PA 16-206—sSB 436

Insurance and Real Estate Committee

AN ACT CONCERNING INSURER CORPORATE GOVERNANCE ANNUAL DISCLOSURES AND THE REGULATION OF RISK RETENTION GROUPS

SUMMARY: This act adopts provisions substantially similar to the National Association of Insurance Commissioners' (NAIC) Corporate Governance Annual Disclosure and Risk Retention model acts. Among other things, the act requires:

1. domestic insurers (i. e. , those chartered, incorporated, organized, or constituted under Connecticut laws) or the insurance group to which they belong to file with the insurance commissioner or other regulatory official confidential corporate governance annual disclosures (CGADs; i. e. , information on the insurer's or insurance group's corporate governance structures) and

2. risk retention groups (RRGs) chartered in Connecticut to meet specific governance standards, such as requiring board members to be independent and establishing an independent audit committee.

(RRGs are self-insured groups organized under state and federal laws and formed to spread commercial liability risks among their members. RRGs may operate in multiple states but are primarily regulated by their domiciled state (see BACKGROUND). )

The act also makes minor, technical, and conforming changes.

EFFECTIVE DATE: January 1, 2017 for the CGAD provisions, and October 1, 2016 for the RRG provisions.

1 — CORPORATE GOVERNANCE ANNUAL DISCLOSURES (CGADS)

Beginning by June 1, 2017, the act requires domestic insurers or their insurance groups to annually submit to state regulators CGADs containing, among other things, detailed information on their corporate structure, compensation, performance evaluations, oversight, and risks. The act makes CGADs confidential, privileged, and exempt from subpoenas and state Freedom of Information Act (FOIA) requests.

Under the act, CGAD requirements may not be construed to (1) prescribe or impose corporate governance standards or internal procedures beyond those required by state corporation laws or (2) affect the insurance commissioner's authority to examine insurers.

Reporting Requirements

The act requires domestic insurers or the insurance group to which they belong to annually submit, by June 1, CGADs to the insurance commissioner or the insurance group's lead state commissioner, respectively. The lead state commissioner, which is determined by NAIC's applicable financial analysis handbook, is generally the regulatory official (e. g. , insurance commissioner) in the state where the insurer or group is domiciled. (By law, insurers may be part of an insurance group, which is a group of insurers and affiliates operating under an insurance holding company (see BACKGROUND). )

Subsequent CGAD submissions must be an amended version of the prior year's submission with any changes indicated. If the submission is identical to the previous year's, the CGAD must state so.

Under the act, domestic insurers not required to submit a CGAD to the commissioner (e. g. , those domiciled outside of Connecticut) must do so upon her request.

CGAD-Required Information

The act requires insurers or insurance groups, in completing CGADs, to (1) be as descriptive as possible and include attachments or document examples of corporate governing processes and (2) maintain any CGAD-related documents and supporting information and make them available to the commissioner upon request.

Specifically, CGADs must include information on insurers' or insurance groups' (1) corporate governance framework and structure, (2) leadership policies and practices, (3) critical risk oversight processes, (4) performance evaluation processes, and (5) policies and practices directing senior management.

In addition, the act authorizes the commissioner to request any additional information she deems material and necessary to understand the insurer's or insurance group's corporate governing policies, reporting or information systems, or controls over such policies or systems. The act gives insurers and insurance groups discretion over the information they provide in a CGAD, as long as it (1) is consistent with the act's requirements and (2) contains material information necessary to allow the commissioner to understand the corporate governance structure, policies, and practices.

The act details the required components for each category of information as described below.

Corporate Governance Framework. CGADs must describe the insurer or insurance group's corporate governance framework and structure, including the following:

1. its board and each significant committee responsible for oversight and the level at which such oversight occurs, such as the ultimate control level, an intermediate holding company level, or an individual legal entity level;

2. its rationale for the current board size and structure;

3. its board's and significant committees' duties and governing methods (i. e. , bylaws, charter, or informal mandates); and

4. its board's leadership structure, including a discussion of the chief executive officer's (CEO) and board chairman's roles.

