10
DID YOU KNOW... According to the recent Insurance Digital Transformation Survey from Insurance Digital Revolution, more than half of agents said they don’t employ key digital and automation tools such as client portals, mobile apps and claims download. Munich Re, the world’s second- biggest reinsurer, found in a recent survey of corporate risk managers that 55 percent of those surveyed named cybersecurity as their top concern about self-driving cars. Insured losses in the United States for the first half of 2016 topped $14 billion, a result of hail and thunderstorms in Texas and other states, according to Impact Forecasting, Aon Benfield’s catastrophe model development team. More than 66 percent of insurance companies intend to increase staff during the next 12 months, according to the U.S. Insurance Labor Outlook Study, conducted by The Jacobson Group and Ward Group. Data from the 14 U.S. surplus lines service/stamping offices show they have processed almost $12.7 billion in insurance premium filings in the first half of 2016, according to the Surplus Lines Stamping Office of Texas. FALL 2016 www.bdo.com MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORS By Imran Makda THE NEWSLETTER OF THE BDO INSURANCE PRACTICE Following several years of positive results, the combination of macroeconomic trends, regulatory concerns and the low interest rate environment contributed to weaker results for the property and casualty (P&C) and life insurance sectors. In this article, we unpack the key financial results for the first half of 2016. PROPERTY-CASUALTY The P&C sector showed signs of weakness in the first half of 2016 largely due to lack of premium growth as well as worsening loss ratios. Year-over-year net income declined 29 percent to $22.6 billion during the first six months of this year, with an even sharper decline of 112 percent in underwriting income during the same time period. By the close of Q2 2016, the sector produced an underwriting loss of $0.5 billion compared to a gain of $4.4 billion at the end of Q2 2015. As a result of continuing but sluggish economic expansion and the declining unemployment rate, direct written premiums continued to see moderate growth, with an increase of 3.4 percent year over year. Premium growth in personal lines showed strong results, while commercial lines showed softness in pricing. Commercial lines premiums grew at the slowest pace since 2010, increasing by an anemic 1.3 percent in 2016 compared to 4.5 percent for the same period in 2015. Commercial auto liability outpaced the overall commercial sector with direct written premiums climbing by 4.2 percent in the first half of 2016, due largely to price increases after a dismal performance by this subsector in late 2015.

MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

DID YOU KNOW...According to the recent Insurance Digital Transformation Survey from Insurance Digital Revolution, more than half of agents said they don’t employ key digital and automation tools such as client portals, mobile apps and claims download.

Munich Re, the world’s second-biggest reinsurer, found in a recent survey of corporate risk managers that 55 percent of those surveyed named cybersecurity as their top concern about self-driving cars.

Insured losses in the United States for the first half of 2016 topped $14 billion, a result of hail and thunderstorms in Texas and other states, according to Impact Forecasting, Aon Benfield’s catastrophe model development team.

More than 66 percent of insurance companies intend to increase staff during the next 12 months, according to the U.S. Insurance Labor Outlook Study, conducted by The Jacobson Group and Ward Group.

Data from the 14 U.S. surplus lines service/stamping offices show they have processed almost $12.7 billion in insurance premium filings in the first half of 2016, according to the Surplus Lines Stamping Office of Texas.

FALL 2016www.bdo.com

MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSBy Imran Makda

THE NEWSLETTER OF THE BDO INSURANCE PRACTICE

Following several years of positive results, the combination of macroeconomic trends, regulatory concerns and the low interest rate environment contributed to weaker results for the property and casualty (P&C) and life insurance sectors. In this article, we unpack the key financial results for the first half of 2016.

PROPERTY-CASUALTY The P&C sector showed signs of weakness in the first half of 2016 largely due to lack of premium growth as well as worsening loss ratios. Year-over-year net income declined 29 percent to $22.6 billion during the first six months of this year, with an even sharper decline of 112 percent in underwriting

income during the same time period. By the close of Q2 2016, the sector produced an underwriting loss of $0.5 billion compared to a gain of $4.4 billion at the end of Q2 2015.

