Insurance Advisor Newsletter - Fall 2016

October 2016

Insurance-Advisor-Newsletter-Fall-2016_pic-x679.jpg

Download PDF Version


Table of Contents

 


Mid-Year Financial Update: P&C and Life Sectors

By Imran Makda

Following several years of positive results, the combination of macroeconomic trends, regulatory concerns and the low interest rate environment contributed to weaker results for the property and casualty (P&C) and life insurance sectors. In this article, we unpack the key financial results for the first half of 2016.


Property-Casualty

The P&C sector showed signs of weakness in the first half of 2016 largely due to lack of premium growth as well as worsening loss ratios. Year-over-year net income declined 29 percent to $22.6 billion during the first six months of this year, with an even sharper decline of 112 percent in underwriting income during the same time period. By the close of Q2 2016, the sector produced an underwriting loss of $0.5 billion compared to a gain of $4.4 billion at the end of Q2 2015.

As a result of continuing but sluggish economic expansion and the declining unemployment rate, direct written premiums continued to see moderate growth, with an increase of 3.4 percent year over year. Premium growth in personal lines showed strong results, while commercial lines showed softness in pricing. Commercial lines premiums grew at the slowest pace since 2010, increasing by an anemic 1.3 percent in 2016 compared to 4.5 percent for the same period in 2015. Commercial auto liability outpaced the overall commercial sector with direct written premiums climbing by 4.2 percent in the first half of 2016, due largely to price increases after a dismal performance by this subsector in late 2015.

Loss and loss adjustment expense (LAE) incurred for the P&C sector in the first six months of 2016 increased by $11.8 billion compared to the same period last year. The six-month loss ratio increased to 71.5 percent, compared to 69.3 percent for the same period in 2015. The uptick in loss ratio was a result of natural catastrophe and severe weather-related events in 2016, including hailstorms in Texas and flooding in Louisiana. According to Aon Benfield’s Impact Forecasting, the economic losses from these events will exceed $13 billion and insured losses incurred by the industry will exceed $7.5 billion. The 10-year trend of favorable prior year loss development continued in 2016, but at a lower level than previously seen. The favorable development in the first half of 2016 was $7.01 billion, down from $8.15 billion for the first six months of 2015. The expense ratio held steady at 27.9 percent, consistent with the previous five years. 

From a capital adequacy standpoint, P&C insurance providers saw an increase in overall loss reserves as of June 30, 2016, reaching $611.7 billion from $608.9 billion at the end of 2015. Capital and surplus increased by 0.2 percent to $689.1 billion for the first six months of 2016, from $687.3 billion at year-end 2015.

Overall, the P&C industry remains in a relatively strong position when comparing metrics to long-term historical averages. However, a report by S&P Global Market Intelligence predicts that 2016 could be a tough year for U.S. property and casualty insurers due to a variety of factors including lower premium growth, higher catastrophic losses, higher projected combined ratios and declining bond yields.

Below is an outline of financial results for the P&C industry for the first half of 2016 and 2015:
 
Balance Sheet (Amounts in billions) 12/31/2015 06/30/2016
Total Cash and Investments  $        1,529.6  $         1,540.2
Total Assets 1,807.5 1,833.5
Total Loss and LAE Reserves 608.8 611.7
Capital and Surplus 687.3 689.1
Income Statement (Amounts in billions)  YTD 06/30/2015  YTD 06/30/2016
Direct Premiums Written 291.8 301.6
Net Premiums Earned 249.6 258.5
Net Investment Income 23.9 23.0
Net Loss and LAE Incurred 173.0 184.8
Net Underwriting Gain (Loss) 4.4 (0.5)
Net Income  $            31.6  $              22.6
Source: SNL
 

Life Insurance

In the life insurance sector, net income for the first half of 2016 dropped significantly to $1.0 billion, compared to $24.4 billion in the first half of 2015. Total revenue grew by $83.6 billion, but the increase was offset by even higher increases in benefits, surrenders and policy reserves. 

