As Federal and State Agencies Warn of Increased Cyber Threats, Insurance Incentives for Compliance with NIST Cybersecurity Framework May Be on the Horizon

This post was written by J. Andrew Moss and Emily Garrison.

Since the President’s February 2013 Executive Order directing the National Institute of Standards and Technology (NIST) to lead the development of a voluntary framework to address and reduce cyber risks, the agencies and stakeholders involved have been exploring whether to tie the February 2014 Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework) to incentives such as cyberliability insurance. For example, in a Report to the President on Cybersecurity Incentives, the Treasury Department suggested that “[c]yber insurance can promote adoption of stronger security measures” because, among other reasons, “insurers could require policyholders to comply with minimum security standards as a condition of insurance coverage, including adoption of the Framework.”

The Treasury Department held a public meeting on November 6 that included a discussion of developments in the market for cyberliability insurance and the NIST Framework.

A webcast of the meeting and meeting materials will be made available on the Treasury Department’s website within the next few weeks. The Commodity Futures Trading Commission (CFTC) also recently commented on the increasing importance of cyber security. In a November 5 speech at the Futures Industry Association's Expo 2014 in Chicago, CFTC Chairman Timothy Massad commented that the “need to strengthen the security and resilience of our financial markets against cyber attacks is clear,” and outlined steps the CFTC has been taking regarding cyber and information security. And at the state level, California’s Attorney General, Kamala D. Harris, issued a report in October showing that data security threats are on the rise in the Golden State, and recommended specific steps California retailers should take to improve data security and reduce breaches.

At least one major insurer may now be developing the initiatives suggested by the Treasury Department and other agencies. In recent statements to Bloomberg BNA, American International Group (AIG) indicated that its companies are considering incorporating elements of the NIST Framework into the underwriting process. AIG stated that adoption of the NIST Framework may make companies eligible to purchase cyberliability insurance at cheaper rates, but also stated that companies will not be required to adopt the Framework as a condition of receiving special insurance rates or a condition of obtaining cyberliability coverage.

Andy Moss is a partner in Reed Smith’sInsurance Recovery Group and a co-leader of the Group’s Cyberliability practice area. Emily Garrison is an associate in the Insurance Recovery Group. Companies considering, placing or renewing cyberliability coverage, or interested in examining the scope of coverage or determining whether certain types of claims may be insured under a particular cyberliability policy form should contact Andy or Emily.

Predictable Responses to Benmosche Leak

This morning’s WSJ report that Robert Benmosche, recently appointed CEO of AIG, is unhappy with government pay restrictions, has elicited predictable, less than sympathetic responses. “Tiny Violins” is the headline from the Daily Beast.  New York Magazine’s Daily Intel responded with sarcasm:

Apparently, someone told Robert Benmosche that running the world's largest and most [expletive withheld] insurer was going to be a cakewalk, because three months into the job and two months after returning from a vacation at his Croatian villa, the CEO is considering throwing in the towel, owing to the restrictions placed on him by the company's new owners, the good old United States government.

… But wait: Didn't he know that when he took the job? We'd assumed he was like the David Blaine of CEOs; you know, that he liked putting himself into impossible situations and getting out against all odds, but apparently, Benmosche was on a media blackout for 2008-2009 and had no idea what he was getting into. What did the board tell him, we wonder? That he was being hired to run an insurance company? 


Clusterstock goes with outrage:

Robert Benmosche should not be given the opportunity to step down as the chief executive of AIG. He should be fired immediately.

The scope and scale of the arrogance of Benmosche is almost stunning. Except that we've become so accustomed to financial big shots acting like they were divinely anointed that we hardly notice.

If this kind of PR ploy actually works with Ken Feinberg, well …; more likely, it will just continue to backfire. In any event, the parlor game of predicting Benmosche’s successor has begun.

Feinberg’s letter to AIG can be found HERE.

UPDATE: In response to the uproar (e.g. "AIG's Benmosche is a drama queen") created by the WSJ story, Benmosche has sent a letter to AIG employess saying he's "totally committed" to the job.

What Obama's Proposed Financial Regulatory Reforms Mean for Insurance -- The New Office of National Insurance

This post was written by Paul Walker-Bright.

On June 17, 2009, the Department of the Treasury released its “white paper” detailing proposals for comprehensive reform of financial industry regulation, entitled “Financial Regulatory Reform, A New Foundation: Rebuilding Financial Supervision and Regulation.” The entire report can be found here. Among the reforms advocated by the Treasury Department is the creation of an Office of National Insurance within the Department. Treasury, which would “gather information, develop expertise, negotiate international agreements, and coordinate policy in the insurance sector.”

