Corporate governance of insurers in Germany. German National Report

Corporate governance is the set of rules, be they legal or self-regulatory, practices and processes pursuant to which an insurance undertaking is administrated. Good corporate governance is not only key to establishing oneself and succeeding in a competitive environment but also to safeguarding the interests of all stakeholders in an insurance undertaking. It is insofar not surprising that mandatory requirements on the administration of insurance undertakings have become rather prolific in recent years, in an attempt by regulators to protect especially policyholders against perceived risks hailing from improperly governed insurance undertakings. In Germany this has been regarded by many undertakings as an overly paternalistic approach of the legislator, especially considering that the German insurance sector has experienced for decades if not centuries a remarkably low number of insolvencies and that German insurers were neither the trigger nor the (especially) endangered actors in the financial crisis commencing in 2007. Notwithstanding the true core of this criticism, that the insurance industry was taken to a certain degree hostage by the shortcomings within the banking sector, the reform of German Insurance Supervisory Law via implementation of the Solvency II-System has brought many advances in the sense of better governance of insurance undertakings and has also brought to light many deficiencies that the administration of some insurance undertakings may have suffered from in the past, which are now more properly addressed.

light many deficiencies that the administration of some insurance undertakings may have suffered from in the past, which are now more properly addressed.

General
Under German (Insurance) Corporate Law and especially German Insurance Supervisory Law the term governance is given a larger meaning than just the ultimate responsibility of the executive board for the steering of the undertaking and the responsibility to supervise and check such steering activity by the supervisory board.
Rather, one assumes governance to be a top down-construct requiring the implementation of a "three lines of defence"-concept. It is thus for the executive board to structure the organisation of the undertaking in such a way-and for the supervisory board to make certain this is done in an effective manner-that the insurance undertaking is endowed with an internal control and management system (with an internal hierarchy) principally based on the four eyes-approach as the first line of defence to check the compliance etc. of the daily work of all employees (e.g. concerning distribution, underwriting, regulation of insured events, complaints handling, accountancy, reinsurance, capital investments, personal matters, IT). As a second line of defence supervisory law requires the creation of three so-called key functions-such requirement has in a reduced extent existed in Germany for several years now, since the enactment of sec. 64a VAG old version in 2008 and the issuance of the MaRisk VA circular by the German supervisory authority BaFin 1 in 2009, and has been reinforced by the transformation of the Solvency II Directive into German law-i.e. the independent risk management function, the compliance function and the actuarial function. These functions in their turn, this is especially true for the two former, control if the governance system (on the lower level and globally, this means the former two also supervise indirectly the executive board [and the supervisory board]), is effective concerning the aspects they "supervise". As a third line of defence an insurance undertaking is to create a fourth and (generally) last key function in the form of an internal audit function. This function audits the undertaking (as a whole) and especially also tests for the effectiveness of the other key functions. In the present we will, however, in line with the questionnaire focus on governance issues on the highest level of the executive board and supervisory board unless a more global focus seems appropriate.

Available corporate governance models
In your jurisdiction, what corporate governance models are available to insurance companies? In case multiple models are available, describe the main differences and the allocation of management and monitoring powers among the relevant bodies/committees and which model is generally or ideally adopted by insurance companies.
In Germany, insurance may be tendered only by certain types of corporations (excluding the fact that the freedom of service and the freedom of establishment especially afforded to insurance undertakings established in other Member States of the EU and the EEA may allow other types of corporations to sell insurance or provide cover within Germany). Only undertakings incorporated in the form of an Aktiengesellschaft (AG; joint-stock company), a Societas Europaea (SE; [European] jointstock company), a Versicherungsverein auf Gegenseitigkeit (VVaG; insurance association on mutuality) or an öffentlich-rechtliches Versicherungsunternehmen (public insurance company) may provide such financial services.
In view of the declining practical importance of public insurance companies-many of which are now constituted as Aktiengesellschaften and no longer as institutions incorporated under public law-we will focus on the available governance system for the other three types of corporations.
Insurance undertakings that are incorporated as Aktiengesellschaften are by law required to implement a dualistic model (also called two-tier system) with the constitution of a Vorstand (in the following executive board) and an Aufsichtsrat (in the following supervisory board). While the size and the election modalities of the supervisory board may differ especially in relation to the size and employment figures of the insurance undertaking in question, the creation of a supervisory board per se is not contingent on the principle of proportionality.
Where an insurance undertaking is incorporated in Germany in the form of an SE, which in practice remains an exception in the insurance sector, 2 the founders have an option between a dualistic system (two-tier system) and a monolithic system (onetier system). As for the moment, where an SE has been chosen, most have opted for the two-tier system, turning it rather unnecessary to elaborate on the possibility of the one-tier system.
As concerns the Versicherungsverein auf Gegenseitigkeit (VVaG), German law requires the corporate governance to be virtually identical to that of an Aktiengesellschaft, i.e. it requires an executive board and a supervisory board and thus a dualistic model. 3

