New Corporate Governance, Risk Management and Internal Control Rules for Costa Rica

Published 25 May 2017

Background

In the aftermath of the 2009 worldwide financial crisis, international regulators came to the conclusion that lack of sound corporate governance was a root cause of the failure of financial institutions.

This led to a re-evaluation of existing corporate governance rules and policies as applied in the financial services industries, following which Costa Rica’s financial services regulator (CONASSIF) adopted a new set of corporate governance regulations. For insurers specifically, the new regime comes alongside heightened risk management and internal control requirements.

Key Features of the New Regulation

The new corporate governance regulations will come into force on 7 June 2017. By way of summary, the following are some of the key features:

• CONASSIF has looked to the OECD guidance papers on corporate governance and seeks to establish regulations based on principles rather than rigid checklists.
• The regulations apply to all financial sectors, including insurers, reinsurers, insurance brokers.
• One of the main features that distinguish these new regulations from the existing rules is the introduction of proportionality and differentiation criteria, which will allow each supervised entity to define its own risk profile and assess the impact of its operations on third parties, depending on it size, ownership structure and the business with which it is concerned.
• The new rules require companies to define and state their risk appetite through a formal risk appetite statement, including quantitative and qualitative parameters.

Risk Management and Internal Control

Alongside the new corporate governance rules, the insurance sector will also be subject to increased risk management and internal control regulations, setting out basic requirements that insurance companies must meet. These systems are required to operate as defences against the risks associated with their day to day operations, including the appointment of internal control functions such as a risk manager and a compliance officer. Clearly, there will be a need for companies to hire suitably qualified staff where these functions do not already exist.

Conclusion

While it is understandable that local regulators are seeking to modernise existing regulations in line with international standards, many in the Costa Rican financial services sector question if Costa Rica requires such a robust approach that will come with a significant cost and administrative burden. With few exceptions, Costa Rica’s financial entities have operated soundly for many decades within the existing model.