United States General Accounting Office GAO Testimony Before the Special Committee on the Year 2000 Technology Problem U. S. Senate Not to be Released Before 9:30 a.m., EST Thursday, March 11, 1999 INSURANCE INDUSTRY Regulators Are Less Active in Encouraging and Validating Year 2000 Preparedness Statement for the Record by Richard J. Hillman, Associate Director Financial Institutions and Markets Issues General Government Division GAO/T-GGD-99-56 Statement Mr. Chairman and Members of the Special Committee: Financial institutions are regulated for a variety of reasons, including both safety and soundness and customer protection. This regulation supplements market discipline, especially in cases where customers have difficulty evaluating a company’s financial soundness. This is true for depository institutions, securities firms, and insurance companies. The Year 2000 computer problem is an issue that can affect the ability of an institution to continue to provide services to its customers; that is, it can affect both safety and soundness as well as customer protection. Therefore, it is appropriate that financial regulators be actively involved in making sure that (1) institutions know what is expected of them to become prepared and (2) customers and others who depend on a continued stream of services can be confident about the operational viability of their financial institutions. At the request of this Committee and the Ranking Member of the House Committee on Commerce, we have reviewed the activities of bank and securities regulators and have reported that, after a slow start, they have generally made real progress in validating the preparedness of their regulated institutions. We have recently taken a similar look at the insurance industry and its regulators and, unfortunately, have found that their regulatory presence regarding the Year 2000 area is not as strong as that exhibited by the banking and securities regulators. In this effort, we visited and surveyed 17 state insurance departments. Those departments regulated companies providing about 75 percent of insurance written in the nation. At a future time, we will be happy to share with you the detailed results of that work. However, at your request, we would today like to present a few preliminary results comparing some of the Year 2000 regulatory actions, both in timeliness and scope, of regulators in all three of the major financial industries—banking, securities, and insurance. We wish to emphasize that we in no way intend to suggest that there are likely to be major problems in any of the three sectors. Indeed, regulators, as well as other available studies, suggest that the financial sector is doing reasonably well in its preparation for 2000. However, there are significant differences in the extent of validation taking place in the banking and securities industries compared to the insurance industry. Consequently, it is difficult to know how much confidence to place in reports about the readiness of the insurance industry, where there is generally less validation. To illustrate differences among the regulators, we will briefly focus on two broad areas of regulatory activity—guidance and verification. Page 1 GAO/T-GGD-99-56 Statement Banking and securities regulators have supplied guidance and direction Regulatory regarding Year 2000 problems, while state insurance regulators we Approaches to contacted have provided little guidance to their regulated institutions. Facilitate Financial Within the banking industry, the Federal Financial Institutions 1 Examination Council (FFIEC), through its member agencies, has taken Institutions’ Efforts to actions to (1) raise banking industry awareness regarding the Year 2000 Become Year 2000 problem and (2) provide financial depository institutions with Year 2000 Ready guidance, including expectations for when certain phases of conversion should be completed. Within the securities industry, the Securities Exchange Commission (SEC) has engaged in similar efforts to promote and encourage Year 2000 readiness, primarily through the securities industry’s self-regulatory organizations (SROs). But, for the most part, as discussed below, state insurance regulators we contacted and the National 2 Association of Insurance Commissioners (NAIC) have not been as proactive in this area. 3 Raising Industry Awareness In our assessment guide, we state that Year 2000 awareness efforts should be completed during 1996. In June 1996, FFIEC began to raise industry awareness by disseminating letters to the boards of directors and senior management of all federally supervised banking institutions on key topics associated with Year 2000 readiness. Also starting in June 1996, SEC sent letters to the industry trade associations and subsequently to individual firms informing them of the threat posed by Year 2000 problems to their operations and urging them to address these problems as one of their highest priorities. In contrast, individual state regulatory efforts to raise insurers’ awareness generally did not begin until 1997 or, for a few of the states we visited, until late 1998. These efforts typically took the form of questionnaires to insurers inquiring about their state of preparedness. In addition, the NAIC coordinated a national survey of insurance companies in August 1997 to, among other things, serve as an impetus for them to 4 take appropriate action. Because of state insurance regulators’ late start, 1 FFIEC was established in 1979 as a formal interagency body empowered to prescribe uniform principals, standards, and report forms for the federal examination of financial institutions, and to make recommendations to promote uniformity in the supervision of these institutions. The Council’s membership is composed of the federal bank regulators—Federal Deposit Insurance Corporation, the Federal Reserve System, and the Comptroller of the Currency—plus the regulators for credit unions and thrift institutions—the National Credit Union Administration and the Office of Thrift Supervision, respectively. 2 NAIC is a membership organization of state insurance commissioners. One of the NAIC’s goals is to promote uniformity of state regulation and legislation as it concerns the insurance industry. 3 Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10-1-14, Sept. 1997). 