Cybersecurity and accounting updates from NAIC Summer 2017 National Meeting

Cybersecurity and accounting updates from NAIC Summer 2017 National Meeting

Authored by Russell Sommers

NAIC Insurance Data Security Model Law passed

During the National Association of Insurance Commissioners (NAIC) Summer 2017 National Meeting, the Cybersecurity Working Group met for a full agenda. This included an update on federal cybersecurity regulation, an update on cyber liability coverage data collection and passage of the NAIC Insurance Data Security Model Law.

Cyber liability updates

The update on federal cybersecurity regulation addressed the current administration’s Executive Order on Cybersecurity that focuses on the federal government and critical infrastructure. It was noted that the U.S. Treasury Secretary had been heavily involved in enhancing the cybersecurity posture of the Treasury and that the NAIC Secretary-Treasurer participated in a cybersecurity tabletop at the Treasury earlier in 2017. The update on cyber liability coverage noted that the current marketplace for cyber liability coverage is approximately $2.49 billion in 2016, representing a 90.5 percent increase from 2015 with gross premiums projected to grow to $7.5 billion by 2020.

The Insurance Data Security Model Law

The working group presented version six of the Insurance Data Security Model Law, discussing the most recent round of comments received and the edits made to the model law. Two specific technical amendments focused on the allowability of information sharing with consultants contracted by the covered entity, which was previously inferred, and information sharing with other licensees through the normal course of business who also comply with the law. Comments which were received and considered, but not included related to:

  • Privacy and consumer notification: The NAIC opted to defer to individual state data privacy and breach notification laws.
  • Own risk and solvency assessment (ORSA)-like confidentiality: The law highlights the requirements for notification to the superintendent, consumers (i.e., in accordance with state breach notification laws), third party service providers, reinsurers and producers of record and noted whereas ORSA may involve proprietary information (i.e., this law focuses on consumer nonpublic information).
  • Materiality: The NAIC noted this is a financial term and was not relevant to cybersecurity.
  • Data retention limitations: The request to limit retention to two years was denied since the NAIC intends for licensees to retain all records relevant to an exam period. As such, the limit on data retention remains five years.
  • Limitation of scope to electronic information: The request to limit the scope of the law to only electronic information was denied since the NAIC noted that breaches may be manual, as well as electronic.
  • Increasing the triggering number of records breached, requiring notification from 250 to 500: This request was denied as the NAIC felt that a breach of 250 records was significant to the extent that the superintendent required notification.

The law was presented to the working group for review and comment from the working group. Hearing none, the Insurance Data Security Model Law was introduced with the majority of the states voting affirmative.

State adoptions

Once adopted by a state, the Insurance Data Security Model Law will require licensees in that state to maintain a robust cybersecurity program which is designed to:

  • Protect the security and confidentiality of nonpublic information and the security of the information system
  • Protect against any threats or hazards to the security or integrity of nonpublic information and the information system
  • Protect against unauthorized access to or use of nonpublic information, and minimize the likelihood of harm to any consumer
  • Define and periodically reevaluate a schedule for retention of nonpublic information and a mechanism for its destruction when no longer needed1

NYS DFS Cybersecurity Law reciprocity with NAIC                             

One additional drafting note to the law states that licensees who comply with the NYS DFS Cybersecurity Law are also in compliance with the NAIC Insurance Data Security Model Law, as detailed below:

“The drafters of this Act intend that if a Licensee, as defined in Section 3, is in compliance with N.Y. Comp. Codes R. & Regs. tit.23, § 500, Cybersecurity Requirements for Financial Services Companies, effective March 1, 2017, such Licensee is also in compliance with this Act.”

Accounting adoptions and exposed revisions

The Statutory Accounting Principles Working Group (SAPWG) adopted and exposed various revisions, including bonds, cash flow, leases, fair value, derivatives and more during the NAIC meeting.

