Integrating the Compliance Function into the Legal Department
(1)
Johannes Gutenberg University, Mainz, Germany
11.1 Introduction
11.3.1 Crossover in Tasks
11.4.1 Particular Competencies
11.4.2 Special Qualifications
11.8 Summary
Abstract
This chapter addresses a governance issue: whether it is permissible under the insurance supervisory regime of Solvency II for an insurance undertaking to merge its compliance function with its legal department. The Solvency II provisions in fact do not address the legal department of an insurance undertaking. But the tasks and powers of a legal department are in part the same as those of the compliance function under art. 46, para. 1 of the Solvency II Directive. The conclusion is thus: General insurance supervisory regime principles such as functional segregation and functional independence do not prohibit such a merger. Indeed, such a merger would seem to be advisable in many instances in light of the supervisory law principles of freedom of internal organization and of proportionality.
First published as Dreher: “Die Zusammenlegung von Rechtsabteilung und Compliance-Funktion bei Versicherungsunternehmen im Solvency-II-System” [in English: Combining the Legal Department and the Compliance Function of Insurance Undertakings in the Solvency II System], in Wandt et al., Versicherungsrecht, Haftungs- und Schadensrecht, Festschrift für Egon Lorenz zum 80. Geburtstag [in English: Publication in honor of Prof. Dr. Egon Lorenz on his 80th birthday], Karlsruhe (2014), 119 ff.
11.1 Introduction
The Solvency II provisions do not address the legal department of an insurance undertaking. This is somewhat surprising in view of the internal status and position of a legal department as well as in consideration of the responsibilities imposed on such a department. The legal department is directly attached to the managing board and advises the board with regard to all basic issues relating to company law. By contrast, art. 46, para. 2 of the Solvency II Directive places the task of advising the managing board within the compliance function, with emphasis on advisement concerning insurance supervisory law.1 Along with this posture, the Solvency II Directive has made the compliance function a component of the system of governance. Pursuant to Recital 33 of the Solvency II Directive, the compliance function is a “key function […] and consequently also [an] important and critical function […]”.2
The importance of the legal department of an insurance undertaking suggests that it could well have been identified as a key function. This might have clarified a number of issues relating to interface and compatibility with the key functions as identified by the Solvency II Directive. At any rate, the Solvency II system simply ignores the existence of insurance undertakings’ legal departments.3 This raises numerous issues touching the position and activity of the legal department within an insurance undertaking under the Solvency II system. One of these issues has considerable practical significance: whether the compliance function and the legal department of an insurance undertaking can be combined. Although not previously closely examined, such a merger has been regarded as legally permissible4 and also logical in view of the tasks and objectives of the two functions and as a means of efficiently using resources. The question now is whether such a merger would face legal obstacles.
With this in mind, the first inquiry is to ascertain where, from a supervisory law point of view, the difficulty lies with respect to combining the legal department and the compliance function in an insurance undertaking (11.2, below). The article then discusses the merger of the legal department and the compliance function in light of their respective tasks (11.3, below), the particular provisions aimed at the compliance function as a key function (11.4, below), the principles of functional segregation (11.5, below), of functional independence (11.6, below) and of self-organization and proportionality (11.7, below).
11.2 Combining the Legal Department and the Compliance Function as a Legal Problem
Since the legal department is not directly addressed in the Solvency II system, such department for its part would only be incompatible with the compliance function if thereby its integrity and task performance were put at risk. There is, however, no fundamental reason to make such an assumption. Rather, the activities of the compliance function are likewise rights-based and subject to upholding the principle of legality.
Thus, the criteria applicable to the compliance function under the Solvency II provisions come to the fore. Of first import in characterization is the special task description for the compliance function in art. 46 of the Solvency II Directive.5 Next in consideration are certain legal principles applicable to all four key functions. These are: the “fit and proper” requirements for those exercising the compliance function as a key function under Recital 35, art. 42 of the Solvency II Directive, and art. 263 SG11 DVO6; a right to be informed with respect to any staff member under art. 258, para. 3 SG6 DVO; a duty to inform of the compliance function with respect to the managing board under art. 258, para. 4 DVO of any major problem in its area of responsibility; and requirements on variable remuneration under art. 265 SG13, para. 1 (c) and para. 2 (b) DVO. In addition, the principles of functional segregation under art. 41, para. 1, subpara. 2 of the Solvency II Directive and art. 258 SG6, para. 1 DVO and of functional independence under Recital 107, sent. 1 and art. 258 SG6, para. 1, sent. 1 DVO are of particular importance.
