• Home
• Services
• Issues
• Links
• About Us

"The Times They Are A-Changin’"1

The future of insurance regulation may already be here

1. Introduction

   A fundamental shift in the way insurers are regulated is underway that will require the personal attention and most importantly, the personal participation of company senior management. Company personnel, from the CEO down to line management, corporate counsel, financial staff and even Board members must be prepared.

   Until now, the focus of state-based financial oversight has been a backwards-looking analysis of earlier, static, financial positions based primarily on the annual statement filed with the state regulator. This has led to a perception that by the time regulators analyze the data reported, or conduct a financial examination, the numbers are so outdated that they are irrelevant to effective oversight. In response to this perception, many regulators and industry representatives have sought ways to make solvency regulation more meaningful and dynamic. The goal is to create a system that is less reliant upon rigid analysis of static numbers for solvency oversight, and to provide the dynamic analysis necessary for a more fluid “risk-based” system of regulation. The result of that approach, however, will involve a much higher degree of subjective analysis by insurance regulators, and greater intrusion into each company’s business planning. This new system will work well only if all parties are prepared and have a clear understanding of each other’s perspectives and expectations. For regulated companies, risk-based surveillance presents significant perils if they do not. And depending upon the quality of state insurance department training programs, it may fall to company personnel to ensure that the examiners’ analyses and regulatory expectations are appropriately managed.

   Senior management needs to be aware of the changes that have already taken place and what remains under consideration. The newly implemented system of risk-based financial regulation will necessitate active involvement of all senior management, including Chief Executive Officer (CEO), Chief Financial Officer (CFO), Chief Investment Officer (CIO) and Chief Operating Officer (COO) who have been described collectively as “C-level management.” Regulators will require their direct participation in the examination process as they seek a deeper understanding of the corporate culture and tone and the specific company or holding company risk profile.

   This article seeks to provide a basic outline of the current and emerging solvency oversight environment and to highlight some of those areas that will prove to be a significant departure from the existing regulatory process.

2. The World as We Know It

   1. Examination Process

      The existing, old-style solvency oversight function rarely if ever involves direct senior management participation. It is not unusual for financial examiners to deal exclusively with staff coordinators, who will be the primary liaison between company and regulator. In examinations of large carriers, or those who are members of holding company systems, the relationships between examiner/regulator and senior company management is even more attenuated. Board members under the current structure are almost never included in the process.

      Financial examiners conduct examinations using handbooks developed by the National Association of Insurance Commissioners (NAIC)2, which prescribes a series of checklist items for examiners to review. This approach reviews historical data documenting financial results, but does not include discretionary analysis of that data. Nor does it analyze that data in the broader context of a company’s operations. As will be discussed more fully below, the new oversight protocols create a new paradigm requiring subjective determinations by examination staff on the quality of company management, their ability to manage the company and business risks management may be taking. This is a significant departure from earlier regulatory models, and an approach that in the regulators own terms, is avowedly “more intrusive.”

   2. Corporate Governance

      Prior to the enactment of the Sarbanes-Oxley Act of 2002 (SOX), direct regulatory review of corporate governance issues was limited. While SOX itself applies only to SEC-registered companies, after its passage the NAIC, in close conjunction with industry participants, developed a comparable model that would impose similar requirements on all carriers, whether SEC registered or not. The resulting Annual Financial Reporting Model Regulation, places significantly more stringent oversight and certification responsibilities on insurance company management.3 Under this model, all insurers will be required to certify to management’s active involvement in developing and testing company financial controls4. While in most states implementation of this model will require legislative action, it is anticipated that this will occur prior to the model’s 2010 effective date. Other pending models will require members of Boards of Directors, as well as other senior management, to personally “establish and provide oversight of a risk management system…” review and establish “the maintenance of an internal audit” function; and personally oversee actuarial and other financial valuations5.