Adopted (effective dates vary):

SSAP No. 26R — Bonds

Revisions to Statement of Statutory Accounting Principles (SSAP) No. 26R were adopted clarifying that losses recognized as a result of other-than-temporary impairments (OTTI) are recorded entirely to either the asset valuation reserve (AVR) or the interest maintenance reserve (IMR) for companies who maintain IMR and AVR in accordance with the Annual Statement Instructions. This revision is the result of consistency issues in the allocation of gains and losses between the AVR and IMR as well as information on recognition of OTTI if the security is sold in the same period OTTI is initially recorded. Further, the revisions reject Accounting Standards Update (ASU) 2017-08, Receivables-Nonrefundable Fees and Other Costs: Premium Amortization on Purchased Callable Debt Securities regarding the “yield to worst” amortization methodology already included in statutory accounting.

SSAP No. 69 — Statement of Cash Flow

Revisions to SSAP No. 69 clarify that restricted cash and cash equivalents should be reported as cash and cash equivalents and not as operating, investing or financing activities when reconciling beginning and ending cash balances on the statement of cash flow. Further, transfers between cash, cash equivalents and amounts generally defined as cash or cash equivalents are not part of an entity’s operating, investing or financing activities and details of these activities are not included in the statement of cash flow. Also, a change to SSAP No. 1 — Accounting Policies, Risks & Uncertainties and Other Disclosures was made to ensure information on restricted cash, cash equivalents and short-term investments is included in the restricted asset disclosure.

Investments of Insurers Model Act (#280) (Defined Limits Version)

Revisions to Model #280 remove reference to “Class 1” as the concept has been eliminated, and correct the definition to repurchase and reverse repurchase transactions as the NAIC staff identified the definitions of repurchase and reverse repurchase agreements are flipped in the existing model.

Exposed revisions:

SSAP No. 22R — Leases

As the SAPWG continues its review of SSAP No. 22 in connection with the Financial Accounting Standards Board’s (FASB) issuance of ASU 2016-02, Leases, the SAPWG proposed several revisions to SSAP No. 22 that are not expected to significantly change statutory accounting. The revisions to the SSAP reflect the guidance in ASU 2016-02, however, require that insurers continue following the operating lease approach for statutory accounting. The SAPWG’s intent is that SSAP No. 22R will conform to Accounting Standards Codification (ASC) Topic 842 with the exception of the treatment of operating leases for statutory accounting. Language changes have also been updated in SSAP No. 22R to incorporate language from ASC Topic 842 related to sale leaseback and leveraged lease transactions, however, are not intended to change statutory accounting. The SAPWG has requested comments on whether the proposed changes are appropriate to clarify the statutory guidance, while retaining the operating lease concept, and to comment if the revisions are anticipated to impact accounting and reporting of leases for statutory accounting.

SSAP No. 41R — Surplus Notes

Proposed revisions to SSAP No. 41R are primarily intended to address surplus notes issued at a discount. The revisions require that the surplus note balance should never exceed the cash or other liquid admitted assets received, and accordingly principal amounts owed for a discounted or zero coupon surplus note, which are greater than the cash or liquid assets received, are recognized as a liability or charged to operations when incurred.

SSAP No. 100 — Fair Value

The proposed revisions to SSAP No. 100 allow the use of net asset value (NAV) as a practical expedient to fair value when specifically prescribed in a SSAP or when certain conditions exist. The intent is for the proposed revisions to be consistent with Accounting Principles Generally Accepted in the United States of America (U.S. GAAP), thus allowing insurance reporting entities the ability to reflect the same measurement / valuation method for investments reported at fair value in both U.S. GAAP and statutory financial statements. Furthermore, the revisions consider disclosure or reporting changes to identify use of NAV in the statutory financial statements if that measurement / valuation method is used.

Issue Paper No. 143R — Guaranty Fund Assessments

The proposed revisions to the existing issue paper document included substantive revisions to SSAP No. 35R — Guaranty Fund and Other Assessments as it relates to insolvencies of insurers who wrote long-term care insurance contracts. The revisions allow expected renewals for short-term contracts to be considered in the recognition of assets from accrued liability assessment and also require discounting for the assessments and the related assets.