Leadership Policies and Practices. CGADs must describe the board's and any of its significant committees' policies and practices, including the following:

1. how each board member's qualifications, expertise, and experience meet the insurer's or insurance group's needs;

2. how the insurer or insurance group ensures that the board and committees are appropriately independent;

3. the number of board and committee meetings, including board member attendance information, from the previous year;

4. how board and committee members are identified, nominated, and elected, and whether a nomination committee identifies and selects individuals for consideration;

5. whether board members are term-limited;

6. how election and reelection processes function; and

7. whether a board diversity policy exists and how it functions.

Critical Risk Oversight Processes. CGADs must describe how the board, significant committees, and senior management ensure an appropriate amount of oversight of critical risk areas impacting business activities, including how (1) oversight and management responsibilities are delegated; (2) the board is informed of strategic plans, associated risks, and any steps senior management takes to monitor and manage such risks; and (3) each critical risk areas' reporting responsibilities are organized. The descriptions for critical risk areas must contain enough detail for the commissioner to understand the frequency at which information on each critical risk area is reported to, and reviewed by, the board and senior management. Critical risk area information may include the following:

1. actuarial functions,

2. investment and reinsurance decision-making processes,

3. businesses strategy and financial decision-making processes,

4. compliance functions,

5. financial reporting and internal auditing,

6. market conduct decision-making processes, and

7. risk management processes.

The act specifies that an insurer or insurance group required to file an Own Risk and Solvency Assessment (ORSA) Summary Report may refer to it to meet the risk management processes description requirement.

Performance Evaluation Processes. CGADs must contain a description of (1) the board's performance evaluation processes for itself and its committees and (2) any recent performance improvement measures, including training programs.

Policies and Practices Directing Senior Management. CGADs must contain policies and practices for directing senior management, including the senior management's (1) code of business conduct and ethics, including a discussion of its compliance with laws, rules, and regulations and its proactive reporting of any illegal or unethical conduct, and (2) succession plans. It also must include processes or practices, such as suitability standards, to determine whether officers and key individuals in control functions have the appropriate background, experience, and integrity to fulfill their roles. The CGAD must describe (1) suitability standards and identify any specific positions for which standards have been developed, (2) suitability monitoring and evaluation standards and procedures for officers and key individuals, and (3) any changes in an officer's or key individual's suitability as a result of applying the standards or procedures.

The CGAD must also describe processes for performance evaluation, compensation, and corrective action that ensure effective senior management throughout the organization, including descriptions of significant compensation programs' general objectives and what such programs are designed to reward. The description must be detailed enough to allow the commissioner to understand how the insurer or insurance group ensures compensation programs do not encourage or reward excessive risk taking and may include the following:

1. the board's role in overseeing management compensation programs and practices,

2. the compensation elements and calculations,

3. the relationship between the compensation programs and organizational and individual performance over time,

4. whether the compensation programs include risk adjustments and how such adjustments are incorporated into different levels of employee compensation programs,

5. any clawback provisions to recover awards or payments if the performance measures are restated or adjusted, and

6. any other factors relevant to understanding how insurers or insurance groups monitor compensation programs and determining whether employee incentives meet risk management objectives.

Under the act, senior management means any corporate officer responsible for reporting information to the board at regular intervals or providing information to shareholders or regulators. It includes chief executive, financial, operations, procurement, legal, information, technology, revenue, and visionary officers.

Reporting Levels

The act allows the insurer or insurance group to provide the required information at the ultimate control level, an intermediate holding company level, or an individual legal entity level, depending on the structure of such insurer's or insurance group's corporate governance system.

Under the act, the insurer or insurance group may report CGAD information at the level at which (1) it determines risk appetite; (2) its earnings, capital, liquidity, operations, and reputation are collectively overseen and such factors are supervised, coordinated, and exercised; or (3) it would be legally liable for failing to comply with corporate governance duties. Insurers or insurance groups using these criteria must indicate which of them it used to determine its reporting level and explain any subsequent changes in reporting levels.