Regulatory sources addressing corporate governance
What are the main sources of regulation addressing corporate governance of companies (and in particular of insurance companies)? e.g., statutes, regulations, other rules/recommendations issued by national and supranational supervisors/regulators, self-regulation, codes of best practice, codes of ethics.
Concerning Aktiengesellschaften the non-optional dualistic model and the constitution of the executive respectively supervisory board and the rights and duties of its members are provided by secc. 76 et seqq. respectively secc. 95 et seqq. AktG (Joint-2 Though there are notable exceptions in reinsurance, e.g. Hannover Rück SE, but also in direct insurance, e.g. Allianz SE or ARAG SE; cp. Kordges in: Looschelders/Michael (eds.), Düsseldorfer Vorträge zum Versicherungsrecht 2012, pp. 83-101. 3 But see infra at I.4. the special rules for so-called small VVaG. Stock Companies Act). Sec. 107 AktG furthermore obligates all joint stock companies to implement a governance system partitioned in an internal control system and a risk management system. This provision is, however, rather without importance for insurance companies since they are subject to more elaborate specifications by insurance regulatory law. 4 Concerning Versicherungsvereine auf Gegenseitigkeit the executive and supervisory board and the rights and duties of its members are regulated by secc. 184, 188 and 189 Versicherungsaufsichtsgesetz (VAG; Insurance Supervisory Act) which in their turn declare applicable mutatis mutandis most of the aforementioned provisions of the AktG.
The construction and constitution of the governing bodies (including the option between a monistic and dualistic model) of a SE are regulated in artt. 38-51 European Company Regulation, 5 secc. 15 et seqq. SE-Ausführungsgesetz (SEAG; SE-Implimentation Law 6 ) and concerning employee participation in the management of the company in the provisions of the SE-Beteiligungsgesetz (SEBG; SE-Participation Law 7 ).
Irrespective of the type of corporation an insurance undertaking has chosen, the supervisory minimal requirements of the governance of an insurance undertaking are regulated by secc. 23-34 VAG (which transpose artt. 40-50 Solvency II Directive 8 into national law), artt. 258-275 Solvency II Delegated Reg. 9 , the EIOPA Guidelines on the System of Governance 10 and the MaGo-circular issued by the German supervisory authority BaFin 11 (some governance aspects are also clarified by interpretative decisions of BaFin, e.g. Interpretative Decision on the Remuneration System, or by explanatory leaflets, e.g. Explanatory Leaflet on the Fitness and Propriety of Key Function Holders or of Executive Board Members or of Supervisory Board Members).
Additionally, German Insurers often follow the rules of the soft-law instrument of the (German) Corporate Governance Kodex 12 ; such insurers whose shares are publicly traded must annually declare if they oblige by the rules of this codex. In 4 See infra. K comparison to what German insurance undertakings are legally required concerning their governance system, the codex, however, bears little practical importance. Under the organisation of the German Insurance Association (GDV) many insurers have also adhered to the Code of Conduct for the Distribution of Insurance Products and the more recent Code of Conduct for Data Protection which regulate also some governance aspects.

Insolvency due to poor corporate governance
In your jurisdiction, are you aware of any insolvency or distress of an insurer directly attributable to poor corporate governance standards or practices or failure to adequately implement and apply such principles? If so, please identify the main triggers of the insolvency.
Over the course of the last century, insolvencies or corporate crises have been rather rare in the German insurance sector (during the 20th century the last insolvency of a bigger German insurer dated back to 1929 with the Frankfurter Allgemeine Versicherungs-AG). Where an insolvency occurs, this will usually also have some relation with poor or sub-optimal corporate governance albeit not necessarily in the direct sense. One could hence argue that it is not the distressed life insurance undertaking's fault that we are currently witnessing a low interest rate environment. One could, however, ask if a sound management should not have previsioned the possibility of such a low-for-long stress situation (at the latest when such a situation occurred in Japan, beginning in the late 1980s, lasting until the early 2000s, and severely threatening many Japanese life insurers) forcing the insurers to overthink their guaranteed interest rates or at least the guaranteed level at a much earlier moment. In principle, however, corporate distress of insurers will more likely be the direct result of adverse market situations rather than negligent governance, as can be seen e.g. in the insolvency of the small transport insurer East-West Assekuranz (Berlin) in the summer of 2017.

Proportionality principle in connection with corporate governance
In your jurisdiction, is corporate governance regulation applied according to the nature, scale and complexity of an insurer's business? If yes, please describe any significant differences and rationale for the differences.
The so-called Verhältnismäßigkeitsgrundsatz is one of the founding principles of German administrative (and constitutional) law and has served as (one of) the inspiration(s) for the establishment of the principle of proportionality in EU-law in general and in the Solvency II insurance supervisory system in particular. This principle applies, generally, to the application of all provisions which are not fully rule-based but have at least a principle-based element and thus afford a certain margin of discretion. For the German supervisory authority, the necessity to apply the principle of proportionality is now explicitly provided by sec. 296 subsec. 1 VAG.
In the application of the proportionality principle, one must distinguish two situations: First, where a provision is drafted in a rule-based manner, it is the legislator or regulator, which is obligated to observe the proportionality principle. There are hence several black letter rules that have a built-in proportionality principle. For example, a Versicherungsverein auf Gegenseitigkeit may be declared by BaFin to be a mutual society whose operations are limited to a certain range of business, territory or group of persons (so-called small VVaG) which by operation of law, sec. 210 VAG, dispenses them inter alia from the obligation to establish a supervisory board. The same applies also to the delegated legislator, i.e. the Commission in conjunction with EIOPA on the European level and the Federal Ministry of Finance which are supposed to establish all legal rules in application of the principle of proportionality. More commonly-this is at least the abstract concept of the whole Solvency II-System-the rules will, however, remain principle-based which means that their application and result will be in general subject to the principle of proportionality. Hence, the undertakings' duties concerning corporate governance are to be established while paying heed to the nature, scale and complexity of its business. How the proportionality principle may come into play in creating stricter or more lenient supervisory obligations can e.g. be observed in sec. 23 subsec. 1 VAG (which transposes art. 41 of the Solvency II Directive): All insurance undertakings shall have in place a system of governance, which is effective and proper, and which is appropriate in view of the nature, scale and complexity of its business. Other than providing for the observance of legal, regulatory and supervisory requirements the system of governance must ensure a sound and prudent management of the business. Other than the observance of the requirements provided for by this chapter the system shall especially include an adequate transparent organizational structure with a clear allocation and appropriate segregation of responsibilities and an effective internal communication system.
In this subsection there is hardly a term which is not broad (and vague) and thus open to interpretation, which serves at the same time as a trigger for the application of the principle of proportionality. In many instances, the Commission, EIOPA or BaFin have, however, concretised some aspects of certain elements of the governance system. These concretisations have often been phrased in the form of minimal standards (or expectations). Here, the principle of proportionality could no longer alter the obligation for the undertaking (at least if the concretising rule is itself proportional and thus "constitutional").

Examples of corporate governance structures and practices best implemented through self-regulation
Please provide specific examples of corporate governance structures and practices that are better implemented through self-regulation rather than through legal or supervisory requirements.

