ENROLLED 2016 Legislature CS for CS for SB 1422, 1st Engrossed 20161422er 1 2 An act relating to insurer regulatory reporting; 3 creating s. 628.8015, F.S.; defining terms; requiring 4 an insurer to maintain a risk management framework; 5 requiring certain insurers and insurance groups to 6 conduct an own-risk and solvency assessment; providing 7 requirements for the preparation and submission of an 8 own-risk and solvency assessment summary report; 9 providing exemptions and waivers; requiring certain 10 insurers and members of an insurance group to prepare 11 and submit a corporate governance annual disclosure; 12 requiring the initial corporate governance annual 13 disclosure to be submitted to the Office of Insurance 14 Regulation by a specified date; authorizing the office 15 to require an insurer or insurance group to provide a 16 corporate governance annual disclosure before such 17 date under certain circumstances; specifying 18 requirements for preparing and annually filing the 19 corporate governance annual disclosure; specifying 20 privilege requirements and prohibitions for certain 21 filings and related documents; authorizing the office 22 to retain third-party consultants for certain 23 purposes; providing certain requirements for the 24 National Association of Insurance Commissioners or 25 third-party consultants in an agreement; authorizing 26 the Financial Services Commission to adopt rules; 27 amending s. 628.803, F.S.; revising provisions 28 relating to penalties to conform to the act; providing 29 for contingent repeal of the act; providing a 30 contingent effective date. 31 32 Be It Enacted by the Legislature of the State of Florida: 33 34 Section 1. Section 628.8015, Florida Statutes, is created 35 to read: 36 628.8015 Own-risk and solvency assessment; corporate 37 governance annual disclosure.— 38 (1) DEFINITIONS.—As used in this section, the term: 39 (a) “Corporate governance annual disclosure” means a report 40 filed by an insurer or insurance group in accordance with this 41 section. 42 (b) “Insurance group” means insurers and affiliates 43 included within an insurance holding company system. 44 (c) “Insurer” has the same meaning as in s. 624.03. 45 However, the term does not include agencies, authorities, 46 instrumentalities, possessions, or territories of the United 47 States, the Commonwealth of Puerto Rico, or the District of 48 Columbia; or agencies, authorities, instrumentalities, or 49 political subdivisions of a state. 50 (d) “Own-risk and solvency assessment” or “ORSA” means an 51 internal assessment, appropriate to the nature, scale, and 52 complexity of an insurer or insurance group, conducted by that 53 insurer or insurance group, of the material and relevant risks 54 associated with the business plan of an insurer or insurance 55 group and the sufficiency of capital resources to support those 56 risks. 57 (e) “ORSA guidance manual” means the own-risk and solvency 58 assessment guidance manual developed and adopted by the National 59 Association of Insurance Commissioners. 60 (f) “ORSA summary report” means a high-level ORSA summary 61 of an insurer or insurance group, consisting of a single report 62 or combination of reports. 63 (g) “Senior management” means any corporate officer 64 responsible for reporting information to the board of directors 65 at regular intervals or providing information to shareholders or 66 regulators and includes, but is not limited to, the chief 67 executive officer, chief financial officer, chief operations 68 officer, chief risk officer, chief procurement officer, chief 69 legal officer, chief information officer, chief technology 70 officer, chief revenue officer, chief visionary officer, or any 71 other executive performing one or more of these functions. 72 (2) OWN-RISK AND SOLVENCY ASSESSMENT.— 73 (a) Risk management framework.—An insurer shall maintain a 74 risk management framework to assist in identifying, assessing, 75 monitoring, managing, and reporting its material and relevant 76 risks. An insurer may satisfy this requirement by being a member 77 of an insurance group with a risk management framework 78 applicable to the operations of the insurer. 79 (b) ORSA requirement.—Subject to paragraph (c), an insurer, 80 or the insurance group of which the insurer is a member, shall 81 regularly conduct an ORSA consistent with and comparable to the 82 process in the ORSA guidance manual. The ORSA must be conducted 83 at least annually and whenever there have been significant 84 changes to the risk profile of the insurer or the insurance 85 group of which the insurer is a member. 86 (c) ORSA summary report.— 87 1.a. A domestic insurer or insurer member of an insurance 88 group of which the office is the lead state, as determined by 89 the procedures in the most recent National Association of 90 Insurance Commissioners Financial Analysis Handbook, shall: 91 (I) Submit an ORSA summary report to the office once every 92 calendar year. 93 (II) Notify the office of its proposed annual submission 94 date by December 1, 2016. The initial ORSA summary report must 95 be submitted by December 31, 2017. 96 b. An insurer not required to submit an ORSA summary report 97 pursuant to sub-subparagraph a. shall: 98 (I) Submit an ORSA summary report at the request of the 99 office, but not more than once per calendar year. 100 (II) Notify the office of the proposed submission date 101 within 30 days after the request of the office. 