oversight

Year 2000: State Insurance Regulators Face Challenges in Determining Industry Readiness

Published by the Government Accountability Office on 1999-04-30.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                United States General Accounting Office

GAO             Report to the Ranking Minority Member,
                Committee on Commerce, House of
                Representatives


April 1999
                YEAR 2000
                State Insurance
                Regulators Face
                Challenges in
                Determining Industry
                Readiness




GAO/GGD-99-87
GAO                United States
                   General Accounting Office
                   Washington, D.C. 20548

                   General Government Division



                   B-281368

                   April 30, 1999

                   The Honorable John D. Dingell
                   Ranking Minority Member
                   Committee on Commerce
                   House of Representatives

                   Dear Mr. Dingell:

                   This report responds to your request that we study the readiness of the
                   insurance industry to meet the Year 2000 date change. Our objectives were
                   to determine (1) what state regulators were doing to oversee the Year 2000
                   readiness of the insurance industry, (2) how the regulatory oversight of the
                   insurance industry’s Year 2000 readiness compared with the oversight of
                                                         1
                   the banking and securities industries, (3) the current status of the
                   insurance industry’s Year 2000 readiness, and (4) the nature and extent of
                   Year 2000 liability exposures that insurers face and the mitigation efforts
                   taken to address such exposures.

                   The 17 state insurance regulators we visited differed in their approach and
Results in Brief   level of oversight activity directed to the insurance industry’s Year 2000
                   readiness. These state regulators also differed in how they assessed and
                   ranked insurance companies in terms of Year 2000 readiness. Such
                   variations raise a question about the extent to which states can rely on one
                   another’s judgments regarding the preparedness of nondomiciled
                                                                           2
                   insurance companies doing business in their states. This question is
                   especially applicable to those states where the level of Year 2000 oversight
                   is relatively limited or the criteria for assessing readiness may be
                   considered lax. Variations in oversight approaches among state regulators
                   also made it difficult to ascertain the overall status of the insurance
                   industry’s Year 2000 readiness.

                   Regulatory oversight of the insurance industry’s Year 2000 readiness began
                   later than the oversight of the banking and securities industries. In general,
                   the state insurance regulators we visited were less active in their efforts to
                   1
                    Preliminary observations comparing the Year 2000 oversight of the banking, securities, and insurance
                   industries were first reported in a statement for the record, Insurance Industry: Regulators Are Less
                   Active in Encouraging and Validating Year 2000 Preparedness (GAO/T-GGD-99-56, Mar. 11, 1999).
                   2
                   Although an insurer can be licensed and conduct business in multiple states, the regulator in the state
                   where the insurer is chartered is its primary regulator. The chartering state is referred to as the state of
                   domicile. Other states where insurers are licensed (but not chartered) generally rely on the supervisory
                   oversight of the company’s primary regulator.




                   Page 1                               GAO/GGD-99-87 State Insurance Regulators Face Challenges
             B-281368




             promote Year 2000 readiness and efforts to validate information on the
             status of companies’ readiness. They were also less active in planning for
             and pursuing formal enforcement actions against companies identified as
             inadequately preparing for 2000 and at a high risk of not being ready for
             the millenium change. In addition, the National Association of Insurance
             Commissioners (NAIC), which is a key facilitator of states’ oversight
             efforts, was generally late in providing information and guidance to state
             regulators about the appropriate Year 2000 regulatory activities to
             undertake.

             Regulatory information on the Year 2000 readiness of the nation’s
             insurance industry, consisting primarily of self-reported information
             obtained through surveys, does not provide the necessary information to
             judge whether the industry will be ready for 2000. Nonetheless, insurance
             regulators and also other observers we contacted generally have a
             favorable view of the industry’s Year 2000 readiness. These regulators and
             industry observers expressed confidence that companies were actively
             preparing for the Year 2000 date change because of competitive pressures
             and the business need to process date-sensitive information before 2000
             (e.g., calculating annuity payments extending beyond 2000).

             The magnitude of insurers’ Year 2000-related liability exposures cannot be
             estimated at this time, and the effectiveness of efforts to mitigate these
             exposures remains uncertain. While not yet estimable, costs associated
             with Year 2000-related exposures could be substantial for some property-
             casualty insurers, particularly those concentrated in commercial market
             sectors, due to potential claims and legal defense costs. Despite efforts to
             mitigate potential exposures, the Year 2000-related costs that may be
             incurred by insurers will remain uncertain until key legal issues and
             actions on pending legislative initiatives are resolved.

             The insurance industry, with policy reserves of approximately $2.5 trillion,
Background   is an important component of the financial system. These reserves are held
             in trust for policyholders, much like bank deposits are held for depositors.
             While there are important similarities between insurance companies and
             other financial intermediaries, there are important differences as well. One
             difference is that policy reserves are paid out when policyholders
             experience an insured loss. Thus, policyholders may get back more or less
             than they paid the insurance company. This is unlike a bank deposit,
             where bank depositors can expect to get their deposits, plus interest. A
             similarity between insurance companies and banks is that both use the
             money they receive to purchase income-earning assets until the money is
             needed. Furthermore, like banks and securities dealers, insurance



             Page 2                    GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




companies are regulated to ensure that the money they collect now will be
available to meet later obligations. To a large extent, it is the delayed
delivery of the contracted product that makes the importance of
addressing Year 2000 issues particularly acute in the financial services
industry in general and in the insurance industry in particular.

The Year 2000 problem exists because the data that computers store and
process often use only the last two digits to designate the year. On January
1, 2000, such systems may mistake data referring to 2000 as meaning 1900,
possibly leading to numerous errors and disruptions in processing.
Financial services institutions are especially dependent upon the accurate
transmission of electronic information; thus, the systems they use must be
readied to correctly process 2000 dates.

To provide a standard gauge for assessing the progress of federal agencies
in becoming prepared for the Year 2000 date change, we issued guidance in
      3
1997. While this Assessment Guide is directed specifically at federal
agencies, the stages of Year 2000 preparation and corresponding
milestones can generally be applied to all institutions, including private
companies. The Assessment Guide discusses issues that are common to
nearly all companies, as well as to the federal agencies, and can be used as
a general measure of whether a company is on track to being prepared for
the Year 2000 date change. Thus, a regulator of financial institutions could
use this, or other similar guidance, as general criteria for assessing the
state of preparedness of its regulated institutions.

The Assessment Guide divides the process by which an institution could
become Year 2000 compliant into five phases—awareness, assessment,
renovation, validation, and implementation. Each of these phases is
described in appendix I. The final deadline for becoming ready for 2000 is
immovable. Furthermore, since the phases of preparation are sequential, it
is important to establish intermediate milestones to help ensure that a
company will be able to complete all Year 2000 preparations in time. A
schedule for measuring progress toward Year 2000 readiness could allow
regulators a degree of comfort concerning the status of their regulated
companies. As shown in table 1, the Assessment Guide provides a schedule
of suggested completion dates for each of the key phases of Year 2000
conversion.




3
    Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14, Sept. 1997).




Page 3                              GAO/GGD-99-87 State Insurance Regulators Face Challenges
                                       B-281368




Table 1: Year 2000 Conversion Phases
and Suggested Completion Dates         Year 2000 conversion phase                                       Suggested completion date
                                       Awareness                                                                   December 1996
                                       Assessment                                                                    August 1997
                                       Renovation                                                                    August 1998
                                       Testing and implementation                                                  December 1999
                                       Source: GAO/AIMD-10.1.14.


                                       Other parties have developed alternative sets of phases and milestones.
                                       Subsequent to the issuance of our Assessment Guide, the Office of
                                       Management and Budget (OMB) provided standards that federal agencies
                                       are expected to follow. OMB’s milestones begin with the assessment
                                       phase, which was to be completed by June 30, 1997, followed by
                                       renovation, validation (internal testing), and implementation. All entities
                                       are to have completed the implementation phase by March 31, 1999. After
                                       that date, entities are to be engaged in testing of business processes and
                                       planning for contingencies. Throughout the remainder of this report,
                                       actions by insurance regulators are compared to the guidance found in our
                                       Assessment Guide.

                                       Year 2000-related system malfunctions in an insurance company can have
                                       serious business interruptions and even solvency implications.
                                       Specifically, Year 2000 problems could result in disruptions to processing
                                       policyholder payments and investments, insurance claims and payments,
                                       annuity payments, and data queries to verify insurance coverage. This
                                       means that some policyholders may be unable to obtain policy service, or
                                       worse, may be unable to collect on their policies at a time of need. It is
                                       also possible that the delivery of health care services could be affected if
                                       health insurers cannot readily process claims information.
                                                                                                    4
                                       Pursuant to the McCarran-Ferguson Act of 1945, states exercise primary
                                       regulatory jurisdiction over the insurance business. Each state has a
                                       department of insurance that, among other things, is responsible for
                                       monitoring insurance companies’ solvency. Solvency, in turn, can be
                                       affected by operational issues, such as the failure to be ready for 2000.

                                       Companies that operate and write insurance policies in multiple states
                                       comprise much of the nation’s insurance industry. Although an insurance
                                       company can conduct business in multiple states, it is incorporated, or
                                       chartered, under the laws of a single state, which is referred to as its state
                                       of domicile. The regulator in an insurer’s state of domicile represents its
                                       primary regulator and is to assume lead responsibility for oversight issues,
                                       4
                                           15 U.S.C. sections 1011-1015.




                                       Page 4                              GAO/GGD-99-87 State Insurance Regulators Face Challenges
                           B-281368




                           such as Year 2000 readiness. States where insurers are licensed to operate
                           (but not chartered) generally rely on the companies’ primary regulator to
                           exercise due diligence in overseeing domiciled companies and to
                           voluntarily share information about them.

