oversight

Insurance Industry: Regulators Are Less Active in Encouraging and Validating Year 2000 Preparedness

Published by the Government Accountability Office on 1999-03-11.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                           United States General Accounting Office

GAO                        Testimony
                           Before the Special Committee on the
                           Year 2000 Technology Problem
                           U. S. Senate


Not to be Released
Before 9:30 a.m., EST
Thursday, March 11, 1999
                           INSURANCE INDUSTRY

                           Regulators Are Less Active
                           in Encouraging and
                           Validating Year 2000
                           Preparedness
                           Statement for the Record by
                           Richard J. Hillman, Associate Director
                           Financial Institutions and Markets Issues
                           General Government Division




GAO/T-GGD-99-56
Statement




            Mr. Chairman and Members of the Special Committee:

            Financial institutions are regulated for a variety of reasons, including both
            safety and soundness and customer protection. This regulation
            supplements market discipline, especially in cases where customers have
            difficulty evaluating a company’s financial soundness. This is true for
            depository institutions, securities firms, and insurance companies. The
            Year 2000 computer problem is an issue that can affect the ability of an
            institution to continue to provide services to its customers; that is, it can
            affect both safety and soundness as well as customer protection.
            Therefore, it is appropriate that financial regulators be actively involved in
            making sure that (1) institutions know what is expected of them to
            become prepared and (2) customers and others who depend on a
            continued stream of services can be confident about the operational
            viability of their financial institutions.

            At the request of this Committee and the Ranking Member of the House
            Committee on Commerce, we have reviewed the activities of bank and
            securities regulators and have reported that, after a slow start, they have
            generally made real progress in validating the preparedness of their
            regulated institutions. We have recently taken a similar look at the
            insurance industry and its regulators and, unfortunately, have found that
            their regulatory presence regarding the Year 2000 area is not as strong as
            that exhibited by the banking and securities regulators. In this effort, we
            visited and surveyed 17 state insurance departments. Those departments
            regulated companies providing about 75 percent of insurance written in
            the nation. At a future time, we will be happy to share with you the
            detailed results of that work. However, at your request, we would today
            like to present a few preliminary results comparing some of the Year 2000
            regulatory actions, both in timeliness and scope, of regulators in all three
            of the major financial industries—banking, securities, and insurance.

            We wish to emphasize that we in no way intend to suggest that there are
            likely to be major problems in any of the three sectors. Indeed, regulators,
            as well as other available studies, suggest that the financial sector is doing
            reasonably well in its preparation for 2000. However, there are significant
            differences in the extent of validation taking place in the banking and
            securities industries compared to the insurance industry. Consequently, it
            is difficult to know how much confidence to place in reports about the
            readiness of the insurance industry, where there is generally less
            validation. To illustrate differences among the regulators, we will briefly
            focus on two broad areas of regulatory activity—guidance and verification.




            Page 1                                                         GAO/T-GGD-99-56
                             Statement




                             Banking and securities regulators have supplied guidance and direction
Regulatory                   regarding Year 2000 problems, while state insurance regulators we
Approaches to                contacted have provided little guidance to their regulated institutions.
Facilitate Financial         Within the banking industry, the Federal Financial Institutions
                                                             1
                             Examination Council (FFIEC), through its member agencies, has taken
Institutions’ Efforts to     actions to (1) raise banking industry awareness regarding the Year 2000
Become Year 2000             problem and (2) provide financial depository institutions with Year 2000
Ready                        guidance, including expectations for when certain phases of conversion
                             should be completed. Within the securities industry, the Securities
                             Exchange Commission (SEC) has engaged in similar efforts to promote
                             and encourage Year 2000 readiness, primarily through the securities
                             industry’s self-regulatory organizations (SROs). But, for the most part, as
                             discussed below, state insurance regulators we contacted and the National
                                                                               2
                             Association of Insurance Commissioners (NAIC) have not been as
                             proactive in this area.
                                                               3
Raising Industry Awareness   In our assessment guide, we state that Year 2000 awareness efforts should
                             be completed during 1996. In June 1996, FFIEC began to raise industry
                             awareness by disseminating letters to the boards of directors and senior
                             management of all federally supervised banking institutions on key topics
                             associated with Year 2000 readiness. Also starting in June 1996, SEC sent
                             letters to the industry trade associations and subsequently to individual
                             firms informing them of the threat posed by Year 2000 problems to their
                             operations and urging them to address these problems as one of their
                             highest priorities. In contrast, individual state regulatory efforts to raise
                             insurers’ awareness generally did not begin until 1997 or, for a few of the
                             states we visited, until late 1998. These efforts typically took the form of
                             questionnaires to insurers inquiring about their state of preparedness. In
                             addition, the NAIC coordinated a national survey of insurance companies
                             in August 1997 to, among other things, serve as an impetus for them to
                                                       4
                             take appropriate action. Because of state insurance regulators’ late start,

