The insurance industry experienced significant and varied forms of new legislation and regulation during the last decade. Below, we highlight what we view as the top 10 of these legal and regulatory changes.

1. Dodd-Frank Act

In response the 2007-2008 financial crisis, Congress acted to implement major legislative reforms for addressing systemic risk in the financial markets through the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. A number of these reforms directly or indirectly affected the insurance industry:Federal Insurance OfficeThe FIO is now a unit of the U.S. Department of the Treasury and effectively serves as a federal think tank for development of federal policy positions on insurance regulation and the federal liaison to state insurance regulators and their foreign counterparts. Specifically, the FOI’s charges are:

  • Monitoring all aspects of the insurance industry (except health insurance, some long-term care insurance, and crop insurance), including the identification of gaps in regulation of insurers that could contribute to financial crisis;
  • Monitoring the extent to which traditionally under-served communities and consumers, minorities, and low-and moderate-income persons have access to affordable insurance (except health insurance);
  • Administering the federal Terrorism Insurance Program;
  • Coordinating international insurance matters;
  • Determining whether state insurance measures are preempted by covered agreements; and
  • Consulting with the states and state insurance regulators regarding insurance matters of national importance and prudential insurance matters of international importance.

Now the FIO publishes an annual report on the insurance industry, which highlights market developments, emerging issues and legal and regulatory changes. Initially when the FIO was created, there was some level of apprehension among the state insurance regulatory and legislative communities and insurance industry that the FIO would spawn further federal encroachment on the long-tenured primary regulatory domain of the states over the business of insurance established by the McCarran Fergusson Act in 1943, but that has not occurred.

Redefining Swaps Products

In the wake of the financial crisis, financial markets regulators questioned the functional differences between financial derivatives products, such as credit default swaps, which were a major cause of the financial crisis, and insurance products. The result was new regulations from the U.S. Securities and Exchange Commission and Commodities and Futures Trading Commission broadly defining a swap.

However, the insurance industry and state insurance regulators were quick to defend their turf and successfully established an insurance product carve-out from the new swap definition. An insurance product is not considered a swap if it meets any one of three separate, safe harbor, tests: (1) the product safe harbor, (2) the insurance grandfather provision or (3) the enumerated product safe harbor.

Systemically Important Financial Institutions

One of the Dodd-Frank Act’s key features is the designation of systemically important financial institutions, or SIFIs, which when so designated are subject to rigorous capital adequacy, liquidity, solvency and regulatory reporting requirements and oversight by the Financial Stability Oversight Council, another Dodd-Frank Act created federal governmental agency. A SIFI is a bank, insurance or other financial institution that FSOC determines would pose a serious risk to the U.S. economy if the entity were to collapse.

In the wake of the Dodd-Frank Act, FSOC tagged several insurance holding companies as SIFIs: American International Group Inc., General Electric Capital Corp., MetLife Inc. and Prudential Financial Inc. All of the nonbank groups of companies have since lost their SIFI designations. MetLife won its challenge to its designation in court in 2016.

Creation of Consumer Financial Protection Bureau

While the CFPB’s jurisdiction is limited to the specific consumer financial products and services referenced in the CFPB Act (and potential other future consumer financial products and services that the CFPB could add by regulation) and generally excludes insurance products, the CFPB’s regulatory authority over “service providers” to “covered persons” can extend to insurance products like credit insurance and guaranteed asset waivers where their purchase is financed by an auto loan. So far, the CFPB has not attempted to flex its muscles into the insurance industry in any meaningful way.

2. Affordable Care Act

No law enacted during the prior decade changed the shape of the insurance industry like the ACA. Signed into law in 2010, and largely upheld by the U.S. Supreme Court in National Federation of Independent Business v. Sebelius in 2012, and with major provisions of the landmark law taking effect in 2014; the ACA reimagined health care coverage in the United States.