K
Generally, it seems more appropriate that the legislator or regulator/supervisor limits itself to minimal requirements concerning corporate governance since the setting of legal obligations encroaches on the freedom of the executive body to manage the business under application of the business judgment rule according to its proper needs. In view, however, that within the insurance industry the interest of several other stakeholders must be considered, i.e. the policyholders, insured, beneficiaries, owners, employees, and the public at large concerning the functioning of an effective insurance market, it also seems appropriate that these minimal requirements are more encompassing than in other economic sectors.
There nevertheless exist areas that should rather remain outside the scope of legal governance requirements and should best be addressed by self-regulation. As an example, the German insurance law historically left it for the insurers to decide whether to implement an internal or external complaint handling mechanism (nowadays they are by law required to at least have an internal complaint handling mechanism). This freedom to self-regulate made it possible for the German insurance industry to create a very consumer friendly Ombudsman procedure. 13 The Ombudsman may be petitioned by any aggrieved policyholder and the decisions are up to an amount of 10,000 Euros fully binding on the insurer while the policyholder always remains free to petition the courts. Under German constitutional law such a mechanism could probably not have been provided by statute because of its particular character of passing only one-sided binding decisions (and thusly depriving the insurer of their legal judge). Other examples might be the question, how much green or sustainable investments an insurer makes. While sustainability considerations should very well be part of any sound business management-and be it only to hedge technical insurance risks caused by climate change or to hedge investments in businesses potentially harmful to the environment (which might become problematic due to changing perceptions of investors)-the concrete investment decision under such considerations should be outside the scope of legal requirements. It should hence be for the undertakings to decide on an appropriate level of green or sustainable investments which could be institutionalised by self-regulation, 14 which would allow insurers to distinguish themselves on the market and attract policyholders that put a large premium on green finance.

Difficulties in implementing supranational corporate governance principles
In case your jurisdiction was recently requested to implement domestically certain corporate governance principles set forth by supranational regulations, describe the main obstacles and problems (if any) that resulted from such process.
If one were to regard the EU as a supranational body-which goes against common wisdom which perceives it as a confederation of states sui generis-much could be said concerning the problems in transposing the Solvency II System into national law and in implementing it into practice. Especially the preparatory phase for the application of Solvency II, during which the old VAG representing the Solvency I-System remained in force, but undertakings needed to be made ready for the immediate entering into force of the Solvency II System without any legal transition period created a host of dogmatic and practical problems. 15 If one considers the difficulties in implementing corporate governance principles by other truly supranational bodies, the problems are now rather reduced. Since Solvency II is in general regarded on the international level as one of the best practices of insurance supervisory law, it appears rather unlikely that international standards are created that are not at least roughly in line with the German standards. Further, the new regulatory regime is for the most part principle-based. By this way, the system is flexible enough to allow the supervisor to concretise duties on the supervisory level, be it for certain undertakings (e.g. GSIIs) or be it for certain aspects of governance for all undertakings. If such is not possible, especially if the alteration appears to be material and thus requiring legislative action, the Solvency II System is flexible in the sense that it applies the so-called Lamfalussy Procedure, which allows many legislative alterations to be taken by the Commission in conjunction with EIOPA. If this flexibility is good news for the principle of democracy is another question.

Differences in the corporate governance of insurers in comparison to other companies
Are there any significant differences between general corporate governance rules and the specific rules governing insurance companies?
The differences in legal governance requirements for insurers in comparison to other companies are vast. While other financial sectors, especially banking, are equally densely regulated, such is not true for other sectors, especially the real economy. The most pronounced example for this is the regulatory requirement to establish the four key functions, i.e. the independent risk management function, the compliance function, the actuarial function and the audit function, a requirement germane to the insurance (and banking) sector. Equally, the regulation on how and when outsourcing of relevant functions may be operated is not in the same way applied to undertakings of other sectors. Lastly, the ORSA procedure that insurance (and banking) undertakings must implement do not have an equivalent in other sectors.

Fitness and propriety of board members
The idea that an effective and appropriate management of an undertaking first and foremost requires certain persons to be fit and proper to be able to safeguard such, is not a new concept under German law, neither for the insurance sector nor for other sectors. As such, in order to receive a concession to open a business, German Trade, Commerce and Industry Regulation have for a long time submitted the applicant (at least for certain trades) to a fit and proper test. In the insurance industry, this principle was turned into a black letter rule by sec. 8 subsec. 1 no. 1 VAG old version in reaction to the first-generation European insurance directives, which, however, only requested the executive board members to be fit and proper (with the fit and proper test being a little bit different than it is today). In 1994 this was altered by inclusion of sec. 7a VAG old version into roughly the fit and proper test we know today, however, still only applicable to the executive board members. In 2008, sec. 64a VAG old version was introduced, which broadened the principle to apply to supervisory board members, which in turn was concretised by the MaRisk VA circular 16 issued by BaFin in 2009. What has truly changed since 2016 in the insurance sector with the entering into force of sec. 24 VAG, are the persons that are submitted to such a fit and proper test. (i.e. also key function holders and possibly senior management) and the standard required to be considered fit.