Additional Documents and Information

The insurer or insurance group may use and reference other existing documents that include comparable information to fulfill CGAD reporting requirements, including ORSA Summary Reports, Holding Company Form B or F filings, Security and Exchange Commission proxy statements, and foreign regulatory filings. It must attach these documents, if they are not already filed with or available to the commissioner, to the CGAD and clearly reference within the CGAD that the other documents provide such information.

Verification

CGADs must be signed by the CEO or corporate secretary, who must attest that to the best of his or her belief and knowledge, the corporate governance practices the CGAD describes are implemented and that a copy of the CGAD has been provided to the insurer's or insurance group's board or appropriate committee.

Confidentiality

The act deems all CGAD-related documents, materials, and other information (“information”) proprietary and containing trade secrets and makes them confidential, privileged, and exempt from subpoena and disclosure under FOIA. The information is also not subject to discovery or admissible as evidence in any civil action. The confidentiality provisions apply to the documents in the possession or control of the Insurance Department and obtained by, created by, or disclosed to the commissioner or anyone else under the act. The commissioner is prohibited from making such information public without prior written consent.

The act prohibits the commissioner, or any person acting under her authority that obtained, received, or was disclosed CGAD-related information, from being required or allowed to testify in any civil action in Connecticut about the information.

The act allows the commissioner, as part of her official duties, to use the information in any regulatory or legal action. Under certain circumstances, she may also receive and share, upon request, CGAD documents with certain other officials, third-party consultants, and NAIC (see below). In such cases, the act specifies that it may not be construed to require an insurer's written consent.

Sharing and Receiving CGAD Documents

Under the act, the commissioner must share, upon request, an insurance group's CGAD with other states' insurance regulatory officials if:

1. she is the insurance group's lead state commissioner,

2. the CGAD is shared in accordance with the act's confidentiality provisions requiring her to keep CGADs confidential and obtain written agreement that recipients must do so as well (see below), and

3. the CGAD is only shared with an insurance regulatory official in a state in which the group has a domestic insurer.

The commissioner may share, upon request, CGAD-related information, including that deemed proprietary and containing trade secrets, confidential and privileged, or not disclosable, with (1) other state, federal, and international financial regulatory officials, including members of a supervisory college (i. e. , a group of insurance regulatory officials); (2) NAIC; and (3) any third-party consultants she engages to review the CGAD and associated documents. The recipients, in writing, must (1) agree to maintain the confidentiality and privileged status of the information and (2) verify their legal authority to maintain confidentiality.

The commissioner may also receive CGAD-related information from other state, federal, and international financial regulatory officials, including NAIC and members of a supervisory college. The commissioner must maintain any information she receives as confidential and privileged, with notice and the understanding that the information is confidential and privileged under the laws of the jurisdiction in which the information originates.

Under the act, any written agreement between the commissioner and NAIC or a consultant governing the sharing or use of CGAD documents must expressly require the insurer's prior written consent before NAIC or a consultant may make any CGAD information public. The agreement must specify policies and procedures for maintaining the shared information's confidentiality and security, including the following:

1. procedures and protocols limiting sharing by NAIC to only state regulatory officials where the insurance group has domiciled insurers;

2. a provision requiring NAIC or a consultant to agree in writing to maintain the information's confidentiality and privileged status and verifying his or her legal authority to maintain confidentiality; and

3. a provision, if applicable, requiring NAIC to obtain from a requesting regulatory official a written agreement to maintain the information's confidentiality and privileged status and verifying his or her legal authority to maintain confidentiality.

The agreement must also do the following:

1. specify that the commissioner retains ownership of the information and that she uses it at her discretion;

2. prohibit NAIC or consultants from storing any received information in a permanent database after they complete the underlying analysis;

3. require NAIC or third-party consultants, if they are subject to a subpoena or request for disclosure, to promptly notify the commissioner and the insurer or insurance group; and

4. require NAIC or consultants, if they are required to disclose any CGAD information, to allow the insurer or insurance group to intervene in any judicial or administrative action regarding the disclosure.

