Sutherland Asbill & Brennan LLP Legal Alert: NAIC Releases Draft White Paper on Corporate Governance; At Odds With Existing Bodies of U.S. Law

Sutherland Asbill & Brennan LLP Legal Alert: NAIC Releases Draft White Paper on Corporate Governance; At Odds With Existing Bodies of U.S. Law

By Earl Zimmerman, Partner, Sutherland Asbill & Brennan LLP

This Legal Alert addresses the White Paper on High-Level Corporate Governance Principles for Use in U.S. Insurance Regulation” (click the link to download), which was exposed for comment at the Spring NAIC Meeting in Austin, Texas. The White Paper is controversial in several ways as discussed below. We first provide a summary of the White Paper and highlight problematic provisions. Then, we summarize selected Delaware corporate governance case law and analyze how the White Paper appears to conflict with existing law.

The White Paper is the product of the Corporate Governance Working Group (CGWG) of the NAIC’s Solvency Modernization Initiative (SMI) Task Force. The NAIC describes the SMI as “a critical self-examination to update the United States’ insurance solvency regulation framework...” taking into account international insurance solvency developments.[1] The SMI Roadmap identifies “governance & risk management” as one of its five focus areas[2] and lists as one of the SMI’s “deliverables” the study of international corporate governance principles to determine whether to incorporate these principles into an NAIC “model law or other implementation tool.”

The White Paper is controversial, perhaps not intentionally, in several ways. For example, it purports to address corporate governance principles for regulated insurance companies, yet implicates corporate governance at the holding company level in significant ways. Unlike the NAIC’s Model Audit Rule,[3] which imposes limited corporate governance requirements on statutory insurers but includes special exemptions for insurers in “SOX-compliant” holding companies, the White Paper neither reconciles nor acknowledges the complex governance interrelationships among holding companies and their wholly owned insurance company subsidiaries.

In addition, the White Paper creates new fiduciary duties of directors to “policyholders and beneficiaries” while describing this duty as currently in existence (but providing no citation). The authors of the White Paper do not acknowledge the significant conflicts and other consequences that creating such duties would have for directors of insurers. For example, shareholders are generally the class to whom the Board and management owe fiduciary duties and are the key beneficiaries of corporate governance and value creation. Rather than accepting and acknowledging this fundamental of corporate governance, the White Paper lumps shareholders in with “other stakeholders” and focuses on the newly created fiduciary duties of directors to policyholders and beneficiaries. By turning corporate law on its head, the White Paper puts itself at odds with state corporate statutes, case law and stock exchange requirements, which focus on the duties of directors to shareholders and generally view policyholders and beneficiaries as part of the class of creditors to whom no duty is owed absent certain extreme circumstances involving bankruptcy or near-bankruptcy. A breach of fiduciary duties carries with it the threat of personal liability for directors. Co-existing fiduciary duties to equity owners and a class of creditors (i.e., policyholders and beneficiaries) would likely result in an irreconcilable conflict of interests for directors of insurance companies. The White Paper is silent on this conflict.

While the comment period for the White Paper ended on May 13, the NAIC has announced that it will hold a five-hour interim meeting of the CGWG on July 20 to discuss comments on the White Paper and to discuss what further steps should be taken.

In this Legal Alert, we address documents that influenced the substance of the White Paper, provide a summary of the White Paper, and contrast the White Paper with relevant portions of existing Delaware corporate law.

Sources for the White Paper

The European Union’s Solvency II Directive,[4] in Chapter IV, Section 2, Article 41, lays out principles for governance and risk management of insurers, including the following:

   Insurers must have an effective system of governance which provides for sound and prudent management of the business

   The governance system is to be subject to regular internal review

   The governance system is to be proportionate to the nature, scale and complexity of the insurer’s operations

   Insurers must have written policies for risk management, internal control, internal audit and, if applicable, outsourcing

   Insurers must take reasonable steps to ensure continuity and regularity in operations, including developing contingency plans