102 2. An insurer may comply with sub-subparagraph 1.a. or sub 103 subparagraph 1.b. by providing the most recent and substantially 104 similar ORSA summary report submitted by the insurer, or another 105 member of an insurance group of which the insurer is a member, 106 to the chief insurance regulatory official of another state or 107 the supervisor or regulator of a foreign jurisdiction. For 108 purposes of this subparagraph, a “substantially similar” ORSA 109 summary report is one that contains information comparable to 110 the information described in the ORSA guidance manual as 111 determined by the commissioner of the office. If the report is 112 in a language other than English, it must be accompanied by an 113 English translation. 114 3. The chief risk officer or chief executive officer of the 115 insurer or insurance group responsible for overseeing the 116 enterprise risk management process must sign the ORSA summary 117 report attesting that, to the best of his or her knowledge and 118 belief, the insurer or insurance group applied the enterprise 119 risk management process described in the ORSA summary report and 120 provided a copy of the report to the board of directors or the 121 appropriate board committee. 122 4. The ORSA summary report must be prepared in accordance 123 with the ORSA guidance manual. Documentation and supporting 124 information must be maintained by the insurer and made available 125 upon examination pursuant to s. 624.316 or upon the request of 126 the office. 127 5. The ORSA summary report must include a brief description 128 of material changes and updates since the prior year report. 129 6. The office’s review of the ORSA summary report must be 130 conducted, and any additional requests for information must be 131 made, using procedures similar to those used in the analysis and 132 examination of multistate or global insurers and insurance 133 groups. 134 (d) Exemption.— 135 1. An insurer is exempt from the requirements of this 136 subsection if: 137 a. The insurer has annual direct written and unaffiliated 138 assumed premium, including international direct and assumed 139 premium, but excluding premiums reinsured with the Federal Crop 140 Insurance Corporation and the National Flood Insurance Program, 141 of less than $500 million; or 142 b. The insurer is a member of an insurance group and the 143 insurance group has annual direct written and unaffiliated 144 assumed premium, including international direct and assumed 145 premium, but excluding premiums reinsured with the Federal Crop 146 Insurance Corporation and the National Flood Insurance Program, 147 of less than $1 billion. 148 2. If an insurer is: 149 a. Exempt under sub-subparagraph 1.a., but the insurance 150 group of which the insurer is a member is not exempt under sub 151 subparagraph 1.b., the ORSA summary report must include every 152 insurer within the insurance group. The insurer may satisfy this 153 requirement by submitting more than one ORSA summary report for 154 any combination of insurers if any combination of reports 155 includes every insurer within the insurance group. 156 b. Not exempt under sub-subparagraph 1.a., but the 157 insurance group of which it is a member is exempt under sub 158 subparagraph 1.b., the insurer must submit to the office the 159 ORSA summary report applicable only to that insurer. 160 3. The office may require an exempt insurer to maintain a 161 risk management framework, conduct an ORSA, and file an ORSA 162 summary report: 163 a. Based on unique circumstances, including, but not 164 limited to, the type and volume of business written, ownership 165 and organizational structure, federal agency requests, and 166 international supervisor requests; 167 b. If the insurer has risk-based capital for a company 168 action level event pursuant to s. 624.4085(3), meets one or more 169 of the standards of an insurer deemed to be in hazardous 170 financial condition as defined in rules adopted by the 171 commission pursuant to s. 624.81(11), or exhibits qualities of 172 an insurer in hazardous financial condition as determined by the 173 office; or 174 c. If the office determines it is in the best interest of 175 the state. 176 4. If an exempt insurer becomes disqualified for an 177 exemption because of changes in premium as reported on the most 178 recent annual statement of the insurer or annual statements of 179 the insurers within the insurance group of which the insurer is 180 a member, the insurer must comply with the requirements of this 181 section effective 1 year after the year in which the insurer 182 exceeded the premium thresholds. 183 (e) Waiver.—An insurer that does not qualify for an 184 exemption under paragraph (d) may request a waiver from the 185 office based upon unique circumstances. If the insurer is part 186 of an insurance group with insurers domiciled in more than one 187 state, the office must coordinate with the lead state and with 188 the other domiciliary regulators in deciding whether to grant a 189 waiver. In deciding whether to grant a waiver, the office may 190 consider: 191 1. The type and volume of business written by the insurer. 192 2. The ownership and organizational structure of the 193 insurer. 194 3. Any other factor the office considers relevant to the 195 insurer or insurance group of which the insurer is a member. 196 197 A waiver granted pursuant to this paragraph is valid until 198 withdrawn by the office. 199 (3) CORPORATE GOVERNANCE ANNUAL DISCLOSURE.— 200 (a) Scope.