The ONI would be responsible for “monitoring” all aspects of the insurance industry, but would have no regulatory authority or oversight. This may come as a disappointment to advocates of an optional federal charter for the regulation of the insurance industry, as it leaves in place the current state-controlled regulatory scheme. According to media reports, the Obama administration does not want to push for federal regulation at this time, given the deep divisions within the insurance industry over the need for such regulation, and the consequent political fight that undoubtedly would develop.

However, the text of the white paper indicates that the Treasury Department may not be thrilled with the current regulatory paradigm, and may intend to use the ONI to push for better regulation of insurance. For example, the white paper takes this swipe at state regulation:

For over 135 years, insurance has been primarily regulated by the states, which has led to a lack of uniformity and reduced competition across state and international boundaries, resulting in inefficiency, reduced product innovation, and higher costs to consumers.

Treasury then states that it will support proposals to “modernize and improve our system of insurance regulation” based on six principles:

  1. Effective systemic risk regulation with respect to insurance;
  2. Strong capital standards and an appropriate match between capital allocation and liabilities for all insurance companies;
  3. Meaningful and consistent consumer protection for insurance products and practices [a federal bad faith and unfair claims handling practices act?];
  4. Increased national uniformity through either a federal charter or effective action by the states;
  5. Improve and broaden the regulation of insurance companies and affiliates on a consolidated basis, including those affiliates outside of the traditional insurance business [e.g., AIG’s Financial Products Division, responsible for selling the credit default swaps that sank AIG];
  6. International coordination.

Moreover, the white paper notes that the European Union recently passed legislation that will require a foreign insurance company operating in its member states to be subject to supervision in the company’s home country comparable to the supervision required in the EU. Treasury proposed that the ONI will work with other nations to meet this requirement.

Thus, it appears that Treasury intends to take a much more active role in the oversight of the insurance industry, and will use the ONI as a means to push for further regulatory reforms, up to and including a possible eventual federal charter. Rumors of the death of federal regulation of insurance may be greatly exaggerated.

A copy of the White Paper, titled "Financial Regulatory Reform: A New Foundation" can be found Here (discussion of ONI begins on p.40) and President Obama's statement can be found Here.

Who Was Minding the Store?

For those of you interested in the role of regulators in the implosion of AIG [see prior posts Here and Here,] Planet Money (an award-winning joint project of NPR News and This American Life) had a fascinating program this past weekend: “The Watchmen”. Although it has already aired, it is available to listen to on-line or for download Here. The NPR News story is available Here.

The Office of Thrift Supervision comes in for the brunt of the criticism. Although I think they got it mostly right, IMHO they let the state insurance regulators off too easy. They were responsible for securities lending and didn’t stop it.  

My favorite part is the tape of Supt. Dinallo and a bunch of assistants trying to figure out what proportion of AIG’s assets were regulated by the New York Insurance Department. The answer? 7 percent (ish).

The Path of the Umbrella

As Travelers takes AIG’s spot in the Dow Jones Industrial Average, or rather Dow Jones Non-Industrial Average take a moment to check out the path of the iconic red umbrella as it passed from Travelers to Citibank (ironically, Travelers former parent also exiting the Dow) and back again. 

ManU Sponsorship Stays in the Insurance Family

Finally, we can all rest easy. AON is taking over the Manchester United shirt sponsorship rights from AIG, starting in 2010. According to Reuters:

The deal represents a coup for Aon, which has secured one of the most prestigious advertising deals in sport with United's huge global fan base making them one of the top prizes in sports sponsorship.

Click here for full story.

AIG Hardball?

Bloomberg News yesterday carried a report of a court filing alleging that AIG reported a claimant to Homeland Security in order to avoid paying a verdict that now amounts, with interest, to $3 million. 

The worker, Aleksander Janda, was arrested today on charges related to using someone else’s Social Security number, including identity theft, said Helen Peterson, a spokeswoman for Queens District Attorney Richard Brown. In February, Janda won the $2.7 million jury verdict from a property owner for an injury he received after falling 12 feet onto a cement floor while working. In a letter last month, a lawyer for Janda told the judge that AIG contacted Queens prosecutors to get Janda arrested and deported. AIG is the insurer for the property owner.