Regulatory requirements of fitness and propriety of board members
Are there any laws or regulations already adopted or any proposals in your jurisdiction, relating to the qualification and composition of board directors in an insurance company? If so, please explain.
Concerning the composition of the executive board of Aktiengesellschaften sec. 76 subsec. 2 AktG only requires there to be one director or for companies with a corporate capital of more than 2 million Euros at least 2 directors (unless the articles of association provide otherwise). In this regard the four-eye-principle applies (only) in principle to the executive board. Companies may, however, choose there to be more directors. Most insurers make use of this option and partition the executive board in resorts. For the Versicherungsverein auf Gegenseitigkeit sec. 188 subsec. 1 phrase 1 VAG requires the executive board to consist of at least two persons (without exceptions). Concerning the supervisory board of an Aktiengesellschaft sec. 95 phrase 1 AktG requires there to be at least three members. The provision, however, affords the company the possibility to provide for more members under the condition that the number can be divided by three (the latter only applies where employment participation rules in the supervisory board apply) and that the number does not exceed certain maximum numbers in relation to the corporate capital; the absolute maximum is twenty-one members. For the supervisory board of Versicherungsvereine auf Gegenseitigkeit basically the same applies by virtue of sec. 189 subsec. 1 VAG, with the exception that only an absolute maximum number is set (i.e. twenty-one) and 16 Rundschreiben 3/2009-Aufsichtsrechtliche Mindestanforderungen an das Risikomanagment.
there are no relative maximums in relation to the size of the corporate capital and the number must always be dividable by three. Where employment participation regulation applies (i.e. more than 500 employees) the exact (minimal) number-and of course the nomination modalities-of members of the supervisory board are altered irrespective of the corporation form chosen.
As for the qualification of the members sec. 24 subsec. 1 VAG-setting the fit and proper-requirements-applies. This provision requires: All Persons who effectively run the insurance undertaking or have other key functions must be personally proper and professionally fit. Professional fitness requires professional qualifications, knowledge and experience that enable a sound and prudent management of the undertaking. This requires appropriate theoretical and practical knowledge of the insurance business as well as, in the case of the transferal of executive functions, adequate management experience. Adequate management experience is in principle to be assumed, where a three-year employment in a managing function at an insurance undertaking of comparable size and line of business is proven. [...] This requirement is amended (and superseded) by the higher-ranking art. 273 of the European Solvency II Delegated Reg. which reads: Insurance and reinsurance undertakings shall establish, implement and maintain documented policies and adequate procedures to ensure that all persons who effectively run the undertaking or have other key functions are at all times fit and proper within the meaning of Article 42 of Directive 2009/138/EC. 2. The assessment of whether a person is fit shall include an assessment of the person's professional and formal qualifications, knowledge and relevant experience within the insurance sector, other financial sectors or other businesses and shall take into account the respective duties allocated to that person and, where relevant, the insurance, financial, accounting, actuarial and management skills of the person. 3. The assessment of whether members of the administrative, management or supervisory body are fit shall take account of the respective duties allocated to individual members to ensure appropriate diversity of qualifications, knowledge and relevant experience to ensure that the undertaking is managed and overseen in a professional manner. 4. The assessment of whether a person is proper shall include an assessment of that person's honesty and financial soundness based on evidence regarding their character, personal behaviour and business conduct including any criminal, financial and supervisory aspects relevant for the purposes of the assessment.
These requirements are than further concretised on the supervisory level by the EIOPA Guidelines 11 and 12 of the Guidelines on System of Governance (EIOPA-BoS-14/253): "Guideline 11-Fit requirements 1.42. The undertaking should ensure that persons who effectively run the undertaking or have other key functions are 'fit' and take account of the respective duties K allocated to individual persons to ensure appropriate diversity of qualifications, knowledge and relevant experience so that the undertaking is managed and overseen in a professional manner. 1.43. The ASMB should collectively possess appropriate qualification, experience and knowledge about at least: a) insurance and financial markets; b) business strategy and business model; c) system of governance; d) financial and actuarial analysis; e) regulatory framework and requirements.
Guideline 12-Proper requirement 1.44. When assessing whether a person is 'proper', the undertaking should consider that the period of limitation of the relevant criminal or any other offence is lapsed based on national law." On the national level the requirements are further concretised by BaFin's MaGocircular 17 which for the fit and proper standard in turn declares applicable the Explanatory Leaflets on the Fitness and Propriety of executive and supervisory board members 18 . The latter set out in much detail the standard to be observed, the circumstances to be disclosed and evaluated, and the evaluation standard to be applied.

Circumstances influencing the independence of board members
In your opinion, what factors, conditions, or incentives might weaken the independence of the board of directors or individual members of the board?
In light of their function, both executive and supervisory board's members can never be fully independent. This follows out of the fact that they often are in a position to balance diverging interests of different stakeholders. An executive board member, for example, must take into account the shareholders' interest of maximising profit while balancing this off against the policyholders' interest of optimal protection (e.g. making especially prudent capital reservations for future insured events). For supervisory board members that serve as employee representatives this conflict is even more marked, since their main purpose of being is the adequate representation of the employees in the management-or rather the supervision of the management-of the undertaking. Such threats to the independence of the board members are, however, hedged by the (supervisory) law making these persons and the undertaking liable for the appropriate management of the undertaking and thus binding them to the supervisory goals. Since supervisory action would harm the interests of all stakeholders in a comparable manner, this conflict is to a certain degree neutralised.
Supervisory law, thus, focuses not on abstract threats to the independence out of the function of the board member, but on concrete circumstances out of the person of the member that endanger his or her independence. In this regard circumstances that call into question the independence of the board member in a permanent manner hinder their propriety and thus their execution of the function. Certain threats to the independence may, however, only require the disclosure (within the company) and appropriate actions through internal guidelines or other instruments to effectively contain the conflict of interest. As a rule, all personal circumstances or economic activities that are suitable to call into question the independent execution of his or her executive or supervisory function by the member are to be considered. Such a conflict of interest may, for example arise where members of the executive and the supervisory board are related to each other or to senior management or key function holders. If such hinders the execution of the function altogether is to be assessed on a case by case basis. It is furthermore in principle inadmissible-other for supervisory board members elected as representatives of the employees-for supervisory board members to be employees of the undertaking in question. Furthermore, the independence is for all members called into question if an undertaking of the member or one of his or her relatives has an economic relationship with the insurance undertaking in question that can be assessed as creating an economic dependence. 19 One particular threat to independence that has caught the public's interest since the financial crisis is the remuneration of board members (especially the variable part of the remuneration) and the execution of a multitude of board functions (in different undertakings). German law sets concrete limits (and requirements) for all these factors to contain the risk.
Regarding the remuneration of board members, secc. 87 and 113 AktG set concrete guidelines and limits for all Aktiengesellschaften (for publicly traded stock companies, the shareholder meeting may vote on the system of remuneration of the executive board members pursuant to sec. 120 subsec. 4 AktG). Per secc. 188 et seq. VAG these rules also apply to Versicherungsvereine auf Gegenseitigkeit. Other than these corporate law rules, German supervisory law provides for further requirements of the remuneration system for board members. Sec. 25 subsec. 1 VAG regulates the remuneration system to having to be appropriate, transparent, and aimed at a sustainable development of the undertaking. This does not imply a regulatory maximum for the remuneration, nor does it force the undertaking to remunerate its executive board members with a mixed, i.e. fixed and variable, salary, nor does this mean that the remuneration of supervisory board members cannot contain a variable component. This is for the most part a question of proportionality and it is for the undertaking to make certain, that the concrete remuneration system does not create false incentives. Where, however, variable components are used (and these variable components at-tain a certain amount) art. 275 Solvency II Delegated Reg. sets certain limits. In this case, said rule provides: (a) where remuneration schemes include both fixed and variable components, such components shall be balanced so that the fixed or guaranteed component represents a sufficiently high proportion of the total remuneration to avoid employees being overly dependent on the variable components and to allow the undertaking to operate a fully flexible bonus policy, including the possibility of paying no variable component; (b) where variable remuneration is performance-related, the total amount of the variable remuneration is based on a combination of the assessment of the performance of the individual and of the business unit concerned and of the overall result of the undertaking or the group to which the undertakings belongs; (c) the payment of a substantial portion of the variable remuneration component, irrespective of the form in which it is to be paid, shall contain a flexible, deferred component that takes account of the nature and time horizon of the undertaking's business: that deferral period shall not be less than three years and the period shall be correctly aligned with the nature of the business, its risks, and the activities of the employees in question.
Concerning the last litera, BaFin has taken the position that in general the term "substantial portion of the variable component" is for the remuneration of executive board members to be understood to mean at least 60% of the variable component. By this way, the board member is incentivised to not aim for the short-but at least the mid-term gains of the undertaking. Where the flexible component seems irrelevant in relation to the fixed component (i.e. does not exceed 20%) or is "insubstantial" in total (i.e. below 35,000 C), the payment must not be mandatorily deferred.
The limits regarding the maximum amount of mandates of board members, are intended to make certain, that every member has sufficent time available and that the insurance industry does not become overly intermingled. A person that already serves on the executive board of two insurance undertakings may, pursuant to sec. 24 subsec. 3 phrase 1 VAG, not exercise such function on a third board. Where mandates on executive boards of undertakings belonging to the same group are concerned, the supervisory authority may grant permission. For supervisory board members, the maximum number of supervisory board seats (on undertakings under supervision of BaFin) pursuant to sec. 24 subsec. 4 phrase 2 VAG is five mandates (for this calculation are qua legem not considered mandates on supervisory boards of undertakings belonging to the same group). Also, to safeguard the independence of the supervisory board, former executive board members cannot immediately switch from one board to the other but must respect a waiting period. Additionally, only a maximum of two of the members of the supervisory board may be former executive board members (sec. 24 subsec. 4 phrase 1 VAG).