11.3 Combining the Legal Department and the Compliance Function in Light of Their Respective Responsibilities
11.3.1 Crossover in Tasks
The activity of a legal department in an insurance undertaking—especially in an insurance undertaking that is the parent of an insurance group7—depends on the task imposed on it by the managing board in its leadership role. The normal complement of such tasks includes all law-related processes excepting matters of tax, labor, and insurance law. These are consigned to the appropriate operating department. The primary tasks, then, are: legal advisement of the managing board, which normally has a corporate law emphasis; advisement of staff members; analyzing procedures for legality; and designing structures, procedures, and transactions from a legal perspective in liaison with the pertinent departments. Here, the primary concern is avoidance of legal hazards and formation of law in the interest of the undertaking.
Art. 46 of the Solvency II Directive imposes general legal monitoring on the compliance function as a core task. The compliance function specifically encompasses the insurance supervisory regime, but is correctly considered also to include compliance with the legal requirements imposed on insurance undertakings in general.8 Thereafter, art. 46 of the Solvency II Directive sets forth three subtasks of the compliance function by way of example. These are in the areas of: advisement of the managing board, where the directive notes only the insurance supervisory regime but generally includes the legal requirements for insurance undertakings; evaluation of risks due to changes in the legal environment; and the evaluation of compliance risk.
Compliance function tasks under the Solvency II Directive thus exhibit on the one hand partial alignment with the tasks of the legal department of an insurance undertaking, for instance, in providing the undertaking’s managing board and staff members with legal advisement. Also, these functions share the objective of complying with the principle of legality in the exercise of their responsibilities. On the other hand, however, their respective tasks part ways in that the compliance function is not tasked with generating legal formulations. If one starts by taking the term “compliance” to mean action by insurance undertakings in conformity with the legal requirements based on suitable and adequate organizational measures,9 then merging the legal department with the compliance function would not appear to generate the potential for conflict. This is so because both are concerned with meeting the legal requirements directed at insurance undertakings and their staff members. An activity may involve advisement, formulation, or monitoring. It may be performed upon request, as in the legal department, or as part of an ongoing task, as in the compliance function. Irrespective of these variable conditions, the principle of legality is the common point of reference. Nevertheless, this area receives closer examination below in view of particular areas of activity in the legal department and the tasks of the compliance function.
At the outset, it does not appear problematic in the present context to evaluate legal risks and compliance risk, which are subtasks of the compliance function and also are emphasized in the Solvency II Directive.10 Ascertainment and evaluation of changes in the law and the risks associated therewith clearly constitute a central task of the legal department, as a part of the general task of handling the legal matters of an insurance undertaking. In this respect, the work of the legal department and the compliance function overlap. Under art. 260 SG8, para. 2 DVO, the subtask of evaluating compliance risk consists in evaluating the adequacy of the measures instituted to comply with the legal requirements imposed on an insurance undertaking. This provision is further concretized in no. 3.155 EIOPA Governance Guidelines. A legal department experiences this as but the obverse of its core task of complying with the principle of legality. Thus it is likewise not apparent that there should be a potential conflict arising from the simultaneous performance of tasks by the legal department and the compliance function of an insurance undertaking so far this particular subtask is concerned. The same is ultimately true insofar as the literature on the relationship between the legal department and the compliance function is concerned, where the focus with respect to the compliance function is on organizational issues.11
11.3.2 Advisement of Insurance Undertakings’ Staff Members as an Area of Potential Conflict
The opposite may be the case, however, if staff members openly present legally questionable circumstances to a legal department combined with the compliance function and require appropriate advisement. The same would be true if the information about such practices arrives anonymously. It is, of course, true that advising, informing, and training staff members are tasks in the ambit of both the legal department and the compliance function. Only the compliance function, however, is responsible for the triad of instruction, preventive monitoring—including counseling—and coercive sanctions.12 Whereas coercive procedures in the sense of an incentive to employ labor law measures, or the threat or exercise of such measures, are a portion of the compliance function, the legal department is fundamentally not occupied with coercive matters. This is so because such an aspect would have the tendency to undermine the vital trust of staff members, who must be allowed to resort openly to the legal department for advisement concerning critical matters. This approach serves both the interest of the undertaking and compliance with the principle of legality because the legal department can thus operate to protect the interest of the undertaking while also effectuating the duty of legality. To the extent staff members convey “major problems” within the meaning of the Solvency II DVO to the compliance function or the compliance function learns of such through other means, the compliance function must fulfill its previously mentioned duty to inform the managing board.13 And further, the compliance function must then activate coercive measures in accordance with its previously mentioned job description, if necessary. In this context reference should be made to the decision practice of the BGH [German Federal Court of Justice], under which, indicatively for fulfilling the compliance obligation, “it may also be significant whether the affected party, i.e., the party subject to supervision, employed the threatened measures following infringement of its directives”.14