Premiums and annuity considerations grew at a staggering rate of 24 percent in the first half of 2016 compared to the same period in 2015, fueled by strong growth in indexed and fixed annuity sales which increased by 67 percent and 32 percent, respectively, over the same time period. LIMRA Secure Retirement Institute expects the indexed annuity sales to exceed $60 billion by the end of the year. Variable annuities sales fell 22 percent in the first six months of 2016, dropping to their lowest levels since 1998. The low interest rate environment and DOL fiduciary rule concerns likely contributed to the decline. Life insurance premiums grew at a meager two percent annualized rate in the first half of 2016.

The increase in the top-line growth was wiped out by a corresponding increase in reserves and deposits, which grew by $89.5 billion or 2,046 percent in the first half of 2016 compared to the same period in 2015. Net income dropped by 96 percent to $1 billion, the lowest level since 2008. Return on average equity dropped to 0.56 percent during the first half of 2016 compared to low double digits for the past several years. Net yield on invested assets was fairly consistent compared to 2015 and was reported at 4.65 percent for 2016. Capital and surplus were up 1 percent and cash and invested assets were up 5 percent compared to year-end 2015.

As expected, due to the interest rate environment and regulatory uncertainty, the life insurance industry continued to underperform in 2016. The SNL U.S. Insurance L&H Index, which tracks the performance of all life and health insurance underwriters in SNL’s coverage universe, increased 1.15 percent as of Sept. 21, 2016.

Stagnant investment income and DOL fiduciary rule implementation is cited as the primary reason for lackluster stock market performance in this sector. The Federal Open Markets Committee’s recent decision to maintain the current federal funds rate will continue to maintain downward pressure on margins and spreads in the near term.

Below is an overview of financial results for the Life industry for the first half of 2016 and 2015:
 
Balance Sheet (Amounts in billions) 12/31/2015 06/30/2016
Total Cash and Investments  $         3,703.9  $        3,902.2
Total Assets 6,325.0 6,495.6
Total Policy Reserves 2,762.0 2,858.0
Capital and Surplus 367.2 369.5
Income Statement (Amounts in billions)  YTD 06/30/2015  YTD 06/30/2016
Premiums, Consideration & Deposits 252.3 312.1
Net Investment Income 85.1 88.4
Net Realized Capital Gains (Losses) 0.8 (4.3)
Benefits & Surrenders 266.0 260.7
Increase in Reserves and Deposits 4.4 93.9
G & A and Commission Expenses 54.9 63.8
Net Income  $             24.4  $               1.0
Source: SNL
 
Imran Makda is a partner and national leader in BDO’s Insurance practice. He can be reached at imakda@bdo.com.
 


NAIC 2016 Summer Meeting Top Takeaways

By Richard Bertuglia

The National Association of Insurance Commissioners (NAIC) 2016 Summer meeting was held in late August in San Diego. Various task forces continued deliberations over regulatory actions that could significantly impact the financial reporting, capital and compliance requirements for insurance companies.

While the topics discussed covered a variety of areas, here are our top takeaways from the meeting:


Federal Government Makes Move to Promote Cybersecurity Insurance

The Cybersecurity (EX) Task Force received an update on federal cybersecurity-related legislation, including news that the White House established a Commission for Enhancing National Cybersecurity, which has issued a request for intelligence to inform its recommendations to President Obama on how to strengthen cybersecurity in both the public and private sectors. During this meeting, the Task Force also received an update on the Data Breach Insurance Act, which was introduced in mid-September. If passed, the bill would amend the Internal Revenue Code to incentivize businesses to purchase data breach/cyber liability insurance by providing a 15 percent tax credit to those who purchase coverage and adopt certain digital defense practices.

In addition, the Task Force received preliminary comments on the updated draft of the Insurance Data Security Model. While the general consensus is that the updated model provides improvements, many interested parties still have concerns with the lack of uniformity across states, as well as implementation issues in the event of a data breach.


Regulating Big Data

The use of Big Data by insurers and regulators continues to be a hot topic. The Big Data (D) Working Group is still in an information gathering mode, with no anticipated timeline for any exposed regulatory actions. Areas of focus in 2017 might include the following: a) review of the regulatory framework used to review insurers’ use of complex data for pricing; b) regulatory resources and the coordination of these resources to monitor insurers’ use of complex rating models; c) regulator data needs and opportunities for more granular data collection; and d) transparency and consumer education regarding insurers’ use of data in rate development, risk segmentation and claim settlement.