Role of the National       NAIC is a voluntary association of the heads of each state insurance
                           department, the District of Columbia, and four U.S. territories. It does not
Association of Insurance   have any regulatory authority over the state insurance departments. NAIC
Commissioners              provides a national forum for resolving major insurance issues and for
                           allowing regulators to develop consistent policy on the regulation of
                           insurance when consistency is deemed appropriate.

                           State insurance commissioners created NAIC, in part, to help address
                           problems that differing state-by-state authorities, laws, and regulations can
                           cause as state insurance regulators oversee insurers that operate in more
                           than one state. Although it has no regulatory function, NAIC is responsible
                           for (1) serving as a clearinghouse for exchanges of information, (2)
                           providing a structure for interstate cooperation in examinations of
                           multistate insurers, (3) distributing model insurance laws and regulations
                           for consideration by state legislatures and insurance departments, and (4)
                           reviewing state insurance departments’ regulatory activities as part of a
                           national accreditation program. Regarding Year 2000 issues, NAIC has
                           assumed a key role as facilitator of states’ efforts to oversee the industry’s
                           readiness. This role includes acting as a coordinator of information
                           pertaining to state oversight efforts, the status of the industry’s readiness,
                           and state regulators’ actions to become internally prepared for 2000.

                           To determine what regulators were doing to oversee the Year 2000
Scope and                  readiness of the insurance industry, we interviewed officials of NAIC and
Methodology                reviewed available information on the organization’s efforts to facilitate
                           states’ Year 2000 activities and summarize information in the area. We also
                           visited 17 state insurance departments whose domiciliary companies
                                                                                                  5
                           collectively accounted for 75 percent of insurance sold nationally. In late
                           January 1999, we surveyed these 17 state regulators to obtain an update on
                           their Year 2000 oversight activities, including their efforts to set priorities
                           for reviewing domiciled insurers. Unless otherwise indicated, observations
                           throughout this report regarding state efforts and activities pertain
                           specifically to the 17 states included in our review. See appendix II for a


                           5
                            Market share information represents a percentage of total net written premium (over $664 billion
                           nationally) for all types of insurance. It represents the percentage of nationwide sales accounted for by
                           all companies domiciled in a state. This information, based on 1997 financial data, was provided by
                           NAIC.




                           Page 5                              GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




list of the states we visited and their respective domiciled insurers’ market
shares.

To compare Year 2000 oversight of the insurance, banking, and securities
industries, we reviewed relevant documentation from their respective
financial regulators, including industry guidance on Year 2000 readiness,
related correspondence directed to financial institutions, audit programs
for conducting Year 2000 examinations, and proposed rules covering Year
2000 issues. We also used information gathered and knowledge developed
by our other teams that had conducted reviews of the Year 2000
preparedness of the banking and securities industries. Finally, we obtained
updates on the status of various Year 2000 oversight activities, including
conducting examinations that focus specifically on Year 2000 issues
(referred to as Year 2000 targeted examinations) and monitoring
companies’ actions to test their systems’ readiness.

To determine the status of the insurance industry’s Year 2000 readiness,
we interviewed regulatory officials who were responsible for Year 2000
oversight in the 17 states and reviewed available documentation on the
readiness of the industry. To obtain additional insights regarding the
readiness of the insurance industry, we interviewed representatives of key
rating companies, including A.M. Best Company, Conning and Company,
Standard and Poor’s, and Weiss Ratings, Inc., and reviewed their pertinent
studies and reports issued in the area. We also spoke with representatives
of and reviewed Year 2000-related documents from a few consulting and
research firms, including the Gartner Group, which is a business and
technology advisory company that conducts research on the global state of
Year 2000 readiness, and Electronic Data Systems (EDS), which is a
professional services firm that, among other things, assists financial
services companies with becoming ready for 2000.

To obtain industry perspectives regarding Year 2000 issues, particularly
those involving potential liability exposures, we spoke with several of the
largest property-casualty insurers and trade associations, including the
Alliance of American Insurers, American Insurance Association, National
Association of Independent Insurers, and National Association of Mutual
Insurance Companies. Among other things, we inquired about these
entities’ efforts to determine the nature and scope of potential liability
exposures related to 2000. Finally, we reviewed available literature on
various aspects of the Year 2000 liability exposure issue, reviewed relevant
federal legislative proposals, and obtained related opinions from officials
of the American Bar Association’s Tort and Insurance Practice Section.




Page 6                    GAO/GGD-99-87 State Insurance Regulators Face Challenges
                             B-281368




                             We did our work in accordance with generally accepted government
                             auditing standards between September 1998 and April 1999. We requested
                             comments on a draft of this report from the President and other officials of
                             NAIC. NAIC’s written comments are included in appendix III and
                             discussed near the end of this letter. We also discussed the contents of a
                             draft of this report with officials from the Office of the Comptroller of the
                             Currency (OCC) and the Securities and Exchange Commission (SEC).
                             They provided technical comments that we have incorporated as
                             appropriate in the report.

                             Regulatory approaches and the level of oversight activity directed to the
Regulatory                   insurance industry’s Year 2000 readiness varied widely in the states we
Approaches Varied            visited. The 17 states also differed in how they assessed and prioritized
Widely by State,             companies for regulatory attention in terms of Year 2000 readiness. Such
                             variations raise a question about the extent to which states can rely on one
Creating Year 2000           another’s judgments regarding the preparedness of nondomiciled
Oversight Challenges         companies doing business in their states. This would be especially
                             problematic when relying on states where the level of Year 2000 oversight
                             activity is relatively limited or the criteria for assessing readiness may be
                             considered too lax. Variations in oversight approaches among state
                             regulators also make it difficult to ascertain the status of the Year 2000
                             readiness of the insurance industry on a national level.

Year 2000 Oversight Varied   State regulatory oversight of the insurance industry’s Year 2000 readiness
                             included several types of activities, such as surveying companies,
Widely by State              reviewing submitted company plans, requiring progress reports, covering
                             Year 2000 readiness during regular financial examinations, and conducting
                             examinations that focused specifically on Year 2000 issues. Which of these
                             activities each state insurance regulator engaged in, and to what extent,
                             varied. The variation ranged from a few states that had actively promoted
                             insurers’ Year 2000 readiness since mid-1997 to a few states that did little
                             in the area until the latter part of 1998 when they conducted their first
                             surveys. A company identified as being behind at this late date could have
                             more difficulty completing all of the necessary phases of its Year 2000
                             preparations in time.

                             Although they did not initiate Year 2000 oversight actions until 1997, after
                             the time frame suggested in the Assessment Guide for conducting
                                                6
                             awareness efforts, 2 of the 17 states we visited were comparatively more
                             active than the other 15 in their efforts to ensure that insurance companies
                             become Year 2000 ready. One state regulator stated that it monitored the
                             6
                                 According to the Assessment Guide, Year 2000 awareness should have been completed during 1996.




                             Page 7                              GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




Year 2000 progress of companies it supervises primarily through quarterly
Year 2000 reports that were required since the beginning of 1998 and
through targeted Year 2000 examinations that have been conducted since
mid-1998. According to state officials, these efforts were conducted by
state examiners who had drawn heavily from the expertise, guidance, and
training of federal banking regulators.

Another state regulator also more actively monitored insurers’ Year 2000
readiness, but used a different approach. In 1997, it hired a contractor to
assist with developing, administering, and analyzing a comprehensive,
technical survey of about 2,000 insurers (both domiciled and
nondomiciled) regarding their Year 2000 preparations. State officials
explained that companies were assigned risk scores that were based on an
analysis of their survey responses along with various financial and
operational factors. This state’s regulatory staff, subsequently
supplemented by an available pool of about 20 consultants, has been
reviewing hundreds of remediation plans for companies identified as
having problems with their Year 2000 efforts, working with these
companies to develop or refine their plans, and conducting Year 2000
targeted examinations. These consultants were also to be used to assist
company management in correcting system problems.

Other state regulators indicated that they focused primarily on occasional
surveys or more limited coverage of Year 2000 plans during regular
financial examinations, which are to be conducted every 3 to 5 years. One
state regulator said it attempted to consistently inquire about Year 2000
issues during informal conferences with company management. Another
state regulator indicated that it was focusing its Year 2000 oversight efforts
almost exclusively on conducting surveys of its regulated companies. At
the time of our review, this state had administered two Year 2000 surveys
that requested companies to generally address a few broad areas, such as
the estimated impact of the potential Year 2000 problem on their
operations, their conversion plans, and their current status of readiness.

After experiencing some difficulty administering a survey in 1997, another
state regulator said it decided, in early 1998, to conduct targeted Year 2000
examinations in lieu of administering additional surveys or covering the
area during regular financial examinations. This state, however, was
unable to start its targeted examinations until September 1998. Five of the
17 states we visited did not attempt to develop baseline information on the
readiness of their insurance companies until the latter part of 1998, when
they conducted their first Year 2000 surveys.




Page 8                    GAO/GGD-99-87 State Insurance Regulators Face Challenges
                            B-281368




                            Because of the fast-approaching Year 2000 deadline and in an attempt to
                            make up for lost time, some state insurance regulators were beginning to
                            intensify their oversight efforts while there was still a possibility of
                            mitigating possible disruptions. In addition to those state regulators that
                            had recently conducted surveys at the time of our review, several state
                            regulators had just contracted or were in the process of contracting for
                            consultant services to assist with Year 2000 targeted examinations.