The act specifies that (1) the commissioner sharing or disclosing CGAD information according to the act's requirements does not waive any applicable confidentiality or privilege and (2) these requirements must not be construed to delegate the commissioner's regulatory authority to any person or entity with which the information is shared.

CGAD Reviews and Information Requests

The act requires CGAD reviews and requests for related documents to be conducted by, or made through, the insurance group's lead state commissioner.

The commissioner may engage third-party consultants, including attorneys, actuaries, accountants, and other experts, as reasonably necessary to assist in reviewing CGADs. Consultants must be under the commissioner's direction and control, act in an advisory capacity only, and verify to the commissioner and provide notice to the insurer or insurance group that he or she (1) does not have a conflict of interest, (2) has internal procedures in place to monitor conflicts of interest that may arise, and (3) complies with the act's confidentiality standards and requirements. The act requires insurers or insurance groups to pay for the consultant services.

Penalties

The commissioner, after notice and hearing, may impose a civil penalty of $175 per day on an insurer or insurance group that fails, without just cause, to timely file a CGAD. She may reduce the penalty if the insurer or insurance group demonstrates the penalty causes financial hardship.

2-8 — RISK RETENTION GROUPS (RRG)

This act requires an RRG seeking to be chartered and licensed in Connecticut on or after October 1, 2016 to meet specific governance standards at the time of licensure. An RRG chartered before October 1, 2016 must comply with the standards by October 1, 2017.

The standards require an RRG to, among other things, be governed by a board of directors elected by owners or members of the group. A majority of the board members must be independent (i. e. , have no conflict of interest).

The act also (1) requires an RRG's captive manager, president, or CEO to promptly notify the insurance commissioner, in writing, if he or she becomes aware of any material noncompliance with the act's standards and (2) gives the commissioner the authority to examine any documents or materials relating to the standards.

The act (1) expands provisions regarding information that certain RRGs, including those chartered outside Connecticut, must submit to the commissioner and (2) adds a notice requirement, already required on policies issued by RRGs, to applications.

Board of Directors' Independence

The act requires RRGs seeking to be chartered and licensed in Connecticut to be governed by a board of directors, a majority of whom must be independent as described below. It also requires such independence and compliance for (1) all committee members of any member advisory committee the board establishes and (2) in the case of a reciprocal RRG, the attorney-in-fact acting as the RRG's agent or manager.

To qualify as independent, a director, advisory committee member, or, in the case of a reciprocal RRG, an attorney-in-fact must be affirmatively determined by the board to have no material relationship (see below) with the RRG. However, for an RRG owned solely by an organization that is comprised exclusively of the RRG's members, the following individuals must be deemed independent unless a different position or relationship constitutes a material relationship: a direct or indirect owner, insured, officer, director, or employee of an owner or insured.

The act prohibits the board from determining that an individual is independent until one year after he or she no longer has a material relationship with the RRG. It requires RRGs to disclose to the commissioner, at least annually, all such determinations.

Material Relationship

Under the act, a material relationship is any of the following:

1. receipt of compensation from the RRG, its consultants, or service providers above certain thresholds (see below) in any previous 12-month period by a board member, attorney-in-fact, advisory committee member, or immediate family members or affiliated businesses of such members or attorneys;

2. affiliation or employment in a professional capacity of a director or a member of his or her immediate family with the RRG's present or former internal or external auditor; or

3. employment of a director or a member of his or her immediate family as an executive officer with another company on which any of the RRG's current officers serve as board members.

For the first provision, the act specifies the compensation threshold is the greater of (1) 5% of the RRG's gross written premiums or (2) 2% of its surplus.

Board of Directors' Duties

The act requires an RRG's board of directors to adopt a written policy in its plan of operation or a feasibility study that requires the board to do the following:

1. ensure that all of the RRG's owners and members receive evidence of their ownership interest;

2. develop a set of governance standards;

3. oversee the evaluation of the RRG's management, including the performance of the captive manager, managing general underwriter, or other parties responsible for underwriting, determining premium rates, collecting premiums, adjusting and settling claims, and preparing financial statements; and

4. review and approve the amount to be paid to a service provider under a material service contract (see below).

