Industry the June 2016 issue

Groundhog Day

The NAIC has a history of moving with all due sluggishness. But when it comes to cyber security, picking up speed could be harmful.
By Scott Sinder Posted on July 27, 2016

Like the life of Bill Murray’s character in the 1993 movie, the NAIC gatherings of regulators, lobbyists and paid consumer reps can be monotonous and repetitive, giving the impression that nothing gets accomplished. And that isn’t completely inaccurate. But it’s not completely fair anymore, either. 

In the old days, the joke was that you could check in on NAIC meetings every few years and not miss a beat—same issues, same people, same status. That has changed, at least on some issues important to brokers. Since the enactment of the Affordable Care Act (ACA) and the Dodd-Frank financial reforms, the NAIC has engaged and moved (relatively) rapidly through issues the feds have forced upon it. ACA implementation issues include minimum loss ratios, network adequacy and a number of old NAIC model laws that required updating due to the new federal law. Dodd-Frank issues include surplus lines reform and the creation of (and perceived competition from) the Federal Insurance Office (FIO). Let’s take a closer look at the Dodd-Frank issues to see this in action (or non-action). 

FIO Moves In

State regulators have seen their position as the only U.S. voice on insurance regulatory matters challenged by the new federal non-regulator. The Federal Insurance Office represents the United States at the International Association of Insurance Supervisors and is broadly active on international insurance regulatory issues, most recently pressing forward on a “covered agreement” with foreign regulators addressing reinsurance collateral issues. The FIO’s high profile and its forceful entry into the insurance regulatory arena—at least on the international stage—has stung the NAIC and state regulators. They have responded with rhetoric and by pushing their revamped insurance collateral model in the states. This tussle will continue while the states and FIO learn how to deal with each other.

A Passive Approach to NRRA

In 2010, the Non-Admitted and Reinsurance Reform Act (NRRA) was passed as part of Dodd-Frank to establish the insured’s home state as the one and only jurisdiction to regulate and tax surplus lines transactions. While this initially prompted a rush of discussion, ultimately the NAIC served as more of a facilitator for the differing state approaches to taxation than a centralizing force for a standard state approach. Perhaps as a result, we ended up with several different approaches to surplus lines premium tax requirements, including two different multi-state compacts: SLIMPACT, pushed by state legislators at the National Conference of Insurance

Legislators, and NIMA, under the auspices of state regulators (although not officially endorsed by the NAIC).

Despite these compacts, which were designed to facilitate interstate tax allocation and tax sharing, most of the states bypassed both and opted to simply collect and keep 100% of the premium tax incurred. Now, five years after the enactment of NRRA, this straightforward approach to surplus lines premium taxation appears to have won the day. SLIMPACT, which was enacted by nine states but never became operational, is dead. NIMA, which had a handful of states using its tax-sharing mechanism at the start, has lost its biggest market, Florida, whose departure will likely be NIMA’s deathblow. Florida is the second NIMA jurisdiction to withdraw from the tax-sharing agreement in the past six months, leaving South Dakota, Utah, Wyoming and Puerto Rico as the only remaining members. Tennessee remains an associate member, but there doesn’t seem to be any juice among other states to join. 

When It Comes to Cyber, Slower Is Better

The NAIC is currently pressing on cyber security, another issue in which the association has been motivated (at least partly) by an interest in protecting state insurance regulators as the principal regulators of insurance. The NAIC took up this issue-du-jour last year with the creation of a task force charged with figuring out what state insurance regulators should be doing to protect consumers’ data and how to respond to data security breaches. In the past year, the regulators have developed a “roadmap” and adopted “principles” for effective cyber security. Both of those documents were a precursor to the main event: developing a model act setting forth cyber security and data breach notification requirements for insurers, producers and others subject to state insurance licensing. The model has been released in draft form, and Adam Hamm, the North Dakota commissioner who is leading the cyber effort for the NAIC, has said he wants it adopted by August, when the association next meets.

Moving any model act through the NAIC in six months (or less) is rare. And moving a model as significant as the cyber model so quickly would be precipitous and unwise. As much as we joke that NAIC means No Action Is Contemplated, the NAIC’s deliberative process can be a good thing, particularly regarding a complicated issue with potentially far-reaching ramifications. It is critical for the regulators to fully understand the issue, the proposal and its impact when taking a policy position by developing a model and recommending individual states take action by adopting it.

As much as we joke that NAIC means No Action Is Contemplated, the NAIC’s deliberative process can be a good thing, particularly regarding a complicated issue with potentially far-reaching ramifications.

The cyber model as currently drafted raises significant questions and concerns, not the least of which is the concern that this could simply lead to another layer of cyber regulation on top of other state and (potentially) federal rules. Rushing the consideration and adoption of such a model, without careful discussion and full understanding of its implications, would do more harm than good. 

So maybe Groundhog Day isn’t so bad after all.

Scott Sinder Chief Legal Officer, The Council & Partner, Steptoe & Johnson LLP Read More

More in Industry

A Shot in the Arm
Industry A Shot in the Arm
We can help normalize work with vaccine support.
Industry Connecting the Dots
Q&A with Vikram Mansharamani, Author and Global Trend Watcher
Diversity in London?
Industry Diversity in London?
As the right thing to do (and the smart thing to do) the London risk market fina...