1Amending the act of May 17, 1921 (P.L.682, No.284), entitled "An
2act relating to insurance; amending, revising, and
3consolidating the law providing for the incorporation of
4insurance companies, and the regulation, supervision, and
5protection of home and foreign insurance companies, Lloyds
6associations, reciprocal and inter-insurance exchanges, and
7fire insurance rating bureaus, and the regulation and
8supervision of insurance carried by such companies,
9associations, and exchanges, including insurance carried by
10the State Workmen's Insurance Fund; providing penalties; and
11repealing existing laws," providing for risk management and
12own risk solvency assessment.

13The General Assembly of the Commonwealth of Pennsylvania
14hereby enacts as follows:

15Section 1. The act of May 17, 1921 (P.L.682, No.284), known
16as The Insurance Company Law of 1921, is amended by adding an
17article to read:

18ARTICLE XXVI

19RISK MANAGEMENT AND OWN RISK SOLVENCY ASSESSMENT

20Section 2601. Purpose and scope of article.

21(a) Purpose.--The purpose of this article is to:

22(1) Require an insurer or insurance group to maintain a
23risk management framework and complete an own risk and

1solvency assessment (ORSA).

2(2) Set forth the requirements for filing an ORSA
3summary report with the Insurance Department.

4(3) Provide for the confidential treatment of the ORSA,
5the ORSA summary report and other ORSA-related information,
6which contain trade secrets and other proprietary information
7that, if made public, could potentially cause the insurer or
8insurance group competitive harm or disadvantage.

9(b) Scope.--The requirements of this article shall apply to
10all insurers domiciled in this Commonwealth unless exempt under
11section 2606.

12Section 2602. Definitions.

13The following words and phrases when used in this article
14shall have the meanings given to them in this section unless the
15context clearly indicates otherwise:

16"Commissioner." The Insurance Commissioner of the
17Commonwealth.

18"Department." The Insurance Department of the Commonwealth.

19"Insurance group." The insurers and affiliates included
20within an insurance holding company system as defined in section
211401.

22"Insurer." Any fraternal benefit society, health maintenance
23organization, preferred provider organization, company,
24association, exchange, hospital plan corporation as defined in
25and subject to 40 Pa.C.S. Ch. 61 (relating to hospital plan
26corporations) or professional health services plan corporation
27subject to 40 Pa.C.S. Ch. 63 (relating to professional health
28services plan corporations), authorized by the Insurance
29Commissioner to transact the business of insurance in this
30Commonwealth except that the term shall not include:

1(1) the Commonwealth or any agency or instrumentality
2thereof; or

3(2) agencies, authorities or instrumentalities of the
4United States, its possessions and territories, the
5Commonwealth of Puerto Rico, the District of Columbia or a
6state or political subdivision.

7"NAIC." The National Association of Insurance Commissioners
8or successor organization and its affiliates and subsidiaries.

9"ORSA guidance manual." The current version of the Own Risk 
10and Solvency Assessment Guidance Manual developed and adopted by
11the NAIC and as amended. A change in the ORSA guidance manual
12will be effective on January 1 following the calendar year in
13which the change was adopted by the NAIC.

14"ORSA-related information." The ORSA, ORSA summary report,
15risk management framework or any documents, materials or other
16information related to an insurer or insurer group's ORSA, ORSA
17summary or risk management framework.

18"ORSA summary report." The confidential high-level summary
19of an insurer or insurance group's ORSA.

20"Own risk and solvency assessment" or "ORSA." A confidential
21internal assessment, appropriate to the nature, scale and
22complexity of an insurer or insurance group, conducted by that
23insurer or insurance group, of the material and relevant risks
24associated with the insurer or insurance group's current
25business plan and the sufficiency of capital resources to
26support those risks.

27Section 2603. Risk management framework.

28An insurer shall maintain a risk management framework for
29identifying, assessing, monitoring, managing and reporting its
30material and relevant risks. This requirement may be satisfied

1if the insurance group of which the insurer is a member
2maintains a risk management framework applicable to the
3operations of the insurer.