As a result of continuing but sluggish economic expansion and the declining unemployment rate, direct written premiums continued to see moderate growth, with an increase of 3.4 percent year over year. Premium growth in personal lines showed strong results, while commercial lines showed softness in pricing. Commercial lines premiums grew at the slowest pace since 2010, increasing by an anemic 1.3 percent in 2016 compared to 4.5 percent for the same period in 2015. Commercial auto liability outpaced the overall commercial sector with direct written premiums climbing by 4.2 percent in the first half of 2016, due largely to price increases after a dismal performance by this subsector in late 2015.

Page 2: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

Loss and loss adjustment expense (LAE) incurred for the P&C sector in the first six months of 2016 increased by $11.8 billion compared to the same period last year. The six-month loss ratio increased to 71.5 percent, compared to 69.3 percent for the same period in 2015. The uptick in loss ratio was a result of natural catastrophe and severe weather-related events in 2016, including hailstorms in Texas and flooding in Louisiana. According to Aon Benfield’s Impact Forecasting, the economic losses from these events will exceed $13 billion and insured losses incurred by the industry will exceed $7.5 billion. The 10-year trend of favorable prior year loss development continued in 2016, but at a lower level than previously seen. The favorable development in the first half of 2016 was $7.01 billion, down from $8.15 billion for the first six months of 2015. The expense ratio held steady at 27.9 percent, consistent with the previous five years.

From a capital adequacy standpoint, P&C insurance providers saw an increase in overall loss reserves as of June 30, 2016, reaching $611.7 billion from $608.9 billion at the end of 2015. Capital and surplus increased by 0.2 percent to $689.1 billion for the first six months of 2016, from $687.3 billion at year-end 2015.

Overall, the P&C industry remains in a relatively strong position when comparing metrics to long-term historical averages. However, a report by S&P Global Market Intelligence predicts that 2016 could be a tough year for U.S. property and casualty insurers due to a variety of factors including lower premium growth, higher catastrophic losses, higher projected combined ratios and declining bond yields.

LIFE INSURANCE In the life insurance sector, net income for the first half of 2016 dropped significantly to $1.0 billion, compared to $24.4 billion in the first half of 2015. Total revenue grew by $83.6 billion, but the increase was offset by even higher increases in benefits, surrenders and policy reserves.

Premiums and annuity considerations grew at a staggering rate of 24 percent in the first half of 2016 compared to the same period

CONTINUED FROM PAGE 1

MID-YEAR FINANCIAL UPDATE

in 2015, fueled by strong growth in indexed and fixed annuity sales which increased by 67 percent and 32 percent, respectively, over the same time period. LIMRA Secure Retirement Institute expects the indexed annuity sales to exceed $60 billion by the end of the year. Variable annuities sales fell 22 percent in the

first six months of 2016, dropping to their lowest levels since 1998. The low interest rate environment and DOL fiduciary rule concerns likely contributed to the decline. Life insurance premiums grew at a meager two percent annualized rate in the first half of 2016.

Below is an outline of financial results for the P&C INDUSTRY for the first half of 2016 and 2015:

Balance Sheet (Amounts in billions) 12/31/2015 06/30/2016

Total Cash and Investments $ 1,529.6 $ 1,540.2

Total Assets 1,807.5 1,833.5

Total Loss and LAE Reserves 608.8 611.7

Capital and Surplus 687.3 689.1

Income Statement (Amounts in billions) YTD 06/30/2015 YTD 06/30/2016

Direct Premiums Written 291.8 301.6

Net Premiums Earned 249.6 258.5

Net Investment Income 23.9 23.0

Net Loss and LAE Incurred 173.0 184.8

Net Underwriting Gain (Loss) 4.4 (0.5)

Net Income $ 31.6 $ 22.6

Source: SNL

Below is an overview of financial results for the LIFE INDUSTRY for the first half of 2016 and 2015:

Balance Sheet (Amounts in billions) 12/31/2015 06/30/2016

Total Cash and Investments $ 3,703.9 $ 3,902.2

Total Assets 6,325.0 6,495.6

Total Policy Reserves 2,762.0 2,858.0

Capital and Surplus 367.2 369.5

Income Statement (Amounts in billions) YTD 06/30/2015 YTD 06/30/2016

Premiums, Consideration & Deposits 252.3 312.1

Net Investment Income 85.1 88.4

Net Realized Capital Gains (Losses) 0.8 (4.3)