Means of the insurance company to ensure fitness of board members individually and the boards collectively
How does an insurance company ensure that individual board members and the board collectively have enough knowledge to monitor and oversee the activities of the insurer appropriately, particularly where specific expertise is needed?
An appropriate corporate governance structure does not only include a cross supervision of particular function holders by each other (and the supervisory authority) but should (or under German law must) include a regular (annual) selfassessment of all board members. Out of the results of the self-assessment and the global assessment on the functioning of the boards and its members must also be established individual (and global) development plans. These plans should identify for individual members specific education measures that either aim at safeguarding their personal fitness or to establish the corporal fitness of the board in question in a particular area, where a deficit has been identified. In light that all board members are under a perpetual duty to undertake education measures to safeguard their fitness such can in principle be enforced by the undertaking (or as a last measure by the supervisory authority in threatening the removal of the particular member). In general, undertakings should, however, already in their nomination practices place importance on an appropriate composition of their boards, since it would e.g. be rather difficult for a member coming from another profession to build up in short time the necessary knowledge in financial and actuarial analysis.

(Non-)diverging standard of fitness and propriety for executive and nonexecutive board members
Are there significant differences in terms of requirements and duties between executive and non-executive members of the board of directors of an insurer?
Under the German dualistic model, the management of the insurance company is the unencumbered prerogative of the executive board. The supervisory board's duty and right is the supervision of the executive board's management of the company in the past and the advisement of the same for the future without any executive function. Whilst the proper-requirement follows, pursuant to the understanding of the legislator, a uniform standard that applies in the same way to all persons submitted to supervision in the same way, such is not true for the fit-requirement. Here a function specific approach is followed. One marked divergence between executive and supervisory board members can be seen in sec. 24 subsec. 1 phrase 3 VAG which requires executive board members, in order to be fit, to have acquired appropriate management experience. Such is not requested from supervisory board members. In a more general sense, it is assumed that the requirement of fitness for the average supervisory board members must remain below the threshold for executive board members. Otherwise only executive board members of other undertakings or former K executive board members would be eligible, which would undermine the legislative goal of diversity and heterogeneity within the board. 20

Compensation of fitness by relying on external expertise
In your jurisdiction are there any black letter rules or general principles that enable directors to rely upon external opinions when addressing issues or aspects where specific expertise in needed?
German supervisory law provides for explicit rules, on how the outsourcing of (important) functions must be operated and supervised by the insurance undertaking; sec. 32 VAG, art. 274 Solvency II Delegated Reg., Guideline 14 of EIOPA Guidelines on the System of Governance (EIOPA-BoS-14/253); no. 13 MaGo-circular 21 . From this one can take that the performance of outsourced functions remains ultimately the responsibility of the executive board and it remains obligatory for the supervisory board to supervise that the outsourcing is properly administrated. It remains, however, a not decisively settled question (in the field of corporate liability law but also supervisory law) to what extent an outsourced function must be controlled (the same applies to the general question regarding the extent to which one may rely on the expertise of a third person). It is common ground that the board at least needs to exercise a feasibility control. 22 Thus, blind trust would always be noncompliant behaviour. There is, however, a marked tendency to demand much more than a mere feasibility test. In the field of outsourcing in the insurance sector, for example, BaFin requires undertakings that wish to outsource important functions to (strongly) consider the creation of an outsourcing (key) function within their undertaking which would imply the employment of a person possessing the expertise to fully control the external provider of the outsourced function.

