firm,
  • an Alternative Investment Fund Manager (AIFM),
  • a management company of undertakings for collective investment.

In such a case, one or more committees must be set up within the group or sub-group concerned which have the power to represent the insurance company and meet the requirements of the Solvency II Law (including the requirement to have an audit committee comprised of a majority of independent directors within the meaning of the Solvency II Law).

The derogation policy described in Communication CBFA_2009_22, which concerns audit committees, shall be applied mutatis mutandis for the setting up of the other audit committees, with the proviso that account should be taken of the specific tasks of each committee.[12] Companies that wish to be eligible for this derogation from the obligation to set up a risk committee and/or remuneration committee are expected to submit a formal application to the Bank. As regards the audit committee, companies that have obtained a derogation from the obligation to set up an audit committee by virtue of Communication CBFA_2009_22 may continue to make use of this derogation insofar as no aspects have been submitted that are new as compared to the situation at the time of submitting the request. The companies that had received a derogation as regards the composition of the audit committee must nevertheless take the necessary measures to comply with the Solvency II Law.

1.8.4. Composition of the audit committee and risk committee

The Solvency II Law stipulates that insurance companies may determine that only one committee executes the tasks of the audit committee and the risk committee, insofar as the composition of that audit committee and risk committee complies with the legal conditions for each of the two committees, i.e.:

  • the majority of members are independent directors within the meaning of the Solvency II Law;
  • at least one director has individual expertise in the field of accounting and/or audit;
  • all members individually possess the necessary knowledge, expertise, experience and proficiency to understand and comprehend the insurance company’s risk strategy and risk tolerance;
  • the committee possesses collective expertise in the field of the company’s activity as well as in the area of accounting and audit.

As part of the implementation of the Solvency II Law, companies that wish to make use of this possibility are expected to inform the Bank on compliance with the aforementioned conditions and on the practical methods for the operation of this audit committee and risk committee (frequency of meetings, work schedule, etc.).

 

[12]    It is also noted, as already stated on page 9 of this Circular, that Section 1 of this Communication, which relates to the derogation from the composition of an audit committee, no longer applies given that the Solvency II Law determines that the audit committee, the risk committee and the remuneration committee may only be composed of non-executive directors.