Benefits & Surrenders 266.0 260.7

Increase in Reserves and Deposits 4.4 93.9

G & A and Commission Expenses 54.9 63.8

Net Income $ 24.4 $ 1.0

Source: SNL

2

Page 3: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

The increase in the top-line growth was wiped out by a corresponding increase in reserves and deposits, which grew by $89.5 billion or 2,046 percent in the first half of 2016 compared to the same period in 2015. Net income dropped by 96 percent to $1 billion, the lowest level since 2008. Return on average equity dropped to 0.56 percent during the first half of 2016 compared to low double digits for the past several years. Net yield on invested assets was fairly consistent compared to 2015 and was reported at 4.65 percent for 2016. Capital and surplus were up 1 percent and cash and invested assets were up 5 percent compared to year-end 2015.

As expected, due to the interest rate environment and regulatory uncertainty, the life insurance industry continued to underperform in 2016. The SNL U.S. Insurance L&H Index, which tracks the performance of all life and health insurance underwriters in SNL’s coverage universe, increased 1.15 percent as of Sept. 21, 2016.

Stagnant investment income and DOL fiduciary rule implementation is cited as the primary reason for lackluster stock market performance in this sector. The Federal Open Markets Committee’s recent decision to maintain the current federal funds rate will continue to maintain downward pressure on margins and spreads in the near term.

Imran Makda is a partner and national leader in BDO’s Insurance practice. He can be reached at [email protected].

CONTINUED FROM PAGE 2

MID-YEAR FINANCIAL UPDATE NAIC 2016 SUMMER MEETING TOP TAKEAWAYSBy Richard Bertuglia

The National Association of Insurance Commissioners (NAIC) 2016 Summer meeting was held in late August in San Diego. Various task forces continued deliberations over regulatory actions that could significantly impact the financial reporting, capital and compliance requirements for insurance companies.

While the topics discussed covered a variety of areas, here are our top takeaways from the meeting:

Federal Government Makes Move to Promote Cybersecurity Insurance The Cybersecurity (EX) Task Force received an update on federal cybersecurity-related legislation, including news that the White House established a Commission for Enhancing National Cybersecurity, which has issued a request for intelligence to inform its recommendations to President Obama on how to strengthen cybersecurity in both the public and private sectors. During this meeting, the Task Force also received an update on the Data Breach Insurance Act, which was introduced in mid-September. If

passed, the bill would amend the Internal Revenue Code to incentivize businesses to purchase data breach/cyber liability insurance by providing a 15 percent tax credit to those who purchase coverage and adopt certain digital defense practices.

In addition, the Task Force received preliminary comments on the updated draft of the Insurance Data Security Model. While the general consensus is that the updated model provides improvements, many interested parties still have concerns with the lack of uniformity across states, as well as implementation issues in the event of a data breach.

Regulating Big DataThe use of Big Data by insurers and regulators continues to be a hot topic. The Big Data (D) Working Group is still in an information gathering mode, with no anticipated timeline for any exposed regulatory actions. Areas of focus in 2017 might include the following: a) review of the regulatory framework used to review insurers’ use of complex data for pricing; b) regulatory resources and the coordination of these resources to monitor insurers’ use of complex rating models; c) regulator data needs and opportunities for more granular data collection; and

3

Page 4: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

d) transparency and consumer education regarding insurers’ use of data in rate development, risk segmentation and claim settlement.

Statutory Accounting Updates AboundThe following is a summary of the significant adopted and exposed substantive and non-substantive revisions to NAIC Statutory Accounting Practices and Procedures (SSAP).

Substantive Revisions:

Change in Valuation Basis for Life Contracts

These substantive revisions to SSAP No. 51-Life Contracts provide guidance on how to determine the change in valuation basis under Principle-Based Reserving (PBR). A change in valuation basis for PBR shall include cases where the required reserve methodology has changed or the insurer makes a voluntary decision to choose one allowable reserving method over another. Any increase or decrease in actuarial reserves resulting from a change in valuation basis shall be recorded directly to surplus (under a changes to surplus in the change in valuation basis annual statement line), rather than as a part of the reserve change recognized in the summary of operations. The new guidance

specifies that reserve changes resulting from the application of PBR methodology including, but not limited to, updating assumptions based on experience, and having the reported reserve transition between net premium reserve, deterministic reserve or stochastic reserve, as required under existing guidance, shall not be considered a change in valuation basis.