How States Assessed and     The state insurance regulators we visited attempted to prioritize
                            companies in terms of their Year 2000 readiness and the extent of related
Prioritized Companies for   supervisory attention that they may need. This prioritization was generally
Year 2000 Oversight         done to determine how best to allocate limited resources to the area.
Purposes Varied             Responses to our survey indicated that state regulators varied in how they
                            assessed and prioritized companies for Year 2000 purposes—that is, they
                            used different sources of information, review criteria, and regulatory
                            actions to handle identified high-priority insurers.

                            The information that state insurance regulators obtained from their diverse
                            oversight activities can be characterized by varying degrees of credibility.
                            For example, information obtained from an on-site targeted examination
                            conducted by information specialists would be more credible than
                            information obtained from unverified, self-reported insurer responses to a
                            Year 2000 survey. At the time of our review, the state regulators said they
                            used the following sources of information to prioritize companies in terms
                            of their Year 2000 readiness: survey responses; Year 2000 plans; Year 2000
                            quarterly reports; regular financial examinations with some questions
                            directed to Year 2000 issues; and, in one case, Year 2000 targeted
                            examinations. Eight of the 17 states we visited (representing 24.5 percent
                            of the total market share) indicated that they used survey responses as
                            their primary means for prioritizing companies. Two state regulators said
                            that they had not yet prioritized their companies for Year 2000 oversight
                            purposes when we conducted our survey in late January 1999, but that
                            they were waiting for additional Year 2000 information from their
                            contractors.

                            State regulators also used different criteria to assess and prioritize
                            companies for Year 2000 oversight purposes. The most stringent criteria
                                                                                       7
                            used by the regulators we visited to identify “priority 1” companies
                            included those companies not expected to be compliant by January 1999.
                            The least stringent criteria used to identify priority 1 companies included

                            7
                             The term “priority 1” refers to companies whose Year 2000 efforts were determined by the state
                            regulators to need a high degree of regulatory attention.




                            Page 9                             GAO/GGD-99-87 State Insurance Regulators Face Challenges
                                      B-281368




                                      only those companies that were not expected to be Year 2000 compliant by
                                      December 1999 and that had not developed a contingency plan. Other
                                      criteria were broad and vague, such as criteria that simply described
                                      priority 1 companies as those that did not adequately address or allocate
                                      resources to Year 2000 preparations. Over half of the states surveyed
                                      indicated that priority 1 companies were those that would become
                                      compliant after June 1999 or that were still in remediation (i.e., in the
                                      process of making system changes to become Year 2000 ready) after
                                      December 1998. Some states said they identified as priority 1 companies
                                      insurers that did not respond to Year 2000 surveys or that did not have
                                      formal Year 2000 plans. A few state regulators noted that they also
                                      considered the companies’ market share and overall financial condition
                                      when they prioritized companies for Year 2000 oversight purposes.

                                      As shown in figure 1, 11 percent of the insurance companies domiciled in
                                      the states that we surveyed were identified as priority 1 companies for
                                      Year 2000 oversight purposes. Appendix IV provides a breakdown, by type,
                                      of priority 1 companies relative to total insurance companies. Appendix V
                                      provides a breakdown, by size, of priority 1 companies relative to
                                      industrywide data.

Figure 1: States’ Prioritization of
Companies for Year 2000 Oversight
Purposes




                                      Page 10                  GAO/GGD-99-87 State Insurance Regulators Face Challenges
                             B-281368




                             Note 1: The number of insurance companies represented is 3,565.
                             Note 2: Priority 1 refers to companies whose Year 2000 efforts were determined to need a high
                             degree of regulatory attention; priority 2 refers to companies determined to need a moderate amount
                             of regulatory attention; and priority 3 refers to companies determined to need little or no regulatory
                             attention.
                             Source: Summary of state insurance regulators’ responses to GAO survey.


                             Most of the state regulators indicated that they were in the process of
                             conducting targeted Year 2000 examinations for all insurers identified as
                             priority 1 companies. Others indicated that they would require priority 1
                             companies to submit Year 2000 progress reports, would reassess these
                             companies on the basis of more current information before deciding to
                             conduct any on-site visits, or would confer with company management.

Variations Among States      Variations in the Year 2000 oversight activities of state insurance
                             regulators raise a question about the reliability of regulatory information
Create Year 2000 Oversight   on the Year 2000 readiness of insurers and the validity of related
Challenges                   assessments. For example, information obtained through on-site
                             examinations is generally more reliable than survey information. This
                             question of information reliability can pose a challenge for state regulators
                             that depend on one another for supervisory information on the Year 2000
                             status of their nondomiciled companies. Another related challenge to state
                             regulators involves industry concerns regarding the confidentiality of
                             information on insurers’ Year 2000 readiness. Finally, the regulators, and
                             ultimately the public, lack a comprehensive framework for fully assessing
                             the status of the insurance industry’s Year 2000 readiness due, in part, to
                             different oversight approaches at the state level.

                             Most state regulators we surveyed indicated that they were concerned
                             about the Year 2000 readiness of nondomiciled insurance companies,
                             especially those that do a significant amount of business in their states.
                             The two more active states previously noted said that they were
                             attempting to oversee their nondomiciled insurers in a manner similar to
                             their domiciled insurers. A third state, according to an official, was asking
                             its nondomiciled insurers to confirm whether their projected Year 2000
                             compliance dates were being met. Most of the remaining states we
                             surveyed said they were relying on the oversight and due diligence of the
                             states of domicile to ensure that their regulated insurers would be Year
                             2000 ready. For example, a few state regulators said they sent letters to
                             selected state regulators to inquire about the readiness of specific insurers
                             in which they were interested. Other regulators noted that they would
                             depend on informal contacts with the other states, information sharing
                             through NAIC, or the initiative of the states of domicile to alert them about




                             Page 11                            GAO/GGD-99-87 State Insurance Regulators Face Challenges
                          B-281368




                          any potential Year 2000 problems involving insurers that do business in
                          their states.

                          Industry concerns regarding confidentiality posed a challenge to state
                          regulators that are dependent upon one another for supervisory
                          information on Year 2000 readiness. During the past several months, NAIC,
                          state regulators, and the industry have grappled with how to adequately
                          safeguard potentially proprietary information while facilitating information
                          sharing among regulators, which is critical to overseeing the readiness for
                          the Year 2000 date change within the industry. In February 1999, NAIC
                          finalized a standard form, to be used at the states’ discretion, to facilitate
                          information sharing and protect confidentiality. Although, according to
                          NAIC, 39 states have adopted the agreement to date, it is too soon to tell
                          how widely used and effective this form will be in promoting information
                          sharing among the state regulators.

                          Insurance, banking, and securities are different industries with different
State Insurance           regulatory structures. It may not always be appropriate to make direct
Regulators Started        comparisons between either the industries or their regulation. However,
Their Year 2000           preparing for the Year 2000 date change is a problem that is common to all
                          three industries. Similarly, the solutions to this problem—both from a
Oversight Efforts Later   business and a regulatory perspective—are also common across all three
Than the Banking and      industries.
Securities Regulators
                          Banking, securities, and insurance regulators have all taken steps to
                          oversee the Year 2000 preparedness of their respective regulated entities.
                          However, state insurance regulators were less active than the other
                          financial regulators in promoting readiness and validating information on
                          companies’ status of compliance and adequacy of efforts to achieve Year
                          2000 readiness. In general, insurance regulators also were less active in
                          planning for and pursuing formal enforcement actions against companies
                          identified as remiss in their Year 2000 efforts or in danger of not being
                          ready for the date change.




                          Page 12                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
                             B-281368




Regulatory Approaches to     For the institutions that they regulate, banking and securities regulators
                             have provided guidance and direction regarding Year 2000 problems, while
Facilitate Financial         state insurance regulators we contacted indicated they have provided little
Institutions’ Efforts to     guidance. Within the banking industry, the Federal Financial Institutions
Become Year 2000 Ready                                        8
                             Examination Council (FFIEC), through its member agencies, has taken
                             actions to raise the banking industry’s awareness of the Year 2000 problem
                             and provide depository institutions with Year 2000 guidance, including
                             expectations regarding when certain phases of their conversion should be
                             completed. Within the securities industry, SEC regulates broker-dealers,
                             investment advisors, investment companies, transfer agents, and other
                             securities firms. SEC has engaged in similar efforts to promote Year 2000
                             readiness, both through its own efforts and through the securities
                                                                       9
                             industry’s self-regulatory organizations. But, for the most part, state
                             insurance regulators we contacted and NAIC were not as active in this
                             area.
                                                                10
Raising Industry Awareness   In our Assessment Guide, we stated that Year 2000 awareness efforts
                             should have been completed during 1996. In June 1996, FFIEC began to
                             raise industry awareness by disseminating letters to all federally
                             supervised banking institutions on topics associated with Year 2000
                             readiness. Also starting in June 1996, SEC sent letters to industry trade
                             associations, and subsequently to firms, informing them of the threat
                             posed by Year 2000 problems and urging them to address these problems.