Statutory Accounting Updates Abound

The following is a summary of the significant adopted and exposed substantive and non-substantive revisions to NAIC Statutory Accounting Practices and Procedures (SSAP).

Substantive Revisions:

Change in Valuation Basis for Life Contracts


These substantive revisions to SSAP No. 51-Life Contracts provide guidance on how to determine the change in valuation basis under Principle-Based Reserving (PBR). A change in valuation basis for PBR shall include cases where the required reserve methodology has changed or the insurer makes a voluntary decision to choose one allowable reserving method over another.   Any increase or decrease in actuarial reserves resulting from a change in valuation basis shall be recorded directly to surplus (under a changes to surplus in the change in valuation basis annual statement line), rather than as a part of the reserve change recognized in the summary of operations. The new guidance specifies that reserve changes resulting from the application of PBR methodology including, but not limited to, updating assumptions based on experience, and having the reported reserve transition between net premium reserve, deterministic reserve or stochastic reserve, as required under existing guidance, shall not be considered a change in valuation basis. 

Non-substantive Revisions:

Clarification of Accounting Treatment for Fees Incurred for Salvage/Subrogation Recoveries


Revisions to SSAP No. 55-Unpaid Claims, Losses and Loss Adjustment Expenses specify that expenses incurred to collect subrogation and salvage recoveries shall be netted with collections with the net recoveries reported as a reduction to paid claims. In an addition estimated salvage and subrogation recoveries shall be reported net of associated expenses and reported as a deduction from the liability for unpaid claims or losses. Prior to the revisions, there was diversity in reporting of fees incurred for salvage and subrogation recoveries depending on whether fees were paid to a third-party vendor or incurred internally by utilizing in-house resources.

Clarification of Permitted Practice Disclosure

Revisions were made to SSAP No. 1-Accounting Policies, Risks & Uncertainties, and Other Disclosures to clarify the disclosure presentation for permitted and prescribed practices, as well as clarify that the disclosure shall include practices that result in different statutory accounting reporting (such as gross or net) presentations that differ from the AP&P Manual. In addition, a footnote example was added to illustrate how reporting entities shall complete the permitted practice disclosure.

“Swaptions”

SSAP No. 86-Derivatives was revised to provide information on “Swaptions,” a term commonly used to describe options on interest rate swaps. Swaptions are contracts granting the owner the right, but not the obligation, to enter into an underlying swap. A swaption hedges the buyer against downside risk, and also lets the buyer take advantage of any upside benefits. Essentially, it gives the buyer the benefit of the agreed-upon rate if it is more favorable than the current market rate, with the flexibility of being able to enter into the current market swap rate if it is preferable. Conversely, the issuer of swaptions assumes the downside risk, but benefits from the amount paid regardless if the option is exercised by the buyer and the swap is entered into.


Looking Ahead

Ongoing regulatory developments, including those discussed above, will certainly result in future challenges for insurers trying to cope with technology changes and the increasing cost of compliance. We predict that areas including cybersecurity, big data and accounting standards changes will all continue to play a role in the industry.  As notable developments roll in, we’ll be watching and reporting our insights here through BDO’s Insurance Advisor.

For more information, please contact Richard Bertuglia, Partner, at 212-885-8342 or rbertuglia@bdo.com.
 

FTS_Infographic_Phishing_IA_x679.jpg
 


Is Your Data House in Order? Insurers Need to Know

By Judy Selby

As the number and variety of cyber attacks and data breaches continue to escalate, cyber insurance uptake rates also are increasing. Fearful of cyber incidents caused by negligent or non-compliant employees and hackers, ransomware attacks and social engineering scams, more and more companies are looking to transfer some of their cyber risks to insurers. That, no doubt, is a positive development, but companies that also take steps to better manage their information assets not only improve their cyber risk profile, they also put themselves in better position to secure more favorable cyber insurance coverage terms, limits and rates.


What is Cyber Insurance?

Cyber insurance is a relatively new and still evolving form of coverage designed to address the emerging information-related risks facing today’s companies. These risks include breach of privacy, failed network security and media liability. Unlike more traditional forms of coverage, there are no standard cyber insurance policy forms, provisions, definitions or exclusions. 

