In the aftermath of the 2009 global financial crisis, international financial regulatory bodies such as the Basel Committee on Banking Supervision scrambled for answers to one key question: what caused the crisis. Although there were many causes, regulators uniformly concluded that a lack of sound corporate governance practices was one of the root causes of the crisis. It was said that boards of directors that were asleep at the helm, so-called runaway CEOs, figurehead audit and risk committees, and a lack of checks on moral hazard, were to blame for many of the problems.
This led to a re-evaluation of existing corporate governance rules and policies in the financial services industries, specifically in the context of risk-based supervision, Basel III and Solvency II-type systems. Costa Rica has not escaped this phenomenon. Recently, Costa Rica's financial services regulator, the National Financial System Supervisory Council (El Consejo Nacional de Supervisión del Sistema Financiero, or CONASSIF), proposed a new set of corporate governance regulations that would replace existing rules for banks, insurers, pensions managers and securities market participants.
On January 19 2016, CONASSIF published a draft regulation on corporate governance. Under Costa Rican law, before adopting new regulations, CONASSIF must publish a draft and hear observations from supervised financial entities and the general public. Sources close to CONASSIF indicate that banking and insurance superintendents are the main drivers behind the adoption of these new regulations. Both have been pushing for a modernisation of Costa Rica's financial services regulatory system to bring it closer to a risk-based approach.
The new regulation would repeal the existing corporate governance rules adopted in June 2009. The rules currently in force are much more prescriptive in nature; they spell out a series of requirements that all companies, regardless of their size, industry, scale and risks, must meet. CONASSIF deems this approach outmoded.
CONASSIF has looked to the Organisation for OECD guidance papers on corporate governance and seeks to establish regulations based on principles as opposed to rigid checklists. The draft says that regulation should provide orientation with respect to the supervisor's expectations in connection with the management of regulated entities and empower the board of directors, as the primary party in charge of the organisation, in the definition of the way in which the principles contained in the regulation should be satisfied.
Despite this intended focus, many in the industry feel that the draft regulations still carry significant prescriptive content. This has been one of the main criticisms of the draft.
The regulations will apply to all sectors, including: state- and privately-owned commercial banks; non-bank financial entities; savings and loans associations and co-ops; currency exchanges; securities traders; mutual fund managers; securitisation companies; insurers; reinsurers; insurance brokers and agents; pension fund managers; and, somewhat unexpectedly, non-financial securities issuers.
One of the main features that distinguishes the proposed regulations from the existing rules is the introduction of proportionality and differentiation criteria. These will allow each supervised entity, depending on its size, ownership structure, business and type, to define its own risk profile and assess the potential impact of its operation on third parties.
The draft sets out definitions of the duties of care and loyalty. Although both duties exist in Costa Rica as derived from basic commercial law principles, this is an attempt to formulate the duties in black and white. The draft also provides for a series of duties incumbent on boards of directors and sets minimum guidance on the profile that candidates should meet to be eligible to hold a position on the board, board member selection, the role of the chairperson, and so on.
The new rules require companies to define and state their risk appetite through a formal risk appetite statement, which includes quantitative and qualitative parameters. This would need to be managed through effective risk management mechanisms, including lines of defence and an entity risk manager. A new compliance unit or function will also be necessary. Internal and external audit rules are reinforced.
The new rules also require the adoption of a conflicts of interest policy. They refer to the role and duties of various committees, including audit, risk, appointments, and compensation.
Other key features include the provision of guidance on the duties and qualifications that a general manager must meet, as well as compensation, transparency and accountability parameters. Special guidance is provided for the corporate governance of financial groups or conglomerates.
What to expect
CONASSIF is in the process of reviewing all of the feedback received from the affected sectors. The core of the regulations is unlikely to vary, since this new corporate governance approach is a key component of CONASSIF's risk-based supervision plan. However, there may be some changes to the wording of the rules to ensure that the so-called principles-based approach is not trumped by an overly prescriptive, checklist-type requirement.
The other components of the risk-based supervision system (solvency and market conduct) have either been updated (such as for insurers, which have had new solvency rules since 2014) or are in the process of being developed (such as certain market conduct regulations that are being drafted).
The public consultation period has now passed and the final version of the new regulation will likely be adopted this year. Although the new regulation would come into effect six to 12 months after adoption, financial services companies are already moving to get a grip on what this new regulation will mean. For now, companies are advised to familiarise themselves with the proposed requirements, and assess how much their current corporate governance systems and culture would need to adapt to comply. They should set up a plan to ensure that the required adaptations can be accomplished with the minimum cost. Increases to board member duties and responsibilities may even prompt a shake-up of current boards of directors. Where companies do not yet have a risk manager, hiring one may become necessary.
The ultimate goal is for corporate governance rules to help businesses operate more effectively, while taking account of the interests of all of the company's stakeholders. While it is understandable that local regulators are seeking to modernise existing corporate governance rules, many in the Costa Rican financial services sector question whether Costa Rica requires state-of-the art rules that will come with a significant cost and administrative burden. With few exceptions, Costa Rica's financial entities have operated soundly for many decades with the existing corporate governance model. To revert to a metaphor, one may questions whether Costa Rican drivers really need a Ferrari. Or, indeed, whether one can actually drive a Ferrari on Costa Rican roads. Or would everyone be better served with a decent Fiat or Toyota, which is less costly, easier to drive and just as effective in getting from A to B.