Role of the supervisory authority in assessing the qualifications and activities of the board members and possible means of intervention
Describe the extent and scope of supervisors'/regulators' intervention with reference to the qualifications and to the activities of the board of an insurer.
In a first instance, the supervisory authority may deny approval to the application to tender insurance in Germany where the applicant's executive or supervisory board members exhibit circumstances that raise doubts as to their fitness and propri-20 See Dreher in: Prölss/Dreher [eds.], VAG, sec. 24 para. 72. 21 Rundschreiben 2/2017 [VA]-Mindestanforderungen an die Geschäftsorganisation von Versicherungsunternehmen. 22 The full test as provided by the ISION-decision of the German Bundesgerichtshof (BGH NJW-RR 2011, 1670) requires the external expert to be qualified and independent, the external opinion needs to be based on complete facts, needs to back the intended measure, and needs to address potential contradictions and explanatory gaps, and as such needs to stand up under a thorough feasibility test. Finally, the reliance on the expert opinion can only exempt the board member from liability by application of the business judgment rule if the expert was granted complete information and access to relevant documentation. ety (sec. 11 subsec. 1 no. 2 VAG). For an already licensed undertaking there is the obligation to inform the supervisory authority of all new nominations of board members (in advance) with all information necessary to assess their fitness and propriety (sec. 47 no. 1 VAG). These persons are furthermore under constant supervision of BaFin and may be cautioned for misconduct and, inter alia, if the fit or properrequirements are no longer met, BaFin may even request the removal of the person from its function and may prohibit that person from the execution of its function (sec. 303 VAG).

Regulation pertaining to the governance of subsidiaries
Are there any special rules and regimes applicable to the governance of subsidiaries belonging to an insurance group, also in terms of information flows?
The Solvency II-System also addresses regulatory requirements of insurance groups. These provisions address particular duties in all three pillars of Solvency II, i.e. quantitative, qualitative, and transparency requirements. Hence, there are also particular provisions requiring the creation of a group internal governance and information system, not only in relation to subsidiaries but to other related undertakings as well. The observance of these requirements is also especially supervised not only on a national level but through the so-called supervisory colleges in which the group supervisor (usually the national supervisor of the [main] participating insurer [parent]) and all national supervisors of related undertakings and EIOPA cooperate in the supervision of the group as a whole.

Risk management
Whilst the handling of risk has always been the core business of insurance undertakings, many were in the past too exclusively focused on the evaluation and handling of their technical insurance risk. At the latest since the beginning of the works on the Solvency II project, even the last insurer has come to realise that it does not only need to manage other peoples' risks but also their proper ones. This was a lesson maybe harder learned in Germany than in other countries since the German market has experienced so few insolvencies, implying that the industry and its partakers must have been doing something right. In a rapidly changing market environment, it, however, appears paramount that insurers take a more active and transparent approach in the identification, avoidance, minimalization or neutralisation of risks.

Currently biggest risk challenge for insurance
In your opinion, what is the biggest risk challenge (e.g. regulation, capital standard, pricing, interest rate, cyber, terrorism, etc.) facing the insurance industry today in your jurisdiction? K It appears a little simplistic to identify one most prominent risk that threatens the insurance industry as a whole. One has to distinguish between different insurance classes and different kinds of insurance undertakings. German life insurance undertakings, in particular, are currently probably the most threatened by the low interest rate environment in conjunction with the high guarantees in older contracts in their portfolio and the new risk-based capital standard. Small, very regional Versicherungsvereine auf Gegenseitigkeit, a speciality of the German market, albeit historically often very robust financially, are currently very pressured by the regulatory requirements. To give an example: such a small insurer has to create the four key functions, which may imply that they have to employ more people in governance capacities than in the rest of the company. While the proportionality principle can afford some alleviation in that respect, the minimal requirements might often be of a kind to drain resources of an hitherto stable and robust insurance undertaking.
Whilst the evolution of regulation was often perceived as a burden, some insurers have come to realise that it has also served as a protection against competition from financial start-ups. It is, however, clear that this just postpones the inevitable. If one wants to pinpoint one risk that threatens all insurers equally it would probably be cyber in a large sense. In so far, it is for the insurance industry to prepare for the implications of big data, for the growing importance of alternative distribution channels, for the increased expectation of policyholders to communicate via numerous channels, for competition from new forms of risk transfer mechanisms and the like.

Implementation risk of (pending) future regulation
What specific laws or regulations, actual or pending in your jurisdiction, will present significant implementation risk challenge toward the insurance industry?
Insurance Supervisory Law in Germany (and in all of Europe) has experienced an unprecedented overhaul in the last few years. The transition from Solvency I to Solvency II is now, however, for the most part accomplished. Insofar there appear to be no further implementation risks (other than some detail problems, which were partly discussed in the present) hailing from insurance regulatory law. Whilst many of the recalibrations of the supervisory system appear to have been necessary, one should not forget that insurance undertakings engage in activities that are often very long-term in nature (esp. life insurance but [to a lesser degree] also health insurance and the like). In order to properly structure and price its products and plan its investments, the insurance industry is especially dependent on regulatory stability and predictability. Insofar one might hope for insurance regulation to enter a period of tranquillity, instead of the almost Trotskyite state of permanent revolution in which it remained in recent years. Insofar the biggest risk would be an overzealous and hasty attempt to prepare a transition to a future Solvency III-System. This is, however, not to say that regulatory projects from other areas of the law might not pose very noticeable challenges for the insurance industry, such is for example the case regarding the compliance with the reformed rules on data protection. 23

Ethics and corporate social responsibility
Insurance has in Germany, as presumably in most parts of the world, always suffered from a bad public image in comparison to the important role it plays in the functioning of the financial system and the welfare system. This is largely due to the fact that insurance (i.e. the assumption of a risk in exchange for a premium) is an invisible legal product that cannot be touched and perceived by the customer. Many insured thus feel unduly wronged by their insurer where they suffer damages but do not receive benefits or only reduced benefits. The rational of many consumers is in such a case that they have faithfully paid their premium for many years without ever having received anything in return and that at their moment of need they are left hanging. What many consumers cannot grasp, is that they have constantly received performance by the insurer which assumed their contractually defined risks. The problem with assessing the ethical standard of insurers is thus one of perspective. The customer will usually assume a deontological perspective, in which he or she considers his or her personal situation and the rejection of the insurer to "help" him or her on what he or she perceives as overly formal grounds, as unethical. The undertaking-and its employees-on the other hand will usually assume more of a utilitarian perspective, as their duty is not only to the individual policyholder but to the "community at risk" and other stakeholders.