One would expect the work product of the SMI to be derived at least in part from the Solvency II Directive; however, the White Paper is more directly derived from a paper issued by the International Association of Insurance Supervisors (IAIS). The IAIS was established in 1994 and currently represents insurance regulators from 190 jurisdictions, but has no direct regulatory authority.[5] In 2003, the IAIS issued Insurance Core Principles and Methodology, which is meant to “serve as a basic benchmark for insurance supervisors of all jurisdictions.” Click for the Insurance Core Principles and Methodology paper. IAIS Insurance Core Principles (ICPs) 5, 7 and 8 address the suitability of Board members and certain senior officers, corporate governance, and risk management and internal controls.[6] ICPs 5, 7 and 8 are based upon non-U.S. legal structures and appear to be filling a void in corporate governance that by and large does not exist in the United States. These ICPs appear to be influenced primarily by legal systems that, in comparison to the United States, are not very litigious, tend to have reduced directors’ liability, and have less expensive Directors and Officers’ insurance.

The current proposed versions of ICPs 5, 7 and 8 extend the corporate governance principles of the Solvency II Directive by elevating the interests of policyholders. For example:

   Board members must act in the best interests of the insurer and policyholders (ICP 7.4)

   Board members must exercise independent judgment and objectivity in his/her decision making, taking due account of the interests of the insurer and policyholders (ICP 7.4)

In addition, the ICPs place responsibility on the Board to foresee material risks, not just implement a reasonable compliance system.

   The Board is ultimately responsible for ensuring that an effective risk management system is in place. (ICP 8.1.1)

   A risk management system should identify, assess, monitor, manage and report on all reasonably foreseeable material risks of the insurer in a timely manner. (ICP 8.1.2)

The White Paper is intended to address certain weaknesses in the U.S. insurance regulatory system that were identified by the International Monetary Fund (IMF) in its Financial Sector Assessment Program (FSAP) conducted in 2009 (the Insurance FSAP).[7] The IMF used the 2003 ICPs as the basis for its assessment, rather than the Solvency II Directive. The Insurance FSAP observed that “[c]orporate governance standards for publicly-traded U.S. companies, including insurers, are set and enforced by the SEC, while requirements for all insurance companies will be introduced from January 2010.”[8] The Securities and Exchange Commission (SEC) mandates public disclosures of certain material corporate governance provisions (e.g., executive compensation and board composition) for publicly traded companies as a way to influence company, shareholder and market behavior. The SEC also requires stock exchanges to adopt certain listing requirements on corporate governance (such as audit committee composition). The more important legal framework for corporate governance in the United States, however, is found in state corporate statutes, state corporate case law, stock exchange rules and the insurance laws of certain states (e.g., New York Insurance Law Section 1202). Based on the unfortunate misunderstanding in the Insurance FSAP, it suggested that, “[a]s [insurance] examiners gain experience, the NAIC and/or [insurance] departments should consider issuing more guidance on good and bad practices in corporate governance for insurers. This would help examiners and firms to develop a clearer expectation of what constitutes effective governance for insurance business, including for groups.”[9] In drafting the White Paper, the CGWG appears to be attempting to respond to this suggestion in the Insurance FSAP, rather than attempting to point out or correct the misunderstanding concerning corporate governance or follow the example set by the Solvency II Directive.

Summary of the White Paper

The White Paper is organized into 20 corporate governance principles and corresponding guidance. Seven principles address the role and responsibilities of the Board of Directors and senior management of the insurer in establishing and maintaining the corporate governance framework. Another seven principles address the risk management and other internal control functions that form part of the insurer’s corporate governance framework. The balance of the White Paper addresses: (1) the suitability of individuals who are Board members, senior management and key control persons; (2) financial reporting and transparency of corporate governance issues; and (3) the requirement that an insurer demonstrate the adequacy and effectiveness of the corporate governance framework.