Under the policy, the board must also, at least annually, review and approve (1) the RRG's goals and objectives relative to the compensation of its officers and service providers, (2) such officers' and service providers' performances in light of the goals and objectives, and (3) the continued engagement of such officers and service providers.

The act also requires the board to adopt governance standards for the RRG and a code of business conduct and ethics for the RRG's officers, directors, and employees. The code must include provisions relating to the following:

1. conflicts of interest;

2. matters covered under the corporate opportunities doctrine in the RRG's state of domicile;

3. confidentiality;

4. fair dealing;

5. the protection and proper use of the RRG's assets;

6. compliance with all applicable laws, rules, regulations, and requirements;

7. the required reporting of any illegal or unethical behavior that affects the RRG's operations; and

8. any waivers of the code of conduct and ethics for officers or directors.

The board must post the governance standards and code of conduct and ethics on the RRG's website or disclose them through other means.

The board must also provide to members and insureds, upon request, additional information that includes the:

1. process for electing the board,

2. qualifications to be a board member,

3. responsibilities of the board,

4. access of a board member to the RRG's management and independent advisors,

5. board members' compensation,

6. board member orientation process and continuing education requirements or opportunities, and

7. RRG's policies and procedures for management succession and board members' annual performance evaluations.

Material Service Contracts

Under the act, the board of directors must approve an initial or renewed material contract by a majority vote. The board may terminate such a contract for cause at any time, as long as the contract's notice requirements are satisfied. A material contract is a contract that includes a payment for services of at least the greater of (1) 5% of the RRG's annual gross written premiums or (2) 2% of its surplus.

The act prohibits the following:

1. material contracts between an RRG and a service provider (see below) that include a term longer than five years and

2. the board from entering a contract with a service provider with a material relationship to the RRG, unless the (a) RRG submits the contract to the commissioner as a revision, or part thereof, to its plan of operation and (b) commissioner approves it in accordance with the act.

For a reciprocal RRG, the act specifies that any contract must be between the RRG and a service provider, instead of between the RRG's attorney-in-fact and the service provider.

The act defines a service provider as a captive manager, auditor, accountant, actuary, investment advisor, attorney, managing general underwriter, or any other party responsible for underwriting, determining premium rates, collecting premiums, adjusting and settling claims, or preparing financial statements. An attorney is also a service provider under the act, unless retained by the RRG as defense counsel. (But an attorney whose fees constitute a material contract is still considered a service provider. )

Reporting Requirements and Prior Commissioner Approval

The act requires an RRG seeking to be chartered in Connecticut to provide to the commissioner with its charter application a summary of the (1) identity of the initial members of the group, (2) identity of the individuals who organized the group or who will provide administrative services or influence or control coverages to be offered, and (3) states in which the group intends to operate. The commissioner must forward this information to NAIC upon receipt.

By law, an RRG, before offering insurance, must submit to the commissioner for approval its plan of operation or feasibility study and, if it intends to offer any additional lines of liability insurance, any revisions to the plan or study. Under the act, revisions must be submitted only for material changes to the plan or study. The act also prohibits RRGs from offering additional liability insurance lines in any state or operating under any material change, including a change in rates, until the commissioner approves a revised plan or study.

By law, the plan or study must include, among other components, the following content:

1. the historical and expected loss experience of the proposed members;

2. expert opinions on minimum premium or participation levels;

3. proof that its members are engaged in activity with similar risks; and

4. identification of its management, underwriting and claims procedures, and reinsurance agreements.

By law, all RRGs, regardless of where they are chartered or licensed, must include in the plan or study the coverages, deductibles, coverage limits, rates, and rating classification systems for each line of insurance the RRG offers. The act expands the scope of the plan or study, requiring that it contain the required information for all states in which the RRG intends to operate.

