Although insurers have been filing climate risk disclosure surveys in New York and other states for several years, New York is the first state to issue formal guidelines outlining specific steps insurers should be taking to manage risks and to impose deadlines for implementing them. The Climate Guidance addresses the same issues insurance regulators are considering through the National Association of Insurance Commissioner (NAIC); however, as it did with its 2017 Cybersecurity Regulations, the NYDFS decided to publish its own guidance before the NAIC work was finalized.
In developing the Climate Guidance, the NYDFS worked with insurers, international and U.S. regulators, and climate change experts, incorporating some of their suggested changes into the final draft of the Climate Guidance (and rejecting others). Unlike the Cybersecurity Regulations, the Climate Guidance did not undergo the formal rulemaking process under New York’s Administrative Code and, technically, could be considered non-binding. However, the NYDFS makes clear it is expecting insurers to follow the Guidance, that insurers are already obligated to evaluate risks under existing laws, and that it will be actively monitoring insurers’ progress.
At twenty-two pages, the Climate Guidance is fairly comprehensive. Insurers are expected to consider the effect of both short and long term climate change when underwriting and pricing risk, assessing solvency, and investing assets. Insurers will also need to have climate change risk expertise on their boards and at senior management levels, and will need to incorporate this expertise in their corporate governance functions. Physical risks (shifts in weather patterns) need to be considered as well as “transition risks” (e.g. consequences of shifting to a low-carbon economy, including decreases in fossil fuel asset values and costs to build new infrastructure).
Application/Scope of Guidance
At this juncture, the Climate Guidance applies only to New York-domestic insurers and does not reference foreign insurer compliance (under New York’s “Appleton Rule” or otherwise.) However, we expect other states will issue their own climate change risk guidance, or adopt NAIC guidance once finalized. Therefore, the NYDFS Climate Guidance is instructive for all insurers, especially given the detailed expectations outlined by NYDFS. Below are key expectations in the Climate Guidance, some of which can be satisfied at the insurer’s group level (i.e., parent company).
Timeline for Implementation
While the NYDFS will issue more guidance on specific timelines, insurers are expected to implement, by August 15, 2022, guidance that relates to Corporate Governance and Organizational Structure. Considering the fairly short time frame, we focus here on these key areas of the Climate Guidance.
Board of Directors. The insurer’s board of directors (or governing entity) is expected to understand climate risks, oversee management of them through a designated board member or committee and, if necessary, have a board member with climate expertise. The board’s approach must consider short and longer term impacts of climate change risk, eventually going beyond the standard 3-5 year business planning horizon. Insurers with material risks are expected to start experimenting now with planning further, in the 10 to 30 year timeframe.
The NYDFS acknowledges that, after a thorough assessment, an insurer may determine that climate risks are not currently material to its business. However, the insurer must still have a board designee because of climate risk’s evolving nature and investment risk (for example, the insurer’s investments could be vulnerable to the risk of advances in low carbon technology).
Senior Management. Insurers are expected to designate one or more members of senior management as responsible for the insurer’s climate risk management. As long as oversight is maintained, the designee may delegate responsibilities according to business units and functions (e.g., a chief underwriting officer may be charged with embedding climate risks in underwriting decisions).
Written Climate Risk Policy. An insurer is expected to have a written risk policy adopted by its board describing how material climate risks are monitored and managed and including the insurer’s risk tolerance and limits for financial risks. The written policy must consider factors beyond market conditions, regulatory changes and technology advances, such as:
- How decisions could affect long term financial interests;
- Results of scenario analysis and potential stress testing for short, medium and long-term horizons;
- Uncertainty around how and when ultimate risks could materialize; and
- How sensitive the insurer’s assets and liabilities are to changes in key climate risk drivers and external conditions.
An insurer that is part of a group can utilize policies and procedures developed at the group level for managing climate risks if: (1) the group level risks include those faced by the insurer; (2) the insurer implements the group’s policies and procedures; and (3) the insurer has appropriate access to relevant climate-related resources and expertise at the group level. If such conditions are met, the insurer can also utilize the group’s board designee to satisfy the insurer’s board designee requirement as long as the designee has appropriate access to the insurer’s board and management.