Non-substantive Revisions:

Clarification of Accounting Treatment for Fees Incurred for Salvage/Subrogation Recoveries

Revisions to SSAP No. 55-Unpaid Claims, Losses and Loss Adjustment Expenses specify that expenses incurred to collect subrogation and salvage recoveries shall be netted with collections with the net recoveries reported as a reduction to paid claims. In an addition estimated salvage and subrogation recoveries shall be reported net of associated expenses and reported as a deduction from the liability for unpaid claims or losses. Prior to the revisions, there was diversity in reporting of fees incurred for salvage and subrogation recoveries depending on whether fees were paid to a third-party vendor or incurred internally by utilizing in-house resources.

CONTINUED FROM PAGE 3

NAIC 2016 SUMMER MEETING

Clarification of Permitted Practice Disclosure

Revisions were made to SSAP No. 1-Accounting Policies, Risks & Uncertainties, and Other Disclosures to clarify the disclosure presentation for permitted and prescribed practices, as well as clarify that the disclosure shall include practices that result in different statutory accounting reporting (such as gross or net) presentations that differ from the AP&P Manual. In addition, a footnote example was added to illustrate how reporting entities shall complete the permitted practice disclosure.

“Swaptions”

SSAP No. 86-Derivatives was revised to provide information on “Swaptions,” a term commonly used to describe options on interest rate swaps. Swaptions are contracts granting the owner the right, but not the obligation, to enter into an underlying swap. A swaption hedges the buyer against downside risk, and also lets the buyer take advantage of any upside benefits. Essentially, it gives the buyer the benefit of the agreed-upon rate if it is more favorable than the current market rate, with the flexibility of being able to enter into the current market swap rate if it is preferable. Conversely, the issuer of swaptions assumes the downside risk, but benefits from the amount paid regardless if the option is exercised by the buyer and the swap is entered into.

LOOKING AHEADOngoing regulatory developments, including those discussed above, will certainly result in future challenges for insurers trying to cope with technology changes and the increasing cost of compliance. We predict that areas including cybersecurity, big data and accounting standards changes will all continue to play a role in the industry. As notable developments roll in, we’ll be watching and reporting our insights here through BDO’s Insurance Advisor.

For more information, please contact Richard Bertuglia, Partner, at 212-885-8342 or [email protected].

4

Page 5: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

SOMETHING'S PHISHY...

You might sell your customers cyberinsurance--but are you paying attention to your own cyber risk? You know better than anyone else: Most cyber policies don't cover wire transfer fraud--even if a phishing attack is at the root.

© 2016 BDO USA, LLP. All rights reserved.

*Over the same period last year

by phishing attacks onEMPLOYEE TAX RECORDS

BUSINESSESV IC T I M I Z E D

I N C R E A S E IN UNIQUEPHISHING WEBSITES*

4x M O

R E

*

In Q1 2016:

Catch a phishing or social engineering scam before you take the bait:

So ... What else can you do?

For assistance mitigating phishing or social engineering risks, contact:Michael Dombrowski, BDO Consulting Managing Director302-656-5500 | [email protected]

Judy Selby, BDO Consulting Managing Director203-905-6252 | [email protected]

For more information, visit: https://www.bdo.com/industries/insurance

5 Ways Insurers Can Mitigate Email Phishing & Social Engineering Risks

Implement an External Email Header Append a message to the top of all emails from an external source so employees scrutinize outside content, checking for red flags.

Improve Detection CapabilitiesUpdate the rules on your firewall and Intrusion Detection System. Consider using domain-based message authentication, reporting & conformance technology. Validate emails through sender address verification.

Train and Test EmployeesEducate employees on phishing threats and test their preparedness through mock malicious email campaigns.

Strengthen Internal ControlsPut checks and balances in place to authenticate vendor or other third-party requests, such as: 1) Require more than one person to authorize a transaction, 2) Validate the vendor’s name, Tax ID, address and internal contact, and 3) Contact the outside party directly to verify requests for payment.

Apply a Risk-Based Approach to Analyzing User TypesAssess users’ roles and requisite access to sensitive applications to determine what level of controls to apply. Assign levels of access and authentication according to who is most vulnerable to phishing attacks.

