2015 in Review
November 17, 2015 by Maureen James
A Look at Regulatory Issues and Their Impact on Insurance Carriers and Distributors
It has been another successful year for life insurance and annuity sales – and the year isn’t over yet! Consumers continue to appreciate the financial protection and income benefits these products provide as they plan for their retirement, which has helped sales remain strong. With this continued strong growth in sales comes continued focus by state insurance regulators to ensure consumers are sold products that make sense to them, they understand what they are buying, and from whom.
Regulatory focus often shifts from year to year and may vary by state based on a number of factors, but we have identified some common issues many state insurance regulators were concentrating on during 2015. These issues will likely continue to be important for insurance carriers and distributors to pay attention to and manage their risks as it seems unlikely that regulatory attention on them will wane any time soon.
Advertising
Misleading and deceptive advertising, particularly around lead generation, remains a regulatory concern. In May 2015, Maine issued Bulletin 403 about problematic lead cards and reminded producers, agencies and third-party vendors that cards cannot be deceptive or misleading in any manner. The bulletin notes that not conspicuously disclosing “. . . in plain and understandable language. . . that the card is an insurance solicitation and that an insurance agent may contact the consumer. . .” is a practice that may lead to finding a card untrue, misleading or deceptive.
Similarly, in two separate agent consent orders issued by Minnesota, the producers were sanctioned for not sufficiently disclosing the true purpose of their workshops as well as failing to identify the insurer. The latter issue also came up in several consent orders issued to agents and agencies in New Jersey in 2015. This is significant because insurers are required to have a system of control over the advertising of their products, including ads generated by their independent distribution partners. While there is not one required method for how this is done, it is up to each insurer to develop a system and be able to document and demonstrate the effectiveness of their controls.
Over the past several years, regulators have been flagging the issues of insurer identification and responsibility through bulletins and enforcement actions. Insurers tend to flag generic materials as “out of scope” of their review, since the materials are not specific to their products. However, state regulators are tagging ads for failing to identify the insurer, creating pressure on insurance distribution partners and carriers to take more responsibility for the content. It may very well no longer be sufficient for a carrier to state ads are not subject to review just because they do not mention a specific product.
Another indication of regulator concern can be found in Virginia’s 2015 report on “Common Problems Found During Agent Investigations.” Both false information and advertising generally and misrepresentations and false advertising of insurance policies are listed, with the recommendation to send all marketing communications “. . . to the insurance company for its approval prior to its use.”
This all points to the need for carriers and distributors to have reasonable controls in place to manage the advertising used to solicit interest in insurance and annuities, regardless of whether or not a carrier name or product is identified. This system of control could range from requiring all advertising to be reviewed and approved prior to use, even on non-carrier-specific materials, to a post review sampling of select materials. Whatever the approach, it will be important that carriers and distributors can demonstrate to insurance regulators that they have an approach to managing this risk.
Suitability
The idea of making suitable sales to consumers is not new. In fact, it seems like it should be common sense that agents analyze their clients’ needs and determine which product makes sense for their unique financial situation, and quite often this is the case. However, the NAIC Suitability in Annuity Transactions Model Regulation, adopted in 2010, formalized the requirement for annuity sales to be suitable and outlined the types of information that agents need to consider when making a product recommendation. Insurers are then tasked with establishing a system of supervision that ensures that clients’ objectives and financial needs are adequately addressed.
Now, five years later, only 35 states have adopted the suitability model regulation and among those who have, the application of the regulation has been somewhat inconsistent. Numerous state insurance regulators, especially those in states where the model regulation has passed, are now reviewing agent and insurer suitability activity over the past five years to evaluate whether or not the standard is being effectively managed – and finding some who are coming up short.
In addition, the Federal Insurance Office recently released its 2015 Annual Report. An excerpt from the report stated:
“As unprecedented number of seniors reach retirement age with increased longevity, and as life insurers continue to introduce more complex products tailored to consumer demand, the absence of national annuity suitability standards is increasingly problematic. FIO recommends that all states adopt a suitability standard at least as rigorous as the NAIC model. In the absence of more uniform adoption and implementation of the Model Suitability Regulation, federal authorities should consider appropriate action.”
We believe that we will continue to see suitability as a priority for both state and federal regulators for some time to come. In fact, many state insurance regulators have been vocal about their concerns with how it is currently being managed and supervised, and have committed to focusing on the topic in market conduct exams as well as in enforcement actions.
DOL Fiduciary Rule Proposal
The Department of Labor (DOL) has proposed a change to the definition of fiduciary under the Employee Retirement Income Security Act (ERISA), which would expand the scope of those who become fiduciaries. The goal of this proposed rule is to ensure that the client’s best interests are the sole basis for making a product recommendation for funds covered by ERISA.
The industry’s response has been swift and extensive, with over 2,500 comment letters received by the DOL in response to the proposal. In general, the industry isn’t arguing that financial professionals should act in the best interests of the client when making product recommendations. The concerns raised by the industry center around the manner in which the proposal seeks to achieve that objective. Much has already been written about these concerns. Suffice to say that compliance with the proposal, as currently drafted, could be cumbersome or even unworkable.
