Zombieland

It’s a little unfortunate that months and years of good work to close the gap at the NAIC, and with others, on the misconceptions of the regulation of Risk Retention Groups can be set back in what amounts to an instant.

As many of you know, with the hard work and leadership of Sandy Bigglestone and Christine Brown of Vermont’s Department of Financial Regulation, and Sean O’Donnell of the DC Department of Insurance, Securities and Banking, there was much progress on creating a common regulatory approach to RRGs and educating non-domiciliary states to that end under the auspices of the NAIC’s RRG Task Force.

Over the past year, the Task Force has been working diligently to provide additional guidance to both state insurance regulators and industry regarding the registration process for RRGs in non-domestic states. The process started last year with a letter from the National Risk Retention Association (NRRA) citing concerns regarding fees and delays in the review of registration forms, supported by a letter from the VCIA. The discussion that followed also raised concerns from non-domiciliary states, such as incomplete registration forms or potentially non-compliant RRGs. As a result, a drafting group was formed to develop frequently asked questions (FAQ) and best practices documents, and updates to the NAIC Uniform Risk Retention Group Registration Form, which made great progress toward the goal.

Unfortunately, in response to a bill that would expand the Liability Risk Retention Act to allow certain, narrowly defined, RRGs to provide property, zombie tropes about how well RRGs are regulated rose again from the grave. The NAIC sent a letter opposing H.R. 4523, the Nonprofit Property Protection Act, and stated in the letter “RRGs have historically had a higher insolvency rate when compared to admitted insurers.”  The letter was signed by the current NAIC president-elect, Ray Farmer, Director of South Carolina Department of Insurance, among others.

As a joint response from VCIA, CICA and NRRA pointed out, this is simply untrue.  According to a study conducted by the Risk Retention Reporter, which uses data from A.M. Best for the period 1987 to 2017, RRGs had a yearly insolvency rate of 1.2% as opposed to 1.5% for the entire property-casualty and life and health marketplace.  In brief, RRGs during this 30-year period were less likely to become insolvent that traditional carriers.

It is noteworthy that the NAIC did not cite any authority for its conclusion.  And at the actual hearing for the bill this week Chlora Lindley-Myers, Director of the Missouri Department of Commerce & Insurance, repeated the claim – again with no backup data!  RRGs are subject to a different regulatory regime than traditional insurers, but that does not mean that the standard is “lower”. RRG regulation by the domiciliary state is subject to the accreditation process by the NAIC itself.

I hope this does not mean a complete move backward at the NAIC regarding RRGs. I have immense faith in Vermont’s regulators, and other allies in the industry, to keep pushing forward – and finally burying these long-discredited zombies.

To view a copy of the joint letter click here.

Thank you and I look forward to hearing from you!

Rich Smith
VCIA President

What the Heck is GDPR and Why Should We Care?

GDPR

GDPR… sounds like a former communist country in Eastern Europe. But it is a recent development in cybersecurity that could impact us all; especially if your captive has European connections. And, as reported in Business Insurance in June, GDPR-like regulations could impact the US through a new California law.

The European Union’s General Data Protection Regulation, which took effect May 25, is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The regulation contains provisions and requirements pertaining to the processing of personal data of individuals inside the European Union, and applies to an enterprise established in the EU or—regardless of its location and the data subjects’ citizenship—that is processing the personal data of people inside the EU. With the prominent cyber hacks of Facebook and others, this type of regulation is gaining traction in the US.

California recently passed the California Consumer Privacy Act, which reflects some of the GDPR’s provisions, and is likely to be followed by other states. To the extent firms do business in California, they would be subject to the proposition.  While large companies that do business in Europe are already complying with the GDPR, passage of the California proposition would mean additional costs for smaller firms that do not operate internationally, as reported in Business Insurance.

Most experts say they do not anticipate there will be federal legislation on the issue, at least in the immediate future.  And if this type of data protection policy is pursued, the hope is regulators in the United States will continue to follow what he views as the more effective partnership mode, with industry and the government working together on the issue of privacy, rather than following the GDPR’s model.

On a separate track, the NAIC’s Insurance Data Security Model Act is in the process of being adopted by states, albeit fairly slowly. The model law establishes standards for data security and investigation and notification of a data breach in the insurance industry and applies to licensees, which includes not just insurers, but agents, brokers and other parties.

Data security is no doubt a real issue – and one that demands strong measures. It is usually rated the number one or number two risk worrying most CEOs these days. Since most of the data from a captive insurance company is its owners, we need to make sure any data security measures are commensurate to the size and scope of the risk. VCIA takes this very seriously and will continue to champion the right balance for responsible security regulations – wherever they come from. That being said, everyone in our industry needs to take a hard look at data touchpoints and what they are doing to properly protect them.

Thank you and I look forward to hearing from you.

Rich Smith
VCIA President

A Nice Little Holiday Gift from Congress

statehous-with-bow

As reported by Business Insurance on December 13th, the House Financial Services Committee adopted legislation that aims to preserve the U.S. state-based system of insurance regulation and gives Congress greater oversight and transparency on international insurance standard negotiations.

As beneficiaries of the strong, state-based insurance regulatory framework, the captive insurance industry applauds the goal of this legislation. The bill was introduced in response to concerns expressed about the covered agreement signed by the United States and the European Union to address the U.S. lack of equivalency related to the bloc’s Solvency II directive for the insurance industry. Although we supported the covered agreement in terms of trying to create parity between jurisdictions, the NAIC objected to what they believe to be a lack of transparency and consultation with state regulators on the issue.

As reported in BI, the bill states that entities representing the United States may not agree to insurance-related international agreements unless they are consistent with and recognize existing federal and state law, particularly on the regulation of insurance. U.S. federal entities participating in negotiations would be required to coordinate and consult with state insurance commissioners, according to the bill.

Whether this bill gets enough immediate traction to pass in the next year remains to be seen. I think it does bode well that Congress reiterate the near supremacy in states regulating insurance (I say “near supremacy” because Congress can always change its mind!).

Thank you and I look forward to hearing from you.

Rich Smith
VCIA President