                             In contrast, individual state regulatory efforts to raise insurers’ Year 2000
                             awareness generally did not begin in the states we visited until 1997 or, for
                             some of the states, until late 1998. These efforts typically took the form of
                             questionnaires to insurers inquiring about their state of preparedness.
                             NAIC began discussing Year 2000 issues in its quarterly national meetings
                             in early 1997. Since that time NAIC indicated that it has used its quarterly
                             meetings as a forum for raising regulator and industry awareness and for

                             8
                              FFIEC was established in 1979 as a formal interagency body empowered to prescribe uniform
                             principles, standards, and report forms for the federal examination of financial institutions, and to
                             make recommendations to promote uniformity in the supervision of these institutions. The council’s
                             membership is made up of the federal bank regulators—the Federal Deposit Insurance Corporation,
                             the Federal Reserve System, and the Comptroller of the Currency—and the regulators for credit unions
                             and thrift institutions—the National Credit Union Administration and the Office of Thrift Supervision,
                             respectively.
                             9
                              In addition to SEC oversight, broker-dealers in the United States are subject to regulation by the
                             various exchanges and the National Association of Securities Dealers, which act as self-regulatory
                             organizations over their securities firm members. These organizations adopt rules and conduct
                             examinations to ensure that these rules, as well as those of SEC and the securities laws in general, are
                             complied with by their members.
                             10
                                  GAO/AIMD-10.1.14.




                             Page 13                             GAO/GGD-99-87 State Insurance Regulators Face Challenges
                         B-281368




                         sharing information on Year 2000 efforts. In August 1997, NAIC
                         coordinated a national survey of insurers to prompt them, among other
                         things, to take appropriate action to prepare for 2000. NAIC summarized
                                                                        11
                         the survey results in a December 1997 report.

                         For some of the state regulators we visited, the NAIC survey was their first
                         regulatory communication with companies about Year 2000 issues. For
                         unspecified reasons, 11 of the 50 states requested that NAIC not send a
                         survey to their domestic insurers. NAIC’s summary report speculated that
                         these states might have been conducting their own survey. Because of
                         state insurance regulators’ late start, less time was available to assess fully
                         insurers’ Year 2000 preparedness and to ensure the public that insurers
                         will continue to operate with minimal disruption into the new millenium.

Providing Guidance and   Since 1996, FFIEC has issued interagency guidance to federally regulated
Milestones               depository institutions on Year 2000 topics, such as testing, contingency
                         planning, and business risk. It has also set milestones and formally notified
                         the banking industry of dates when companies were expected to have
                         completed critical phases of Year 2000 conversion (e.g., renovation and
                         validation). Both guidance and milestones were provided to banking
                         institutions as the criteria that would subsequently be used by examiners
                         looking at year 2000 compliance.

                         SEC told us that it has provided some general guidance on Year 2000
                         problems, and that it has worked with the Securities Industry Association
                         and some of the self-regulatory organizations to develop and issue explicit
                         guidance to their members. In particular, the National Association of
                         Securities Dealers issued guidance on topics such as investor concerns
                         and testing requirements, and the association conducted workshops
                         around the country to raise awareness and provide assistance regarding
                         the Year 2000 problem. Moreover, similar to the banking regulators, the
                         self-regulatory organizations established milestone dates for their
                         respective member organizations.

                         In contrast, state insurance regulators we contacted, with a few
                         exceptions, said that they had not provided insurance companies with
                         formal guidance or regulatory expectations regarding Year 2000 readiness.
                         Some state officials believed that their regulatory role precluded more
                         active efforts in establishing what companies should do to prepare for Year
                         2000. These officials said that their role was to monitor Year 2000 progress,
                         rather than to be directive with companies regarding Year 2000 solutions.
                         11
                              Year 2000 Insurance Industry Awareness, NAIC, December 8, 1997.




                         Page 14                              GAO/GGD-99-87 State Insurance Regulators Face Challenges
                             B-281368




                             A few other officials noted that they lacked the expertise or resources to
                             provide specific guidance on preparing for 2000.

                             In September 1998, NAIC issued guidance on insurance regulatory
                                                                                           12
                             expectations, regarding due diligence in preparing for 2000, for use by the
                             industry as well as by state insurance regulators. Dissemination of this
                             information to insurance companies was left to the discretion of individual
                             states. Regulators in a few states we visited in late 1998 were still unaware
                             that NAIC had issued the regulatory guidance.

Regulatory Verification of   Financial regulators have generally focused their verification efforts on the
                             Year 2000 readiness of their regulated institutions by (1) conducting on-
Institutions’ Year 2000      site examinations and (2) requiring broadscale testing. Special on-site
Readiness                    (targeted) examinations are to focus primarily on the actions that
                             institutions are taking to prepare for 2000, in other words, on the process
                             up to and including a review of test results and contingency planning.
                             Broadscale tests are to demonstrate whether, after all of the preparations,
                             an entire integrated segment of a financial sector could continue to
                             operate and interact together. Broadscale testing, however, does not cover
                             the potential impact of third-party systems (e.g., those of vendors or
                             infrastructure industries, such as power and communications) that are in
                             some way linked to the institutions nor does it provide information about
                             contingency planning.

                             The structure of the securities industry and, to a lesser extent, of the
                             banking industry lends itself to broadscale testing because there is a
                             significant amount of interconnectedness among industry participants (i.e.,
                             industry interdependence that is based on extensive transactions and
                             system links between and among companies in a particular industry). This
                             interconnectedness is limited in the insurance industry. As a result,
                             examinations represent the primary means for insurance regulators to
                             verify the Year 2000 readiness of their companies.

                             To validate the progress and status of their regulated institutions, banking
                             regulators rely primarily on examinations targeted directly at issues
                             related to Year 2000 problems. The first round of such examinations began
                             in May 1997. As of April 1999, regulators had completed their second round
                             of targeted examinations. Bank regulators told us that every institution has
                             now been examined twice for Year 2000 progress. This effort has provided
                             regulators with not only snapshots of the current status of institutions but

                             12
                              Insurance Regulatory Statement Regarding Industry Year 2000 Compliance and Remediation,
                             approved by NAIC’s Year 2000 Working Group on September 8, 1998.




                             Page 15                          GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




also with an indication of their progress over time. Furthermore,
regulators plan to return to or contact institutions where questions on the
adequacy of their progress remain. Indeed, OCC plans to complete, by July
1999, a third round of on-site examinations of all institutions for which it
has supervisory responsibility.

The federal banking regulators have also encouraged depository
institutions to participate in broadscale testing efforts. The Federal
Reserve, for example, has encouraged banks to participate in tests
demonstrating their ability to successfully interface with Federal Reserve
supplied services (e.g., check clearing). Also, according to an agency
official, OCC has worked closely with two bank trade associations in their
efforts to coordinate Year 2000 testing among participating banks. Such
tests are intended to provide further assurances of the banking industry’s
readiness to meet Year 2000 challenges.

The interconnectedness of the securities industry lends itself to broadscale
testing. With SEC’s support, over 400 institutions were participating in
“streetwide” testing at the time of our review. A preliminary test was
conducted in July 1998, and a second round of tests began in March 1999
and was scheduled to continue through April 1999.

According to an agency official, SEC has an active examination program.
For example, during 1998, SEC conducted more than 4,400 on-site reviews
of fund and investment advisers, approximately 60 percent of the
registered adviser community. The reviews focused on the firms’
timetables for completing and testing their Year 2000 corrections. Similar
reviews were conducted for selected transfer agents and broker-dealers.
Firms whose timetable lagged significantly behind SEC’s guidance (e.g.,
that all corrections be completed by December 31, 1998, reserving 1999 for
testing) were given a deficiency letter regarding their delay.

In addition to SEC examinations, the self-regulatory organizations have
conducted ongoing monitoring of their members through telephone
contacts. However, unlike banking regulators who said they had
conducted examinations of every institution, SEC and the self-regulatory
organizations have not examined and do not plan to examine every
regulated entity. They are relying on the disclosures mandated by SEC and
broadscale tests, as well as targeted examinations, to provide assurances
of the readiness of other institutions.

State regulators’ efforts to validate the Year 2000 readiness of insurance
companies began later than those of the banking and securities regulators.



Page 16                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
                            B-281368




                            In most states, such efforts have also lacked the vigor demonstrated by
                            banking and securities regulators. In December 1997, NAIC approved the
                            addition of nine questions on Year 2000 preparations to the Financial
                            Examiners Handbook, which is the required audit guide used by insurance
                            examiners in all states. Most states we contacted said they began coverage
                            of their regulated insurance companies during regularly scheduled
                            financial examinations starting in early 1998. However, state insurance
                            regulators require routine financial examinations once every 3 to 5 years.
                            By the beginning of 2000, many companies’ last regular examination would
                            not have included questions on Year 2000 preparedness. Recognizing this
                            Year 2000 oversight limitation, some state regulators said they have begun
                            or are considering incorporating targeted Year 2000 examinations into
                            their validation programs. One state said it began conducting such
                            examinations in mid-1998. Several more state regulators said they began
                            targeted examinations late in 1998, and others indicated they had either
                            just begun or plan to begin targeted examinations during 1999. Three other
                            states we visited were uncertain as to whether targeted examinations were
                            needed. Representatives of 4 of the 17 state insurance departments we
                            visited told us that they did not plan to conduct targeted examinations.
                            Eight states that were conducting or planning to conduct targeted
                            examinations had no plans to examine all domiciled institutions. Instead,
                            they said their goal was to examine only companies believed to pose the
                            greatest risk. In general, limiting on-site regulatory examination efforts
                            pertaining to Year 2000 readiness would provide correspondingly limited
                            assurances that survey information self-reported by insurers was reliable,
                            especially when these efforts were not supplemented by any other type of
                            validation.

Regulatory Enforcement of   State insurance regulators have generally been less active than the other
                            financial regulators in planning for (e.g., establishing clear expectations
Year 2000 Readiness         that insurers can be held accountable for meeting) and pursuing formal
                            enforcement actions against companies that are not responsive to
                            regulatory requirements regarding the Year 2000 date change. Two
                            circumstances, in particular, that may warrant enforcement attention
                            involve insurers’ (1) lack of responsiveness to requests for Year 2000-
                            related information and (2) insufficient actions to prepare for 2000. Most
                            of the state regulators we visited had addressed identified problems
                            related to obtaining Year 2000 information from insurers. However,
                            without having established clear regulatory expectations for their
                            companies, insurance regulators were less prepared than the banking and
                            securities regulators to deal with potential readiness issues.