The largest foray into direct federal regulation of insurance in decades, ACA, among other things: eliminated preexisting condition exclusions; required individuals to obtain health insurance coverage or pay a tax penalty; mandated that health insurance coverage include certain health essential benefits and eliminated annual and lifetime caps on such benefits; created health care exchanges for the public to purchase policies; mandated that health insurance carriers and large self-insured employers spend at least 80-85% of premiums on health costs; and significantly expanded Medicaid coverage.

In addition, the ACA established various risk-shifting mechanisms directly applicable to the carriers, including reinsurance, risk corridor and risk adjustments, which intended to stabilize the market during the laws’ implementation transitional periods.

While shifting political winds have resulted in significant roll backs of many of the ACA’s provisions, the law’s ramifications are still being felt today, with the Supreme Court having heard a case regarding the ACA’s risk corridor program just last December and the question of the severability of its individual mandate or its wholesale invalidation looming.

3. Nonadmitted and Reinsurance Reform Act

While technically a part of the Dodd-Frank Act, the Nonadmitted and Reinsurance Reform Act, which came into effect on July 21, 2011, stands on its own and revolutionized the surplus lines and nonadmitted insurance markets. Prior to the NRRA, each state had the authority to regulate nonadmitted insurance products based on the risk residing in such state and, in addition, could levy surplus lines premium taxes in connection therewith. Perhaps most significantly, however, was that each state was able to impose its own surplus lines eligibility requirements on nonadmitted insurers.

The NRRA changed all this and created uniform, national standards. In particular, only the home state of the insured can regulate and tax a surplus lines insurance policy. The term “home state” is defined under NRRA as (1) the state in which an insured maintains its principal place of business (in the commercial context) or resident (as to personal lines insurance policies); or (2) if 100% of the insured risk is located outside the principal place of business or resident state then the state in which the greatest percentage of the insured’s taxable premium is allocated.

The NRRA also removed the authority of states to promulgate their own surplus lines insurer eligibility standards other than establishing minimum capital and surplus requirements. Today, any insurance company licensed in at least one U.S. jurisdiction may write surplus lines business in all other states provided that it maintains at least $15 million in capital and surplus or such other greater amount as determined by a particular state.

If an alien (non-U.S.) insurance company wishes to obtain surplus lines eligibility, the NRRA requires that such insurer obtain listing on the Quarterly Listing of Alien Insurers maintained by the National Association Of Insurance Commissioners’ International Insurer’s Department.

The NRRA has enabled the surplus lines market to grow and thrive at a critical moment in the U.S. insurance space, as technological innovation and the emergence of insurtech and cannabis deregulation drove demand for specialty insurance solutions that are often first serviced by the surplus lines insurers until an admitted market becomes established.

4. Terrorism Risk Insurance Act

The Terrorism Risk Insurance Act was passed in the wake of 9/11 to provide financial support for the ever-apparent need for terrorism insurance, particularly in certain business and population concentrated areas of the United States. In part due to the global reinsurance market retreating from assuming terrorism risk exposures, the TRIA was enacted to provide a federal backstop in the form of reimbursement for insurance carriers that insure commercial property and casualty terrorism risks in the event of an act of terrorism that is certified by the U.S. Secretary of the Treasury.

Provided, however, that certain individual and industry-wide deductibles are met, and then only up to certain ‎capped losses, with applicable copayments as well.‎ The U.S. Department of the Treasury also has the right to recoup payments from the insurance industry generally subject to formulas set forth under TRIA.

While the TRIA was originally enacted in the first decade of this century and no event has ever occurred, it was reauthorized in both 2015 and 2019, and the importance of these reauthorizations alone land the TRIA on our list. The insurance industry has evolved to heavily rely upon the federal backstop of the TRIA, which requires that insurance companies (including surplus lines insurers) that provide certain kinds of commercial property insurance coverage on U.S. risks must make available terrorism insurance.