4 NAIC summarized the survey results in a report, Year 2000 Insurance Industry Awareness, issued in December 1997. Page 2 GAO/T-GGD-99-56 Statement less time is available to fully assess the Year 2000 preparedness of insurers and to provide assurances to the public that the insurance industry will continue to operate into the new millenium. Providing Guidance and FFIEC has issued interagency guidance to federally regulated depository institutions on Year 2000 topics such as testing, contingency planning, and Milestones business risk. It has also established, and formally communicated to the banking industry, specific deadlines for when companies were expected to have completed certain phases of Year 2000 conversion (e.g., remediation, testing of mission critical systems, and third-party testing). Although SEC has issued limited guidance on Year 2000 problems, the Securities Industry Association and other SROs have issued guidance to their members. In particular, the National Association of Securities Dealers issued guidance on such topics as investor concerns and testing requirements, and it conducted workshops around the country to raise awareness and provide assistance regarding the Year 2000 problem. Moreover, similar to the banking regulators, the SROs established milestone dates for their respective member organizations. With a few exceptions, state insurance regulators we contacted have not provided insurance companies with formal guidance or regulatory expectations regarding Year 2000 readiness. Some state officials took the position that it was not their role to be directive with companies regarding Year 2000 solutions, but rather to monitor their progress. A few others noted that they did not have the expertise and/or resources to provide specific guidance on preparing for 2000. In September 1998, NAIC issued a statement of insurance regulatory expectations regarding due diligence in 5 preparing for 2000. This statement was intended to provide useful guidance to the industry as well as to state insurance regulators. However, dissemination was left to the initiative of the individual states, and it was not uniformly made available to all insurers. A few states we visited as late as December 1998 were still unaware that NAIC had completed action on the regulatory guidance. Financial regulators have two principal ways of verifying the Year 2000 Regulatory Verification readiness of their regulated institutions. These are on-site examinations of Financial and broad scale testing. Examinations on Year 2000 issues focus primarily Institutions’ Year 2000 on the actions that institutions are taking to prepare for 2000, in other words, on the process up to and including a review of test results and Readiness contingency planning. In contrast, successful broad scale tests 5 Insurance Regulatory Statement Regarding Industry Year 2000 Compliance and Remediation, approved by NAIC’s Year 2000 Working Group on 9/8/98. Page 3 GAO/T-GGD-99-56 Statement demonstrate that, after all the preparations, each of the pieces work, individually and together. Broad scale testing is more meaningful in some industries than in others. To be meaningful, such testing requires considerable interconnectedness among the participants. The structure of the securities industry and, to a lesser extent, of the banking industry lends itself to such testing. In cases where this interconnectedness may be absent or limited, as in the insurance industry, examinations become the most effective means for regulators to verify the status of financial institutions’ Year 2000 preparedness. Banking regulators rely primarily on examinations targeted directly at issues related to Year 2000 problems to validate the progress and status of their regulated institutions. The first round of such examinations began in May 1997. Regulators are now nearing completion of the second round of targeted examinations. At its conclusion, every institution will have been examined twice. This will provide regulators with not only a snapshot of institutions’ status now, but also a perspective of their progress over time. Furthermore, time will still be available for regulators to return to institutions where questions remain. In addition to targeted examinations, at the encouragement of the Federal Reserve System, depository institutions are expected to participate in tests demonstrating their ability to successfully interface with the Federal Reserve’s wholesale payments system. Such tests provide further assurances of the readiness of the banking industry to meet Year 2000 challenges. The interconnectedness of the securities industry lends itself to broad scale testing to an even greater extent. With the approval of the SEC, over 400 institutions are participating in “street-wide” testing. A preliminary test was successfully held in June 1998, and another test is now ongoing. In addition, the SEC has conducted some examinations of securities firms, and SROs have conducted more extensive examinations, but the examination coverage has not been as extensive as in the banking industry. Street-wide testing is the principal Year 2000 validation vehicle in the securities industry. Validation by insurance regulators of the Year 2000 readiness of insurance companies began late and, in most states, lacks the vigor demonstrated by bank and securities regulators. The NAIC added nine questions on Year 2000 preparations to the Examiners Financial Handbook (used by all states) in late 1997. Most states we contacted began coverage of their regulated companies during regularly scheduled financial examinations beginning in early 1998. However, state insurance regulators routinely examine their companies only once every 3 to 5 years. As a result, many Page 4 GAO/T-GGD-99-56 Statement companies will not have had a regular financial examination between 1998 and 2000. Recognizing this, some state regulators have begun or are considering incorporating targeted Year 2000 examinations into their validation programs. One state began conducting such examinations in mid-1998. Several more began targeted examinations late in 1998. Others have either begun or plan to begin targeted examinations during 1999. Four of the 17 state insurance departments we visited told us that they did not plan to conduct targeted examinations. In those states now conducting targeted examinations, the stated goal, with a few exceptions, is to examine only those companies thought to pose the greatest risk. Compared to standards presented in our assessment guide and to other Conclusions financial regulators, state insurance regulators we contacted were late in raising industry awareness of potential Year 2000 problems. They also provided little guidance to regulated institutions and failed to convey clear regulatory expectations to companies about Year 2000 preparations and milestones. Nevertheless, we found that the insurance industry is reported both by its regulators and by other outside observers to be generally on track to being ready for 2000. However, most of these reports are based on information that has been self-reported by the insurance companies. Relative to other financial regulators, insurance regulators’ efforts to validate this self-reported information generally began late and were too limited. Page 5 GAO/T-GGD-99-56 Page 6 GAO/T-GGD-99-56 Page 7 GAO/T-GGD-99-56 Page 8 GAO/T-GGD-99-56 Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Order by mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC 20013 or visit: Room 1100 th th 700 4 St. NW (corner of 4 and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touch-tone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send e-mail message with “info” in the body to: email@example.com or visit GAO’s World Wide Web Home Page at: http://www.gao.gov United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested (233579)
Insurance Industry: Regulators Are Less Active in Encouraging and Validating Year 2000 Preparedness
Published by the Government Accountability Office on 1999-03-11.
Below is a raw (and likely hideous) rendition of the original report. (PDF)