                            Page 17                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




While the banking regulators used on-site examinations as a primary
means of obtaining and reviewing Year 2000-related information, most of
the insurance regulators we visited used surveys, which were usually
administered under their examination or regulatory access authority, as a
                                   13
key source of insurer information. State officials explained that
administering surveys under their examination authority provided them
with a greater assurance that they would receive high response rates and
with additional leverage to take action if an insurer did not provide
requested Year 2000 information.

In addition to conducting examinations, SEC required the entities it
oversees to provide reports on their Year 2000 efforts and progress.
Because SEC issued specific reporting requirements and related guidance,
it has been able to take action against companies that failed to comply. For
example, at the time of our review SEC had undertaken formal
proceedings, involving fines of up to $25,000, against 46 companies for
failure to file these required Year 2000 reports in a timely manner.

Regarding Year 2000 readiness issues, the banking regulators have taken
measures to ensure that they are prepared to pursue enforcement actions
against companies identified as not adequately preparing to become Year
2000 compliant. As previously mentioned, banking regulators have set
milestones and formally notified banking institutions about when they
were expected to have completed certain phases of Year 2000 conversion.
Banking regulators have also developed a uniform examination rating
system for Year 2000 readiness that they used to help identify when
regulatory intervention was warranted. In addition, the banking regulators
have included enforcement actions in their Year 2000 supervision program
to prompt remedial action by financial institutions that are not making
adequate progress. Using these mechanisms, the banking regulators were
able to initiate formal actions against some institutions, as early as
November 1997, for failing to make adequate progress toward becoming
Year 2000 ready.

SEC recently proposed actions that may be taken if securities market
participants are not deemed to be ready for 2000. In March 1999, SEC
released for comment a proposed rule that would require broker-dealers
and transfer agents to complete certain actions (e.g., verify remediation
efforts through internal testing) to become Year 2000 ready by no later

13
   According to state officials, a regulatory survey administered under examination authority places the
surveyed companies under the same legal obligation to provide true and complete information as they
would be under if examiners were physically present in the company.




Page 18                             GAO/GGD-99-87 State Insurance Regulators Face Challenges
                         B-281368




                         than August 1999. According to the proposal, if a broker-dealer cannot
                         ready its systems by October 15, 1999, it would be required to cease
                         conducting securities activities with customers and to transfer its existing
                         customer accounts to another firm.

                         The state insurance regulators tended to be less prepared than the other
                         regulators to institute enforcement actions against companies that were
                         identified to be at a high risk of not being Year 2000 ready. With a few
                         exceptions, the states we visited had not provided insurance companies
                         with specific regulatory expectations (e.g., deadlines for selected phases of
                         Year 2000 readiness) that could be used as a basis for determining when
                         regulatory actions should be taken. According to an NAIC survey of all
                                14
                         states, two states had a formal plan that included specific triggers for
                         determining when a regulatory action should be taken against a company,
                         and a few additional states were in the process of developing such a
                         mechanism.

                         The majority of state regulators indicated that some form of intervention
                         could occur if a company’s activities posed a threat to its continued
                         operations or financial solvency. However, some state regulators held
                         divergent views on the fundamental question of whether they had the
                         statutory authority to take action against a company, prior to 2000, for not
                         being prepared for the date change. At the time of our review, 1 of 17 state
                         insurance regulators informed us about a Year 2000-related regulatory
                         intervention involving a company that did not have a remediation plan.

                         Regulatory information on the Year 2000 readiness of the nation’s
Information on the       insurance industry does not provide the necessary information to judge
Year 2000 Readiness of   whether the industry will be ready for 2000. Although the state insurance
the Insurance Industry   regulators we visited have relied primarily on unverified company
                         responses to Year 2000 surveys, the regulators are generally confident
Has Limitations, but     about the ability of the industry to become Year 2000 ready. They said that
the Industry Is Viewed   most insurers, particularly the larger ones that are strongly influenced by
as Generally on Track    competitive market forces, are well under way in their efforts to become
                         Year 2000 ready. Other nonregulatory sources are similarly optimistic
                         about the insurance industry’s Year 2000 readiness relative to the
                         readiness of other U.S. industries. These other sources include rating
                         companies that have reported that the insurance industry appears to be
                         generally on track to Year 2000 readiness. These views should be viewed
                         with some caution, however, because many of these observations are

                         14
                          Survey results are summarized in Year 2000 Industry Compliance Status; NAIC; Year 2000 Working
                         Group; Report to Commissioners; December 6, 1998.




                         Page 19                          GAO/GGD-99-87 State Insurance Regulators Face Challenges
                             B-281368




                             based primarily on information that has been self-reported by the
                             insurance companies and that, for the most part, has not been validated.

Regulatory Information on    Quarterly Year 2000 industry compliance status reports, which NAIC
                             prepares for the state insurance commissioners, represent the only
Industrywide Year 2000       industrywide regulatory information in the area. To date, NAIC has issued
Readiness Is Limited         two such reports. These reports, intended to convey information on
                             insurance company readiness as reported by the state regulators, provide
                             insights on regulatory efforts and industry readiness at the state level.
                             They do not, however, provide an effective gauge for the status of the
                             industry as a whole. Information in these reports comes from different
                             sources and represents different points of time, making it
                             methodologically inappropriate to link the information together as a basis
                             for determining the overall industry’s Year 2000 readiness.

                             The latest industry status report, for example, attempts to provide Year
                             2000 readiness information for insurance companies in each state. The
                             report presents information from 30 states on the basis of surveys
                             conducted at various periods between July 1997 and December 1998.
                             Compliance information for the remaining 20 states was taken from an
                             outdated industrywide survey that NAIC conducted between August and
                             October, 1997. In both cases, information on Year 2000 compliance
                             represented company responses to surveys that, with a few exceptions,
                             had not been verified.

State Regulatory Officials   State regulatory officials we interviewed did not identify any major
                             concerns related to the Year 2000 readiness of the insurance industry in
Are Generally Confident in   their respective states. In general, they were confident that the industry
the Insurance Industry’s     has been actively preparing for 2000 and would, for the most part, be ready
Ability to Be Year 2000      for the date change. Officials explained that the insurance industry is a
Ready                        transaction-driven business that is highly dependent on date-sensitive
                             information and processing. Thus, the Year 2000 issue is not a new one for
                             insurers, especially for the larger, more sophisticated companies that
                             recognize the potential impact it may have on their business continuity and
                             financial stability. Officials believed that, assuming they have obtained the
                             requisite commitment from senior management, most large insurers have
                             allocated sizable resources to and are well under way in their conversion
                             efforts.

                             State officials stated that, in general, the small and medium-sized insurers
                             do not have the same level of appreciation or understanding of the Year
                             2000 problem as the larger companies. They indicated, however, that they
                             were not significantly concerned. NAIC’s December 1997 report suggests



                             Page 20                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




this “lesser understanding” of the issue could stem from the fact that many
of the smaller insurers do not have complicated, internally developed
computer systems. To the extent that smaller insurers use vendor
software, and to the extent that software is compliant, these insurers will
generally have an easier time with their conversion efforts. Some state
officials also added that, for smaller insurers, a reasonable and relatively
easy way to implement a contingency plan would be to revert to a manual
system on a temporary basis.

State officials noted that they were generally unconcerned that Year 2000-
related problems involving individual insurers would result in systemic
disruptions to the industry as a whole. A few officials explained that
unaffiliated insurance companies generally maintained stand-alone
systems, and that the failure of an individual insurer would have limited
effects on other insurers outside of those with which it may be jointly
owned. Some officials expressed greater concerns regarding, for example,
specific segments of the health insurance industry that may be linked to
systems associated with government programs, such as Medicare.

Regulatory responses to our inquiry regarding the number of individual
insurers that may not be Year 2000 ready were generally consistent with
states’ expressed optimism regarding the industry. In our January survey
of 17 state regulators, we asked the following question: “Based on your
knowledge to date, how many domiciled insurance companies does your
state consider to be at a high risk of not being Year 2000 ready?” Five
states were confident that none of their domiciled insurers were at a high
risk of not being Year 2000 ready. These five states, however, used the less
stringent criteria for assessing readiness (e.g., companies not expected to
be compliant by December 1999 and without a contingency plan) or relied
almost exclusively on survey information as the basis of their assessments.
Seven states attempted to estimate the number of insurers thought to be at
a high risk of not being ready. The proportion of high-risk companies to
the overall number of companies ranged from 4 to 25 percent, with the
average being 10 percent. Over 80 percent of these companies perceived to
be high risk were categorized as small companies that write policies
representing less than $100 million in net premiums. The remaining five
states did not respond to the question; a few states noted that additional
information was needed.




Page 21                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
                              B-281368




Other Sources Are Similarly   Independent sources, such as consulting firms and rating companies, have
                              not identified any major or systemic problems relative to the Year 2000
Confident and Have Not        readiness of the insurance industry. Although their observations are based
Identified Any Major or       almost exclusively on information self-reported by insurers, these sources,
Systemic Problems Related     like the state regulators, are generally confident in the ability of the
to the Insurance Industry’s   insurance industry to be Year 2000 ready.
Year 2000 Readiness           The Gartner Group, for example, has stated that the financial services
                              industries, including the insurance industry, lead all other industries in
                                                                 15
                              efforts to become Year 2000 ready. It explained that the insurance
                              industry began having data failures over 10 years ago when, for example, it
                              was required to calculate future payments on 10- or 15-year annuities.
                              Because of such time-driven products and because of the critical impact
                              that information technology systems have on insurers’ business
                              operations, a Gartner Group official indicated that insurers began their
                              compliance efforts early and have since been able to make great strides in
                              the area. The Gartner Group’s research regarding Year 2000 information
                              was largely gathered from interviews and client inquiry meetings covering
                              27 industries and an estimated 15,000 companies in 87 countries.