The Role and Responsibilities of the Board and Senior Management

The White Paper defines “corporate governance” as a framework of systems, policies and procedures to provide for sound and prudent management and oversight, create security and long-term value for policyholders, beneficiaries and other “stakeholders,” exercise corporate authority, and hold Board members, senior management and key control persons accountable. While the concept of long-term value creation for shareholders has a long history, long-term value creation for policyholders and beneficiaries is an ambiguous and potentially dangerous concept. For example, the amount owed to policyholders and beneficiaries is generally fixed by contract. When the White Paper speaks of value creation for policyholders, it is reminiscent of how a mutual company distributes excess surplus to policyholders through increased premiums or premium refunds; stock companies are treated differently outside of the world of the White Paper. Value creation for policyholders and beneficiaries may create a conflict of interest with long-term value creation for shareholders. It is not at all clear what is meant by "value creation," how the concept would apply in a variety of types of dealings between insurers and policyholders, or the extent to which the concept is intended to override potentially conflicting rights and obligations of insurers and other "stakeholders."

The White Paper requires the Board to be composed of directors with independence, experience, knowledge, skills, competence, and expertise. The Board must (1) establish criteria for independence, (2) document formal processes for nomination, “selection” and removal of directors, and (3) establish committees of the Board with adequate authority and independence as well as clearly defined mandates. Independence is perhaps the most controversial of these requirements as many insurers are wholly owned by another corporation and often have an “inside board” elected by the sole shareholder. While New York Insurance Law mandates that at least one-third of the directors, one-third of each Board committee, and at least one member of a quorum for the Board and each committee of a domestic life insurance company be independent,[10] this is usually not the case for insurers.[11] The Solvency II Directive would appear to require directors to exercise independent judgment without a requirement that they be “independent directors” as the term is commonly understood in the United States. The ICPs require independence criteria to “take account of group structures and other relevant factors.”[12] The White Paper focuses on “relationships that may compromise” the independence of an individual director or the entire Board. This implicates a very high level of diligence beyond whether the director is an officer of an affiliate. While state corporate laws will generally permit a director to recuse himself from deliberations if a specific decision may be influenced by an interest or relationship of the director, it would not generally lead to an absence of independent judgment.[13]

Under the White Paper, senior management is charged with managing and executing the day-to-day operations of the insurer within the constraints imposed by (1) law and regulation, (2) the insurer’s business objectives, (3) strategies, (4) risk appetites, and (5) internal policies. Senior management must provide recommendations and timely information to the Board, and ensure that control functions have adequate resources.[14] Senior management must also set the tone at the top regarding ethical conduct and be held accountable for ethical breaches.

The White Paper establishes specific oversight responsibilities of the Board. The Board must complete an orientation program and “receive continuing education on significant industry risks on a regular basis.” In addition, the Board or a Board committee should (1) “be actively involved in establishing and enforcing” the insurer’s code of conduct, (2) oversee the insurer’s business plan, risk management system and internal controls, (3) oversee senior management, (4) oversee control functions, review reports, and resolve questions by interacting with senior management, and (5) ensure proper succession planning. The Board must also implement and oversee an effective remuneration policy, which must not induce excessive or inappropriate risk-taking.

Risk Management and Other Control Functions

The White Paper addresses the risk management, compliance, actuarial and internal audit functions of an insurer, as well as standards for outsourcing these control functions. The insurer’s risk management system (RMS) must identify, assess, monitor, manage, mitigate and report on certain risks. The RMS must address all reasonably foreseeable and material risks, including (1) current risks, (2) emerging risks, (3) local and business-specific risks, and (4) enterprise-wide risks. The RMS must be holistic, organic and systemic to the insurer and its strategic and structural elements. The White Paper would mandate that insurers create institutions with heightened risk immunity. The corporate governance structure would oversee control functions that issue reports designed to trigger corrective actions once any risk exceeds the pre-set tolerance of the insurer. The insurer will be required regularly to share information with regulators through an Own Risk and Solvency Assessment (ORSA).[15] The White Paper also discusses the effectiveness and independence of the compliance, actuarial and internal audit functions. Finally, the White Paper sets standards for outsourcing and material service contracts so that there is no degradation of oversight or accountability as a result of a third party performing a control function on behalf of the insurer.