—This section does not prescribe or impose 201 corporate governance standards and internal procedures beyond 202 those required under applicable state corporate law or limit the 203 authority of the office, or the rights or obligations of third 204 parties, under s. 624.316. 205 (b) Disclosure requirement.— 206 1.a. An insurer, or insurer member of an insurance group, 207 of which the office is the lead state regulator, as determined 208 by the procedures in the most recent National Association of 209 Insurance Commissioners Financial Analysis Handbook, shall 210 submit a corporate governance annual disclosure to the office by 211 June 1 of each calendar year. The initial corporate governance 212 annual disclosure must be submitted by December 31, 2018. 213 b. An insurer or insurance group not required to submit a 214 corporate governance annual disclosure under sub-subparagraph a. 215 shall do so at the request of the office, but not more than once 216 per calendar year. The insurer or insurance group shall notify 217 the office of the proposed submission date within 30 days after 218 the request of the office. 219 c. Before December 31, 2018, the office may require an 220 insurer or insurance group to provide a corporate governance 221 annual disclosure: 222 (I) Based on unique circumstances, including, but not 223 limited to, the type and volume of business written, the 224 ownership and organizational structure, federal agency requests, 225 and international supervisor requests; 226 (II) If the insurer has risk-based capital for a company 227 action level event pursuant to s. 624.4085(3), meets one or more 228 of the standards of an insurer deemed to be in hazardous 229 financial condition as defined in rules adopted pursuant to s. 230 624.81(11), or exhibits qualities of an insurer in hazardous 231 financial condition as determined by the office; 232 (III) If the insurer is the member of an insurer group of 233 which the office acts as the lead state regulator as determined 234 by the procedures in the most recent National Association of 235 Insurance Commissioners Financial Analysis Handbook; or 236 (IV) If the office determines that it is in the best 237 interest of the state. 238 2. The chief executive officer or corporate secretary of 239 the insurer or the insurance group must sign the corporate 240 governance annual disclosure attesting that, to the best of his 241 or her knowledge and belief, the insurer has implemented the 242 corporate governance practices and provided a copy of the 243 disclosure to the board of directors or the appropriate board 244 committee. 245 3.a. Depending on the structure of its system of corporate 246 governance, the insurer or insurance group may provide corporate 247 governance information at one of the following levels: 248 (I) The ultimate controlling parent level; 249 (II) An intermediate holding company level; or 250 (III) The individual legal entity level. 251 b. The insurer or insurance group may make the corporate 252 governance annual disclosure at: 253 (I) The level used to determine the risk appetite of the 254 insurer or insurance group; 255 (II) The level at which the earnings, capital, liquidity, 256 operations, and reputation of the insurer are collectively 257 overseen and the supervision of those factors is coordinated and 258 exercised; or 259 (III) The level at which legal liability for failure of 260 general corporate governance duties would be placed. 261 262 An insurer or insurance group must indicate the level of 263 reporting used and explain any subsequent changes in the 264 reporting level. 265 4. The review of the corporate governance annual disclosure 266 and any additional requests for information shall be made 267 through the lead state as determined by the procedures in the 268 most recent National Association of Insurance Commissioners 269 Financial Analysis Handbook. 270 5. An insurer or insurance group may comply with this 271 paragraph by cross-referencing other existing relevant and 272 applicable documents, including, but not limited to, the ORSA 273 summary report, Holding Company Form B or F filings, Securities 274 and Exchange Commission proxy statements, or foreign regulatory 275 reporting requirements, if the documents contain information 276 substantially similar to the information described in paragraph 277 (c). The insurer or insurance group shall clearly identify and 278 reference the specific location of the relevant and applicable 279 information within the corporate governance annual disclosure 280 and attach the referenced document if it has not already been 281 filed with, or made available to, the office. 282 6. Each year following the initial filing of the corporate 283 governance annual disclosure, the insurer or insurance group 284 shall file an amended version of the previously filed corporate 285 governance annual disclosure indicating changes that have been 286 made. If changes have not been made in the previously filed 287 disclosure, the insurer or insurance group should so indicate. 288 (c) Preparation of the corporate governance annual 289 disclosure.— 290 1. The corporate governance annual disclosure must be 291 prepared in a manner consistent with this subsection. 292 Documentation and supporting information must be maintained and 293 made available upon examination pursuant to s. 624.316 or upon 294 the request of the office. 295 2. The corporate governance annual disclosure must be as 296 descriptive as possible and include any attachments or example 297 documents used in the governance process. 