SSAP No. 2R — Cash, Cash Equivalents, Drafts and Short-term Investments and SSAP No. 103R — Transfers and Servicing of Financial Assets and Extinguishments of Liabilities

This exposure requests comments on whether all cash equivalents should be excluded from the wash sale disclosure. The proposed revisions clarify that acquisitions and disposals of shares in money market mutual funds (MMMF) are subject to wash sale disclosure. In 2014 the Securities and Exchange Commission adopted final rules governing the structure and operation of MMMFs. Internal Revenue Service (IRS) revisions were also adopted to exempt the redemption of shares in a MMMF as part of a wash sale for purposes of Section 1091 of the Internal Revenue Code. When developing the proposed revisions to statutory accounting, the SAPWG considered this similar to the rationale provided for the IRS exemption, redemption of shares in MMMFs are expected to have relatively stable values even when share prices float, and with the expected volume of transactions in floating-NAV MMMF, tracking wash sales of MMMF will present significant practical challenges.

SSAP No. 12 — Employee Stock Ownership Plans and SSAP No. 104R — Share-Based Payments

These proposed revisions would adopt, with certain modifications, ASU 2016-09, Compensation-Stock Compensation: Improvements to Employee Share-Based Payment Accounting. The SAPWG previously exposed for comment revisions to statutory accounting to better align statutory accounting with U.S. GAAP. During the last comment process, interested parties identified additional revisions to SSAP No. 12 and SSAP No. 104 requiring revision. The NAIC revised exposure of the SSAPs, while not fully adopting interested parties’ comments, is intended to better mirror U.S. GAAP.

SSAP No. 26R — Bonds

The proposed revisions to SSAP No. 26 would expand the current definition in SSAP No. 26 to include loans directly issued by the insurance reporting entity. The NAIC staff is seeking further comments on whether an additional line is needed in the annual statement for loans directly issued and whether further revisions to SSAP No. 26R would be required if the proposed definition were adopted. 

In addition, the SAPWG was asked by a proposal sponsor to consider revisions to existing statutory accounting to consider an investment in a wholly-owned series fund that solely owns fixed-income securities, which has been reviewed by the NAIC Securities Valuation Office and received an NAIC one or two designation, to be reported as bonds on Schedule D-1. The NAIC did not support the sponsor’s proposal and suggested three options:

  1. Send referrals inquiring whether property / casualty companies should have ability to report NAIC designations on Schedule BA, as permitted by life insurance companies, to obtain improved RBC for certain investments. Any change would require support and ultimate action from the applicable groups. NAIC staff would recommend that these groups send a response regarding whether they will consider this issue in order to allow NAIC staff and the SAPWG to appropriately consider future requests.
  2. Consider revisions to allow certain LLC investments that solely hold fixed-income securities to be in scope of SSAP No. 26R and reported on Schedule D-1 (this would be all LLC investments whose structural analysis fits the fixed-income profile to be included), and this provision would not be based on NAIC designation.
  3. Make no change to existing statutory accounting.

The SAPWG noted that option one was preferred and requested comments from regulators and interested parties regarding the three proposed options.

SSAP No. 41R — Surplus Notes and SSAP No. 97 — Investments in Subsidiary, Controlled and Affiliated Entities (SCA)

The proposed revisions do not change statutory accounting, however, they are intended to clarify the existing concept that investments in common stock, preferred stock and surplus notes are reported separately and care should be taken to avoid double counting of the separate investments. Existing guidance was specific to the situation in which the SCA issues the surplus note which is then held by the parent, however, an SCA holding a surplus note issued by the parent also creates the issue of double counting. The proposed revisions would clarify that double counting would apply to both scenarios and that elimination is required similar to equity investments.