Suitability, Financial Reporting and Transparency

The insurer will be required to demonstrate to regulators, on an ongoing basis, the suitability of Board members, senior management and key control persons. For example, the “suitability” concept requires Board members, senior management and key control persons to have personal integrity and to retain competence through continuing education. It also requires the Board to have diversity of qualities and a variety of skills.

The insurer must have adequate systems and controls for financial reporting, which is not remarkable. The White Paper, however, adds a new standard for the insurer’s financial statements. The financial statements must “present a balanced and accurate assessment of the insurer’s business and general financial health and viability as a going concern.”[16] However, it would seem more reasonable, and consistent with relevant accounting principles, to require financial statements to be materially accurate, rather than “accurate.” It is troubling that the White Paper does not merely require that financial statements meet the applicable accounting standards in the relevant jurisdiction; indeed, there is no safe harbor if the financial statements comply with applicable accounting standards.

The insurer must be transparent to its regulators by regularly sharing material information on corporate governance with its regulator. This information must also be shared with “relevant stakeholders,” which presumably include policyholders and beneficiaries.

The insurer’s corporate governance framework and the operations of the “corporate governance function,” which presumably includes the control functions described above, are subject to review and assessment upon examination of the insurer by state insurance regulators. The White Paper concludes ominously by granting the state regulator the unbridled authority to require that the insurer remedy any deficiencies the regulator finds or if the insurer is unable to prove that its corporate governance framework is adequate and effective.

Duties of Directors in Light of State Corporate Governance Case Law and Corporate Statutes

This section contrasts the White Paper’s approach to fiduciary duties with Delaware[17] corporate governance case law and, in particular, the oversight duty of directors. Delaware is generally viewed as having the most developed body of corporate governance case law and the oversight duty is relevant to the governance responsibilities discussed in the White Paper. This Legal Alert is not meant to be an exhaustive comparison of the White Paper with existing state corporation statutes and case law. Rather, we raise for further discussion certain issues that give us concern.

The White Paper assigns the ultimate responsibility for the insurer’s corporate governance to the Board, which is not remarkable. In contrast to state corporate law, however, the White Paper requires that the Board’s decisions must “objectively fulfill” the Board’s duties of loyalty and care. In determining whether a fiduciary duty has been breached under state corporate law, a court will not look to the newly created concept of “objective fulfillment,” but rather to a standard of care that depends upon whether the duty of care or the duty of loyalty is involved. The White Paper also takes the view that the Board owes duties of care and loyalty to policyholders and beneficiaries, while under state corporate laws those duties are owed to the corporation and its shareholders.[18]

The White Paper also adds a duty of candor separate from the duty of loyalty. This duty of candor potentially requires extensive disclosure to policyholders and beneficiaries of all material information, while under Delaware corporate law a director is required under the duty of loyalty to disclose any conflict of interest to the Board and recuse himself/herself from decisions involving the conflict. In addition, the White Paper’s discussion of the duty of care omits an important protection for directors, i.e., directors may rely upon experts so long as that reliance is reasonable and in good faith.[19]

The oversight responsibilities of directors under Delaware case law require directors, with the help of senior management, to establish and oversee a process to assess, monitor, and manage legal and compliance type risks. This duty is focused on process rather than on outcome. Directors must “attempt in good faith to assure that a corporate information and reporting system, which the Board concludes is adequate, exists.”[20] Courts have been loathe to impose oversight liability on directors based merely upon a bad outcome, in contrast to what the White Paper appears to suggest by its use of “objectively fulfill” language.