                              Key rating companies have not identified any major or systemic problems
                              pertaining to the Year 2000 readiness efforts of the insurance industry, and
                              these companies have, in fact, provided positive critiques of industry
                              efforts in the area. A.M. Best Company, in a February 1999 report,
                              concluded that although most insurers were still in the remediation and
                              testing phases of addressing their Year 2000 readiness efforts, all but a few
                                                                                 16
                              insurers will be fully operational in January 2000. The company based this
                              conclusion on a Year 2000 survey of 1,709 insurance entities that was
                              conducted in November 1998. According to the report, although only 45
                              percent of the companies responded to the survey, these companies
                              represented nearly three-quarters of the industry volume.

                              Weiss Ratings, Inc., also addressed the insurance industry’s preparedness
                                                          17
                              in a September 1998 report. On the basis of a survey of 5,096 insurers that
                              resulted in a 22-percent response rate, Weiss Ratings, Inc., reported that 93
                              percent of the survey respondents indicated they have progressed

                              15
                               Year 2000 Global State of Readiness and Risks to the General Business Community and Year 2000
                              International State of Readiness, Gartner Group testimony before the U.S. Senate Special Committee
                              on the Year 2000 Technology Problem, October 7, 1998, and March 5, 1999, respectively.
                              16
                               Seeking Y2K Compliance: A.M. Best’s Insurer Readiness Report, A.M. Best Company, Inc., February
                              1999.
                              17
                                   The Weiss Y2K Ratings of Insurance Companies, Weiss Ratings, Inc., Fall 1998.




                              Page 22                               GAO/GGD-99-87 State Insurance Regulators Face Challenges
                              B-281368




                              adequately in their efforts to become Year 2000 ready. Conning and
                              Company also observed that the insurance industry is making good
                              progress in its internal systems efforts for Year 2000 compliance. Standard
                              and Poor’s noted that Year 2000 system issues for most insurers are
                              approaching a resolution and that, as of March 1999, no insurance
                              company rating was downgraded because of Year 2000 problems.

                              Although independent sources have reported that insurers were generally
                              doing well with their internal efforts to become Year 2000 ready, some
                              have also suggested that insurers may face substantial threats from other
                              related sources. Such sources include the Year 2000 compliance problems
                              of external parties with which they do business (e.g., suppliers and
                              government entities) or potential liability exposures arising from Year 2000
                              problems.

                              Within the insurance industry, major concerns and preparations related to
Some Insurers Face            the Year 2000 date change are not limited to readiness issues, but also
Potentially Large Year        include liability exposure issues. Currently, the magnitude of insurers’
2000 Liability Costs;         liability exposures cannot be estimated primarily because a claims history
                              for the event does not exist and answers to key legal issues related to 2000
Effects of Related            are unresolved. While not estimable, Year 2000-related liability exposures
Mitigation Efforts Are        could be significant for some insurers, particularly those insurers
Uncertain                     concentrated in commercial property-casualty market sectors. Insurers’
                              efforts to reduce these potential exposures include writing exclusionary
                              clauses in insurance policies, performing more stringent underwriting, and
                              educating policyholders to properly prepare their systems and operations
                              for 2000. The effectiveness of these efforts, however, remains uncertain
                              because insurers face various potential marketplace and legal challenges.
                              Uncertainties also remain over the outcomes of several state and federal
                              legislative initiatives that were recently undertaken to address Year 2000
                              liability exposure issues.

Year 2000-Related Liability   Industry professionals and observers acknowledge that the magnitude of
                              Year 2000-related exposures cannot be estimated at this time. They also
Exposures and Legal Costs     indicated that property-casualty insurers, particularly those that write a
Are Not Yet Estimable but     significant amount of commercial insurance (e.g., policies for directors
May Be Significant for Some   and officers, errors and omissions, commercial general liability, and
Insurers                      business interruptions), are more vulnerable to Year 2000-related liability
                              exposures than are other types of insurers. Moreover, lawyers and industry
                              professionals have said that insurers may face significant legal costs to
                              resolve Year 2000-related claims and lawsuits.




                              Page 23                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




Because of the uniqueness of the Year 2000 event, the potential magnitude
and scope of impacts caused by related computer malfunctions are largely
unknown. Insurers have little to rely upon in estimating their potential
exposures since there is no claims history for such an event and many key
legal issues related to coverage and the interpretation of various types of
insurance policies are unresolved. Among the many coverage-related
issues that may be raised by insurers to limit coverage are those involving
“fortuity” and “triggers.”

Insurance coverage generally applies to losses caused by “fortuitous
events,” that is, events that are unexpected, unusual, and unforeseen.
Insurers have generally asserted that because the Year 2000 problem is
widely known and timely remedial measures in many cases have been
available, Year 2000-related losses sustained by computer users are not
fortuitous and therefore would not be covered by some types of policies
(e.g., business interruption insurance). Conversely, those seeking coverage
for losses are expected to argue that specific Year 2000-related mishaps
and their associated losses were unforeseen despite reasonable efforts to
prepare for the event, or their losses were so unusual that they were not to
be expected.

Insurance coverage also depends on what event “triggers” coverage. Under
some types of policies, coverage would depend on the point in time that
the covered event occurred. For instance, in disputes concerning computer
users, sellers, servicers, and manufacturers, there may be questions as to
whether the event causing Year 2000-related damages occurred when a
system was manufactured or distributed, a system was installed, a Year
2000-related problem was noticed, or damages were incurred. If disputes
over insurance coverage are based on trigger issues, the courts may have
to decide when coverage was activated for a particular policy. Until these
and other questions are addressed in the context of the Year 2000 event,
insurers will continue to have difficulties estimating related liabilities.

Estimating the magnitude of insurers’ exposures due to the Year 2000
event is also difficult because of the variety of issues and litigants that
could be involved in potential lawsuits. As Year 2000 disputes emerge,
insurance coverage issues will surface as plantiffs and defendants alike try
to recoup alleged losses from insurers. Insurance industry observers
frequently categorize anticipated Year 2000-related lawsuits into three
“waves” of litigation over: (1) costs to become Year 2000 compliant, (2)
losses resulting from Year 2000 problems, and (3) coverage for Year 2000-
related losses. Many lawsuits involving disputes over the responsibility for
costs to upgrade systems for 2000 have already been filed (e.g., disputes



Page 24                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
                                B-281368




                                between vendors and users to remediate software in noncompliant
                                systems).

                                Several legal experts predict another wave of lawsuits associated with
                                actual losses caused by Year 2000 mishaps, such as those seeking
                                compensation for losses arising from the alleged failure of a firm and/or its
                                officers to adequately prepare for and disclose Year 2000 problems.
                                Insurers may be responsible for paying claims on damages incurred by
                                policyholders if coverage is established. In addition, industry
                                representatives and legal experts agree that lawsuits between insurers and
                                policyholders could result from insurers denying coverage.

                                Further complicating the ability of insurers to estimate their exposures for
                                the Year 2000 event are the potential legal costs, including those arising in
                                connection with insurers’ general duty to defend policyholders against
                                liability suits. Insurers expect to incur significant legal costs to defend
                                their general liability policyholders against third-party lawsuits, even when
                                coverage may be questionable. Many industry representatives and
                                observers have indicated that legal costs could exceed claims costs
                                associated with Year 2000 problems.

                                Since insurers are unable to estimate their potential Year 2000-related
                                liabilities, they are also unable to reflect appropriately all of their potential
                                liabilities by modifying their reserve posture. Generally speaking, reserves
                                cannot be reasonably established until the liabilities are both probable and
                                reasonably estimable. Year 2000-related liabilities continue to be
                                inestimable in the insurance industry.

Insurer Efforts to Mitigate     In light of the uncertain but potentially significant Year 2000-related
                                liability exposures, many insurers have taken steps to limit or reduce their
Potential Year 2000 Liability   exposures. These measures include the insertion of exclusions into certain
Exposures Face Challenges       types of policies, more stringent underwriting practices, and educational
                                programs to encourage policyholders to properly prepare themselves for
                                2000. The effectiveness of insurers’ efforts to mitigate their exposures
                                remains unclear as some mitigation measures face legal and marketplace
                                challenges.

                                Many insurers, particularly those writing commercial general liability
                                policies, are attempting to limit their exposures by incorporating
                                exclusions into their policies. The state insurance regulators have
                                generally approved of some form of Year 2000-related exclusions
                                developed by the Insurance Services Office for commercial lines of




                                Page 25                    GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




               18
insurance. However, although exclusions are intended to limit coverage
for Year 2000-related mishaps, uncertainties remain as to the effectiveness
of such practices.