First-party coverage under a cyber policy can be triggered by a variety of events that have become far too familiar to modern enterprises, including the malicious destruction of data, accidental damage to data, power surges, IT system failure, cyber extortion, viruses and malware. Typical first-party coverages include legal and forensic services to determine whether a breach occurred and, if it has, to assist with regulatory compliance, costs to notify affected employees and/or third parties, network and business interruption costs, damage to digital data, repair of the insured’s reputation and payment of ransom costs. Third-party coverage is available for legal defense costs, settlements, regulatory fines and damages incurred after a cyber incident.

Cyber insurance typically provides for the retention of an attorney—a “breach coach”—to coordinate the insured’s response to a cyber incident. An experienced coach can build an effective team of specialists—basically, a cyber swat team—and efficiently guide the company through the forensic, regulatory, public relations and legal issues that arise from a security incident. Given the complexities of the various laws pertaining to data breach notification, as well as the increased focus paid by regulators, the media and the plaintiffs’ bar to data breaches, coverage for the retention of a skilled breach coach is perhaps the greatest benefit of cyber insurance. Relying on a coach who has “been there and done that,” who knows the law and regulations, and who has relationships and credibility with the relevant regulators and law enforcement officials can help an enterprise successfully emerge from a cyber incident and avoid potentially catastrophic financial and reputational damage.


What Do Cyber Insurers Want to Know About Prospective Insureds?

Although there are no standard cyber insurance applications, cyber insurers generally, and rightly, focus on a prospective insured’s Information Governance policies and practices in the application process in order to decide whether or not to offer coverage, in what amount and at what premium. Cyber insurers typically inquire into the following areas:
  • The volume and types of data (i.e., credit card data, banking records, protected health information) handled or maintained by the company;
  • The existence of written, attorney-approved and updated policies and procedures concerning the handling of information;
  • The company’s compliance with security standards and regulations, and the frequency of its internal assessments;
  • Any existing network security programs, including the use of firewalls, antivirus software and network intrusion testing;
  • Whether or not the company employs a chief information officer, chief privacy officer or chief technology officer;
  • The company’s history of security incidents and breaches, including how long it took to detect any prior breach (particularly relevant if business interruption coverage is desired);
  • Whether or not there have been prior threats to disable the company’s network or website;
  • If the prospective insured is aware of any facts or circumstances that reasonably could give rise to a claim under a prospective cyber policy;
  • Whether or not another cyber insurer canceled or refused to renew a cyber policy;
  • The company’s security budget (is it part of the IT budget and, if so, what percentage?);
  • The company’s existing practices concerning data encryption, passwords, patching and system access control;
  • The company’s policies and practices around employee hiring, training and awareness programs and procedures at termination;
  • The physical security controls (e.g., access cards) utilized by the prospective insured;
  • Whether or not the company conducts audits of third-party service providers;
  • The company’s practices with regard to vendor contracts and policies;
  • Whether or not the company has and enforces policies governing mobile devices and social media; and
  • The prospective insured’s data backup procedures.

Many cyber insurance applications read like an Information Governance checklist and require companies to take a close look at how they’re managing their information assets throughout their entire lifecycle.  


Conclusion

Good Information Governance policies and practices fit hand-in-glove with obtaining optimal cyber insurance coverage. Companies that get their information house in order and protect themselves with cyber insurance are in the best position to maximize the value of their data while mitigating their information-related risks.

Judy Selby is the Managing Director of Technology Advisory Services at BDO. She can be reached at jselby@bdo.com.
 


First Proposed State-Issued Cybersecurity Rules to Govern New York Department of Financial Services-Regulated Entities


Summary

On Sept. 13, New York Governor Andrew Cuomo issued proposed cybersecurity regulation for financial services entities regulated by the New York Department of Financial Services (NYDFS)—the first to impose cybersecurity requirements at the state or federal level, but likely not the last.

NYDFS regulates state-chartered institutions and foreign banks licensed to operate in New York, as well as all insurance companies that do business in the state.
The proposed rules are aimed at ensuring NYDFS-regulated entities safeguard consumer and other sensitive information by implementing policies and procedures for cyber risk and incident detection, response and recovery. Central to reinforcing these core functions are the proposed regulation’s requirements to establish a written cyber policy, designate a Chief Information Security Officer (CISO) to oversee and enforce adequate programs, address third-party risk and perform regular penetration tests and assessments.