4Section 2604. ORSA requirement.

5An insurer, or the insurance group of which the insurer is a
6member, shall conduct an ORSA consistent with the guidelines set
7forth in the ORSA guidance manual. The ORSA shall be conducted
8regularly, but no less frequently than annually, and at any time
9when there are significant changes to the risk profile of the
10insurer or the insurance group of which the insurer is a member.

11Section 2605. ORSA summary report.

12(a) General rule.--Beginning January 1, 2015, and every year
13thereafter, a domestic insurer or an insurer that is a member of
14an insurance group of which Pennsylvania is the lead state as
15determined by the financial analysis handbook adopted by the
16NAIC shall submit an ORSA summary report to the department once
17per calendar year. The insurer or insurance group shall
18determine the most appropriate date of filing based upon the
19insurer or insurance group's internal strategic planning
20processes and notify the department of the anticipated date of
21filing by June 1 of each year.

22(b) Exception.--An insurer not required to submit an ORSA
23summary report under subsection (a) shall do so upon the
24department's request, but not more than once per calendar year.
25The insurer shall determine the most appropriate date of the
26filing based upon the insurer's internal strategic planning
27processes and notify the department of the anticipated date of
28filing within 30 days of the department's request.

29(c) Form of summary report.--An insurer may comply with
30subsection (a) or (b) by providing to the department either of

1the following:

2(1) A combination of reports that together contain the
3information described in the ORSA guidance manual.

4(2) A copy of the most recent reports submitted by the
5insurer, or another member of an insurance group of which the
6insurer is a member, to the chief insurance regulatory
7official of another state or to a supervisor or regulator of
8a foreign jurisdiction, if that report is substantially
9similar to the ORSA summary report. For purposes of this
10section, "substantially similar" means containing information
11comparable to the information described in the ORSA guidance
12manual as determined by the commissioner. If the report is in
13a language other than English, it must be accompanied by a
14translation of that report into the English language.

15(d) Attestation.--The ORSA summary report must include a
16signature of the insurer or insurance group's chief risk officer
17or other executive having responsibility for the oversight of
18the insurer's risk management process attesting to the best of
19that person's belief and knowledge that the insurer applies the
20risk management process described in the ORSA summary report and
21that a copy of the report has been provided to the insurer's
22board of directors or the appropriate committee thereof.

23(e) Compliance with ORSA guidance manual.--The ORSA summary
24report must be prepared in accordance with the ORSA guidance
25manual. Documentation and supporting information must be
26maintained and made available upon request in an examination
27conducted pursuant to section 1406 or Article IX of the act of
28May 17, 1921 (P.L.789, No.285), known as The Insurance
29Department Act of 1921.

30(f) Review by department.--The department shall review the

1ORSA summary report and make additional requests for information
2using procedures similar to current procedures for coordinating
3analysis and examination of multistate or global insurers and
4insurance groups.

5(g) Summary of material changes and updates.--The ORSA
6summary report should also include a short summary of material
7changes and updates to the ORSA summary report since the prior
8year.

9Section 2606. Exemption.

10(a) General rule.--An insurer is exempt from the
11requirements of this article, if:

12(1) the insurer has annual direct written and
13unaffiliated assumed premium, including international direct
14and assumed premium but excluding premiums reinsured with the
15Federal Crop Insurance Corporation and Federal Flood Program,
16less than $500,000,000; and

17(2) the insurer is a member of an insurance group, the
18insurance group has annual direct written and unaffiliated
19assumed premium including international direct and assumed
20premium, but excluding premiums reinsured with the Federal
21Crop Insurance Corporation and Federal Flood Program, less
22than $1,000,000,000.

23(b) Partial exemption for insurer.--If an insurer is exempt
24under subsection (a)(1), but the insurance group of which the
25insurer is a member is not exempt under subsection (a)(2), then
26the ORSA summary report must include every insurer within the
27insurance group. This requirement may be satisfied by the
28submission of more than one ORSA summary report for any
29combination of insurers if the reports include every insurer
30within the insurance group.

