The New York Department of Financial Services (DFS) has proposed three new rules relating to corporate governance and oversight for New York insurers. The new rules would bring New York insurance laws in line with National Association of Insurance Commissioners (NAIC) model laws and regulations, although they go beyond the NAIC models in certain respects.

Regulation 215, Corporate Governance

A new Insurance Regulation 215 (11 NYCRR Part 90) would adopt, in substance, the corporate governance annual disclosure (CGAD) requirements of the NAIC Corporate Governance Annual Disclosure Model Act (Model 305) and Regulation (Model 306) (collectively, the NAIC CGAD Models). Adoption of both models is now part of the NAIC state accreditation standards. The proposed regulation was published in the New York State Register on March 18, 2020, and comments are due on May 18, 2020.

The proposed regulation requires all New York-authorized insurers to adopt a corporate governance framework appropriate for the nature, scale and complexity of the insurer. A corporate governance framework is defined as “structures, processes, information, and relationships used for the oversight, direction, control, and management of an insurer or system and for ensuring compliance with legal and regulatory requirements.” An insurer that is a member of an insurance holding company system can satisfy this requirement by relying on the holding company framework. 

All authorized insurers also must submit a CGAD to DFS by December 1, 2020. Thereafter, insurers must submit an amended CGAD by June 1 of each year showing any changes to its corporate governance framework or an affirmative statement that there has been no change. 

Whereas the NAIC CGAD Models only require disclosure of the framework through a CGAD statement, DFS imposes this as an affirmative obligation. In addition, unlike the NAIC CGAD Models, which allow a filing to be made with an insurance group’s lead state and require filing with each domestic regulator only upon the regulator’s request, the DFS proposal requires CGAD reporting by all New York-authorized insurers. The requirement nonetheless may be satisfied by filing a copy of the CGAD filed with the regulator of another state so long as it contains information comparable to the information required by the New York regulation. 

The CGAD can be made at the level at which (1) the insurer’s or system’s risk appetite is determined, (2) the insurer’s earnings, capital, liquidity, operations and reputation are overseen, or (3) legal responsibility for general corporate governance duty failures would be placed. The insurer chooses which level to use and must indicate the level in the CGAD.

The CGAD must discuss multiple areas of the corporate governance framework, focusing mainly on the role played by the board of directors or governing body of the insurer or system, senior management policies and practices, and critical risk areas oversight processes. The CGAD disclosures follow the NAIC CGAD Models, although Regulation 215 would make mandatory certain disclosure items that the NAIC Models only suggest for consideration. 

The proposed regulation also requires the CGAD to describe how the insurer ensures that directors comply with the duty (1) to act in good faith and in the best interests of the insurer and (2) to discharge their duties with the care that a person in a like position reasonably would believe to be appropriate under similar circumstances. The CGAD also must describe the management information systems or controls that the insurer has implemented to assist directors in carrying out their duties as well as how the insurer ensures that directors do not consciously fail to monitor or oversee the insurer’s operations.

Unlike the NAIC CGAD Models, the proposed regulation does not specifically declare the CGAD report to be confidential. However, the proposal recites as a source of authority New York Insurance Law Section 1504(c), which requires the superintendent to keep confidential the contents of reports made pursuant to the insurance holding company act and prohibits such reports from being made public without the insurer’s consent or upon a determination, after a hearing, that the interests of policyholders, shareholders or the public are served by their publication. 

Regulation 118, Internal Audit Function

Proposed amendments to Insurance Regulation 118 would require companies with revenues in excess of specified thresholds to establish an internal audit function. The proposal would adopt the internal audit function requirements of the NAIC Annual Financial Reporting Model Regulation (Model 205) with only immaterial deviations. Adoption of a rule requiring an internal audit function is now an NAIC state accreditation standard. The proposed amendment was published in the New York State Register on February 19, 2020, and comments are due on April 20, 2020.

The proposal defines “internal audit function” as “the role of applying a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes so as to add value, improve a company’s operations, and accomplish its objectives.” The proposal requires the internal audit function to be organizationally independent, with unrestricted access to the board of directors and regular reporting of periodic audit plans to the audit committee, not less frequently than annually. These requirements can be implemented at the ultimate group level, an intermediate group level or the individual legal entity level, provided the internal audit function addresses the company’s risk management, control and governance processes. 

The proposal exempts insurers with less than $500 million of annual direct written and unaffiliated assumed premium that are members of a group with less than $1 billion of annual direct written and unaffiliated assumed premium. In each case, the premium calculation includes international direct and assumed premium, but excludes premium reinsured with the Federal Crop Insurance Corporation and the Federal Flood Program.

Regulation 203, Group-wide Supervision

Insurance Regulation 203 sets out New York’s requirements for Enterprise Risk Management reports and Own Risk and Solvency Assessment. A proposed amendment to this regulation would adopt, with minor modifications, language of the NAIC Insurance Holding Company System Regulatory Act (Model 440) (NAIC HCA Model) that grants the superintendent authority to act as a group-wide supervisor of internationally active insurance groups (IAIG). The proposed regulation was published in the New York State Register on March 4, 2020, and comments are due on May 4, 2020.

The proposal defines IAIGs as groups that (i) have premiums written in at least three countries, (ii) have at least 10% of gross premiums written outside the United States and (iii) have total assets of at least $50 billion or at least $10 billion in total gross written premiums based on a three-year rolling average. 

The regulation authorizes, but does not compel, the superintendent to act as a group-wide supervisor. The proposal adopts the NAIC HCA Model’s criteria for making a determination as to whether it is appropriate for the superintendent to serve as group-wide supervisor, but it dispenses with a requirement in the NAIC HCA Model that DFS cooperate with other state, federal and international regulatory officials in doing so, and that DFS acknowledge another regulatory official who is already acting as the group-wide supervisor of an IAIG as the group-wide supervisor absent a change in circumstances that increases the significance of New York to the supervised group. Adoption of a rule for recognition of group-wide supervisors is now an NAIC state accreditation standard.

Under proposed amendment, the superintendent can:

• Assess enterprise risks within the IAIG to ensure that (i) the material financial condition and liquidity risks to the members of the IAIG are identified by management, and (ii) reasonable and effective mitigation measures are in place.
• Request, from any member of an IAIG, information in order to assess enterprise risk.
• Coordinate and compel development and implementation of measures designed to recognize and mitigate enterprise risks.
• Communicate and share IAIG information with other state, federal and international regulatory agencies.
• Enter into agreements with or obtain information from insurers registered under New York law, IAIG members, and any other state, federal or international regulator that oversees IAIG members in order to clarify the superintendent’s role as group-wide supervisor.
• Engage in other group-wide supervision activities.

These regulations nearly completely follow NAIC models that have now been made part of the accreditation and adoption seems likely, although some industry participants and trade associations may have comments on specific provisions.