SSAP No. 43R — Loan-Backed and Structured Securities

The proposed revisions make no changes to SSAP No. 43R, but would remove the explicit guidance on transition from the 2009 substantive revisions to SSAP No. 43R and also remove outdated guidance from the Q&A.

SSAP No. 61R — Life, Deposit-Type and Accident and Health Reinsurance, SSAP No. 62R — Property and Casualty Reinsurance and Appendix A-791 — Life and Health Reinsurance

Regulators have brought to the SAPWG concerns regarding short-duration health reinsurance contracts that were identified as quota share, however, had risk limiting features that reduce the reinsurer’s risk on a non-proportional basis. There were two concerns noted:

  • Such contracts may not pass risk transfer requirements.
  • Insurers were taking a larger reinsurance credit failing to properly consider the risk limited features in the reinsurance contract to reduce the reinsurer’s exposure to loss.

The SAPWG also received a referral from the Financial Analysis Working Group noting additional concerns with certain short-duration contracts preferring that finite reinsurance disclosures required in SSAP No. 62R should also be in SSAP No. 61. The NAIC staff suggested the SAPWG expose the following with respect to this issue:

  • Revise the guidance in SSAP No. 61R emphasizing categorizing contracts correctly as proportional or nonproportional and more explicitly identify the interaction between Appendix A-791 which is for proportional contracts and SSAP No. 61R risk transfer guidance, as well as emphasizing reinsurance credit taken should consider all features of a contract including deductibles, corridors, limits or caps.
  • Clarification to risk transfer guidance in SSAP No. 62R making it more clear which contracts pass risk transfer and emphasize that an insurer may not take reinsurance credit greater than the amount of risk transferred.
  • Add disclosures or annual statement interrogatories similar to those in SSAP No. 62R to SSAP No. 61R.
  • Update SSAP No. 61R to define proportional and non-proportional.

The SAPWG specifically requests comments on the current life-type definitions used in SSAP 61R glossary as well as adding, with modification, the list of features that are indicative of short-duration contracts. Further, comments are requested regarding proposed revisions to Appendix A-791 to add additional Q&A on risk transfer guidance and application as well as adopt language from the preamble of Model Law 791, which was to prevent reinsurance credit for contracts which provide surplus relief without transferring significant risks such that the expected potential liability of the ceding company is unchanged.

SSAP No. 68 — Business Combinations and Goodwill and SSAP No. 97 — Investments in Subsidiary, Controlled and Affiliated Entities

The SAPWG exposed for comment certain proposed revisions to SSAP No. 68 and SSAP No. 97 resulting from NAIC staff reviews of SCA filings where amounts of goodwill recorded are substantial relative to the equity of the underlying SCA while still being within the limitations referenced in SSAP No. 68. Five options proposed at the meeting were:

  1. Decreasing the admissible goodwill limitation to 5 percent.
  2. Using a sliding scale limitation based upon the dollar amount of goodwill remaining after the initial 10 percent limitation.
  3. Cap the admitted goodwill at the asset or net asset value of the SCA.
  4. Eliminate the admissibility of goodwill.
  5. Make no changes to existing statutory accounting.

The SAPWG has requested comments regarding these proposals.

SSAP No. 86 — Derivatives

The SAPWG exposed disclosure revisions to capture information on financing premiums on derivatives in the aggregate and on individual contracts. For 2017, the disclosures would be captured via narrative with the SAPWG making a referral to the Blanks Working Group to modify the blanks to allow this information to be included in Schedule DB or in a data-captured note in the future. The proposed disclosures include:

  • Identification of financing premiums in derivative contracts. Amount should include the non-discounted aggregate total amount due and the amount due in each of the following five years, with the total due after five years to equal the aggregate total. This disclosure shall also include the aggregate fair value of derivative instruments excluding the impact of deferred or financing premiums (i.e., consistent with interested party proposal, with addition of amounts due in next five years and aggregate fair value of derivatives without impact of deferred / financing premiums).
  • For each derivative contract with deferred / financing premiums:
  • Fair value of derivative, excluding impact of deferred or financing premiums.
  • Whether premium cost is paid throughout the contract, or at derivative maturity.
  • Next premium cost payment date.
  • Total premium cost.
  • Premium cost paid in prior years.
  • Current premium cost paid.
  • Future unpaid premium cost.

