Insurance Regulatory Changes: Updates on Regulatory Frameworks

Insurance is a vital sector of the global economy that provides protection and financial security to individuals, businesses, and society. However, the insurance industry also faces various challenges and opportunities in the rapidly changing regulatory environment. Insurance regulators around the world are constantly updating and reforming their frameworks to address emerging risks, consumer needs, market developments, and international standards. In this blog post, we will provide an overview of some of the key regulatory frameworks that insurers should be aware of and how they can prepare for compliance.

Understanding Insurance Regulatory Changes

Insurance regulatory changes are modifications or reforms of the rules and standards that govern the insurance industry and its activities. Insurance regulators, such as government agencies or independent bodies, are responsible for issuing and enforcing these regulations to ensure the protection of consumers, the stability of the insurance sector, and alignment with the public interest. Insurance regulatory changes can be driven by various factors, such as:

• Emerging risks and opportunities, such as the use of artificial intelligence, the impact of climate change, and the development of new products and markets,.
• Consumer needs and expectations, such as the demand for fair treatment, transparent information, and accessible services,.
• Market developments and innovations, such as the adoption of new technologies, the entry of new competitors, and the evolution of business models.
• International standards and best practices, such as the recommendations of the International Association of Insurance Supervisors, the Financial Stability Board, and the Organization for Economic Cooperation and Development,.

Insurance regulatory changes can have significant implications for the insurance industry and its stakeholders, such as insurers, intermediaries, consumers, and investors. Therefore, it is important for the insurance sector to monitor, understand, and comply with the insurance regulatory changes in their jurisdictions and to anticipate and adapt to the potential changes in the future.

Reasons for Insurance Regulations

There are three main reasons for insurance regulations, such as:

• To maintain insurer solvency, which means ensuring that insurers have enough financial resources to pay their obligations and avoid bankruptcy,.
• To compensate for inadequate consumer knowledge, which means protecting consumers from unfair or abusive practices by insurers or intermediaries and providing them with accurate and relevant information.
• To ensure reasonable rates, which means preventing excessive or discriminatory pricing by insurers and promoting competition and efficiency in the insurance market.

Updates on Regulatory Frameworks

GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all organizations that process the personal data of individuals in the European Union (EU). The GDPR grants individuals various rights over their data, such as the right to access, rectify, erase, restrict, and port their data, as well as the right to object to certain processing activities and automated decision-making. The GDPR also imposes strict obligations on data controllers and processors, such as the duty to implement appropriate technical and organizational measures to ensure data security, privacy by design and by default, data protection impact assessments, and breach notification. The GDPR also requires data controllers to obtain valid consent from data subjects or rely on other lawful bases for processing, such as legitimate interest, contract, legal obligation, or public interest.

The GDPR has been in force since May 2018 and has been widely regarded as the gold standard for data protection. The GDPR has also inspired other jurisdictions to adopt or update their own data protection laws, such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the Brazilian General Data Protection Law (LGPD). The GDPR has also influenced the development of privacy frameworks, such as the NIST Privacy Framework and the ISO 27701 standard.

Insurers that process the personal data of individuals in the EU, either directly or through third parties, must comply with the GDPR or face hefty fines of up to 4% of their global annual turnover or €20 million, whichever is higher. Insurers should also monitor the guidance and enforcement actions of the European Data Protection Board (EDPB) and the national data protection authorities (DPAs) to stay updated on the interpretation and application of the GDPR. Insurers should also be prepared for the potential impact of Brexit on their data transfers and operations in the UK, as the UK will become a third country under the GDPR after the transition period ends on December 31, 2020.

CCPA and CPRA

The California Consumer Privacy Act (CCPA) is a landmark consumer privacy law that applies to businesses that collect, sell, or share personal information about California residents. The CCPA grants California consumers various rights over their personal information, such as the right to know, access, delete, and opt out of the sale or sharing of their personal information. The CCPA also imposes obligations on businesses, such as the duty to provide notice, honor consumer requests, implement reasonable security measures, and avoid discrimination against consumers who exercise their rights. The CCPA also creates a private right of action for consumers whose personal information is subject to unauthorized access, theft, or disclosure due to the business’s failure to maintain reasonable security.

The CCPA went into effect on January 1, 2020, and enforcement began on July 1, 2020. The CCPA is enforced by the California Attorney General, who can impose civil penalties of up to $2,500 per violation or $7,500 per intentional violation. Consumers can also seek statutory damages of $100 to $750 per consumer per incident or actual damages, whichever is greater, in the event of a data breach.

The CCPA is not the end of the story, however. In November 2020, California voters approved the California Privacy Rights Act (CPRA), which amends and expands the CCPA. The CPRA creates new rights for consumers, such as the right to correct, limit, and opt out of the use of their sensitive personal information, as well as the right to know the retention period and the source of their personal information. The CPRA also creates new obligations for businesses, such as the duty to conduct annual cybersecurity audits and risk assessments, obtain consent for certain processing activities, and comply with additional contractual requirements for service providers and third parties. The CPRA also established a new enforcement agency, the California Privacy Protection Agency, which will have the authority to issue regulations and impose administrative fines of up to $7,500 per violation.

The CPRA became effective on January 1, 2023, and will apply to personal information collected after January 1, 2022. The CPRA will also apply to personal information collected before January 1, 2022, unless doing so would be impracticable or violate the law. The CPRA will also supersede the CCPA and any conflicting laws, except for certain exemptions and exceptions.

Insurers who do business in California or collect, sell, or share personal information about California consumers must comply with the CCPA and prepare for the CPRA. Insurers should also monitor the regulatory developments and guidance from the California Attorney General and the California Privacy Protection Agency, as well as the potential litigation and enforcement actions under the CCPA and the CPRA. Insurers should also be aware of the possibility of other states or the federal government enacting similar or different privacy laws in the future.

Solvency Standard 

Solvency standards are regulatory frameworks that aim to ensure the financial stability and soundness of insurers and protect the interests of policyholders and beneficiaries. Solvency standards typically require insurers to maintain adequate capital and reserves to cover their liabilities and risks, as well as to implement effective governance, risk management, and disclosure practices. Solvency standards vary across jurisdictions and may apply to different types of insurers, such as life, non-life, health, or reinsurance.

Some of the major solvency standards that insurers should be aware of are:

• Solvency II: Solvency II is a harmonized solvency regime that applies to all insurers and reinsurers in the EU and the European Economic Area (EEA). Solvency II consists of three pillars: Pillar 1 sets out the quantitative requirements for calculating the solvency capital requirement (SCR) and the minimum capital requirement (MCR); Pillar 2 sets out the qualitative requirements for governance, risk management, and supervision; and Pillar 3 sets out the reporting and disclosure requirements for transparency and accountability. Solvency II has been in force since January 2016 and is enforced by the national competent authorities (NCAs) and the European Insurance and Occupational Pensions Authority (EIOPA).
• NAIC Risk-Based Capital (RBC): RBC is a solvency regime that applies to all insurers in the US. RBC requires insurers to calculate their risk-based capital (RBC) based on their assets, liabilities, and underwriting risks and to compare it with their total adjusted capital (TAC). Insurers that fall below certain RBC thresholds are subject to regulatory intervention, ranging from corrective action plans to liquidation. RBC is enforced by the state insurance regulators and the National Association of Insurance Commissioners (NAIC).
• IAIS Insurance Capital Standard (ICS): ICS is a solvency regime that applies to internationally active insurance groups (IAIGs). ICS requires IAIGs to calculate their consolidated group-wide capital requirement (CR) based on a market-adjusted valuation of their assets and liabilities and to compare it with their qualifying capital resources (QCR). ICS also requires IAIGs to implement effective governance, risk management, and disclosure practices. ICS was developed by the International Association of Insurance Supervisors (IAIS) and is expected to be implemented by 2025.

Insurers that are subject to solvency standards must comply with the relevant requirements and report their solvency position to the regulators and the public. Insurers should also monitor the changes and updates to the solvency standards, as well as the potential impact of external factors, such as the COVID-19 pandemic, the low-interest rate environment, and the climate change risks, on their solvency situation.

Conclusion

The insurance industry is undergoing significant regulatory changes that affect how insurers operate, manage risk, and protect consumers. Insurers should be aware of the key regulatory frameworks that apply to them, such as GDPR, CCPA, CPRA, and solvency standards, and how they can prepare for compliance. Insurers should also adopt a proactive and strategic approach to regulatory compliance, leveraging the opportunities and benefits that come with it, such as enhancing customer trust, improving operational efficiency, and gaining a competitive advantage.