Insurance Companies Face New Scrutiny and Bank-Like Regulation

Insurance firms are in a bit of an identity crisis these days, and not one of their own making: Regulators are treating them like banks.

As usual with regulatory changes these days, the roots of this phenomenon trace back to the Dodd-Frank Act—and the political imperative lawmakers had to ensure that “too big to fail” was erased from Washington and Wall Street vocabulary. The result now is regulators both in the United States and overseas imposing more capital and liquidity standards on large insurers, and possibly even designating them as Systemically Important Financial Institutions like the large banks.

The Federal Reserve now plays a significant role in supervising roughly one-third of the life insurance industry and one-quarter of the property and casualty insurance industry; it also has oversight of thrift holding companies that include an insurance company. The Federal Deposit Insurance Corp., which has overseen banks since the Depression, now has resolution authority over many insurance companies. The Treasury Department was directed to create a new Federal Insurance Office that may eventually play a role in negotiating international agreements that impose new requirements on the industry.

Dodd-Frank also created the Financial Stability Oversight Council, and empowered FSOC to designate non-bank financial institutions, insurance firms among them, as Systemically Important Financial Institutions. AIG, Prudential, and MetLife are on that list. As a consequence, they are subject to examination, supervision, and regulation by the Federal Reserve.

Those within the insurance industry cite a long list of reasons why their firms should not be compared to banks. “What is crystal clear is that insurers and banks have very different business models and demand very different regulatory policies,” says Robert Litan, a former Clinton Administration official who co-chairs the Bipartisan Policy Center’s newly created task force on insurance regulation. One popular example: Insurance claims are typically triggered by an event—a fire, a car crash, or the like. That’s a much different model than how banks serve customers, and the risk banks face when customers start withdrawing cash in a financial crisis.

Then again, some insurance firms have dabbled in financial innovations that drift well beyond their traditional models; one need look no further than the derivatives business that contributed to the fall of AIG (and its subsequent government bailout) in 2008.

In a September speech, Federal Reserve Governor Daniel Tarullo spoke of the regulatory challenges inherent in non-traditional activities. The typical property-casualty insurance model raises few “macroprudential” concerns, Tarullo said—but the liability side of the balance sheet at many large insurers looks quite different from that picture. For example, many life insurers offer wealth and retirement products with account values that can be withdrawn at the discretion of the policyholder, sometimes with little or no surrender penalty.

“If the books of the insurance company are large enough, it then becomes a potential vehicle for transmitting distress at the company to other parts of the financial system,” he said.

Equating large insurance companies with big banks is not only a U.S. issue. The largest global insurers face an average increase of 10 percent to capital requirements under standards proposed last month by the International Association of Insurance Supervisors, an organization of industry regulators in nearly 140 countries. The EU’s Solvency II Directive includes reforms that will mandate the amount of capital insurance firms must hold to reduce the risk of insolvency. Solvency II has proven so controversial that Prudential has threatened to pull operations out of Britain.

“There are a lot of policy makers in Washington who understand banking deeply, but they don’t understand insurance.”
Justin Schardin Associate Director, Bipartisan Policy Center

The international regulatory landscape has not gone unnoticed by Congress. In a congressional hearing in September, legislators urged the Federal Reserve to complete a domestic capital standard for insurers before the Fed considers adopting any international capital rules. The Fed was directed by the so-called Collins Amendment to the Dodd-Frank Act to develop separate leverage capital and risk-based capital rules for insurers, rather than the original plan to use the same standards imposed on banks.

“It’s a challenge for insurance companies, and it is also a challenge for policy makers and regulators,” Justin Schardin, associate director of the Bipartisan Policy Center’s Financial Regulatory Reform Initiative, says of the new regulatory climate. “Other than a few isolated areas, there has been no federal role in insurance regulation until Dodd-Frank. There are a lot of policy makers in Washington who understand banking deeply, but they don’t understand insurance.”

His task force wants several questions to be addressed. Can the bank regulators tasked with implementing Dodd-Frank transform themselves into insurance regulators? Who speaks for the United States in global insurance negotiations, and who should? Are there ways to improve aspects of Dodd-Frank that just don’t work well for insurance companies because they were designed with banks in mind?

The SIFI designation process should also be better defined. “It is not really clear what de-designation is going to look like,” Schardin says.  “What are companies going to have to do to get out of that designation? Do they know what they need to do? There needs to be a robust de-designation process so it is not a Hotel California”—where you check in any time you like, but you can never leave.

WHAT KEEPS THEM UP AT NIGHT

The following is a breakdown of the top compliance concerns in the insurance sector, as detail in Wolters Kluwer’s annual “Insurance Indicator.”

Source: Wolters Kluwer.

The changing regulatory landscape isn’t just affecting the largest of insurance firms. An analysis by Wolters Kluwer, as part of its annual Regulatory & Risk Management Indicator, found that more than 70 percent of 300 survey respondents are concerned about their ability to track and maintain compliance with changing regulatory requirements, including demonstrating compliance to regulators.

Kathy Donovan, senior compliance counsel at Wolters Kluwer Financial Services, compares regulatory risk to cyber-security concerns. “Maintaining compliance in this complex regulatory environment requires a continuous investment in staff and technologies,” she says. “Compliance management, like cyber-security, is a cyclical process. Once a cyber-security threat is resolved, another threat emerges. Today’s regulatory environment is continually evolving and requires proactive diligence and planning to stay ahead of new requirements and mitigate negative outcomes from market regulation actions.”

?Assurant sells insurance products and related services in North America and some international markets, but is still small enough that it has no risk of a SIFI designation, says Jay Cohen, chief compliance officer. That doesn’t mean his firm isn’t feeling the effect of bank regulations.

Assurant provides services to a large number of banking clients which, in turn, sell its products to their customers. “Increasing compliance demands on them get passed onto us,” he says. “We see a lot of bank-like regulations being imposed on us as a service provider.”

The Office of the Comptroller of the Currency, for example, ramped up pressure on banks to vet the vendors they use. And while insurance companies were carved out of the Consumer Financial Protection Bureau’s purview when the Dodd-Frank Act created that agency, its actions against financial services companies nevertheless trickle down to insurers.

“That’s a very big deal for us,” Cohen says. “They brought actions against financial services firms for the way credit cards promote add-on products, and some of those products could be ours.” The result: multiple questionnaires and on-site audits for Assurant as banks separately scrutinize compliance programs, AML efforts, sanctions compliance, complaint handling, and a host of issues related to data privacy and security.

“We’ve seen a lot more of that in the last couple of years, reflecting vendor management obligations,” Cohen says. “They are going down their supply chain, and we are there. Even though we are not regulated directly by the OCC or CFPB, we find ourselves looking at tracking what it is they are interested in.”