Without the TRIA’s backstop, the price of terrorism coverage in certain high-risk areas could become prohibitively expensive or, if insurers are compelled to offer such coverage without the backstop, such carriers would be at risk of getting wiped out by one catastrophic event. While the reauthorizations did not materially change the scope of the TRIA (the most significant changes surrounded the total amount of the backstop and industry-wide deductibles), the TRIA will now be in effect until Dec. 31, 2027, providing stability to the U.S. insurance markets well into the new decade.

5. Department of Labor Fiduciary Rule

The U.S. Department of Labor promulgated its controversial so-called fiduciary rule to enhance investor protections for investment advice rendered by fiduciaries to Employee Retirement Income Security Act pension plans and individual retirement accounts. This rule aimed to revise the long-standing Prohibited Transaction Exemption 84-24 and impose a best interest contract exemption requiring written investor disclosure statements related to fees and conflicts of interest, adherence to impartial conduct standards, adoption of new policies and procedures, prohibition on class action waivers by investors and regulation of investment fees.

Life insurance companies, their affiliated broker-dealers and registered representatives and their agents selling securities, including variable insurance and annuity products, as well as fixed and indexed annuities were all affected. However, the fiduciary rule failed to withstand its legal challenge when the U.S. Court of Appeals for the Fifth Circuit held in 2018 that the DOL overreached its authority and the rule was unreasonable.

6. Data Privacy and Security

Cybersecurity Regulation

The New York Department of Financial Services lead the charge in imposing new cybersecurity regulatory requirements for NYDFS insurance industry licensees (as well as other types of financial services licensees) aimed at protecting the security of personal information they collect and their information systems. The NAIC followed suit with its similar Data Security Model Act, which has now been adopted in some form in eight states.

California Consumer Privacy Act

The CCPA became effective on Jan. 1, 2020, but has a six-month delayed enforcement date. While its application is across almost any type of business, it is a big deal for the insurance industry in California to the extent the limited Gramm-Leach-Bliley exemption does not apply and may represent a new bell-weather privacy and security model law for other states as well as consideration by the NAIC in the future.

7. Principles-Based Reserves

The PBR approach represents the most significant change in the underlying framework to the way the industry determines life insurance reserves. Prior to the PBR approach, static formulas and assumptions were used to determine these reserves; often resulting in excessive reserves for certain life insurance and annuity products and inadequate reserves for others.

The solution developed by the NAIC was to replace a rigid rules-based approach with a principles-oriented approach, based upon each insurance carrier’s own information. The PBR Valuation Manual became operative in 2017, and has been adopted in 51 jurisdictions, and is now part of revised NAIC accreditation standards effective Jan. 1, 2020.

8. Rise of Insurtech and Related Regulatory Responses and Reforms

In 2019, there was no escape from the incessant buzz around insurtechs, as the industry attempts to innovate and become more nimble and responsive to today’s fickle, highly digitized, new (but some old) customers. But that was not the case 10 years ago as the insurance industry did not make any real quantum technological leaps since the dot-com meltdown in 2000.

InsurTech Connect, which now hosts at least 5,000 attendees at the annual conference, didn’t even exist until 2016. However, every carrier is looking at ways of leveraging big data, machine learning, artificial intelligence, internet of things devices and personalized experiences to drive consumer experience, retention and engagement.

However, as many of these companies have realized, regulation has been slow to catch up and the impact of disparate regulation over 51 jurisdictions has hampered the ability to scale in the same way technology companies are able to do in nonregulated industries, and even in some regulated industries, such as fintech, scalability is easier than insurtech. Everything from inducement/anti-rebating laws, to carrier business seasoning requirements, to opaque interpretations of anti-discrimination laws has stymied insurtechs’ growth.

Nonetheless, regulators are catching up for better or worse. On the one end, New York sent chills through the life insurance industry with its Circular Letter No. 1 of 2019; which purports to restrict the ability of life insurers’ use of external data sources unless they can prove that such use does not and will not have a prohibited discriminatory impact.