The SAPWG asked industry to comment on how the financing cost, if reported as a fair value change (i.e., not an investment expense), would be separately identifiable from fair value fluctuations driven by market changes. Interested parties have expressed concerns that transparency can be increased, however, transaction specific disclosure would be voluminous.

Furthermore, the SAPWG proposed revisions clarifying that variation margin changes should be recognized as unrealized gains / losses until the derivative contract has matured, been terminated or has expired. The revision would apply to all instances regardless of counterparty or exchange and considers the variation margin payment to be collateral or a legal settlement.

SSAP No. 92 — Postretirement Benefits Other than Pensions and SSAP No. 102 — Pensions

The FASB issued ASU 2017-07, Compensation-Retirement Benefits: Improving the Presentation of Net Periodic Pension Cost and Net Periodic Postretirement Benefit Cost primarily to improve the presentation of net period pension and postretirement benefit costs. The SAPWG proposes rejecting the FASB guidance as the components of pension and other postretirement employee benefit costs are disaggregated under existing statutory guidance. The SAPWG requests comments from regulators and industry if they believe separate income statement presentation is needed as is also required in the ASU.

SSAP No. 97 — Investments in Subsidiary, Controlled Entities and Affiliates

The SAPWG re-exposed changes to SSAP 97 with respect to extension of SCA filing deadlines in response to comments received on the previous exposure. The proposed revisions incorporate a 90 day reporting period to file a Sub 1 after the formation or acquisition of an SCA and an Aug. 31 deadline for Sub 2 filings, with provisions allowing a company a one-month deadline after the audit dated for SCAs regularly receiving audit reports after Aug. 31, 2017.

The SAPWG also proposed revisions to SSAP No. 97 that the limited statutory adjustments for insurance SCAs (i.e., accounted for in accordance with 8 b. iv.) apply regardless of whether they have audited U.S. GAAP or foreign GAAP financial statements. This does not change statutory accounting, rather clarifies the guidance in the SSAP.

SSAP No. 104R — Share-Based Payments

During 2017 the FASB issued ASU 2017-09, Compensation-Stock Compensation: Scope of Modification Accounting, which provides guidance about which changes to the terms or conditions of share-based payments awards require an entity to apply modification accounting. Modification is defined in the ASU as “a change in any of the terms or conditions of a share-based payment award.”

SSAP No. 107 — Risk-Sharing Provisions of the Affordable Care Act

The Patient Protection and Affordable Care Act of 2010 (ACA) introduced a risk adjustment program impacting the individual and small group medical markets that went into effect in 2014. During 2016, the U.S. Department of Health and Human Services adopted a new regulation that changed how the ACA would function beginning in 2018. The ACA risk adjustment program will now include an element similar to reinsurance called high-cost risk pooling. The exposure proposes to report the high cost risk pool similar to an involuntary pool, for comment. This recommendation would report the percent-of-premium charge to the issuer that funds reimbursements as premium ceded, thereby reducing premium written. Reimbursements for specific high cost claims would be reported consistent with ceded claims benefits reinsurance recoveries and reduce claims. NAIC staff notes that reporting large claims net of reimbursements would also be less distorting to loss ratios. The remainder of the risk adjustment program would continue to be reported as it was previously, which is primarily as adjustments to premium. The SAPWG requests comments on the proposed accounting alternatives put forth by the proposal sponsor. The proposal also includes new disclosures and removal of the transitional ACA reinsurance program.

For more information on this topic, or to learn how Baker Tilly insurance specialists can help, contact our team.

1NAIC Insurance Data Security Model Law Section 4(B)1-4