Download the PDF Version
Table of Contents
Cybersecurity Measures Intensify for the Insurance Industry
Principles-based Reserving - Are We There Yet?
Narrowing Networks Doesn't Mean Limiting Care
Did you know...
PErspective in Insurance
Cybersecurity Measures Intensify for the Insurance Industry
By John Green
Cybersecurity has become one of the top priorities for insurance regulators in the wake of several reported security breaches at large companies, including Anthem Health Insurance.
Outgoing New York Department of Financial Services Superintendent (NYDFS) Benjamin Lawsky has been the leading regulatory advocate on cyber issues both in New York state and nationally. His efforts and the efforts of other regulators will likely require all insurance companies (life, health and P&C) to take additional actions in regard to cyber threats in the near future.
Some of the regulatory initiatives that have recently been published include: A February 2015 cybersecurity survey report by NYDFS polling 43 insurance entities; new targeted cybersecurity assessments for insurance companies that will be conducted as part of the examination process by NYDFS, also announced in February; and the April publication of 12 guiding cybersecurity principles by the NAIC.
Some of the issues that the NYDFS-targeted cybersecurity examinations will address include:
- corporate governance, including organizational and reporting structures for cybersecurity-related issues;
- overall management including policies and procedures and risk assessment;
- identification of risks;
- protections against intrusions including multi-factor or adaptive authentication;
- incident detection and response process;
- management of third-party service providers.
The NYDFS has further stated that it may require insurance companies to install multiple levels of authentication for system access or require the use of encrypted devices for remote access. Like many other industries, the insurance industry has developed mobile technologies to allow policyholders and claimants to access their files on mobile devices. It remains to be seen how the proposed increased security measures on system access will impact mobile applications.
Another proposal would require certain representations and warranties from third-party vendors. While the specifics of the representations and warranties have not been published, essentially, third-party vendors that service the industry would have to adopt security measures in their own systems to prevent the possibility that an insurance company’s system is breached via access through a third party’s system. The insurance industry has already invested heavily in technology and systems to manage operations, but additional spending will be necessary to address cybersecurity threats. While some of the proposed requirements may seem a bit onerous, the upfront investment can pay long-term dividends by mitigating the cost and reputational risk associated with a data breach. By way of example, while no Anthem policyholder has reported any incidents of identity theft or other fraudulent activity as of March 2015, the firm’s actions to respond to the breach required a significant cost.
The regulatory proposals regarding cybersecurity are not a panacea. There will likely be more security breaches in the industry; these initiatives are designed to make it a little harder for the cyber criminals to ply their trade.
For more information, please contact John Green at email@example.com.
By Corwin Zass
Principles-Based Reserving – Are We There Yet?
A huge paradigm shift for statutory and tax reserving is finally inching closer to a reality (albeit only for new sales) for U.S. domiciled non-P&C insurers underwriting life, annuity and certain health products.
Principles-based reserving, also known as PBA (approach) or PBR (reserves), is designed to put out to pasture the formulaic reserve methods and assumptions that were set close to a century ago.
Why the Change?
The duct-taped adjustments made to stringent formula reserves were less than ideal for the more complex products introduced in the insurance world in recent years. In addition, the conservatism of statutory reserving was serving to add extra costs to the consumers. State insurance commissioners were loath to give insurers carte blanche latitude to reduce reserves to levels that threatened the industry’s impressive track record of few insolvencies. Instead, regulators needed to figure out a way to give insurers some rope but not enough to hurt themselves.
The PBR process offers a way for regulators to test the waters by trusting insurers to set statutory liabilities. The responsibility rests heavily on the shoulders of the appointed actuary to set the assumptions that are used in these reserve calculations, instead of having the specific mortality, morbidity and valuation interest rate assumptions. The usual suspects will continue to police the process, including the auditor who will need to assess many assumptions that are best described as those based on “professional (actuary) judgment.”
Doing the Math
One of the main advantages of using a more experience-based set of assumptions under the PBR approach is enabling each company to use its specific circumstances to develop a bespoke reserve. However, the diversity of size and product offerings in the insurance industry creates concerns about credibility or the ability to identify trends in experience-based assumptions that are grounded in fewer actual observations. For some smaller carriers, the analogy is akin to a “connect-the-dots” picture that young children complete. The more dots that are joined together, the clearer the actual image becomes. Smaller carriers needed industry guidance in setting assumptions that do not put them at an unfair advantage to the large insurers.
To provide improved clarity, the insurance community and regulators, aided by the actuarial profession, crafted the Valuation Manual (VM), a quasi-cookbook laying the groundwork for the methods and assumptions that could be used industrywide. This VM has many chapters, as seen in the table below.
Setting the Wheels in Motion
PBR isn’t law just yet. In 2009, the NAIC adopted a revised Model Standard Valuation Law, which authorizes PBR, along with a VM that sets forth the minimum reserve and related requirements for certain products under PBR. The NAIC adopted the VM in 2012, although PBR will not be implemented until the revised Model Standard Valuation Law (SVL) is adopted by 42 states and state adoption reflects 75 percent of total life insurance premiums written in the United States. During the 2014 Fall NAIC Meeting, the Principle-Based Reserving Implementation (EX) Task Force received an update on state implementation of PBR legislation. As of April 15, 2015, 26 states representing more than 40 percent of U.S. direct written premiums, have adopted new Standard Valuation Laws that would allow life insurers to start using PBR. Twelve additional states have introduced legislation in 2015 to change their SVLs.
The VM is a living document that the NAIC’s Life Actuarial Task Force (LATF) has responsibility for completing. Various amendment proposals were evaluated during the first quarter of this year around the treatment of due premiums and pre-tax IMR.