5

Page 6: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

IS YOUR DATA HOUSE IN ORDER? INSURERS NEED TO KNOWBy Judy Selby

As the number and variety of cyber attacks and data breaches continue to escalate, cyber insurance uptake rates also are increasing.

Fearful of cyber incidents caused by negligent or non-compliant employees and hackers, ransomware attacks and social engineering scams, more and more companies are looking to transfer some of their cyber risks to insurers. That, no doubt, is a positive development, but companies that also take steps to better manage their information assets not only improve their cyber risk profile, they also put themselves in better position to secure more favorable cyber insurance coverage terms, limits and rates.

WHAT IS CYBER INSURANCE?Cyber insurance is a relatively new and still evolving form of coverage designed to address the emerging information-related risks facing today’s companies. These risks include breach of privacy, failed network security and media liability. Unlike more traditional forms of coverage, there are

no standard cyber insurance policy forms, provisions, definitions or exclusions.

First-party coverage under a cyber policy can be triggered by a variety of events that have become far too familiar to modern enterprises, including the malicious destruction of data, accidental damage to data, power surges, IT system failure, cyber extortion, viruses and malware. Typical first-party coverages include legal and forensic services to determine whether a breach occurred and, if it has, to assist with regulatory compliance, costs to notify affected employees and/or third parties, network and business interruption costs, damage to digital data, repair of the insured’s reputation and payment of ransom costs. Third-party coverage is available for legal defense costs, settlements, regulatory fines and damages incurred after a cyber incident.

Cyber insurance typically provides for the retention of an attorney—a “breach coach”—to coordinate the insured’s response to a cyber incident. An experienced coach can build an effective team of specialists—basically, a cyber swat team—and efficiently

guide the company through the forensic, regulatory, public relations and legal issues that arise from a security incident. Given the complexities of the various laws pertaining to data breach notification, as well as the increased focus paid by regulators, the media and the plaintiffs’ bar to data breaches, coverage for the retention of a skilled breach coach is perhaps the greatest benefit of cyber insurance. Relying on a coach who has “been there and done that,” who knows the law and regulations, and who has relationships and credibility with the relevant regulators and law enforcement officials can help an enterprise successfully emerge from a cyber incident and avoid potentially catastrophic financial and reputational damage.

WHAT DO CYBER INSURERS WANT TO KNOW ABOUT PROSPECTIVE INSUREDS?Although there are no standard cyber insurance applications, cyber insurers generally, and rightly, focus on a prospective insured’s Information Governance policies and practices in the application process in order to decide whether or not to offer coverage, in what amount and at what premium. Cyber insurers typically inquire into the following areas:

uThe volume and types of data (i.e., credit card data, banking records, protected health information) handled or maintained by the company;

uThe existence of written, attorney-approved and updated policies and procedures concerning the handling of information;

uThe company’s compliance with security standards and regulations, and the frequency of its internal assessments;

uAny existing network security programs, including the use of firewalls, antivirus software and network intrusion testing;

uWhether or not the company employs a chief information officer, chief privacy officer or chief technology officer;

6

Page 7: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

uThe company’s history of security incidents and breaches, including how long it took to detect any prior breach (particularly relevant if business interruption coverage is desired);

uWhether or not there have been prior threats to disable the company’s network or website;

uIf the prospective insured is aware of any facts or circumstances that reasonably could give rise to a claim under a prospective cyber policy;

uWhether or not another cyber insurer canceled or refused to renew a cyber policy;

uThe company’s security budget (is it part of the IT budget and, if so, what percentage?);

uThe company’s existing practices concerning data encryption, passwords, patching and system access control;

uThe company’s policies and practices around employee hiring, training and awareness programs and procedures at termination;

uThe physical security controls (e.g., access cards) utilized by the prospective insured;

uWhether or not the company conducts audits of third-party service providers;

uThe company’s practices with regard to vendor contracts and policies;

uWhether or not the company has and enforces policies governing mobile devices and social media; and

uThe prospective insured’s data backup procedures.

Many cyber insurance applications read like an Information Governance checklist and require companies to take a close look at how they’re managing their information assets throughout their entire lifecycle.