“It was AIG who contacted the Queens District Attorney’s office and the U.S. Department of Homeland Security in an effort to have the plaintiff arrested on criminal charges and then deported,” the worker’s lawyer, Brett J. Nomberg of Brand Brand Nomberg & Rosenbaum LLP in New York, wrote May 29 to the state court judge in charge of the case, Bernice D. Siegal.

Marie Ali, an AIG spokeswoman, declined to comment.

After the Feb. 17 verdict, the property owner asked the judge to set aside the award and order a new trial, Nomberg said in a phone interview. If Janda is deported, he won’t be able to appear at the new trial, Nomberg said.

Click here for full story.

Eric Dinallo Resigns

On May 28, Eric Dinallo, New York’s high-profile Superintendent of Insurance, resigned effective July 3.

Dinallo presided over the Department’s response to the AIG catastrophe and advocated far more regulation of the industry than previously seen. Dinallo was also instrumental in the rescue of the municipal bond business in New York, approving segregating it from mortgage insurers, now being attacked in court. 

Felix Salmon has an interesting take on what this means for the future of insurance regulation:

More interestingly, Dinallo’s resignation temporarily leaves the country without a strong insurance regulator — and that, in turn, should make it much easier for Tim Geithner to push through plans to rationalize the nightmare that is insurance regulation, and bring America’s insurers under one federal regulatory umbrella.

Many expect Dinallo to run for NY Attorney General, the post held by his former boss Elliot Spitzer, and now held by Andrew Cuomo. Per the Wall Street Journal:

"He'd like to run for attorney general," New York Democrat political strategist George Arzt said of Mr. Dinallo. "I think he's been taking soundings." Leaving the insurance-commissioner post, Mr. Arzt said, would give Mr. Dinallo more latitude to "speak out about the issues."

For the moment, though, he’ll be at NYU.

State Insurance Regulation: The Lessons of History (AIG Edition)

On May 20th, the NY Times ran an editorial titled “Regulatory Shopping”. The very valid point of the editorial is that if you give the regulated the option to choose their regulator, no good can come of it: 

And yet, legislation recently introduced in the House would allow insurance companies, currently regulated by the states, to opt for federal regulation instead — and, in general, if they don’t like that, to switch back after a spell. If the bill were enacted, the race to the regulatory depths would continue, and the nation would be headed in exactly the wrong regulatory direction.

Agreed, no argument. I take issue, however, with the assumption of the NYT that state insurance regulators have covered themselves in glory. Robust defenders of the rights of policyholders? Not exactly. In the pocket of the insurance industry? Sometimes. Opaque?  Always. And that’s without addressing the quagmire/insanity that is insurance insolvency regulation and the guaranty fund system.

Think about AIG’s security lending program. That was the program whereby AIG lent securities held by its life insurance subsidiaries to hedge funds which in turn shorted the stock. The more interesting part is what AIG did with the cash it received as collateral for loaned securities. AIG took that money and invested in risky subprime Residential Mortgage Backed Securities in a sordid quest for “an additional 0.2 percentage point in yield, or roughly $150 million in revenue.” Who was minding the store? Allegedly, state insurance regulators. At a certain point, apparently AIG told the regulators and promised to have the holding company protect the insurance companies from some of the losses; but then the bottom fell out. A must read on this is Serena Ng and Liam Pleven’s history of the program (along with many other Ng-Pleven excellent AIG stories). It was only after the damage was done that the regulators even began to discuss regulating this kind of activity. As National Underwriter reported, even in December 2008, after the AIG imploded, state regulators didn’t agree that the activity needed to be regulated:

The regulatory accounting for these programs is not sufficient, according to Mr. Dinallo. Regulators, he said, are able to examine assets which the insurer still owns but do not get to see what happens to the cash.

During a regulator-only session at the meeting, according to Connecticut Insurance Commissioner Tom Sullivan, "the lack of consistency around these vehicles" was described as "deeply alarming."

Mr. Dinallo added that "one could have a reasonable discussion over whether insurers should be involved in this activity." He said that if regulators are trying to build a "regulatory moat" around insurance companies, then these programs can be likened to a "drawbridge" that bridges insurers to other financial services areas.

Tom Hampton, commissioner of the District of Columbia, said that he understood the concern over these programs but also urged caution. "We want to be careful. We don't want to disadvantage insurance companies in the financial marketplace."

This wasn’t AIGFP. This was reckless behavior with insurance company assets. Are state insurance regulators equipped to deal with the next “sophisticated” trading scheme of some of our largest financial institutions? Is anyone?