According to the NYDFS, insurers are expected to:
- Manage climate risks through their existing control functions (enterprise risk management, compliance, internal audit and actuarial functions);
- Ensure their organizational structure clearly defines and articulates roles, responsibilities, and accountabilities, and is reinforced by a risk culture that supports accountability in risk-based decision-making in setting climate risk limits and overseeing their implementation;
- Implement reliable risk management processes across lines of business, operations, and control functions, with clear steps to ensure the effectiveness and adequacy of climate risk integration;
- Explicitly consider climate risks (like other material risks) in risk management processes, including in enterprise risk reports and ORSA summary reports, and in the decision-making processes of senior management;
- Conduct objective, independent, and regular internal reviews of the functions and procedures for managing climate risks, report the findings of the reviews to the board, and adapt insurers’ functions, procedures, roles, and resources for managing climate risks as necessary;
- Through new hires, internal training or external consultants, develop the expertise required for assessing and managing climate risks at the level of the board and employees, including senior management; and
- Consider implementing remuneration policies to align incentives with the strategy for managing climate risks and with performance against climate metrics.
Assessing and Reporting Climate Change Risk
Enterprise Risk Management. Climate change impact should be reflected using existing Enterprise Risk Management (ERM) factors (i.e., credit, market, liquidity, operational, underwriting, reputational, legal and strategic risks.) The Climate Guidance includes useful examples of how climate risk can impact each factor. For example, credit risk could involve the effect of physical and transition risks on the financial viability of an insurer’s counterparties, including reinsurers. Legal risk could include the increase in climate-related lawsuits pursued by investors, activists and shareholders. Changes in the supply/demand for specific financial instruments and declines in asset value would constitute market risk. Underwriting risk could involve increased frequency and severity of weather-related catastrophes.
Risk Assessment and Scenario Analysis. Insurers that regularly conduct ORSAs are expected to describe how insurers identify, categorize, manage and monitor climate risks and the insurer’s tools for assessing climate change risk. Given the uncertainty of climate change impact, past experience is not necessarily a good indicator of future conditions, and climate change Scenario Analysis will be important to determine resilience to a range of outcomes. Scenario Analysis is expected to be embedded in the insurer’s corporate governance structures, risk management practices and ORSAs.
Scenario Analysis would include short to medium, as well as long term, assessment of an insurer’s exposures. Scenarios could include: (1) an orderly transition to low-carbon economies that phase out fossil fuels with minimum financial market disruption and a limited increase in natural disasters; (2) a disorderly transition with a large financial market disruption and a limited increase in natural disasters; (3) a disorderly transition with a drastic increase in natural disasters; and (4) no transition (as the economy continues to use the same amount of fossil fuel) with a drastic increase in natural disasters.
Publicly-traded insurers (or insurance groups) are already subject to SEC disclosure requirements. Additionally, insurers with over $100 Million in annual country-wide premiums have been describing their climate risks in 15 states (including NY) and the District of Columbia in Climate Risk Disclosure Surveys developed by the NAIC (NAIC Survey). An updated version of the NAIC Survey was exposed for comment on November 15, 2021 (available at this link).
Insurers are expected to publicly disclose their climate-change risk, but can use the NAIC Survey if their answers are responsive to the Climate Guidance’s expectations. Insurers that are not currently submitting the NAIC Survey can include disclosures on their websites or augmenting any public financial reports. Disclosure at the group level is acceptable if responses address practices at the insurer level.
Insurers are also expected to publicly disclose how climate risks are integrated into their corporate governance, risk management and business strategies, including how risks are accessed. For examples of climate risk disclosures being made by insurers currently, results of the NAIC Surveys are published on the California Insurance Department’s website.
Now that New York has published formal guidance, we expect the NAIC to work towards finalizing its own guidance. The NAIC is approaching Climate Change Risk Management through five separate workstreams: (1) Pre-Disaster Mitigation (including coverage gaps); (2) Solvency (ORSAs and changes to the Financial Analysis Handbook and Financial Condition Examiners Handbook); (3) Climate Risk Disclosure (promoting uniformity in disclosure reporting requirements); (4) Innovation (insurance products that can respond to climate-related risks); and (5) Technology (early warning systems and predictive modeling tools for evaluating climate risk). Information about each workstream (and the NAIC’s overall initiatives on Climate Change) are available in the NAIC’s Climate Risk and Resiliency Resource Center.