                             1
                              FFIEC was established in 1979 as a formal interagency body empowered to prescribe uniform
                             principals, standards, and report forms for the federal examination of financial institutions, and to
                             make recommendations to promote uniformity in the supervision of these institutions. The Council’s
                             membership is composed of the federal bank regulators—Federal Deposit Insurance Corporation, the
                             Federal Reserve System, and the Comptroller of the Currency—plus the regulators for credit unions
                             and thrift institutions—the National Credit Union Administration and the Office of Thrift Supervision,
                             respectively.
                             2
                              NAIC is a membership organization of state insurance commissioners. One of the NAIC’s goals is to
                             promote uniformity of state regulation and legislation as it concerns the insurance industry.
                             3
                                 Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10-1-14, Sept. 1997).
                             4
                              NAIC summarized the survey results in a report, Year 2000 Insurance Industry Awareness, issued in
                             December 1997.




                             Page 2                                                                            GAO/T-GGD-99-56
                          Statement




                          less time is available to fully assess the Year 2000 preparedness of insurers
                          and to provide assurances to the public that the insurance industry will
                          continue to operate into the new millenium.

Providing Guidance and    FFIEC has issued interagency guidance to federally regulated depository
                          institutions on Year 2000 topics such as testing, contingency planning, and
Milestones                business risk. It has also established, and formally communicated to the
                          banking industry, specific deadlines for when companies were expected to
                          have completed certain phases of Year 2000 conversion (e.g., remediation,
                          testing of mission critical systems, and third-party testing). Although SEC
                          has issued limited guidance on Year 2000 problems, the Securities Industry
                          Association and other SROs have issued guidance to their members. In
                          particular, the National Association of Securities Dealers issued guidance
                          on such topics as investor concerns and testing requirements, and it
                          conducted workshops around the country to raise awareness and provide
                          assistance regarding the Year 2000 problem. Moreover, similar to the
                          banking regulators, the SROs established milestone dates for their
                          respective member organizations.

                          With a few exceptions, state insurance regulators we contacted have not
                          provided insurance companies with formal guidance or regulatory
                          expectations regarding Year 2000 readiness. Some state officials took the
                          position that it was not their role to be directive with companies regarding
                          Year 2000 solutions, but rather to monitor their progress. A few others
                          noted that they did not have the expertise and/or resources to provide
                          specific guidance on preparing for 2000. In September 1998, NAIC issued a
                          statement of insurance regulatory expectations regarding due diligence in
                                              5
                          preparing for 2000. This statement was intended to provide useful
                          guidance to the industry as well as to state insurance regulators. However,
                          dissemination was left to the initiative of the individual states, and it was
                          not uniformly made available to all insurers. A few states we visited as late
                          as December 1998 were still unaware that NAIC had completed action on
                          the regulatory guidance.

                          Financial regulators have two principal ways of verifying the Year 2000
Regulatory Verification   readiness of their regulated institutions. These are on-site examinations
of Financial              and broad scale testing. Examinations on Year 2000 issues focus primarily
Institutions’ Year 2000   on the actions that institutions are taking to prepare for 2000, in other
                          words, on the process up to and including a review of test results and
Readiness                 contingency planning. In contrast, successful broad scale tests

                          5
                           Insurance Regulatory Statement Regarding Industry Year 2000 Compliance and Remediation,
                          approved by NAIC’s Year 2000 Working Group on 9/8/98.




