Login Register Subscribe
Current Issue

Treasury recommends revamping Federal Insurance Office, adopting uniform cyber rules

Reprints

The U.S. regulatory framework for the insurance industry can be significantly improved, including by revising the role of the Federal Insurance Office and adopting uniform state data security standards and breach notification requirements, according to a report released by the U.S. Treasury Department on Thursday. 

The department’s report examined the current regulatory framework for the asset management and insurance industries and made recommendations to align the framework with the administration’s core principles for financial regulation, according to a statement on Thursday. It was issued in response to President Donald Trump’s Feb. 3 executive order calling on the department to identify laws and regulations inconsistent with the core principles. 

“The regulatory framework for both the asset management and insurance industries can be significantly improved,” Treasury Secretary Steven Mnuchin said in the statement.

The report identified several potential changes to the regulatory framework, including adopting uniform state data security standards and breach notification requirements based on the National Association of Insurance Commissioners' Insurance Data Security Model Law – adopted on Tuesday. 

“The Insurance Data Security Model Law will not necessarily result in nationally uniform insurance laws regarding data breach notification and data security,” the report noted. “The model law does not address consumer notification and the degree of discretion and flexibility afforded to states in adopting and implementing NAIC model laws may undercut uniformity with regard to data security.”

It would also need to be adopted by the states to take effect — a process that could take several years in some states and would still not guarantee uniform adoption, according to the report. While the department is recommending prompt adoption of the model law by the states, it also recommends Congress pass a law setting requirements for insurer data security — but leaving supervision and enforcement with state insurance regulators — if adoption and implementation of the model law by the states does not result in uniform data security regulations within five years. 

The department is also recommending that steps be taken to improve information sharing within the insurance industry on cyber security threats and best practices and will direct the Federal Insurance Office to establish a working group charged with assessing cyber security challenges for the sector and issuing recommendations to industry participants and regulators, with particular attention paid to small and regional insurers, according to the report. 

In addition, the department has recommended five pillars of reforms to the Federal Insurance Office to “better align FIO with its statutory framework and to ensure consistency with the long-established U.S. policy of state-based insurance regulation,” according to the report. 

The FIO pillars include promoting the U.S. state-based insurance regulatory system and advocating for the U.S. insurance sector in international forums and negotiations and in foreign markets; providing insurance policy expertise and advice to the federal government, state insurance regulators and industry; and providing coordinated and collaborative leadership on insurance issues that engage the federal government and state insurance regulators. The last two pillars entail protecting the U.S. financial system and economy by advising the Treasury Secretary and the Financial Stability Oversight Council on insurance-related matters that may pose a threat to U.S. financial stability and protecting America’s financial security by promoting access to insurance products and administering the Terrorism Risk Insurance Program.

To ensure the office is accountable to the pillars, the department has committed to FIO’s increased transparency and stakeholder engagement and will implement mechanisms to achieve these objectives, according to the report. For example, the department is committed to making its international negotiating posture and actions more accessible to various stakeholders through both public and private forums and is committed to “more regular and consistent engagement” with state insurance regulators and stakeholders on important industry issues.

The transparency requirements speak to concerns previously expressed by the NAIC about what the association considered to be a lack of transparency by the Obama administration in negotiating the U.S.-EU covered agreement to address the U.S. lack of equivalency related to the bloc’s Solvency II directive for the insurance industry — a driving factor in a legislative effort to reform the FIO. 

The Washington, D.C.-based American Insurance Association’s Stef Zielezienski, acting chief executive officer and general counsel, praised several aspects of the report that he said the association has been lobbying for, including a shift away from an entity-based approach to an activities-based framework for domestic and global systemic risk assessments of insurers and “a re-commitment to a unified U.S. voice on international matters,” including a workable group capital initiative for U.S.-based insurance groups with international operations, according to a statement on Friday. He also praised the report’s pledge to coordinate with state regulators and the NAIC on a single terrorism risk insurance data call and a “clear vision” of and support for the appropriate international and domestic functions for the Federal Insurance Office.

The Treasury Secretary will direct FIO to coordinate with state insurance regulators and the NAIC to attempt to eliminate or reduce the inconsistencies between the existing data calls concerning terrorism risk insurance and encouraged them to explore the possibility of conducting a single data call, according to the report. 

The NAIC is still reviewing the report, but issued a preliminary statement expressing appreciation for the department’s endorsement of state regulation and commitment to advocating for the U.S. system at the international level, as well as its support for the NAIC’s insurance data security model law. 

"Treasury supports the state-based system of insurance regulation and recognizes that many aspects of the business of insurance are local in nature and do not lend themselves to uniform national approaches,” the NAIC said in its statement.