The standard of care, or legal threshold, for a plaintiff to establish the liability of a Board for a breach of its oversight responsibilities is a failure to act in good faith. Such a failure is evidenced by any “sustained or systematic failure,”[21] or “where the fiduciary. . . intentionally fails to act in the face of a known duty to act.”[22] Liability arises if there has been a conscious disregard of the “obligation to be reasonably informed about the business and its risks.”[23] The case law liability standard has evolved over the decades in light of changes in Delaware corporate statutes. The early case law placed oversight liability under the duty of care, and directors were protected by the business judgment rule unless they were grossly negligent. .Subsequently, Section 102(b)(7) of the Delaware General Corporation Law[24] immunized grossly negligent directors from duty of care claims if the corporation’s certificate of incorporation included an exculpation provision. An exculpation provision limits or eliminates monetary damages for a breach of the duty of care, but not for “any breach of the director’s duty of loyalty” or “acts or omissions not in good faith.”[25] Wishing to avoid eliminating oversight liability for any director of a company with an exculpation provision, courts shifted oversight responsibilities to be under the duty of loyalty. The result is that failure to act in good faith in monitoring compliance risks can result in oversight liability as a breach of the duty of loyalty. These concepts are not part of the White Paper. Further, we have a concern that the new duties and responsibilities proposed in the White Paper could be considered a “known duty to act” and lead to oversight liability even if the concepts in the White Paper do not make their way into law.

Courts have avoided imposing liability for failing to oversee business risks, acknowledging that risk-taking is part and parcel of doing business. For example, Citigroup involved an alleged failure to avoid the risks associated with investments in subprime mortgages and related financial instruments.[26] Oversight liability has arisen in connection with legal and compliance risks. The Citigroup court was reluctant to extend the oversight case law to business risks. This focus on process may be contrasted with the White Paper, which takes the approach of having regulators monitor the business risk-taking activities of a company. It ignores the essential policy concern of corporate governance case law that there should not be a chilling effect on the willingness of qualified individuals to serve as corporate directors.

Shortly after the White Paper was exposed, the U.S. Court of Appeals for the Seventh Circuit added another wrinkle by holding that a director may not be insulated from a claim for breach of the duty of loyalty arising from a conflict of interest even if he/she discloses the conflict.[27] It is untenable for directors of an insurer to be personally liable due to the inherent conflict between a duty to shareholders and a duty to policyholders and beneficiaries. The Venrock case allows for non-conflicted directors to protect themselves by forming a committee which has independent advisers, but the conflict created by the White Paper would affect all directors, leaving them all unable to avail themselves of the protection of an independent committee. Further, under Venrock, the other party to whom the conflicted director owes a duty can be held liable for aiding and abetting the director’s breach under certain circumstances. Imagine, if you will, policyholders and beneficiaries being liable to shareholders for a breach by directors of an insurer; or shareholders being liable to policyholders and beneficiaries for such a director’s breach.

We are concerned that the White Paper could lead to multiple unconsidered complications for directors, including an erosion of the decades-old case law protections for directors due to regulators’ policy objectives. This situation could be exacerbated if the NAIC uses the White Paper as the basis for a new model law on corporate governance.

As mentioned above, the NAIC plans to hold an interim meeting of the CGWG on July 20 to discuss comments on the White Paper and to discuss what further steps should be taken.


[1] Solvency Modernization Initiative ROADMAP, August 25, 2010.

[2] The other four areas of focus are (1) capital requirements, (2) group supervision, (3) statutory accounting and financial reporting, and (4) reinsurance.

[3] Annual Financial Reporting Model Regulation, adopted by the NAIC in June 2006.

[4] Directive 2009/138/EC of the European Parliament and of the council of 25 November on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II).

[5] The Web site of the IAIS is

[6] The CGWG attached drafts of proposed revised ICPs 5, 7 and 8. The IAIS Web site indicates that October 2011 is the date for anticipated adoption. The CGWG describes these drafts as the most recent versions of the ICPs.

[7] International Monetary Fund, United States: Publication of Financial Sector Assessment Program Documentation – Detailed Assessment of Observance of IAIS Insurance Core Principles, May 2010.

[8] Id. at 17.

[9] The CGWG so noted that U.S. adherence to the ICPs may serve as the basis for other countries to assess U.S. equivalence, presumably a reference to Solvency II.

[10] Section 1202 of the New York Insurance Law.