1(c) Partial exemption for insurance group.--If an insurer is
2not exempt under subsection (a)(1), but the insurance group of
3which the insurer is a member is exempt under subsection (a)(2),
4then the insurer shall file the ORSA summary report applicable
5only to the insurer.

6(d) Waiver.--An insurer that is not exempt under subsection
7(a) may apply to the commissioner for a waiver from the
8requirements of this article based upon unique circumstances. If
9the insurer is a member of an insurance group with insurers
10domiciled in more than one state, the commissioner shall
11coordinate with the lead state commissioner and with the other
12domiciliary commissioners in considering whether to grant the
13insurer's request for a waiver. In deciding whether to grant the
14insurer's request for waiver, the commissioner may consider:

15(1) The type and volume of business written.

16(2) Ownership and organizational structure.

17(3) Material reduction in risk or risk exposures.

18(4) Any other factor the commissioner determines to be
19relevant to whether a wavier should be granted.

20(e) Additional requirements.--Notwithstanding the exemptions
21under subsection (a):

22(1) The commissioner may require that an insurer
23maintain a risk management framework, conduct an ORSA and
24file an ORSA summary report based on unique circumstances,
25including the type and volume of business written, ownership
26and organizational structure, Federal agency requests and
27international supervisor requests.

28(2) The commissioner may require that an insurer
29maintain a risk management framework, conduct an ORSA and
30file an ORSA summary report if the insurer:

1(i) has risk-based capital for a company action
2level event as set forth in sections 506-A and 505-B of
3the act of May 17, 1921 (P.L.789, No.285), known as The
4Insurance Department Act of 1921;

5(ii) meets one or more of the standards of an
6insurer deemed to be in hazardous financial condition as
7defined in 31 Pa. Code Pt. VIII Ch. 160 (relating to
8standards to define insurers deemed to be in hazardous
9financial condition); or

10(iii) otherwise exhibits qualities of a troubled
11insurer as determined by the commissioner.

12(3) If an insurer exempt under subsection (a) no longer
13qualifies for that exemption due to changes in premium as
14reflected in the insurer's most recent annual statement or in
15the most recent annual statements of the insurers within the
16insurance group of which the insurer is a member, the insurer
17shall have one year after the year the threshold is exceeded
18to comply with the requirements of this article.

19Section 2607. Third-party consultants.

20(a) Authorization.--The department may retain, at the
21insurer's expense, third-party consultants, including attorneys,
22actuaries, accountants and other experts not otherwise a part of
23the department's staff as may be reasonably necessary to assist
24the department in reviewing the risk management framework, ORSA,
25ORSA summary report or the insurer's compliance with this
26article.

27(b) Control.--Any persons retained under subsection (a)
28shall be under the direction and control of the department and
29shall act in a purely advisory capacity.

30(c) Confidentiality.--Third-party consultants shall be

1subject to the same confidentiality standards and requirements
2as the department.

3(d) Verification.--As part of the retention process, a
4third-party consultant shall verify to the department, with
5notice to the insurer, that it is free of a conflict of interest
6and that it has internal procedures in place to monitor
7compliance with a conflict and to comply with the
8confidentiality standards and requirements of this act.

9(e) Written consent.--A retention agreement with a third-
10party consultant shall expressly require the written consent of
11the insurer prior to making public information provided under
12this act, as required under section 2608(a).

13Section 2608. Confidentiality.

14(a) General rule.--The ORSA-related information in the
15possession of or the control of the department that is produced
16by, obtained by or disclosed to, the department or any other
17person under this article shall be privileged and given
18confidential treatment and shall not be:

19(1) Subject to discovery or admissible as evidence, in a
20private civil action.

21(2) Subject to subpoena.

22(3) Subject to the act of February 14, 2008 (P.L.6,
23No.3), known as the Right-to-Know Law.