Details

Financial services—the third most-attacked industry in 2015—is no stranger to the cyber threat. And it’s widely known that cyber incidents can cause significant financial and reputational harm to financial services institutions and insurance companies that house troves of sensitive consumer, transactional and other classified data. This regulation—if implemented—will be the first-in-the-nation mandate to require adherence to certain minimum cyber standards and hold organizations accountable for their role in the battle against cyber crime.

Specifically, the proposed requirements—now open for a 45-day comment period and subject to change before final issuance—mandate that NYDFS-regulated entities:
  • Establish a cybersecurity program designed to ensure the confidentiality, integrity and availability of information systems that performs five core cybersecurity functions: identification of cyber risks, implementation of policies and procedures to protect unauthorized use or access, detection of cybersecurity events, responsiveness in the face of cybersecurity incidents, and restoration of normal operations and services following an attack.
  • Adopt a written cyber policy that sets forth policies and procedures to protect information systems and nonpublic information that addresses, minimally: information security; data governance and classification; access controls and identity management; business continuity and discovery planning and resources; capacity and performance planning; systems operations and availability concerns; systems and network security, monitoring and quality assurance; physical security and environmental controls; customer data privacy; vendor and third-party service provider management; risk assessment; and incident response.
  • Designate a qualified CISO responsible for overseeing and implementing the institution’s cybersecurity program and enforcing its cybersecurity policy. The CISO will be required to report to the board at least biannually.
  • Implement a formal third-party cyber risk management program by implementing policies and procedures that: identify and assess risk of third parties with access to information systems or nonpublic information; ensure compliance with minimum cybersecurity practice requirements; confirm strong due diligence processes are used to evaluate the adequacy of cybersecurity practices of third parties; and periodically assess (at least annually) third parties and the continued adequacy of their cyber practices.

Additional requirements outline rules for penetration testing and vulnerability assessments, transactions and log access privileges, employment and training of cybersecurity personnel, multi-factor authentication for individuals accessing internal systems, destruction of unnecessary nonpublic information and encryption of all nonpublic information held or transmitted.

The proposal—while requiring financial institutions and insurance companies to meet certain minimum standards—aims to provide enough flexibility to avoid constraining industry innovation, allowing firms to design their own programs based on their unique needs.


Insights

Guidance from various regulators has existed for some time, but the mandatory compliance of this proposed regulation, and the intended fast track to issuance, make it a game changer. Banks, insurers and other financial institutions—particularly those based in New York—are subject to increasing risk. If organizations do not prioritize cybersecurity, this risk could escalate into a national security and economic issue.

How the regulation evolves throughout the 45-day comment period remains to be seen, but BDO recommends that organizations operating under the NYDFS jurisdiction consider its potential impacts, including:
  • Board involvement: Given that the regulation requires CISOs to report to their boards biannually, and senior officers are mandated to sign off on and submit a compliance certificate, the rules force boards to get involved. And when cyber is embraced as a corporate priority at the highest level, the organization is better positioned in terms of readiness and resilience. 
  • Management of third-party vendors: A broad vendor base is common among financial institutions, and identifying and mitigating potential vulnerabilities throughout their extended networks is vital. The proposed regulation’s rigorous requirements mean that organizations will need to demonstrate diligence and proactive outreach to their vendors to ensure they, too, are prioritizing cyber.
  • Compliance burdens: Some larger banks and insurers may already have cybersecurity measures in place that meet the minimum requirements set forth by this new regulation. However, smaller organizations may face a larger burden as they look to bring their programs and policies up to speed. It’s important to note that one of the requirements with the seemingly greatest financial burden—designating a CISO—can be fulfilled by hiring an external  or “virtual” CISO.
  • Disclosure: The 72-hour time frame to report a breach to the NYDFS would be the most aggressive reporting window of any state, significantly increasing the pressure on covered entities to be prepared and nimble. It’s in all cyber players’ best interest for notification standardization to ensure clarity around steps organizations need to take in the event of a breach, as crisis without planning often leads to chaos and mismanagement.
  • Regulators are targeting the financial services industry: Between the SEC’s OCIE Cybersecurity Examination Initiative, the FFIEC’s cyber-extortion guidance and enforcement action from the CFPB, the financial services industry has been in the crosshairs of regulators’ cyber efforts, though the level of scrutiny for small to mid-sized organizations as compared to larger banks has been relatively inconsistent. The NYDFS has called for more coordination and collaboration between state and federal agencies in regulating cybersecurity at financial institutions—widely viewed as critical to the United States’ national infrastructure and a top security priority. We may see industry regulators at the state and federal levels converge toward a consistent framework. 