In view of this, one could presume combining the legal department with the compliance function would be bound to lead to conflicts because staff members would be hesitant to trust the legal department in the same measure that they would if it were a stand-alone department. This view is contradicted, however, in that the Solvency II system sets forth no requirement that insurance undertakings maintain their own legal departments. Legal department tasks thus can be assigned to an entity within an insurance group or even outsourced to outside firms. In cases of outsourcing, there would exist no in-house legal department at all for staff members to bring confidential matters to, which they otherwise might do because the department resides in their own company or because some legal department personnel might be personally known to the staff members. Thus, as a rule the additional existence of a legal department with accessible contact persons does not legally preclude combining the legal department and the compliance function. Furthermore, such combining may at need facilitate handling staff member concerns by a legal department and compliance function appropriately structured as to content and personnel, under the leadership of its director15 or the one exercising the function.16 In the previously mentioned instances of “major problems” within the meaning of the DVO, experience shows that staff members encountering such problems generally turn first to outside counsel or, to the extent staff members are not themselves involved, submit appropriate information anonymously. For all that, it is ultimately not warranted to take a closer look to the fact that the staff members of the legal department also have the obligation pursuant to their employment contracts to notify the managing board about major legal problems that they become aware of. As a result, there arises no contradiction between confidential advisement by the legal department and coercive monitoring by the compliance function.
11.3.3 Advisement of an Insurance Undertaking’s Managing Board as an Area of Potential Conflict
Both the legal department and the compliance function are tasked with advising the managing board regarding legal matters.17 These entities might seem to have different viewpoint and thus a potential for conflict if, for example, advisement by the legal department focuses on what is legally possible for the undertaking, i.e., an examination of discretionary scope, but advisement by the compliance function looks at what is objectively risk-free from a legal point of view. Yet such an observation would rest upon assumptions as unrealistic as they are legally inapposite. Thus it is not the prime office of a legal department to found its legal advice on what is but marginally legally defensible. Rather, any measure recommended in the undertaking’s interest must be legally defensible. This can entail legal risks, as seen in nearly all litigation before the courts, since such cases in their progress through the stages of appeal often put forward widely disparate legal positions taken by the courts. Likewise, a compliance function cannot exclude the possibility that its legal advice can entail legal risks. In addition, it is not the mandate of the compliance function to avoid legal risks in the undertaking’s interest with such counsel as “payment makes peace” in the context of claims by third parties or “good conduct makes peace” in the context of disputes over largely unsettled issues, such as those arising under the Solvency II insurance supervisory regime. Rather, the compliance function is acting in the undertaking’s interest and fulfills its responsibility to ensure that the insurance undertaking complies with the legal requirements whenever the insurance undertaking proposes pursuing a course that is legally defensible. This can include the knowing assumption of legal risks.18 It is likewise the office of every insurance undertaking’s legal department to recommend precisely this course to the managing board.
In some highly important cases where, considering the risk status, the usual level of certitude is not sufficiently provided by the responsible staff member of the legal department, the obligations attendant on all dealings in the undertaking’s interest require the further adherence to the two-person rule. In the typical operational structure this will generally lead to further engagement with the matter at issue at a higher level in the hierarchy of the legal department. If an insurance undertaking has only one legal specialist or if the whole legal department consists of one person, then the undertaking has an obligation to confer with outside counsel. Otherwise, this obligation exists only in the especially critical cases described in the following.
In those especially critical cases involving, for example, factually, financially, or legally significant circumstances with corresponding risk appetite or—particularly as in competition law or in the insurance supervisory regime—an especially difficult self-assessment by an insurance undertaking arising from special legal circumstances—in both examples: supervision of legality based on principles-based rules—is mandated, both the legal department and the compliance function would have to come to the further conclusion that their own legal counsel should be supported and verified by means of one or more neutral outside legal opinions.19 A part of the responsibility of counsel would be to advise the managing board of this.
Ultimately, only the merging of the legal department with the compliance function of an insurance undertaking can achieve the result that the director or position holder of the combined function can bring the individual perspectives of both areas to the table in advising the managing board. This leads directly to added validity and objectivity of legal advice due to a corresponding self-assessment of the counselor considering both areas of activity. This can lead to the result that in cases where several positions are legally defensible advisement of the managing board of the diverse options in a given situation may resolve to a single, well-founded legal position. This outcome serves the interest of the undertaking both in the managing board’s acceptance of the legal appraisals and in the advisement to be expected from a combined legal department and compliance department.