3. Changes Underway

   1. Overview

      Beginning in 2002, the NAIC, through its various working groups, began discussing how to restructure financial examinations to allow them to better focus on specific company risks rather than on static analyses of risk-based capital or financial statement reporting. Regulators embraced the need for more sophisticated methods of focusing attention on those activities that pose the greatest solvency risk for each company individually. Examination procedures have been developed and incorporated into the Financial Condition Examiner’s Handbook that are intended to allow for an assessment of a company’s risk management process, the quality of management oversight and understanding of those risks, the effectiveness of Board oversight and an evaluation of internal company controls. It is anticipated that these new procedures will allow examiners to assess a company’s governance structure, corporate culture and management’s processes to identify, assess and manage risk. Under this new analysis protocol, while the checklists of old have been retained in part, the new paradigm requires subjective determinations by examination staff of the quality of company management and its ability to understand and explain the company, its operations, its governance and philosophy and the nature of the business risks it assumes. This, again, is a significant departure from earlier regulatory models.

      In order to lay out these examination procedures in a cogent manner, the drafters created a five part structural framework to assist examiners in creating a forward, rather than backward view of an insurer’s risk profile. Each of the five parts listed below contain multiple sub-parts.

      • The on-site risk-focused examination
      • The off-site risk-focused financial analysis
      • Internal and external changes
      • The priority system (CARRMEL)
      • Ongoing supervisory plans

      This article will focus solely on the first part of the framework, the on-site risk-focused examination, which includes within it a discussion of the priority system, or CARRMELs.

   2. The Risk-Focused Examination – CARRMELs

      From a senior management perspective, it is important to note that the new on-site examination process requires insurance department examiners to make subjective determinations about the quality and reliability of a company’s corporate governance structure and its risk management programs. The stated purpose is to allow the examiners to determine which business activities should be deemed to be “high-risk,” and therefore needing a closer analysis, as well as to ensure that management is, in the regulators’ judgment, adequately engaged in the risk management process.

      One attempt to minimize the subjectivity of the analysis is the use of a series of ratios to identify areas of perceived financial difficulty or concern. The ratios that have been developed are grouped under the term “CARRMELs,” which stands for Capital Adequacy, Asset Quality, Reinsurance, Reserves, Management, Earnings and Liquidity. While the precise ratios have not been made public, a company whose score falls outside the “normal” range will be subjected to more intense regulatory scrutiny with respect to those scores and the overall issue areas in which the company failed to meet normal expectations.

   3. The Risk-Focused Examination Matrix

      The on-site examination has been divided into a seven-phase matrix. The first phase, “Understanding the Company/Assessing Corporate Governance” will require active involvement of senior management and possibly members of company boards of directors. The same is true for the third phase, “Identifying and evaluating risk management processes.” The discussions of these two phases, below, are intended to outline those issues and areas where regulators are most likely to seek personal input by senior management or board members. In each of these instances, it is critical to remember that the examiner’s report will contain, at a minimum, a summary of the information gleaned from these personal interviews. It is also important to keep in mind that although these two phases are the ones in which personal participation by key decision-makers is most likely, requests for these personal interviews can occur during every phase of the examination process. Management and board members must be prepared for this eventuality.

      Phase 1:    Understanding the Company/Assessing Corporate Governance

      The purpose of this first phase is to allow examiners to identify and gain an understanding of the key functional activities in which a company will engage. Completing this phase will require examiners to conduct interviews with senior management, all C-level management, and all line-level management. In the regulators’ view these interviews are “a key step in the top down approach” to risk assessment examinations.6

      During Phase I, management must be prepared to discuss, among other things, the company’s corporate governance and the nature and structure of its risk management program, as well as to guide examiners through the company’s key business activities. Senior management will be asked to demonstrate active Board and management oversight of all key functions, as well as the existence of an adequate internal audit function. The NAIC’s Financial Condition Examiner’s Handbook specifically urges examiners to discuss with senior management acquisition plans, management changes, litigation and any other issues that may, in the examiner’s judgment, impact solvency. Senior management’s competence will be based upon the examiner’s judgment of their understanding and ability to describe and defend company practices in these areas.