Smaller insurers are voicing concerns that the more complex methods under PBR serve no value to the organization and add a layer of unnecessary expense. The products that worked well under the formulaic reserving mechanism are largely the major products being offered by smaller carriers today. Therefore, those carriers not offering less traditional products shouted for relief. The NAIC’s Life Insurance and Annuities (A) Committee responded by adopting the VM-20 small company exemption, subsequently followed by some disagreement on the issue. The jury is still out on whether smaller companies will see relief.
The actual mechanics of PBR will require a substantial upgrade to valuation software unless a company decides that an outsourcing approach is the better solution by partnering with an actuarial firm with a compliant platform and expertise. Currently, only newly issued policies sold after the operative date must comply with this complex set of PBR rules. All the other convoluted and Band-Aid statutory (and tax) rules must be followed for all the existing policies on the books. It will be many years before PBR comprises a large share of the total reserves for the vast majority of insurers. I can guarantee that in 120 years or so, the life insurance industry will finally rid itself of the formulas that predate my grandparents.
This article’s views and comments are those of Corwin (Cory) Zass, Principal & Consulting Actuary, and Brian Forman, Senior Life Actuary, ARM.
Learn more by contacting the BDO Alliance USA actuarial firm, Actuarial Risk Management, at firstname.lastname@example.org.
By Steven Shill, CPA and William Bithoney, M.D., FAAP, The BDO Center for Healthcare Excellence and Innovation
Narrowing Networks Doesn’t Mean Limiting Care
Fewer options, lower quality of care delivery and dissatisfaction from consumers and providers alike are becoming all-too-familiar concepts for health insurers when talking about narrowing networks.
But it doesn’t have to be this way. In fact, a study published in the health policy journal “Health Affairs"
analyzed Covered California, the state’s exchange, and discovered that the care provided in these particular narrow networks was comparable, if not better, in some cases, than the care non-Covered California consumers were receiving.
“Narrow networks” comprise healthcare providers that meet predetermined cost and quality measures, to the exclusion of providers that do not.
To replicate the Covered California findings, health insurers would be wise to conduct a three-phased approach to proactively selecting the right mix of providers.
Phase One: Discovery
Emphasizing strategic priorities that include both short- and long-term milestones, as well as key metrics and data sets, can help achieve this goal. First, determine which clinical management activities are of the greatest importance for a primary care provider, hospital, skilled nursing facility, etc., and consider, too, that these metrics should be highly scalable from an individual physician to an entire enterprise. As a next step, conduct a data assessment to identify target provider populations, covering both high and low performing physicians to compare and contrast successful and failing programs. This process not only sheds light on where deficiencies exist, but also uncovers room for opportunity. A deeper dive into the market dynamics of the populations served, care pathways and referral patterns, as well as compensation models, will also be beneficial in assessing what’s needed.
Phase Two: Development
Findings from the first phase will help build an infrastructure to engage providers, which is a vital next step in the selection process. Develop a strategic plan that covers the creation and implementation of training and education programs, future service needs, resource allocation, investment requirements, data sharing and infrastructure changes (e.g., development of electronic health record capacity to track patients across the care continuum). This approach serves as an important component to ensuring the proper combination of providers is included to best suit the covered populations.
Phase Three: Implementation
As an insurer moves through phases one and two, there will likely be areas where it can simply build upon and leverage existing practices, thus implementing the aforementioned approaches along the way. For those instances when it’s necessary to assemble new processes, consider digging deep into those findings and engaging firms with experience that is supported by regulatory, clinical, data analytics and financial knowledge. This can aid in the ultimate realization of an all-encompassing “narrrow” network.
This feature column is from The BDO Center for Healthcare Excellence & Innovation. You can find additional thought leadership from The Center by visiting the BDO Knows Healthcare Blog
Steven Shill, CPA is Partner and National Leader of The BDO Center for Healthcare Excellence & Innovation. He can be reached at email@example.com.
Dr. William “Bill” Bithoney is a Managing Director with BDO Consulting and Chief Physician Executive for The BDO Center for Healthcare Excellence & Innovation, where he co-leads clinical strategy. He can be reached at firstname.lastname@example.org.
Did you know...
Insurance costs and potential losses due to uninsured liabilities remain a significant risk factor for public companies, ranking #8 among REITs and #12 among oil and gas companies, according to the latest BDO RiskFactor Reports
U.S. NOAA’s Climate Prediction Center
is forecasting a 70 percent chance of a below-normal hurricane season this year, with activity suppressed largely by El Niño.
Companies are four times more likely to buy insurance on physical assets than to buy cyberinsurance, according to the 2015 Global Cyber Impact Report from Ponemon Institute
There were 359 insurance M&A announcements in the second half of 2014, up from 295 in the first half of the year, with positive momentum lingering in 2015, according to the latest Swiss Re sigma
research found that private insurance-linked securities funds have outperformed pure catastrophe bond funds for 12 consecutive months, as reported in early May.
PErspective in Insurance is a feature examining the role of private equity in the insurance industry.
PErspective in Insurance
Deal making in the insurance industry is on the rise again after being relatively subdued since the global financial crisis. M&A activity in recent months has ticked upward and the pipeline of future deals has grown, according to a recent Swiss Re sigma report, “M&A in Insurance: Start of a New Wave?” There were 359 M&A announcements in the second half of 2014 compared with 295 in the first half, and this momentum continued into 2015.
For more information on BDO USA’s service offerings to this industry, please contact one of the following regional practice leaders: