If there is one change in U.S. insurance regulation that directly resulted from the financial crisis of 2008, it is the expansion of regulatory oversight of the activities of an insurer’s parent company and affiliates — a change embodied in recent amendments to insurer holding company laws in California, Texas, Pennsylvania, Rhode Island, West Virginia, Nebraska and Connecticut, with other states likely to follow in the next two years. In December 2010 the National Association of Insurance Commissioners (NAIC) significantly amended the Model Holding Company Act. Though not binding by itself, the Model Act has been enacted in some form by every state and is one of the key regulatory tools for overseeing the relationships between an insurer, its controlling person or entity and all affiliates of the insurer.

Instead of merely regulating specific transactions such as acquisition of control over an insurer, the amount of dividends that may be extracted from an insurer or how much reinsurance may be ceded by an insurer to its affiliate, the NAIC’s new version of the Model Act requires the non-insurer holding company to file — with the domestic regulator of the insurer it controls — reams of information about the risks to the insurer’s business posed by the activities of other members of the holding company system: the insurer’s parent, its affiliates and its subsidiaries. This new reporting requirement is in keeping with similar disclosure obligations imposed by the Dodd Frank Act on companies that are deemed to present systemic risk, and thus are "too big to fail." As more and more states adopt these important changes, companies that never previously had to deal with a U.S. state insurance department are likely to find themselves negotiating with state insurance regulators as to how much data, and how detailed the information, those regulators are entitled to receive about their non-insurance activities. They may even learn that they are subject to examination as to possible systemic risk that could impact their financial strength.

Enterprise Risk

The amendments to the NAIC Model Act introduced the concept of "enterprise risk", i.e.,the risks which the noninsurer parent, affiliates, and subsidiaries present to the insurer and which the ultimate parent — the holding company — must annually report to the insurer’s lead domestic regulator on a new Form F Enterprise Risk Report. Enterprise risk is defined as "any activity, circumstance, event or series of events involving one or more affiliates of an insurer that, if not remedied promptly, is likely to have a material adverse effect upon the financial condition or liquidity of the insurer or its insurance holding company system as a whole, including, but not limited to, anything that would cause the insurer’s Risk-Based Capital to fall into company action level ... or would cause the insurer to be in hazardous financial condition." Model Act §1(F).

States have long required domestic insurers to obtain approval for various transactions with parent companies and affiliates, such as loans of insurer funds to the holding company or management service agreements between the insurer and an affiliate. Regulators have also had the power to compel the insurer to provide information, to the extent legally permissible, about other members of their holding company system.

What is striking about these new provisions is that they impose the reporting obligation directly on a non-insurer, not otherwise regulated by a state, when the non-insurer may not even have a legal presence there if it has no offices, facilities or employees of its own in the state. The Enterprise Risk Report is designed to enable the parent to assess the material risks within the insurance holding company system that might affect its insurance company subsidiaries. In that context, the information to be disclosed would include material developments relative to such things as strategy, regulatory activity/litigation that could have a significant impact on the holding company system, including such matters as business plans, capital resources of the holding company system and issues affecting the holding company’s or a key affiliate’s credit ratings.

Forcing Compliance

Just in case a holding company thinks it can ignore this new filing requirement with impunity, the NAIC amendments provide that refusal by a holding company to comply is a factor that will support the regulator’s denial of any request by the insurer for approval to pay an extraordinary dividend to its parent company shareholder. See, e.g., Cal. Ins. Code §1215.18. So in addition to the possible regulatory sanctions imposed directly on the licensed insurer for a parent company’s refusal to report, the regulators now have a powerful hammer to force compliance on the non-insurer parent.

Legislation in Texas and Other States

Some states have already legislated variations from the NAIC Model Act amendments. For example, the Texas legislature has provided for a gradual phase-in of the reporting requirements and, unless specially directed to report, imposed the requirement only as to insurers with significant premium volume. Thus, in the next three years, Texas domestic insurers will only have to file an Enterprise Risk Report if, as of

  • July 1, 2013, the total direct or assumed annual premiums of the insurer were $5 billion or more during the preceding 12-month period
  • January 1, 2014, premiums were more than $1 billion but less than $5 billion during the preceding 12-month period
  • January 1, 2015, premiums were more than $500 million but less than $1 billion during the preceding 12-month period (Tex. Ins. Code. §823.0595)

It will be interesting to see if the Enterprise Risk Report provisions become an NAIC accreditation standard that could impel legislatures in Texas and other states to continue the provisions in force.

Risk Report Confidentiality

To forestall massive industry resistance to the new reporting requirement, the amendments do provide that the Enterprise Risk Report initially be kept confidential, although regulators are empowered to share its content with other regulators and law enforcement personnel who agree to maintain confidentiality. The non-public nature of the report is not eternal and absolute, however, because after giving the insurer notice and a hearing, regulators may make it public, to the extent deemed appropriate, upon a determination "that the interests of policyholders, shareholders or the public will be served by the publication." See, e.g., Pa. Ins. Code, §1407; Ct. Ins. Code §38a-135.


These new provisions are aimed at preventing problems at the parent or affiliate level — having nothing ostensibly to do with the insurance company — from affecting (i.e., hurting) the insurance company’s finances. Interestingly enough, the amendments barely hint at what regulators are supposed to do with the information about parents and affiliates that theregulators collect. As of now, for example, no state insurance commissioner can administratively, or through a court, enjoin an affiliate not present in that state from trading in credit default swaps that may pose an enterprise risk. Presumably, if the risk is deemed sufficiently serious to render hazardous the insurer’s risk-based capital, the regulators can place the insurer in supervision or restrict it from writing new business under state insurer risk-based capital statutes. Time will tell whether U.S. insurance regulators’ new-found focus on non-insurance risks truly prevents an insurance company meltdown as a consequence of problems with its parent or affiliates — and whether these new reporting requirements will accomplish that purpose.

A version of this alert recently appeared as an article in the LIMRA Regulatory Review, issue 2013-1.