According to legal experts, the courts may be asked to decide whether
Year 2000 coverage exclusions are legitimate. Some experts have
expressed uncertainty over whether courts will uphold the Year 2000
exclusions due to public policy concerns. Moreover, where such
exclusions are upheld, specific coverage questions could remain as courts
typically interpret exclusions narrowly. Some insurance and legal
professionals also have said that the use of an exclusion could be viewed
as evidence that a standard policy without the exclusion was intended to
cover losses from a Year 2000 failure. To avoid this risk, some insurers
have opted not to use exclusions, emphasizing that their policies have
never covered direct Year 2000 losses. Nevertheless, insurance
professionals explained that standard policies may cover losses arising in
connection with a Year 2000-related mishap that causes an insured event
resulting in a loss, such as a fire or an auto accident, irrespective of
whether the incident was caused by a Year 2000 glitch. For instance, a
standard automobile policy may not cover expenses to fix a car that failed
because of a Year 2000 problem, but the policy could cover damages for an
accident caused by a Year 2000-related vehicle malfunction.

Some insurers are also attempting to mitigate their liability exposures
through more stringent underwriting practices and educational programs
that encourage policyholders to prepare their operations and contingency
plans for the Year 2000 event. Assessing their policyholders’ Year 2000
preparation efforts, writing policies that reflect each policyholder’s Year
2000-related risks, and sending policyholders guidance materials to
emphasize the importance of Year 2000 preparation efforts are other
techniques used by some insurers to mitigate their potential liabilities.
Such loss control efforts are aimed at reducing the insurers’ potential
exposures due to Year 2000-related coverage claims and lawsuits.

The extent to which mitigation measures can be effectively employed also
depends on the competitive marketplace and the individual business
relationship insurers have with their policyholders. Industry professionals

18
   The Insurance Services Office is an organization that assists property-casualty insurers by collecting
and generating data on the loss experience of the industry as a whole. This organization also prepares
generalized policy forms to be used by insurers at their discretion. For example, one Year 2000
exclusion form developed for liability policies excludes liability damages associated with computer
system-related failures “due to the inability to correctly recognize, process, distinguish, interpret, or
accept the year 2000 and beyond.”




Page 26                             GAO/GGD-99-87 State Insurance Regulators Face Challenges
                            B-281368




                            and observers indicated that some policies covering Year 2000-related
                            damages may still be available and acknowledged that the use of
                            exclusions was not always practical in the marketplace. For instance, one
                            commercial property-casualty insurer indicated the company had lost
                            accounts to another insurer that was willing to offer insurance without a
                            Year 2000 exclusion.

Effects of Regulatory and   We observed in the states we visited that state regulatory efforts to help
                            companies address and mitigate their potential liability exposures have
Legislative Efforts Are     generally focused on the consideration and approval of exclusionary forms
Uncertain                   that some companies want to place on their policies. These states have
                            generally approved the standard exclusionary endorsements proposed by
                            the Insurance Services Office, or similarly worded forms, that identify
                            coverage exclusions for Year 2000-related losses. A spokesperson for the
                            Insurance Services Office indicated that all of the states had approved of
                            certain exclusions for commercial lines of insurance. Beyond these
                            exclusionary approvals, we found that the regulatory efforts of the states
                            we visited to address companies’ potential liability exposure problems
                            have generally been limited. Some state regulators included questions
                            related to Year 2000 liability exposures in the surveys that they sent
                            companies to help raise awareness about the issue. Most of the regulators
                            we visited did not indicate any specific efforts to identify potential liability
                            exposure issues among their regulated companies.

                            Other uncertainties remain over how several state and federal legislative
                            initiatives will affect insurers’ potential Year 2000-related liability
                            exposures. Legislative actions to address the resolution of Year 2000-
                            related disputes, thus far, have consisted primarily of sovereign immunity
                            laws passed by several states to protect themselves from Year 2000-related
                            lawsuits. Many other state and federal legislative initiatives are currently
                            being considered, some of which propose alternative dispute resolution
                            methods to help resolve disputes involving Year 2000-related mishaps. A
                            number of pending legislative initiatives also seek to limit Year 2000-
                            related liabilities in a variety of ways. Among other things, proposed
                            measures include special rules for liability standards and class action
                            lawsuits, liability caps, prohibitions on punitive damage awards, and
                            waiting periods to give potential defendants an opportunity to remedy
                            noncompliant systems before lawsuits can be filed. Uncertainties continue
                            as numerous legislative initiatives addressing resolution methods and
                            damage awards for Year 2000-related disputes are still being debated.




                            Page 27                    GAO/GGD-99-87 State Insurance Regulators Face Challenges
              B-281368




              Generally, state insurance regulators’ responses to the Year 2000 challenge
Conclusions   started late and, with a few exceptions, were limited in scope. Also, the
              level of regulatory activity to promote and assess insurance companies’
              Year 2000 readiness and to validate self-reported information on readiness
              varied widely by state. As a result, it is sometimes difficult, both for other
              regulators and for the public, to know how much confidence they can have
              that specific insurers or the overall insurance industry will be able to
              continue operations with minimal disruptions into the new millenium.

              Generally, insurance regulators have not been as active in encouraging,
              validating, and enforcing Year 2000 preparation efforts as the banking and
              securities regulators. NAIC, which assumed the role of facilitator of state
              regulators’ Year 2000 oversight efforts, has also been late in many of its
              actions. Among those actions were NAIC’s August 1997 survey, which was
              its first attempt to formally notify insurance companies about the Year
              2000 problem and to encourage state regulators to take action. Similar
              actions were taken by banking and securities regulators beginning in 1996.
              Furthermore, NAIC did not incorporate Year 2000 questions into the
              Financial Examiners Handbook until prior to examinations done in 1998,
              despite a normal examination cycle in the states of 3 to 5 years for
              insurance companies. NAIC also did not issue Year 2000 guidance,
              including recommended regulatory and industry expectations, until
              September 1998. At that time, the guidance was disseminated to the state
              regulators but not necessarily to all insurance companies. Finally, state
              insurance regulators were generally less prepared than the other financial
              regulators to pursue formal enforcement actions against identified
              problem companies due, in part, to the lack of clearly established and well-
              communicated expectations (e.g., milestone dates for specific phases of
              the Year 2000 conversion) for insurers.

              State regulators and industry observers report that the insurance industry
              is in reasonably good condition with respect to Year 2000 readiness.
              However, this assertion is based primarily on self-reported information
              that has not yet been verified. Furthermore, the state regulatory data
              available through NAIC do not provide an effective gauge to assess the
              status of the industry as a whole because of large differences in the dates
              that information was collected by the states. Moreover, these data on
              industry compliance were based almost exclusively on survey responses.

              At present, the magnitude of costs associated with claims and legal
              defenses for Year 2000-related mishaps is not yet estimable but has the
              potential to be substantial for some property-casualty insurers. Although
              many insurers have taken actions to reduce their potential liability



              Page 28                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
                    B-281368




                    exposures, the effectiveness of these mitigation efforts remains uncertain.
                    Ultimately, insurers’ Year 2000-related liability exposures will depend on
                    decisions made to resolve key legal questions and numerous pending
                    legislative initiatives. Until then, insurers will continue to face challenges
                    in estimating their Year 2000-related liabilities and modifying their reserve
                    posture, as warranted.

                    NAIC provided written comments on a draft of this report. A reprint of
NAIC Comments and   NAIC’s letter can be found in appendix III.
Our Evaluation
                    NAIC stated that its members have been proactively addressing Year 2000
                    issues since 1997, and it provided a Year 2000 chronology of NAIC
                    activities. However, based on the suggested milestones in our Assessment
                    Guide, as well as our comparison of insurance regulators to other financial
                    regulators, we continue to believe that regulatory efforts to oversee the
                    insurance industry’s Year 2000 readiness began late and have generally
                    been limited. Specifically, the state insurance regulators we visited were
                    less active in their efforts to promote Year 2000 readiness and efforts to
                    validate information on the status of companies’ readiness. They were also
                    less active in planning for and pursuing formal enforcement actions
                    against companies identified as inadequately preparing for Year 2000 and
                    at a high risk of not being ready for the millenium change. In addition,
                    NAIC was generally late in providing information and guidance to state
                    regulators about the appropriate Year 2000 regulatory activities to
                    undertake. Our concern is that, given the time-consuming process of
                    becoming Year 2000 ready, any company identified by regulators at this
                    late date as being behind could have difficulty completing all of the
                    necessary phases of its Year 2000 preparations in time.

                    NAIC also stated that much of the data used to develop the draft report
                    was out of date, citing, for example, NAIC’s recent initiative to coordinate
                    a focused review of nationally significant companies. As discussed in the
                    scope and methodology of this report, our noted observations are based on
                    actions taken by state insurance regulators through January 1999. As the
                    Year 2000 deadline approaches, NAIC’s most recent initiatives, such as the
                    focused review of nationally significant companies, may offer a practical
                    approach to ensuring the readiness of the nation’s largest insurance
                    companies. NAIC projected that the first phase of this initiative will be
                    completed by mid-May, with preliminary results to follow. We plan to
                    address the results of this initiative as well as other NAIC and state
                    regulatory actions when we provide you with updated information on the
                    insurance industry’s Year 2000 readiness as requested in your March 11,
                    1999, letter.



                    Page 29                    GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




In addition, NAIC noted that our draft report reflected dates when policies
were adopted by NAIC, but did not recognize the many meetings and
discussions among regulators, industry, and trade associations that led to
the adoption of a policy. In this report, we acknowledged that preliminary
meetings to discuss and develop policies provided a mechanism among
regulators and the companies involved for raising awareness and
promoting a dialogue about important issues, such as preparing for 2000.
However, we focused on the date that a policy was formally adopted by
NAIC, rather than on the beginning of discussion. Formal adoption of a
policy is a more relevant date because it signifies when agreement is
reached and actions are expected to commence.