CONCLUSIONGood Information Governance policies and practices fit hand-in-glove with obtaining optimal cyber insurance coverage. Companies that get their information house in order and protect themselves with cyber insurance are in the best position to maximize the value of their data while mitigating their information-related risks.

Judy Selby is the Managing Director of Technology Advisory Services at BDO. She can be reached at [email protected].

CONTINUED FROM PAGE 6

DATA HOUSE FIRST PROPOSED STATE-ISSUED CYBERSECURITY RULES TO GOVERN NEW YORK DEPARTMENT OF FINANCIAL SERVICES-REGULATED ENTITIES

SUMMARYOn Sept. 13, New York Governor Andrew Cuomo issued proposed cybersecurity regulation for financial services entities regulated by the New York Department of Financial Services (NYDFS)—the first to impose cybersecurity requirements at the state or federal level, but likely not the last.

NYDFS regulates state-chartered institutions and foreign banks licensed to operate in New York, as well as all insurance companies that do business in the state.

The proposed rules are aimed at ensuring NYDFS-regulated entities safeguard consumer and other sensitive information by implementing policies and procedures for cyber risk and incident detection, response and recovery. Central to reinforcing these core functions are the proposed regulation’s requirements to establish a written cyber policy, designate a Chief Information Security Officer (CISO) to oversee and enforce adequate programs, address third-party risk and perform regular penetration tests and assessments.

DETAILSFinancial services—the third most-attacked industry in 2015—is no stranger to the cyber

threat. And it’s widely known that cyber incidents can cause significant financial and reputational harm to financial services institutions and insurance companies that house troves of sensitive consumer, transactional and other classified data. This regulation—if implemented—will be the first-in-the-nation mandate to require adherence to certain minimum cyber standards and hold organizations accountable for their role in the battle against cyber crime.

Specifically, the proposed requirements—now open for a 45-day comment period and subject to change before final issuance—mandate that NYDFS-regulated entities:

u Establish a cybersecurity program designed to ensure the confidentiality, integrity and availability of information systems that performs five core cybersecurity functions: identification of cyber risks, implementation of policies and procedures to protect unauthorized use or access, detection of cybersecurity events, responsiveness in the face of cybersecurity incidents, and restoration of normal operations and services following an attack.

uAdopt a written cyber policy that sets forth policies and procedures to protect information systems and nonpublic information that addresses, minimally:

7

Page 8: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

information security; data governance and classification; access controls and identity management; business continuity and discovery planning and resources; capacity and performance planning; systems operations and availability concerns; systems and network security, monitoring and quality assurance; physical security and environmental controls; customer data privacy; vendor and third-party service provider management; risk assessment; and incident response.

uDesignate a qualified CISO responsible for overseeing and implementing the institution’s cybersecurity program and enforcing its cybersecurity policy. The CISO will be required to report to the board at least biannually.

uImplement a formal third-party cyber risk management program by implementing policies and procedures that: identify and assess risk of third parties with access to information systems or nonpublic information; ensure compliance with minimum cybersecurity practice requirements; confirm strong due diligence processes are used to evaluate the adequacy of cybersecurity practices of third parties; and periodically assess (at least annually) third parties and the continued adequacy of their cyber practices.

Additional requirements outline rules for penetration testing and vulnerability assessments, transactions and log access privileges, employment and training of cybersecurity personnel, multi-factor authentication for individuals accessing internal systems, destruction of unnecessary nonpublic information and encryption of all nonpublic information held or transmitted.

The proposal—while requiring financial institutions and insurance companies to meet certain minimum standards—aims to provide enough flexibility to avoid constraining industry innovation, allowing firms to design their own programs based on their unique needs.

INSIGHTSGuidance from various regulators has existed for some time, but the mandatory

compliance of this proposed regulation, and the intended fast track to issuance, make it a game changer. Banks, insurers and other financial institutions—particularly those based in New York—are subject to increasing risk. If organizations do not prioritize cybersecurity, this risk could escalate into a national security and economic issue.