Audit Committee

The act requires each RRG seeking to be chartered and licensed in Connecticut to establish an audit committee with at least three independent board members. The audit committee may invite a non-independent board member to participate in committee activities, although he or she is prohibited from becoming a committee member.

The audit committee must adopt a written charter that defines the committee's purposes. At a minimum, the charter must require the committee to do the following:

1. assist the board with oversight of (a) financial statement integrity; (b) compliance with legal and regulatory requirements; and (c) the qualifications, independence, and performance of any auditor or actuary under contract with the RRG;

2. discuss the annual audited financial statements and quarterly financial statements with members of the RRG's management;

3. discuss the annual audited financial statements and, if advisable, the quarterly financial statements, with the RRG's external auditor;

4. discuss the RRG's risk assessment and risk management policies;

5. meet separately and periodically, directly or through a designated committee member, with the RRG's management and external auditor;

6. review with the external auditor any audit problems or difficulties and the RRG management's response;

7. set clear hiring policies for the RRG's hiring of current or former employees of the RRG's external auditor;

8. require the external auditor to rotate or coordinate the lead auditor and the auditor responsible for reviewing the RRG's audit so that no individual performs the RRG's audit for more than five consecutive years; and

9. report on its activities regularly to the RRG's board of directors.

The act allows the commissioner to exempt an RRG from the audit committee requirements if it demonstrates that it is impracticable to do so and the board is able to accomplish the same obligations.

RRGs Chartered or Domiciled in Another State

By law, an RRG chartered in another state and seeking to do business in Connecticut must submit to the commissioner its plan of operations or a feasibility study and any revisions to the plan or study that were submitted to the RRG's domiciled state. The act requires the submission of such material revisions within 30 days (1) after the RRG receives the approval of its domiciled state's chief insurance regulatory official or (2) if no approval is required, after its submission to its domiciled state.

By law, an RRG doing business in Connecticut but not domiciled here must submit to the commissioner certain financial information, including a statement of opinion on loss and loss adjustment expense reserves prepared by a member of the American Academy of Actuaries or a qualified loss reserve specialist. The act requires such a statement to be prepared using NAIC-established criteria.

Under the act, such RRGs must also submit to the commissioner upon request a copy of any information or document pertaining to any outside audit of the RRG. Prior law required an RRG to submit only a copy of the audit.

Under existing law, the commissioner may request an examination of the financial condition of an RRG chartered in another state, to be conducted by the commissioner, in the RRG's chartered jurisdiction. If such an examination is not initiated within 60 days, an RRG must submit to such an examination by the Connecticut commissioner. The act limits this provision to RRGs that are both chartered and licensed, instead of only chartered as required under prior law, in another state.

Notice Requirement

Existing law requires an RRG to publish a notice on the front and declaration pages of each issued policy that (1) RRGs may not be subject to all of the state's insurance laws and regulations and (2) state insurance insolvency guaranty funds are not available for policies issued through RRGs. The act requires this notice on insurance applications as well.

BACKGROUND

RRGs and Related Federal Law

An RRG is a corporation or other limited liability association formed to assume and distribute the risk exposure of its members. By law, an RRG must meet certain chartering, licensing, and antitrust criteria and be owned by, and provide insurance to, only its members (or an organization comprised solely of its members). Its members must share similar commercial risks, and insurance provided by an RRG to its members must be limited to coverage of the shared risks. Under the federal Liability Risk Retention Act and with certain exceptions, an RRG is primarily regulated by its domiciled state, regardless of whether it also sells insurance in other states. In practice, RRGs are formed as captives. (Captives are insurance companies or entities formed to insure or reinsure the risks of their owners. )

Insurance Groups and Insurance Holding Companies

Insurance groups are insurers and affiliates within an insurance holding company. Insurance holding companies are affiliations between insurance companies and other people, corporations, partnerships, limited liability companies, associations, joint stock companies, business trusts, unincorporated organizations, or other legal entities.

OLR Tracking: AR; DC; MS; bs