On the other hand, states like Kentucky and Vermont have passed regulatory sandbox legislation, allowing for greater innovation in testing scenarios in those jurisdictions. In the middle, is the NAIC, which has no less than three working groups focused on regulation big data/AI; innovation in anti-rebating laws; and potential regulation of so-called bots. How all of these regulatory initiatives may shake out will be part of the defining narrative of the next decade.

9. Credit for Reinsurance Amendments and Covered Agreements

Traditionally, in order for alien insurance companies to reinsure risk from U.S. cedents, collateral needs to be established for the benefit of policyholders, often in an amount in excess of 100% of the risk reinsured. However, in 2011, to mitigate this substantial collateral burden, the NAIC amended its Credit for Reinsurance Model Law to allow for reduced collateral to be posted by reinsurers domiciled in particular “qualified jurisdictions” that obtained and maintained certain financial credit scores. These reinsurers are referred to as “certified insurers” by the states that have adopted the CRML.

On June 25, 2019, the NAIC further amended the CRML to memorialize the bilateral “covered agreements” entered into between the U.S. and the E.U. in 2017, as well as between the U.S. and the U.K. in 2018. These covered agreements prohibit the application of reinsurance collateral requirements to certain qualifying insurers domiciled in the foregoing jurisdictions.

To the extent that states continue to apply the “reduced collateral” standards of the 2011 CRML amendments to qualified reinsurers domiciled in the E.U. or the U.K. rather than eliminate collateral requirements as to such reinsurers entirely, such states’ laws will become preempted by September 2022.

The 2019 amendments to the CRML also opened up a path for reinsurers domiciled in jurisdictions other than the E.U. and the U.K. to obtain zero collateral treatment if such jurisdictions qualify as a “Reciprocal Jurisdiction” and reinsurers seeking zero collateral treatment meet heightened rating and financial standards. It should be noted that not all states have adopted the 2019 amendments to the CRML.

The covered agreements entered into between the U.S. and various jurisdictions, as well as the multiple amendments to the CRML have vastly expanded access to reinsurance markets around the world as reduced (or, in some cases, zero) collateral requirements have made the cost of doing reinsurance business in the U.S. significantly less burdensome. We expect to see collateral requirements further reduced over the next decade.

10. Risk Assessment Requirements for Holding Companies: ORSA, Enterprise Risk Reports and CGADs

The NAIC Solvency Modernization Initiative project kicked off in 2008, but was primarily implemented during the past decade focused on enhancing group supervision and ongoing enhancements are being made to toolbox U.S. state insurance regulators use for group-wide supervision. As part of SMI, the NAIC implemented three additional layers of self-reporting for insurance companies: own risk and solvency assessment, or ORSA; enterprise risk assessments (Form F) and corporate governance annual disclosures, or CGAD.

Under ORSA, most large insurers (over $500 million of direct and assumed premium on a standalone basis or over $1 billion on a group basis) must conduct an annual assessment and prepare and file a confidential ORSA summary report. ORSA’s goals are to foster an effective level of enterprise risk management and provide a company group-level perspective on risk and capital adequacy.

Similarly, the annual enterprise risk assessment (Form F) regulatory filing was developed to identify material risks within the insurance holding company system that could pose enterprise risk to the insurer or insurers within the system. Unlike ORSA, Form Fs are required of every ultimate controlling person of an insurer or insurance group.

Finally, the CGAD was developed to require extensive disclosure of regulated insurance companies’ corporate governance practices on an annual basis. This disclosure is made for each insurance company group, and at the level at which (1) the risk appetite is determined; (2) the earnings, capital, liquidity, operations, and reputation of the insurer are overseen collectively and at which the supervision of those factors is coordinated and exercised; or (3) legal liability for failure of general corporate governance duties would be placed.