298 3. The insurer or insurance group has discretion in 299 determining the appropriate format of the corporate governance 300 annual disclosure in communicating the required information and 301 responding to inquiries, provided that the corporate governance 302 annual disclosure includes material and relevant information 303 sufficient to enable the office to understand the corporate 304 governance structure, policies, and practices used by the 305 insurer or insurance group. 306 4. The corporate governance annual disclosure must describe 307 the: 308 a. Corporate governance framework and structure of the 309 insurer or insurance group. 310 b. Policies and practices of the most senior governing 311 entity and significant committees. 312 c. Policies and practices for directing senior management. 313 d. Processes by which the board, its committees, and senior 314 management ensure an appropriate amount of oversight to the 315 critical risk areas that have an impact on the insurer’s 316 business activities. 317 (4) CONFIDENTIALITY.—The filings and related documents 318 submitted pursuant to subsections (2) and (3) are privileged 319 such that they may not be produced in response to a subpoena or 320 other discovery directed to the office, and any such filings and 321 related documents, if obtained from the office, are not 322 admissible in evidence in any private civil action. However, the 323 department or office may use these filings and related documents 324 in the furtherance of any regulatory or legal action brought 325 against an insurer as part of the official duties of the 326 department or office. A waiver of any applicable claim of 327 privilege in these filings and related documents may not occur 328 because of a disclosure to the office under this section, 329 because of any other provision of the Insurance Code, or because 330 of sharing under s. 624.4212. The office or a person receiving 331 these filings and related documents, while acting under the 332 authority of the office, or with whom such filings and related 333 documents are shared pursuant to s. 624.4212, is not permitted 334 or required to testify in any private civil action concerning 335 any such filings or related documents. 336 (5) USE OF THIRD-PARTY CONSULTANTS.—The office may retain 337 third-party consultants at the expense of the insurer or 338 insurance group for the purpose of assisting it in the 339 performance of its regulatory responsibilities under this 340 section, including, but not limited to, the risk management 341 framework, the ORSA, the ORSA summary report, and the corporate 342 governance annual disclosure. The NAIC or a third-party 343 consultant must agree, in writing, to: 344 (a) Adhere to confidentiality standards and requirements 345 applicable to the office governing the sharing and use of such 346 filings and related documents as evidenced by specific 347 procedures and protocols for maintaining the confidentiality and 348 security of information shared with the NAIC or a third-party 349 consultant pursuant to this section. 350 (b) Verify to the office, with notice to the insurer, that 351 the consultant is free of any conflict of interest. 352 (c) Monitor compliance with applicable confidentiality and 353 conflict of interest standards pursuant to a system of internal 354 procedures. 355 (d) Not store the information shared pursuant to this 356 section in a permanent database after the underlying analysis is 357 complete. 358 (e) Provide prompt notice to the office and to the insurer 359 or insurance group regarding any subpoena, request for 360 disclosure, or request for production of the insurer’s filings 361 and related documents submitted pursuant to subsections (2) and 362 (3). 363 (f) Intervention by an insurer in any judicial or 364 administrative action in which the NAIC or a third-party 365 consultant may be required to disclose confidential information 366 about the insurer shared within the NAIC or a third-party 367 consultant pursuant to this section. 368 (6) RULE ADOPTION.—The commission may adopt rules to 369 administer this section. 370 Section 2. Subsections (1) and (4) of section 628.803, 371 Florida Statutes, are amended to read: 372 628.803 Sanctions.— 373 (1) Any company failing, without just cause, to file any 374 registration statement or certificate of exemption required to 375 be filed pursuant to commission rules relating to this part or 376 to submit an ORSA summary report or a corporate governance 377 annual disclosure required pursuant to s. 628.8015 shall, in 378 addition to other penalties prescribed under the Florida 379 Insurance Code, be subject to pay a penalty of $100 for each 380 day’s delay, not to exceed a total of $10,000. 381 (4) If the office determines that any person violated s. 382 628.461,
ors. 628.801, or s. 628.8015, the violation may serve 383 as an independent basis for disapproving dividends or 384 distributions and for placing the insurer under an order of 385 supervision in accordance with part VI of chapter 624. 386 Section 3. Section 628.8015, Florida Statutes, and the 387 amendments made by this act to s. 628.803, Florida Statutes, are 388 repealed on October 2, 2021, unless, before that date, the 389 Legislature saves from repeal through reenactment the amendments 390 to s. 624.4212, Florida Statutes, made by SB 1416 or similar 391 legislation. 392 Section 4. This act shall take effect October 1, 2016, if 393 SB 1416 or similar legislation is adopted in the same 394 legislative session or an extension thereof and becomes a law.