Settlement Agreement between the Central Bank of Ireland and Arch Reinsurance Europe Underwriting dac

22 March 2016 Press Release

Central Bank imposes a fine of €275,000 on Arch Reinsurance Europe Underwriting dac for breaches of the Corporate Governance Code

The Central Bank of Ireland (the “Central Bank”) has issued a fine of €275,000 and a reprimand to Arch Reinsurance Europe Underwriting dac (the “Firm” or “Arch Re Europe”) for breaches of the Corporate Governance Code for Credit Institutions and Insurance Undertakings 2010 (the “Corporate Governance Code”)1. This Corporate Governance Code sets out minimum core standards.

Arch Re Europe failed to comply with certain standards required by the Corporate Governance Code which came into force in January 2011 because:

  1. Some of its governance structures and internal controls were not sufficiently robust;
  2. Its Risk Committee was not sufficiently effective; and
  3. It failed to adequately oversee its subsidiary.

These failures demonstrate a compliance culture at the Firm that fell short of the standard expected with regard to corporate governance.  These findings have been accepted by Arch Re Europe as part of the settlement agreement concluded between the Central Bank and the Firm on 15 March 2016.

Derville Rowland, the Central Bank’s Director of Enforcement said:

The Corporate Governance Code was introduced by the Central Bank to strengthen standards of corporate governance in light of the financial crisis.  It sets out clear minimum corporate governance requirements for firms and their subsidiaries and reflects the importance which the Central Bank places on robust corporate governance and a culture which promotes and encourages best practice.

The Central Bank found that the Firm took an informal approach to certain of its corporate governance responsibilities.

Good corporate governance is not limited to having effective and experienced people in governance roles. It requires continuity of approach. In order for a Firm to be well controlled its governance structures must be able to withstand movements and loss of key staff which includes written policies and procedures governing key control functions and record keeping that is sufficient to preserve the Firm’s institutional memory.

This enforcement action provides a timely reminder to firms to satisfy themselves that they are in compliance with their corporate governance requirements and responsibilities and that any tasks assigned under the Corporate Governance Code to Board sub-committees are being discharged. Corporate governance risk remains on our agenda as a key enforcement priority across all sectors and firms.  Where evidence of poor standards of corporate governance is found in firms, the Central Bank may take enforcement action.”

BACKGROUND

The Firm is authorised to provide reinsurance services2 under the European Union (Insurance and Reinsurance) Regulations 2015.

The Central Bank’s Insurance Supervision Division conducted a Full Risk Assessment of the Firm from January to June 2014 which included a governance review identifying a number of corporate governance failings and prompting this enforcement action.

PRESCRIBED CONTRAVENTIONS

The Central Bank identified 9 prescribed contraventions of the Corporate Governance Code and these are viewed seriously by the Central Bank. In particular, the breaches relate to key parts of the Firm’s governance structure, namely, its Board, its Risk Committee, oversight of its subsidiary, and the consistency and completeness of certain of the Firm’s governance, risk and policy documentation.

The Central Bank identified three separate breaches by the Firm of Section 6.3. Section 6.3 is a key section of the Corporate Governance Code and provides:

All institutions shall have robust governance arrangements which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks to which it is or might be exposed, adequate internal control mechanisms, including sound administrative and accounting procedures, IT systems and controls, remuneration policies and practices that are consistent with and promote sound and effective risk management both on a solo basis and at group level. The system of governance shall be subject to regular internal review.

The Firm breached Section 6.3 in the following respects:

  1. Arch Re Europe did not comprehensively document relevant internal roles and responsibilities for the day to day management of risk until 2014.
  2. Regulatory returns Arch Re Europe submitted to the Central Bank in 2012 and 2013 contained some errors.
  3. The Firm’s Investment Portfolio Risk Policy was inconsistent with two specific guidelines which were approved by the Board  for its Investment Manager.
  4. Arch Re Europe engaged retrocessionaires2F[3]without documenting the requisite Board approval for same.
  5. Although approved by Board, the Firm’s Risk Committee should have independently considered and advised the Board prior to the Firm entering into a significant reinsurance transaction.
  6. Arch Re Europe’s Board failed to monitor a Trust Agreement it had set up.
  7. The Firm’s underwriting guidelines were not updated to reflect a change in authority levels agreed by the Board. The Firm also breached the following provisions of the Corporate Governance Code:
  8. Section 14.1 and Section 14.2 of the Corporate Governance Code.  Section 14.1 of the Corporate Governance Code provides that the Board is required to understand the risks to which the institution is exposed and document a risk appetite for the institution. In addition, it requires that the appetite shall include quantitative metrics.  Section 14.2 of the Corporate Governance Code provides that the risk appetite definition shall define short, medium and long term horizons. Arch Re Europe failed to utilise quantitative metrics in certain instances and failed to address medium and long term horizons as part of its Risk Appetite.
  9. Section 15.3 of the Corporate Governance Code provides that detailed minutes of all board meetings shall be prepared and sets out certain items which should be included in the recorded minutes. Arch Re Europe’s Board minutes did not document in sufficient detail the level of Board discussion on risks or record in sufficient detail the substance of discussion, including sufficient  challenge by its Board members and Committees.
  10. Section 16.1 of the Corporate Governance Code provides that the Board shall establish and document a formal schedule of matters, reserved to the Board for decision. The Firm failed to establish a formal schedule of matters reserved to the Board for decision until June 2014.
  11. Section 17.1 of the Corporate Governance Code provides that the Board shall exercise adequate control and oversight over the activities of its subsidiaries whether incorporated in Ireland or elsewhere. Arch Re Europe’s Board did not receive any financial information on its subsidiary between November 2010 and May 2014 and could not demonstrate any monitoring at Board level of that subsidiary for that period.
  12. Section 19(1)(b) of the Corporate Governance Code provides that detailed minutes of all committee meetings shall be prepared recording time of meeting, location held, attendees and all key discussions and decisions. The Central Bank identified some errors in Arch Re Europe’s Risk Committee Minutes which generally fell below the standards we expect.
  13. Section 22.5 of the Corporate Governance Code provides that the Risk Committee shall advise the board on the effectiveness of strategies and policies with respect to maintaining on an on-going basis amounts, types and distribution of both internal capital and own funds adequate to cover the risks of the institution. Arch Re Europe could not demonstrate that the Risk Committee had advised the Board in the manner required.

PENALTY DECISION FACTORS

In deciding the appropriate penalty, the Central Bank took the following into account:

  1. The cumulative nature of the individual breaches.
  2. The Corporate Governance Code has been in place since June 2011 and sufficient time had been given in advance of its commencement to ensure firms were aware of their requirements. In addition, separate guidance in relation to Risk Appetite Statements was issued to Industry and to firms directly in the form of a Dear CEO letter on 22 December 2011, which highlighted deficiencies the Central Bank had found with Risk Appetite Statements at that point.
  3. The need to have an appropriate deterrent impact.
  4. The cooperation of the Firm during the investigation and in settling at an early stage in the Central Bank’s Administrative Sanctions Procedure.

The Central Bank confirms its investigation into the Firm in respect of this matter is closed.

 ---------------------------------------------------------------------

1 This Code was superseded with effect from 1 January 2015 by the Corporate Governance Code for Credit Institutions and Insurance Undertakings 2013.  The changes implemented in the 2013 Code do not change the relevant requirements in so far as they pertain to these breaches.

2 In simple terms – ‘Reinsurance’ is insurance for insurers. 

3 The insurer who insures the reinsurer.