The influence of business ethical standards and corporate social responsibility standards on behaviour in insurance companies
Please provide any concrete examples where business ethical standards and/or corporate social responsibility standards have been applied and have changed the behaviors of the insurance company.
Corporate social responsibility and ethical standards, focused on the individual undertaking, play a much less pronounced role in Germany than for example in the US. This is due to the fact, to give one example, that German employees enjoy a more complete protection and inclusion than their American counterparts. Constitutionally guaranteed union freedom, salary tariff practices, the right to form works councils and their participation rights, the employees' representatives' participation within the supervisory board and many employee protection provisions in German Employment Law (e.g. prolonged sick pay, long minimal vacation times, maximum work hours, 23 Regulation (EU) 2016/697 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in: OJ of 4.5.2016, L 119/1 and German laws accompanying this General Data Protection Regulation have of course created difficulties in all industries that deal with the processing and transferal of person-related data; this, however, also attaches to insurance. restrictive termination protection, long maternity leave) force German (insurance) undertakings to safeguard a level of corporate responsibility that many of the most socially responsible American companies would not even consider. It is, thus, little surprising that German undertakings found it unnecessary to establish or underwrite specific corporate social responsibility standards. Nevertheless, there are today many, who have established such standards. But this especially applies to larger German undertakings which are active on a global level, who either wish to telegraph their high standards to the outside world or are under a legal obligation to do so, for being active in a country that requires such.
All of the above is, of course, not to say that German insurance undertakings in general do not follow certain ethical convictions but just that such are usually not standardised within the undertaking in the form of an ethical codex.
If one wants to give one example, where an ethical standard has influenced insurance behaviour in Germany's insurance sector one could mention the Code of Conduct for the Distribution of Insurance Products prepared under the auspices of the German Insurance Association (GDV). One has to keep in mind that the German insurance industry has always relied heavily on independent insurance agents to distribute its products. Such a distribution system is especially prone to create problems in safeguarding the proper advisement, counselling, and information of potential policyholders. In the past, Germany suffered several minor and bigger scandals regarding improper incentives offered to insurance intermediaries and resulting systematic miscounselling of policyholders (especially regarding the transfer of cover [in life insurance]) against their own interest. Even though the established ethical standard for the distribution of cover did little more than reiterate what insurers were already obligated to do under insurance supervisory and insurance contract law, i.e. provide themselves proper council, advise and turn over all legally required information or make certain that the insurance intermediary fulfils their duty for them and its proper duty to counsel, advise, and turn over all legally required information. Nevertheless, the creation of this ethical standard helped to clarify the legal requirements and make many insurers look closer at their distribution system and alter it in favour of compliant or over-compliant behaviour.
A comparable influence may be attributed to the Code of Conduct for Data Protection (by Insurers) also established by GDV. This codex, in its changing iterations, has certainly aided in making insurers ready to the steadily increased standard of data protection exacted by law. Whether the standard ever required the underwriting member undertakings to grant a level of data protection that would turn them into market leaders of good practice remains, however, dubious. In view of previous practices-where insurers of the past very liberally exchanged information with each other concerning policyholders, with little regard to the policyholders' interest-the codex must, nevertheless, be applauded for bringing insurance practice more into line with general legal standards.

Regulation aiming at the protection of policyholders or financial consumers
In your jurisdiction, are there any specific laws or regulations already adopted or any proposals, or any arrangements in place in the governance system, relating to the protection of policyholders' and/or financial consumers' interests?
In a way the complete insurance supervisory law is aimed at the protection of the policyholder. Sec. 294 subsec. 1 VAG declares that the protection of policyholders and beneficiaries of insurance benefits is the main goal of supervision to be given prime importance by the supervisory authority. However, insurance supervisory law aims at the protection of the globality of policyholders and not the individual policyholder (or investor). Individual protection thus remains to be the domain of the ordinary courts, however, with the particularity that all financial sectors have created an Ombudsman procedure 24 that is intended to protect the individual (also, an aggrieved consumer may lodge a complaint with BaFin which may ease in the protection of said policyholder). Some governance supervisory requirements, furthermore, aim at bettering the position of the individual policyholder, for example by requiring all insurance undertakings to establish an appropriate internal complaint system. That notwithstanding policyholder protection remains to be afforded for the most part by the rules applicable to the insurance contract (right of withdrawal etc.).

Corporate social responsibility (CSR) report or a global sustainability initiative (GSI) report in the insurance industry
In your jurisdiction, is an insurance company required to produce an annual Corporate Social Responsibility (CSR) report or a Global Sustainability Initiative (GSI) report? If so, what context needed to be disclosed in these reports?
The German legislator has transposed in the spring of 2017 the European CSRdirective (Corporate Social Responsibility Directive 25 ). 26 Pursuant to this rule, German insurers, though there are exceptions concerning the size of the insurer, must enrich the annual management report (Lagebericht) or group report (Konzernbericht) with a non-financial declaration or must create a separate non-financial report. The content of this non-financial declaration is first the business model (for insurance undertaking this is not a new requirement) and second at least the following aspects: environmental, social and employment matters, respect for human rights, as well as anti-corruption and bribery matters. Commercial Code] in connection with sec. 341a subsecc. 1a and 1b HGB. There is also a German Sustainability Codex (Deutscher Nachhaltigkeits Kodex, DNK) which has been underwritten by several insurers (see supra).

Disclosure
As much as in the judiciary-where, according to the famous dictum of Lord Hewart, justice must not only be done but seen to be done-good governance of an insurance undertaking requires transparency to garner the trust of all parties concerned. An insurance undertaking should aim at utmost transparency on three distinct levels: internally, towards the supervisory authority, and towards the public. What concerns internal transparency, this requires the implementation of an internal information network and precise guidelines on what sort of information must be disclosed, in what way, and to whom, which is in itself an integral part of a well-functioning governance system. Contrarily, supervisory transparency is intended to put the supervisory authority in a position, to enable it inter alia to evaluate if the undertaking pays heed to all qualitative requirements in the concrete administration of the undertaking. Lastly, by also being required to disclose certain information to the public, which enables potential shareholders to evaluate if the undertaking is administrated in a way to garner investment interest and potential or current policyholders to assess if the undertaking is administrated in a way to invite trust, the market is activated as a corrective mechanism.