24(4) Made public by the department or any other person
25without the prior written consent of the insurer to which it
26pertains, except as provided in subsection (c).

27(b) Private civil actions.--The commissioner, department or
28any individual or person who receives ORSA-related information
29while acting under the authority of the commissioner or
30department or with whom the ORSA-related information is shared

1pursuant to this article shall not be permitted or required to
2testify in any private civil action concerning the ORSA-related
3information.

4(c) Use of ORSA-related information by the department.--To
5assist in the performance of regulatory duties, the department:

6(1) May use ORSA-related information in furtherance of
7any regulatory or legal action brought as part of the
8department's official duties.

9(2) May share ORSA-related information with the NAIC,
10regulatory or law enforcement officials of this Commonwealth
11or other jurisdictions, group supervisors, members of any
12supervisory college under section 1406.1 and with third-party
13consultants under section 2607, provided that, prior to
14receiving the ORSA-related information, the recipient
15demonstrates by written statement the necessary authority and
16intent to provide the same confidential treatment as required
17by this article.

18(3) May receive and maintain as confidential ORSA-
19related information from the NAIC, regulatory or law
20enforcement officials of this Commonwealth or other
21jurisdictions, group supervisors and members of any
22supervisory college under section 1406.1 in which the ORSA-
23related information is confidential by law in those
24jurisdictions. ORSA-related information obtained under this
25paragraph shall be given confidential treatment, may not be
26subject to subpoena and may not be made public by the
27department, commissioner or any other person.

28(d) Written agreements.--The department shall enter into
29written agreements with the NAIC or a third-party consultant
30governing sharing and use of information provided under this

1article that includes all of the following:

2(1) Specific procedures and protocols for maintaining
3the confidentiality and security of ORSA-related information.

4(2) Procedures and protocols for sharing ORSA-related
5information with regulators from other states in which the
6insurance group has domiciled insurers, including a written
7acknowledgment of the recipient's intent and legal authority
8to maintain the confidential and privileged status of the
9ORSA-related information.

10(3) A provision specifying that ownership of the ORSA-
11related information shared remains with the department and
12that the use of the ORSA-related information is subject to
13the direction and approval of the department.

14(4) A provision that prohibits storing, in a permanent
15database after the underlying analysis is completed, ORSA-
16related information shared pursuant to this article.

17(5) A provision requiring the NAIC or third-party
18consultant, where permitted by law, to give prompt notice to
19the department and to the insurer regarding any subpoena,
20request for disclosure or request for production of the
21insurer's ORSA-related information in the possession of the
22NAIC or third-party consultant.

23(6) A requirement that the NAIC or third-party
24consultant would consent to intervention by an insurer in any
25judicial or administrative action in which the NAIC or third-
26party consultant may be required to disclose ORSA-related
27information or other confidential information about the
28insurer or insurer group that was shared under this article.

29(e) No delegation.--The sharing of information by the
30department under this article shall not constitute a delegation

1of regulatory authority or rulemaking. The department is solely
2responsible for the administration, execution and enforcement of
3this article.

4(f) No waiver of privilege or confidentiality.--The sharing
5of ORSA-related information with, to or by the department as
6authorized by this article shall not constitute a waiver of any
7applicable privilege or claim of confidentiality.

8(g) Information with third parties.--ORSA-related
9information in the possession or control of the NAIC or a third-
10party consultant as provided under this article shall:

11(1) Be confidential and privileged.

12(2) Not be subject to the Right-to-Know Law.

13(3) Not be subject to subpoena.

14(4) Not be subject to discovery or admissible as
15evidence, in any private civil action.

16Section 2609. Sanctions.

17An insurer that fails to timely file an ORSA summary report
18as required under this article or by regulation shall be
19required to pay a penalty of $200 for each day of delay. The
20maximum penalty under this section is $25,000 per year.

21Section 2610. Regulations.

22The department may promulgate rules and regulations and issue
23such orders as are necessary to administer and enforce this
24article.

25Section 2. This act shall take effect January 1, 2015.