                          Page 3                                                                       GAO/T-GGD-99-56
Statement




demonstrate that, after all the preparations, each of the pieces work,
individually and together. Broad scale testing is more meaningful in some
industries than in others. To be meaningful, such testing requires
considerable interconnectedness among the participants. The structure of
the securities industry and, to a lesser extent, of the banking industry lends
itself to such testing. In cases where this interconnectedness may be
absent or limited, as in the insurance industry, examinations become the
most effective means for regulators to verify the status of financial
institutions’ Year 2000 preparedness.

Banking regulators rely primarily on examinations targeted directly at
issues related to Year 2000 problems to validate the progress and status of
their regulated institutions. The first round of such examinations began in
May 1997. Regulators are now nearing completion of the second round of
targeted examinations. At its conclusion, every institution will have been
examined twice. This will provide regulators with not only a snapshot of
institutions’ status now, but also a perspective of their progress over time.
Furthermore, time will still be available for regulators to return to
institutions where questions remain. In addition to targeted examinations,
at the encouragement of the Federal Reserve System, depository
institutions are expected to participate in tests demonstrating their ability
to successfully interface with the Federal Reserve’s wholesale payments
system. Such tests provide further assurances of the readiness of the
banking industry to meet Year 2000 challenges.

The interconnectedness of the securities industry lends itself to broad
scale testing to an even greater extent. With the approval of the SEC, over
400 institutions are participating in “street-wide” testing. A preliminary test
was successfully held in June 1998, and another test is now ongoing. In
addition, the SEC has conducted some examinations of securities firms,
and SROs have conducted more extensive examinations, but the
examination coverage has not been as extensive as in the banking
industry. Street-wide testing is the principal Year 2000 validation vehicle in
the securities industry.

Validation by insurance regulators of the Year 2000 readiness of insurance
companies began late and, in most states, lacks the vigor demonstrated by
bank and securities regulators. The NAIC added nine questions on Year
2000 preparations to the Examiners Financial Handbook (used by all
states) in late 1997. Most states we contacted began coverage of their
regulated companies during regularly scheduled financial examinations
beginning in early 1998. However, state insurance regulators routinely
examine their companies only once every 3 to 5 years. As a result, many



Page 4                                                         GAO/T-GGD-99-56
              Statement




              companies will not have had a regular financial examination between 1998
              and 2000. Recognizing this, some state regulators have begun or are
              considering incorporating targeted Year 2000 examinations into their
              validation programs. One state began conducting such examinations in
              mid-1998. Several more began targeted examinations late in 1998. Others
              have either begun or plan to begin targeted examinations during 1999.
              Four of the 17 state insurance departments we visited told us that they did
              not plan to conduct targeted examinations. In those states now conducting
              targeted examinations, the stated goal, with a few exceptions, is to
              examine only those companies thought to pose the greatest risk.

              Compared to standards presented in our assessment guide and to other
Conclusions   financial regulators, state insurance regulators we contacted were late in
              raising industry awareness of potential Year 2000 problems. They also
              provided little guidance to regulated institutions and failed to convey clear
              regulatory expectations to companies about Year 2000 preparations and
              milestones. Nevertheless, we found that the insurance industry is reported
              both by its regulators and by other outside observers to be generally on
              track to being ready for 2000. However, most of these reports are based on
              information that has been self-reported by the insurance companies.
              Relative to other financial regulators, insurance regulators’ efforts to
              validate this self-reported information generally began late and were too
              limited.




              Page 5                                                        GAO/T-GGD-99-56
Page 6   GAO/T-GGD-99-56
Page 7   GAO/T-GGD-99-56
Page 8   GAO/T-GGD-99-56
Ordering Information

The first copy of each GAO report and testimony is free. Additional
copies are $2 each. Orders should be sent to the following address,
accompanied by a check or money order made out to the
Superintendent of Documents, when necessary. VISA and
MasterCard credit cards are accepted, also. Orders for 100 or more
copies to be mailed to a single address are discounted 25 percent.

Order by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
     th                  th
700 4 St. NW (corner of 4 and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000 or by using fax
number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and testimony.
To receive facsimile copies of the daily list or any list from the past
30 days, please call (202) 512-6000 using a touch-tone phone. A
recorded menu will provide information on how to obtain these
lists.

For information on how to access GAO reports on the INTERNET,
send e-mail message with “info” in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested




(233579)