Finally, NAIC acknowledged that the state insurance regulators have
developed different approaches to addressing Year 2000 problems, but
NAIC viewed these oversight variations to be a significant advantage for
state regulators. In our view, variation in the regulatory oversight of Year
2000 preparations across states is a concern because of the high degree of
interdependency required by the state-by-state regulatory system. We
found that state regulators depend on each other for the regulation of
nondomiciled companies. In fact, in May 1998, NAIC recommended “…that
states concentrate their evaluation efforts on domestic insurance entities.”
We also found that the level of Year 2000 oversight is substantially weaker
in some states than in other states. In our view, this raises questions about
the extent to which states can rely on other states regarding the
preparedness of nondomiciled insurance companies doing business in
their states. Moreover, variations in oversight approaches among state
regulators also made it difficult to ascertain the overall status of the
insurance industry’s Year 2000 preparedness.

As agreed with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 10 days from its
issue date. At that time we will provide copies to Representative Thomas
Bliley, Chairman, House Committee on Commerce, and Senator Robert
Bennett, Chairman, and Senator Christopher Dodd, Vice Chairman, Senate
Special Committee on the Year 2000 Technology Problem. We will also
provide copies of this report to other interested parties and will make
copies available to others on request.




Page 30                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
B-281368




Major contributors to this report are listed in appendix VI. Please call me
on (202) 512-8678 if you or your staff have any questions.

Sincerely yours,




Richard J. Hillman
Associate Director, Financial Institutions
  and Markets Issues




Page 31                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
Contents



Letter                                                                                  1


Appendix I                                                                             34

Phases of Year 2000
Preparation
Appendix II                                                                            35

States Visited and
Market Share of Their
Domiciliary Insurance
Companies
Appendix III                                                                           36

Comments From the
National Association
of Insurance
Commissioners
Appendix IV                                                                            47

Priority 1 Companies
Relative to Total
Insurance Companies,
by Type
Appendix V                                                                             48

Priority 1 Companies
Relative to
Industrywide Data, by
Size




                        Page 32   GAO/GGD-99-87 State Insurance Regulators Face Challenges
                        Contents




Appendix VI                                                                                            49

Major Contributors to
This Report
Tables                  Table 1: Year 2000 Conversion Phases and Suggested                              4
                          Completion Dates
                        Table I.1: Description of Key Phases of Year 2000                              34
                          Preparation
                        Table II.1: States We Visited and Market Share of Their                        35
                          Domiciliary Insurance Companies


Figures                 Figure 1: States’ Prioritization of Companies for Year                         10
                          2000 Oversight Purposes
                        Figure IV.1: Priority 1 Companies Relative to Total                            47
                          Companies, by Type
                        Figure V.1: Priority 1 Companies Relative to Industrywide                      48
                          Data, by Size




                        Abbreviations

                        EDS           Electronic Data Systems
                        FFIEC         Federal Financial Institutions Examination Council
                        NAIC          National Association of Insurance Commissioners
                        OCC           Office of the Comptroller of the Currency
                        SEC           Securities and Exchange Commission
                        OMB           Office of Management and Budget




                        Page 33                   GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix I

Phases of Year 2000 Preparation



Table I.1: Description of Key Phases of Year 2000 Preparation
Key phases                                 Description of activities conducted
Awareness                                   Define the Year 2000 problem and gain executive level support and sponsorship.
                                           Establish Year 2000 program team and develop an overall strategy. Ensure that everyone
                                           in the organization is fully aware of the issue.
Assessment                                 Assess the Year 2000 impact on the enterprise. Identify core business areas and
                                           processes, inventory and analyze systems supporting the core business areas, and
                                           prioritize their conversion or replacement. Develop contingency plans to handle data
                                           exchange issues, lack of data, and bad data. Identify and secure the necessary
                                           resources.
Renovation                                 Convert, replace, or eliminate selected platforms, applications, databases, and utilities.
                                           Modify interfaces.
Validation                                  Test, verify, and validate converted or replaced platforms, applications, databases, and
                                           utilities. Test the performance, functionality, and integration of converted or replaced
                                           platforms, applications, databases, utilities, and interfaces in an operational environment.
Implementation                              Implement converted or replaced platforms, applications, databases, utilities, and
                                           interfaces. Implement data-exchange contingency plans, if necessary.
                                              Source: Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14, Sept. 1997).




                                              Page 34                         GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix II

States Visited and Market Share of Their
Domiciliary Insurance Companies

                                           We conducted site visits of 17 state insurance departments whose
                                           domiciliary insurance companies collectively accounted for 75 percent of
                                           insurance sold nationally. This included the top 12 states, each having
                                           domiciled companies with a combined market share of more than 3.0
                                           percent, plus 5 states with relatively smaller market shares ranging from
                                           0.3 to 2.6 percent.

Table II.1: States We Visited and Market
Share of Their Domiciliary Insurance                                                                                             Percentage of
Companies                                  States                                                                           total market share
                                           Illinois                                                                                       14.3
                                           New York                                                                                       11.2
                                           Connecticut                                                                                     6.5
                                           Pennsylvania                                                                                    5.1
                                           California                                                                                      4.3
                                           Wisconsin                                                                                       4.3
                                           Texas                                                                                           4.2
                                           Ohio                                                                                            4.0
                                           Massachusetts                                                                                   3.9
                                           New Jersey                                                                                      3.8
                                           Michigan                                                                                        3.5
                                           Delaware                                                                                        3.4
                                           Indiana                                                                                         2.6
                                           Iowa                                                                                            2.0
                                           Arizona                                                                                         1.0
                                           Oregon                                                                                          0.9
                                           Utah                                                                                            0.3
                                           Total market share                                                                             75.3
                                           Note: Market share information of each state’s domiciliary insurance companies represents the
                                           percentage of net premium volume written nationwide (over $664 billion) for all types of insurance. A
                                           domiciliary insurance company is one incorporated under the laws of the state in which it is doing
                                           business.
                                           Source: Extracted from information provided by NAIC, based on its 1997 financial database.




                                           Page 35                           GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III

Comments From the National Association of
Insurance Commissioners




               Page 36   GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 37                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 38                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 39                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 40                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 41                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 42                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 43                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 44                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 45                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix III
Comments From the National Association of Insurance Commissioners




Page 46                      GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix IV

Priority 1 Companies Relative to Total
Insurance Companies, by Type

                                          Priority 1 companies represent those companies whose Year 2000 efforts
                                          were determined by state insurance regulators to need a high degree of
                                          regulatory attention. Thirteen of the 17 states we visited identified priority
                                          1 companies, 2 states did not identify any priority 1 companies, and the
                                          remaining 2 had not completed their ranking process. The following figure
                                          presents a breakdown, by insurer type, of priority 1 companies, identified
                                          by the 13 states, relative to a similar breakdown of the total number of
                                          domiciled insurance companies in those states.


Figure IV.1: Priority 1 Companies Relative to Total Companies, by Type




                                          Note: “Other” may include such entities as fraternals, employee welfare funds, and title companies
                                          regulated by the state insurance departments.
                                          Source: GAO summary of state survey responses.




                                          Page 47                           GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix V

Priority 1 Companies Relative to Industrywide
Data, by Size

                                           Priority 1 companies represent those companies whose Year 2000 efforts
                                           were determined by state insurance regulators to need a high degree of
                                           regulatory attention. Thirteen of the 17 states we visited identified priority
                                           1 companies, 2 states did not identify any priority 1 companies, and the
                                           remaining 2 had not completed their ranking process. The following figure
                                           presents a breakdown, by size, of priority 1 companies, identified by the 13
                                           states, relative to a similar breakdown using available industrywide data.
                                           Size is based on estimated net premiums written nationwide, with large
                                           companies writing more than $1 billion, medium companies writing $100
                                           million to $1 billion, and small companies writing less than $100 million.


Figure V.1: Priority 1 Companies Relative to Industrywide Data, by Size




                                           Source: GAO summary of state survey responses. Industrywide data by size was taken from an
                                           NAIC report, Year 2000 Insurance Industry Awareness, December 8, 1997.




                                           Page 48                         GAO/GGD-99-87 State Insurance Regulators Face Challenges
Appendix VI

Major Contributors to This Report


                        Lawrence D. Cluff, Assistant Director, Financial Institutions and Markets
General Government      Issues
Division, Washington,
D.C.
                        Paul G. Thompson, Senior Attorney
Office of the General
Counsel, Washington,
D.C.

                        Barry A. Kirby, Senior Evaluator
Chicago Field Office

                        Evelyn E. Aquino, Evaluator-in-Charge
San Francisco Field     Alexandra Martin-Arseneau, Senior Evaluator
Office                  May M. Lee, Computer Specialist




                        Page 49                  GAO/GGD-99-87 State Insurance Regulators Face Challenges
Page 50   GAO/GGD-99-87 State Insurance Regulators Face Challenges
Page 51   GAO/GGD-99-87 State Insurance Regulators Face Challenges
Page 52   GAO/GGD-99-87 State Insurance Regulators Face Challenges
Ordering Information

The first copy of each GAO report and testimony is free. Additional
copies are $2 each. Orders should be sent to the following address,
accompanied by a check or money order made out to the
Superintendent of Documents, when necessary. VISA and
MasterCard credit cards are accepted, also. Orders for 100 or more
copies to be mailed to a single address are discounted 25 percent.

Order by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
     th                  th
700 4 St. NW (corner of 4 and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000 or by using fax
number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and testimony.
To receive facsimile copies of the daily list or any list from the past
30 days, please call (202) 512-6000 using a touch-tone phone. A
recorded menu will provide information on how to obtain these
lists.

For information on how to access GAO reports on the INTERNET,
send e-mail message with “info” in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested




(233608)