Key Regulatory Issues in 2016 (Part 1)

The complexities of the current regulatory environment undoubtedly pose significant challenges for the broad spectrum of financial services companies, as regulators continue to expect management to demonstrate robust oversight, compliance and risk management standards. These challenges are generated at multiple (and sometimes competing) levels of regulatory authority, including local, state, federal and international, as well as, in some cases, by regulatory entities that are new or have been given expanded authority. Their demands are particularly pressing for the largest, most globally active firms, though smaller institutions are also struggling to optimize business models and infrastructures to better address the growing regulatory scrutiny and new expectations. Across the industry, attentions are focused on improving overall financial strength and stability, guided by the recommendations of international standards-setting bodies and U.S. regulatory mandates that encompass governance, culture, risk management, capital and liquidity. Though historically under the purview of individual states, the insurance sector in the U.S. has been responding to influences at both the international and federal levels. The efforts of the International Association of Insurance Supervisors (IAIS) to develop insurance core principles (ICPs), a common framework for the supervision of internationally active insurance groups (IAIGs) and capital standards, have all laid the foundation for global regulatory change. These efforts have been further supported by new authorities given to the Federal Reserve Board, the Financial Stability Oversight Council and the Federal Insurance Office and by the designation of certain nonbank insurance companies as systemically important financial institutions (SIFIs). Following are some of the key regulatory issues we anticipate will have an impact on insurance companies this year: 1. Strengthening Governance and Culture Despite heightened attention from regulators and organizations to strengthen governance structures and risk controls frameworks, instances of misconduct (i.e., professional misbehavior, ethical lapses and compliance failures) continue to be reported across the financial services industry, including the insurance sector, with troubling frequency. Boards and senior management are now expected to define and champion the desired culture within their organizations; establish values, goals, expectations and incentives for employee behavior consistent with that culture; demonstrate that employees understand and abide by the risk management framework; and set a “tone from the top” through their own words and actions. Line and middle managers, who are frequently responsible for implementing organizational changes and strategic initiatives, are expected to be similarly committed, ensuring the “mood in the middle” reflects the tone from the top. Regulators are also assessing an organization’s culture by looking at how organizations implement their business strategies, expecting firms to place the interests of all customers and the integrity of the markets ahead of profit maximization. They will consider business practices and associated customer costs relative to the perceived and demonstrable benefit of an individual product or service to the customer, giving attention to sales incentives and product complexities. State and federal insurance regulators have joined the global push for enhanced governance, and, in 2016, insurers can expect heightened attention in this area through the Federal Reserve Board’s (Federal Reserve) supervision framework and its enhanced prudential standards (EPS) rule; the Financial Industry Regulatory Authority’s (FINRA) targeted review of culture among broker-dealers; and the National Association of Insurance Commissioners’ (NAIC) Corporate Governance Annual Disclosure Model Act, which became effective Jan. 1, 2016, and requires annual reporting following adoption by the individual states. Given the regulatory focus on conduct, insurers might experience some pressures to put in place governance and controls frameworks that specifically recognize and protect the interests of policy holders. 2. Improving Data Quality for Risk Data Aggregation and Risk Reporting Financial institutions continue to struggle with improving their risk-data aggregation, systems and reporting capabilities, which means insurers, in particular, will be challenged to handle any coming changes in regulatory reporting, new accounting pronouncements, enhanced market opportunities and increasing sources of competition because of legacy actuarial and financial reporting systems. These data concerns are augmented by information demands related to emerging issues, such as regulatory interest in affiliated captives. In addition, there are expected requirements of anticipated rulemakings, such as the Department of Labor’s Fiduciary Rule, which necessitates a new methodology or perspective regarding product disclosure requirements and estimations of the viability and benefits of individual products. There is also the Federal Reserve’s single counterparty credit limit (SCCL) rule, which requires organizations, including nonbank SIFIs, to track and evaluate exposure to a single counterparty across the consolidated firm on a daily basis. Quality remains a challenge, with data integrity continually compromised by outmoded technologies, inadequate or poorly documented manual solutions, inconsistent taxonomies, inaccuracies and incompleteness. Going forward, management will need to consider both strategic- level initiatives that facilitate better reporting, such as a regulatory change management strategic framework, and more tactical solutions, such as conducting model validation work, tightening data governance and increasing employee training. By implementing a comprehensive framework that improves governance and emphasizes higher data-quality standards, financial institutions and insurance companies should realize more robust aggregation and reporting capabilities, which, in turn, can enhance managerial decision making and ultimately improve regulatory confidence in the industry’s ability to respond in the event of a crisis. See Also: FinTech: Epicenter of Disruption (Part 1) 3. Harmonizing Approaches to Cybersecurity and Consumer Data Privacy Cybersecurity has become a very real regulatory risk that is distinguished by increasing volume and sophistication. Industries that