While the proposed regulation is limited to New York, we expect other state regulators and federal agencies will introduce similar requirements for financial institutions and other highly regulated industries. In our view, the rules codify existing best practices that all financial institutions should already be adhering to.

BDO works with insurers and financial institutions to develop a comprehensive, holistic approach to cybersecurity and compliance, taking a 360-degree view of information risk and opportunity.

You can also read up on BDO’s perspective on the NYDFS proposed regulation on Fortune.com, here.

For more information about how your organization can get ahead of the NYDFS proposed cybersecurity regulation, contact Shahryar Shaghaghi, BDO Consulting Technology Advisory Services National Practice Leader and Head of International BDO Cybersecurity, at sshaghaghi@bdo.com, or Imran Makda, co-leader of BDO’s Insurance Industry Group, at imakda@bdo.com.
 


PErspective in Insurance

As deal making has surged in recent years, so too has the private equity industry’s use of representations and warranties (R&W) insurance to mitigate M&A risk. First introduced 20 years ago, R&W insurance adoption has skyrocketed in the last two years, as PE buyers and sellers seek to reduce their exposure to unforeseen liabilities. According to insurance provider IronShore, the number of R&W policies underwritten last year was almost double the volume of the year before.

A February 2016 AIG study found that one in seven transactions leads to a dispute after the deal has closed, due to issues such as inconsistencies in financial statements, undeclared tax liabilities, or problems with contracts or intellectual property. In the past, sellers would keep a portion—IronShore estimates up to 10%—of the proceeds from the sale in escrow for two years, to cover potential legal fees and payouts arising from such disputes.

Over the last two years, R&W policies have become regular features of M&A deals, enabling PE sellers to reduce the amount they have to hold back after a sale to around 1% or 2% (according to IronShore), and achieve cleaner exits. In the event of a claim, the insurance company essentially steps into the seller’s shoes, paying out any indemnification.

There are a number of reasons these policies have recently become popular, including the fact that premiums have declined over the last two years. An increase in the number of private company, midmarket and cross-border deals, where there are greater unknowns and fewer buyer protections, have also attributed to the growth in R&W insurance, according to the NYTimes DealBook blog.

Created to bridge indemnity valuation gaps that can cause deals to unravel, an R&W insurance policy can help get deals across the finish line if either party is hesitant about the potential risks, The Financial Post reports. In the current seller’s market, buyers are often required to provide coverage as part of the deal. Some offer it as a competitive advantage to gain the upper hand in contested auctions. Others use such policies to mitigate risks in cross-border transactions where differing norms and expectations could more easily lead to disagreements over representations and warranties.

However, some fear the rise in R&W insurance is leading buyers and sellers to perform less thorough due diligence ahead of deals and essentially toss the risk down the road to the insurance companies. If that is true, it could lead to more frequent and larger payouts becoming necessary. William D. Cohan, a former M&A banker and author, suggested in an article in the New York Times DealBook blog that there were similarities between PE’s current enthusiasm for R&W insurance and the broader financial markets’ eager adoption of mortgage-backed securities before the financial crisis. Whether this newly popular insurance type is leading to a bubble remains to be seen, but it should not be used as a replacement for robust due diligence and thorough pre-deal negotiations.

Sources: Dealogic, Financial Times, Law360, The Financial Post, IronShore, New York Times
 

For more information on BDO USA’s service offerings to this industry, please contact one of the following regional practice leaders:
 
Chris Bard
Los Angeles
  Brent Horak
Dallas

 
Richard Bertuglia
New York
  Timothy Kovel
New York

 
Carl Barkson
Grand Rapids
  Albert Lopez
Miami

 
Doug Bekker
Grand Rapids
  Imran Makda
New York

 
Phil Forret 
Dallas
  Barb Woltjer
Grand Rapids

 
Carla Freeman
Los Angeles