      Corporate Governance

      The Handbook instructs examiners to document “the understanding and assessment of an insurer’s board of Directors and management.7” In order to do this, the examiners must assess – and management must be prepared to demonstrate – among other things:

      • Industry expertise and the overall management skills of the Board and of senior company management
      • Adequate involvement in company operations by members of the Board;
      • Information flow between management and the Board;
      • Adequate and sound principles of conduct governing management and the Board.

      “Tone at the Top”

      Under the new examination protocols, company personnel, from the CEO down to line management, will be required to explain their accountability to the Board of Directors and, if asked, key Board members will be required to be made available to regulators who will be independently assessing those Board members’ skill and independence. Many questions remain regarding the nature and scope of that inherently subjective analysis. Regulators will be prepared to evaluate management philosophy, management’s “operating style,” the impact of both on the corporate culture, and management’s attitudes and ethical standards. Management must prepare itself adequately for these interviews, and should encourage Board members to be likewise prepared.

      Phase 3:    Identifying and evaluating risk management processes

      Completing this phase will again involve an assessment of the company’s corporate governance and an evaluation of management’s performance, this time in identifying and evaluating the company’s risk profile. The insurance examiner will attempt to identify and evaluate a company’s risk mitigation strategies and internal controls, as well as to evaluate the effectiveness of Board and senior management oversight. Examiners will use that information when assessing the adequacy of a company’s risk mitigation activities. Senior management must be prepared to discuss its risk management and mitigation strategies for areas other than financial reporting, as well as those developed under SOX and the Annual Financial Reporting Model Regulation for financial reporting. Management and board members must also be prepared to outline specific internal control procedures, and in areas where controls do not exist (for example, because company size makes certain controls impractical), why they do not exist.

      Examiners will rate companies as having:

      • Strong risk management (“management effectively identifies and controls all material types of risk posed by the relevant activity”)
      • Moderate risk management (“the insurer’s risk management processes, although largely effective, may be lacking to some modest degree”)
      • Weak risk management (risk management processes that are lacking in important ways and therefore are a cause for above normal supervisory attention”)

      Clearly, companies who are evaluated as having weak risk management will be subject to significantly more stringent regulatory oversight than those who are considered to have a strong risk management profile.

Conclusion

The world of insurance regulation is undergoing a significant shift. Pressures on state regulators from across the country and indeed, internationally, are causing them to reconsider the underlying reasons for financial regulation and the ways in which they carry out their regulatory functions. Many of the changes, particularly those that steer regulation toward a risk-based, or risk-analysis method of oversight are theoretically good ones. Good as they may be conceptually, however, they bring with them added responsibility and impose significant burdens on regulated entities, and in particular, senior management and board members. Senior management and key board members must be willing, and prepared to articulate their positions, their decisions, their analyses and the path down which they intend to steer their companies. This is significant change from the past, where examination staff confined themselves to their few static areas of oversight and effectively ignored the role of management and boards. In order to ensure that the transition to this new world is a smooth one, company management, company financial examination staff, board members and all key decision-makers must take necessary steps. They must ensure that they know how their domestic regulators intend to implement the new risk-focused examination procedures, and ensure that they are prepared to articulate their oversight of their companies’ affairs and visions for their companies’ future.

1Editorial assistance for this article was provided by Jeff Gabardi, Senior Vice President, America’s Health Insurance Plans and Brent Barnhart, Senior Counsel, Kaiser Foundation Health Plans.

2See, Financial Condition Examiner’s Handbook

3The model was adopted by the National Association of Insurance Commissioners in 2006. It must be adopted either by statute or regulation in each state in order for it to become effective in that state.

4The model exempts carriers with less than $500 million in annual direct and assumed written premiums from certain management reporting requirements.

5The NAIC’s Corporate Governance for Risk Management Act has, as of the date of this writing, not been formally exposed for public comment.

6See, Financial Condition Examiner’s Handbook, 2007 edition, at 1-26.

7Id, at (1-22)

A copy of this document is available in PDF format by clicking here.