How the regulation evolves throughout the 45-day comment period remains to be seen, but BDO recommends that organizations operating under the NYDFS jurisdiction consider its potential impacts, including:

uBoard involvement: Given that the regulation requires CISOs to report to their boards biannually, and senior officers are mandated to sign off on and submit a compliance certificate, the rules force boards to get involved. And when cyber is embraced as a corporate priority at the highest level, the organization is better positioned in terms of readiness and resilience.

u Management of third-party vendors: A broad vendor base is common among financial institutions, and identifying and mitigating potential vulnerabilities throughout their extended networks is vital. The proposed regulation’s rigorous requirements mean that organizations will need to demonstrate diligence and proactive outreach to their vendors to ensure they, too, are prioritizing cyber.

uCompliance burdens: Some larger banks and insurers may already have cybersecurity measures in place that meet the minimum requirements set forth by this new regulation. However, smaller organizations may face a larger burden as they look to bring their programs and policies up to speed. It’s important to note that one of the requirements with the seemingly greatest financial burden—designating a CISO—can be fulfilled by hiring an external or “virtual” CISO.

u Disclosure: The 72-hour time frame to report a breach to the NYDFS would be the most aggressive reporting window of any state, significantly increasing the pressure on covered entities to be prepared and nimble. It’s in all cyber players’ best interest for notification standardization to ensure clarity around

steps organizations need to take in the event of a breach, as crisis without planning often leads to chaos and mismanagement.

u Regulators are targeting the financial services industry: Between the SEC’s OCIE Cybersecurity Examination Initiative, the FFIEC’s cyber-extortion guidance and enforcement action from the CFPB, the financial services industry has been in the crosshairs of regulators’ cyber efforts, though the level of scrutiny for small to mid-sized organizations as compared to larger banks has been relatively inconsistent. The NYDFS has called for more coordination and collaboration between state and federal agencies in regulating cybersecurity at financial institutions—widely viewed as critical to the United States’ national infrastructure and a top security priority. We may see industry regulators at the state and federal levels converge toward a consistent framework.

While the proposed regulation is limited to New York, we expect other state regulators and federal agencies will introduce similar requirements for financial institutions and other highly regulated industries. In our view, the rules codify existing best practices that all financial institutions should already be adhering to.

BDO works with insurers and financial institutions to develop a comprehensive, holistic approach to cybersecurity and compliance, taking a 360-degree view of information risk and opportunity.

You can also read up on BDO’s perspective on the NYDFS proposed regulation on Fortune.com, here.

For more information about how your organization can get ahead of the NYDFS proposed cybersecurity regulation, contact

Shahryar Shaghaghi, BDO Consulting Technology Advisory Services National Practice Leader and Head of International BDO Cybersecurity, at [email protected], orImran Makda, co-leader of BDO’s Insurance Industry Group, at [email protected].

CONTINUED FROM PAGE 7

CYBERSECURITY RULES

8

Page 9: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

As deal making has surged in recent years, so too has the private equity industry’s use of representations and warranties (R&W) insurance to mitigate M&A risk.

First introduced 20 years ago, R&W insurance adoption has skyrocketed in the last two years, as PE buyers and sellers seek to reduce their exposure to unforeseen liabilities. According to insurance provider IronShore, the number of R&W policies underwritten last year was almost double the volume of the year before.

A February 2016 AIG study found that one in seven transactions leads to a dispute after the deal has closed, due to issues such as inconsistencies in financial statements, undeclared tax liabilities, or problems with contracts or intellectual property. In the past, sellers would keep a portion—IronShore estimates up to 10%—of the proceeds from the sale in escrow for two years, to cover potential legal fees and payouts arising from such disputes.

Over the last two years, R&W policies have become regular features of M&A deals, enabling PE sellers to reduce the amount they have to hold back after a sale to around 1% or 2% (according to IronShore), and achieve cleaner exits. In the event of a claim, the insurance company essentially steps into the seller’s shoes, paying out any indemnification.

There are a number of reasons these policies have recently become popular, including the fact that premiums have declined over the last two years. An increase in the number of private company, midmarket and cross-border deals, where there are greater unknowns and fewer buyer protections, have also attributed to the growth in R&W insurance, according to the NYTimes DealBook blog.

Created to bridge indemnity valuation gaps that can cause deals to unravel, an R&W insurance policy can help get deals across the finish line if either party is hesitant about the potential risks, The Financial Post reports. In the current seller’s market, buyers are often required to provide coverage as part of the deal. Some offer it as a competitive advantage to gain the upper hand in contested auctions. Others use such policies to mitigate risks in cross-border transactions where differing norms and expectations could more easily lead to disagreements over representations and warranties.