house significant amounts of personal data (such as financial institutions, insurance companies, healthcare enrollees, higher education organizations and retail companies) are at great risk of large-scale data attacks that could result in serious reputational and financial damage. Financial institutions and insurance companies in the U.S. and around the world, as well as their third- party service providers, are on alert to identify, assess and mitigate cyber risks. Failures in cybersecurity have the potential to have an impact on operations, core processes and reputations but, in the extreme, can undermine the public’s confidence in the financial services industry as a whole. Financial entities are increasingly dependent on information technology and telecommunications to deliver services to their customers (both individuals and businesses), which, as evidenced by recently publicized cyber hacking incidences, can place customer-specific information at risk of exposure. Some firms are responding to this link between cybersecurity and privacy by harmonizing the approach to incidence response, and most have made protecting the security and confidentiality of customer information and records a business and supervisory priority this year. State insurance regulators have a significant role in monitoring insurers’ efforts to protect the data they receive from policyholders and claimants. In addition, they must monitor insurers’ sales of cybersecurity policies and risk management services, which are expected to grow dramatically in the next few years. Insurers are challenged to match capacity demands, which may lead to solvency issues, with buyers’ needs and expectations for these new and complex product offerings. The NAIC, acting through its cybersecurity task force, is collecting data to analyze the growth of cyber-liability coverage and to identify areas of concern in the marketplace. The NAIC has also adopted Principles for Effective Cybersecurity: Insurance Regulatory Guidance for insurers and regulators as well as the Cybersecurity Consumer Bill of Rights for insurance policyholders, beneficiaries and claimants. Insurance regulatory examinations regularly integrate cybersecurity reviews, and regulatory concerns remain focused on consumer protection, insurer solvency and the ability of the insurer to pay claims. 4. Recognizing the Focus on Consumer Protection In the past few years, the Consumer Financial Protection Bureau and the Federal Trade Commission have pursued financial services firms (including nonbanks) to address instances of consumer financial harm resulting from unfair, deceptive or abusive acts or practices. The DOL Fiduciary Rule redefines a “fiduciary” under the Employee Retirement Income Security Act to include persons — brokers, registered investment advisers, insurance agents or other types of advisers — that receive compensation for providing retirement investment advice. Under the rule, such advisers are required to provide impartial advice that is in the best interest of the customer and must address conflicts of interest in providing that advice. Though intended to strengthen consumer protection for retirement investment advice, the rule is also expected to pose wide-ranging strategic, business, product, operational, technology and compliance challenges for advisers. In addition, the Securities and Exchange Commission (SEC) has announced it will issue a rule to establish a fiduciary duty for brokers and dealers that is consistent with the standard of conduct applicable to an investment adviser under the Investment Advisers Act (Uniform Fiduciary Rule). The consistent theme between these two rules is the focus on customer/investor protection, and the rules lay out the regulators’ concern that customers are treated fairly; that they receive investment advice appropriate to their investment profile; that they are not harmed or disadvantaged by complexities in the investments markets; and that they are provided with clear descriptions of the benefits, risks and costs of recommended investments. In anticipation of these changes, advisers are encouraged to review their current practices, including product offerings, commissions structures, policies and procedures to assess compliance with the current guidance (including “suitability standards” for broker/dealers and fiduciary standards for investment advisers, as appropriate) as well as to conduct impact assessments to identify adjustments necessary to comply with the DOL Fiduciary Rule. Such a review should consider a reassessment of business line offerings, product and service strategies and adviser compensation plans. 5. Addressing Pressures From Innovators and New Market Entrants The financial services industry, including the insurance sector, is experiencing increased activity stemming, in large part, from the availability of products and services being introduced to meet the growing demand for efficiency, access and speed. Broadly captioned as financial technology, or FinTech, innovations such as Internet-only financial service companies, virtual currencies, mobile payments, crowdfunding and peer-to-peer lending are changing traditional banking and investment management roles and practices, as well as risk exposures. The fact that many of these innovations are being brought to market outside of the regulated financial services industry — by companies unconstrained by legacy systems, brick-and- mortar infrastructures or regulatory capital and liquidity requirements — places pressures on financial institutions to compete for customers and profitability and raises regulatory concerns around the potential for heightened risk associated with consumer protection, risk management and financial stability. For insurance companies, the DOL Fiduciary Rule will affect the composition of the retirement investment products and advice they currently offer and, as such, creates opportunity for product and service innovation as well as new market entrants. Insurers will want to pursue a reassessment of their business line offerings, product and service strategies, and technology investments to identify possible adjustments that will enhance compliance and responsiveness to market changes. Regulators will be monitoring key drivers of profit and consumer treatment in the sale of new and innovative products developed within and outside of the regulated financial services industry. This piece was co-written by Amy Matsuo, Tracey Whille, David White and Deborah Bailey.