Necessary mechanisms for the safeguarding of transparency regarding the governance structure
In your opinion, what mechanisms shall be in place or considered in an insurance company to ensure the transparency of its governance structure? (e.g., the articles of association, the organization chart, any existing committees, the major shareholders, the ethical standard, corporate social responsibility, etc.) One rather important question is, how an insurance undertaking should make its governance structure transparent, which would at the same time also put the administration under self-induced pressure to respect the governance structure internally. Considering the rather rapid change that insurance regulation has exhibited in the last years, it appears rather problematic to provide for precise requirements for transparency of the governance structure in the articles of association. Such a line of action would rather require insurance undertakings to having to alter their articles in a very high frequency. Transparency should, thus, be safeguarded by other means such as certain inclusions concerning the governance structure and principles within supervisory and public reports and permanent disclosures on the website of the undertaking. As such it seems desirable, on the one hand-much of this is required by German law-, that the supervisor but also the public has permanent access to at least the key information on the undertaking and its governance. Such information should include (as a bare minimum) the articles of association, an organizational chart of the undertaking and the group structure-if it is included in one-, on the persons of function holders (requiring to disclose publicly all potential conflicts of interests that these persons need to disclose annually internally [and to the supervisor] seems to be rather overburdening), and the existing committeestructure. The choice to disclose precise information permanently to the public on their website concerning the major shareholders should be left to the undertaking (and the shareholder) unless a disclosure seems necessary pursuant to the amount of the share. To the supervisory authority, however, such disclosure must be made at least in Germany (and quite understandably so), since these major shareholders are also submitted to a fit and proper standard. If, on the other hand, insurance undertakings wish to make public the ethical standard or corporate social responsibility standards which they follow should be completely up to them, since the adherence to ethical or social standards, which are not enforced by the legislator by basing concrete enforceable legislation on them, should be outside the purview of the law. It should, thus, be for the undertaking to decide if it wishes to advertise with the fact that it holds itself to a higher standard than the law requires. If such disclosure is made, the nonadherence to such standards may (and should), however, have legal implications.

Governance practices best ensured by transparency and minimal level of governance requirements
Are there any governance practices that, in your opinion, can best be achieved through disclosure rather than through specific supervisory requirements? Which governance practices should be mandatory for an insurance company?
As highlighted above, transparency and governance should not be seen as two exclusive but rather as two interlinked concepts. It is hence, on the one hand, a question of (good) governance to make certain that mandatory disclosures are properly made and what kind of voluntary disclosures are rendered public. On the other hand, an effective transparency policy can further the governance of the undertaking by positioning it in a favourable spot on the market. Nevertheless, the question remains if under certain circumstances it would not be better to require undertakings only to render public certain particular aspects of their governance rather than obliging the undertakings directly to structure the governance system in a certain way.
The question of how an undertaking is governed should, in every liberal society, in principle be the inviolable freedom of the director and in last instance of the owners of the undertaking. Thus, every regulatory system should err on the side of not requiring a certain kind of governance (except for setting general principles) but rather only requesting transparency of certain governance related facts. In reality, financial supervision, especially due to (perceived) negative developments in the banking sector, has taken another turn. Nevertheless, the rule should apply that the regulator should only provide for mandatory structural governance instruments if the intended (important) goal cannot be achieved by requiring the undertaking to disclose certain facts to the public. This, however, requires an informed public, since markets would only "punish" bad governance if they can perceive it. The legislative choice of what goals may be equally achieved by relying on a market corrective, thus depends on the market in question. The factors to be considered here are for example: Is there a sufficient amount of competition (allowing a policyholders to switch from badly governed to well governed insurers); are there appropriate consumer or policyholder protection associations; do (large) investors take into account bad governance, where such does not threaten the short-or medium-term returns on the investment but rather (exclusively) endangers policyholders' rights in the long-run; is there a well-informed media coverage (with adequate financial expertise); and is the public at large sufficiently educated in financial matters and the management of an undertaking. In many instances experience has shown that a laissez-faireapproach, requiring only transparency, seems inapt to bring about an appropriate level of protection of policyholders in the insurance sector (even though these are often lessons transferred from the banking to the insurance sector). Such should, however, not be seen as carte blanche to legislators and supervisory authorities which remain under a constant duty to assess whether or not more leeway should be given to undertakings.

Interrelation between general rules on market abuse and transparency and insurer specific regulation
What is the interplay between market abuse regulations and other disclosure/ transparency rules applicable to listed insurers and industry specific rules applicable only to insurance companies?
It is one of the main criticisms of the Solvency II-System that it does not address the interrelation between the insurance supervisory (transparency) requirements and those from other legal fields. Insofar an undertaking remains obligated to fulfil independently their disclosure duties under commercial, accounting and capital market law, which especially concerning quantitative requirements may imply transparency according to rather diverging accounting standards (e.g. HGB-accounting, IFRS, US-GAPP, Solvency II). In other areas, Solvency II has aimed at bringing its standards in line with other transparency requirements (e.g. market abuse transparency, money laundering, terrorist financing). Nevertheless, insurance undertakings will often be obligated to make different disclosures to different addressees.

Outlook
In respect of the corporate governance of insurers, please describe your criticisms on the system in your jurisdiction, any recommendations for the future, and/or the main challenges which insurance undertakings encountered.
In general, the Solvency II-Reform has put into place a very appropriate corporate governance regulation system for the insurance sector. This appears state of the art. Other than the described instruments and structures, this especially applies to the regulatory requirement to implement an Own Risk and Solvency Assessment-Process (ORSA). The main criticism of the current system rather hails from the concrete application of the regulation within the supervision of undertakings, where many market participants feel that the proportionality principle is not applied in an appropriate manner. Whether this is a problem of the (in many respects still) current "transition period" or a permanent situation, however, remains to be seen.