[11] Recently adopted revisions to the Insurance Holding Company System Regulatory Act (Model #440) add similar independence provisions, but such corporate governance provisions are optional for each jurisdiction. See Drafting Note before Section 5.C. of Model #440.

[12] ICP 7.3.8.

[13] But see discussion of the Venrock case, below.

[14] Control functions include risk management, compliance, actuarial, and internal audit. See Sections 14 through 18 of the White Paper.

[15] The NAIC’s SMI Task Force published a consultative paper on ORSA and in February 2011 issued its own ORSA proposal. U.S. Own Risk and Solvency Assessment (ORSA) Proposal.

[16] See Section 11.1 of the White Paper.

[17] Delaware is generally viewed as having the leading case law on corporate governance.

[18] See Sections 2.2 and 4.1 of the White Paper.

[19] See Delaware General Corporation law Section 141(e), which provides that directors “shall … be fully protected” in reasonably relying in good faith on expert advice. Section 11 under the Securities Act of 1933 also recognizes the important role of experts and shifts the burden of proof for directors who reasonably rely on experts.

[20] In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 970 (Del. Ch. 1996); see also, generally Stone v. Ritter, 911 A.2d 362 (Del. 2006); Graham v. Allis-Chalmers Mfg. Co., 188 A.2d 125 (Del. 1963); In re Citigroup Inc. S’holder Derivative Litig., 964 A.2d 106 (Del. Ch. 2009); In re Am. Int’l Group, Inc., 965 A.2d 763 (Del. Ch. 2009).

[21] Caremark, 698 A.2d at 971.

[22] In re Walt Disney Co. Derivative Litig., 906 A.2d 27, 67 (Del. 2006).

[23] In Re Citigroup Inc. Shareholder Derivative Litigation, 964 A.2d at 125.

[24] DEL. CODE ANN. tit. 8, § 102(b)(7) (2010).

[25] Id.

[26] 964 A.2d 106 (Del. Ch. 2009).

[27] CDX Liquidating Trust v. Venrock Assocs., et al, 2011 U.S. App. LEXIS 6390 (7th Cir. March 29, 2011), the U.S. Court of Appeals for the Seventh Circuit (reversing the district court’s ruling).


If you have any questions about this Legal Alert, please feel free to contact any of the attorneys listed below or the Sutherland attorney with whom you regularly work.

Earl Zimmerman 212.389.5024
Bert Adams 212.389.5004
Eric A. Arnold 202.383.0741
B. Scott Burton 404.853.8217
Clifford E. Kirsch 212.389.5052
Cynthia M. Krus 202.383.0218
Harry S. Pangas 202.383.0805
Stephen E. Roth 202.383.0158
Phillip E. Stano 202.383.0261
Steuart H. Thomsen 202.383.0166
Mary Jane Wilson-Bilik 202.383.0660


Earl Zimmerman, a member of Sutherland’s Corporate Practice Group, advises clients on mergers and acquisitions and securities transactions, insurance linked trades (ILTs), and distressed insurance situations.  His significant experience with mergers, acquisitions and securities includes stock acquisitions, mergers, acquisitions of blocks of business using indemnity reinsurance and/or assumption reinsurance, credit for reinsurance (Regulation 114 trusts, letters of credit, fund withheld), Uniform Commercial Code (UCC) and common law insurance collateral arrangements, servicing arrangements, joint ventures, acquisition financings, surplus note offerings, Regulation 144A and Regulation S offerings, NYSE listed offerings, European listed offerings, captive insurance companies, directors’ and officers’ (D&O) insurance, and errors and omissions (E&O) coverage.

© 2011 Sutherland Asbill & Brennan LLP. All Rights Reserved. This communication is for general informational purposes only and is not intended to constitute legal advice or a recommended course of action in any given situation. This communication is not intended to be, and should not be, relied upon by the recipient in making decisions of a legal nature with respect to the issues discussed herein. The recipient is encouraged to consult independent counsel before making any decisions or taking any action concerning the matters in this communication. This communication does not create an attorney-client relationship between Sutherland and the recipient.

For more information about LexisNexis products and solutions connect with us through our corporate site.