While it is unclear what the final rule will look like, the proposal sends a strong message that product recommendations must be in the best interest of the client. Both state and federal regulators agree on this concept. Robust suitability standards and processes are essential to ensuring that the best interests of the client are considered when a product recommendation is made. Therefore, the industry should carefully consider the impact of a final rule on the suitability process.
Cybersecurity
Insurance carriers and distributors collect and maintain a significant amount of personal client data, and clients need to be able to trust that their information is safe and secure. This task is becoming more and more challenging, as the frequency of breaches continues to rise. According to a 2014 report by McAfee, cybercrime costs the global economy upwards of $400 billion every year, so this alone is bound to get regulator attention. Carriers, in particular, have seen increased focus from regulators on data security, and this area is becoming a significant portion of state market conduct exams.
This issue, which is magnified at the carrier level, is also one that agents and marketing organizations need to take seriously. Agents and marketing organizations are typically the front line with the client, receiving, transmitting to carriers, and often storing client data in their own offices as well.
Carriers need to continue to work closely with their technology, compliance and legal departments to protect sensitive client data, and also continually educate their staff and agents/marketing organizations about managing client data. Due to the lightning speed with which technology changes, this is an area that will likely be a long-term and ongoing area to be managed. Additionally, given the level of activity and focus on this issue by the NAIC (the Cybersecurity Task Force of the NAIC adopted the Principals for Effective Cybersecurity in April), it should be expected that regulators will also make this a priority for the foreseeable future.
Corporate Governance
The concept of corporate governance has been in existence for many years, and is generally defined as a system of structure and rules and processes by which a company is controlled to ensure accountability and transparency with stakeholders. At a very high level, the framework of a strong corporate governance program should include, among other things, policies and procedures which outline responsibilities, rights, systems of supervision and control, and the flow of information for a company.
State and federal regulator interest in companies’ corporate governance practices, particularly in relation to accountability, increased following the high-profile collapses of a number of large corporations during 2001 and 2002, most of which involved accounting fraud; and then again after the recent financial crisis in 2008. Corporate scandals of various forms have maintained public and political interest in the regulation of corporate governance.
In August of 2014, the NAIC adopted a Corporate Governance Annual Disclosure Model Act and supporting Model Regulation, which provides a means for insurance regulators to receive additional information on the corporate governance practices of U.S. insurers on an annual basis. Under the requirements of the Model Act, U.S. insurers will be required to provide a detailed narrative describing governance practices to their lead state or domestic regulator by June 1 of each year. This reporting requirement for insurance carriers is expected to begin in January 2016.
This issue will be a priority for most regulators as it is implemented in the coming months, so carriers should invest the time and resources to manage this issue properly. Successful implementation of corporate governance practices requires dedication, active coordination between various company departments/functions, and extensive compliance expertise. This last element is critical to ensure that the framework and practices are designed to provide effective governance.
ERM/ORSA
Somewhat related to corporate governance, the concepts of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) are critical for companies to fully understand and manage in order to ensure their sustainability. ORSA, which is an important component of a company’s overall ERM system, is an internal process undertaken by an insurer or insurance group to assess the adequacy of its risk management and current and prospective solvency positions.
How to conduct the ORSA is left to each insurer to decide, and actual results and contents of an ORSA report will vary from company to company. The result will be a set of documents that demonstrate the results of management’s self-assessment. To comply with ORSA (which applies to any individual U.S. insurance carrier that writes more than $500 million of annual premium), carriers must provide a confidential high-level ORSA Summary Report annually to the lead state commissioner and/or the domiciliary state regulator.
To assist carriers with their ORSA Summary Report, the NAIC’s Group Solvency Issues (E) Working Group recently published its observations of the ORSA Summary Reports that were reviewed as part of the 2014 pilot project and hosted a webinar to provide additional, specific guidance. While there was too much guidance provided during the webinar to reproduce for this article, here are a couple of examples:
- Honest dialogue of the organization’s current state is important. Regulators recognize that building an effective ERM process takes time (don’t need to be perfect yet).
- Risk Appetite, Tolerances, and Limits should be shown for each risk. If these cannot be established for a specific risk, explain why not. The expectation is that what you do makes sense and that you can explain it.
Under NAIC Model No. 505, large- and medium-size U.S. insurance groups and/or insurers have been required to conduct an ORSA starting in 2015, so this is well underway for many carriers as this publication goes to print, and will continue to be a discipline to be actively and effectively managed by companies going forward.
Conclusion
The pace of regulatory change remains very high and shows no sign of abating. New regulations are forthcoming on many fronts and are presenting, in many cases, difficult challenges. More than ever, it is critical that organizations devote resources to enhance their compliance programs. The price of reducing compliance risk to enable sustainable success is going up. Take the appropriate steps to position your organization to fulfill its mission well into the future.