However, some fear the rise in R&W insurance is leading buyers and sellers to perform less thorough due diligence ahead of deals and essentially toss the risk down the road to the insurance companies. If that is true, it could lead to more frequent and larger payouts becoming necessary. William D. Cohan, a former M&A banker and author, suggested in an article in the New York Times DealBook blog that there were similarities between PE’s current enthusiasm for R&W insurance and the broader financial markets’ eager adoption of mortgage-backed securities before the financial crisis. Whether this newly popular insurance type is leading to a bubble remains to be seen, but it should not be used as a replacement for robust due diligence and thorough pre-deal negotiations.

Sources: Dealogic, Financial Times, Law360, The Financial Post, IronShore, New York Times

PErspective in INSURANCEA FEATURE EXAMINING THE ROLE OF PRIVATE EQUITY IN THE INSURANCE INDUSTRY.

9

Page 10: MID-YEAR FINANCIAL UPDATE: P&C AND LIFE SECTORSmedia.hypersites.com/clients/1149/filemanager/... · 2016. 10. 31. · Institute expects the indexed annuity sales to exceed $60 billion

For more information on BDO USA’s service offerings to this industry, please contact one of the following regional practice leaders:

CONTACT:

CHRIS BARDPartner and Specialized Tax Services R&D Practice Leader310-557-7525 / [email protected]

RICHARD BERTUGLIAAssurance Partner / New York212-885-8342 / [email protected]

CARL BARKSONTax Managing Partner614-802-3482 / [email protected]

DOUG BEKKERTax Partner / Grand Rapids616-776-3685 / [email protected]

PHIL FORRETAssurance Partner / Dallas214-665-0769 / [email protected]

CARLA FREEMANAssurance Partner / Los Angeles310-557-8247 / [email protected]

BRENT HORAKAssurance Partner / Dallas214-665-0661 / [email protected]

TIMOTHY KOVELSr. Tax Director / New York631-927-1005 / [email protected]

ALBERT LOPEZPartner and Regional Business Line Leader / Miami305-420-8008 / [email protected]

IMRAN MAKDAAssurance Partner and Insurance Practice Leader / New York212-885-8461 / [email protected]

BARB WOLTJERAssurance Partner and Insurance Practice Leader / Grand Rapids616-802-3368 / [email protected]

OCTOBER

Oct. 23-25PCI 2016 Annual MeetingHilton AnatoleDallas

Oct. 24-25Women in Insurance Leadership ForumThe Westin Michigan Avenue ChicagoChicago

NOVEMBER

Nov. 9-1010th Annual SNL Insurance Brokerage SummitThe Willard IntercontinentalWashington, D.C.

Nov. 13-162016 CAS Annual MeetingLoews Royal Pacific ResortOrlando, Fla.

Nov. 15-16Insurance Nexus’ Insurance IoT USA SummitHilton Suites Magnificent MileChicago

Nov. 30-Dec. 1ACI’s 14th Advanced Forum on Cyber & Data Risk InsurancePark Central HotelSan Francisco

DECEMBER

Dec. 10-13NAIC Fall 2016 National MeetingFontainebleau MiamiMiami

Dec. 12-13 Business Insurance Women to Watch Awards & Leadership ConferenceGrand HyattNew York

MARK YOUR CALENDAR…

BDO INSURANCE PRACTICE

BDO’s Insurance practice understands the complexities of the industry and the implications for your business. Whether you’re looking to tap our extensive SEC experience in order to enter the public market, discuss the latest insurance accounting and reporting requirements from the NAIC, or comply with state regulatory agencies, BDO’s Insurance practice provides proactive guidance to our clients. We know that no two insurers are alike, and we tailor our services accordingly. We’re proud of our industry focus and experience, and our commitment to delivering the right team with relevant industry experience, both as we begin our relationship and for the long term.

ABOUT BDO

BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals. The firm serves clients through more than 60 offices and over 500 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multi-national clients through a global network of 1,408 offices in 154 countries.

BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. For more information please visit: www.bdo.com.

Material discussed is meant to provide general information and should not be acted on without professional advice tailored to your firm’s individual needs.

© 2016 BDO USA, LLP. All rights reserved.

10