1Amending the act of May 17, 1921 (P.L.682, No.284), entitled "An
2act relating to insurance; amending, revising, and
3consolidating the law providing for the incorporation of
4insurance companies, and the regulation, supervision, and
5protection of home and foreign insurance companies, Lloyds
6associations, reciprocal and inter-insurance exchanges, and
7fire insurance rating bureaus, and the regulation and
8supervision of insurance carried by such companies,
9associations, and exchanges, including insurance carried by
10the State Workmen's Insurance Fund; providing penalties; and
11repealing existing laws," providing for risk management and
12own risk solvency assessment.

13The General Assembly of the Commonwealth of Pennsylvania
14hereby enacts as follows:

15Section 1. The act of May 17, 1921 (P.L.682, No.284), known
16as The Insurance Company Law of 1921, is amended by adding an
17article to read:

18ARTICLE XXVI

19RISK MANAGEMENT AND OWN RISK SOLVENCY ASSESSMENT

20Section 2601. Purpose and scope of article.

21(a) Purpose.--The purpose of this article is to:

22(1) Require an insurer or insurance group to maintain a
23risk management framework and complete an own risk and

1solvency assessment (ORSA).

2(2) Set forth the requirements for filing an ORSA
3summary report with the Insurance Department.

4(3) Provide for the confidential treatment of the ORSA,
5the ORSA summary report and other ORSA-related information,
6which contain trade secrets and other proprietary information
7that, if made public, could potentially cause the insurer or
8insurance group competitive harm or disadvantage.

9(b) Scope.--The requirements of this article shall apply to
10all insurers domiciled in this Commonwealth unless exempt under
11section 2606.

12Section 2602. Definitions.

13The following words and phrases when used in this article
14shall have the meanings given to them in this section unless the
15context clearly indicates otherwise:

16"Commissioner." The Insurance Commissioner of the
17Commonwealth.

18"Department." The Insurance Department of the Commonwealth.

19"Insurance group." The insurers and affiliates included
20within an insurance holding company system as defined in section
211401.

22"Insurer." Any fraternal benefit society, health maintenance
23organization, preferred provider organization, company,
24association, exchange, hospital plan corporation as defined in
25and subject to 40 Pa.C.S. Ch. 61 (relating to hospital plan
26corporations) or professional health services plan corporation
27subject to 40 Pa.C.S. Ch. 63 (relating to professional health
28services plan corporations), authorized by the Insurance
29Commissioner to transact the business of insurance in this
30Commonwealth except that the term shall not include:

1(1) the Commonwealth or any agency or instrumentality
2thereof; or

3(2) agencies, authorities or instrumentalities of the
4United States, its possessions and territories, the
5Commonwealth of Puerto Rico, the District of Columbia or a
6state or political subdivision.

7"NAIC." The National Association of Insurance Commissioners
8or successor organization and its affiliates and subsidiaries.

9"ORSA guidance manual." The current version of the Own Risk 
10and Solvency Assessment Guidance Manual developed and adopted by
11the NAIC and as amended. A change in the ORSA guidance manual
12will be effective on January 1 following the calendar year in
13which the change was adopted by the NAIC.

14"ORSA-related information." The ORSA, ORSA summary report,
15risk management framework or any documents, materials or other
16information related to an insurer or insurer group's ORSA, ORSA
17summary or risk management framework.

18"ORSA summary report." The confidential high-level summary
19of an insurer or insurance group's ORSA.

20"Own risk and solvency assessment" or "ORSA." A confidential
21internal assessment, appropriate to the nature, scale and
22complexity of an insurer or insurance group, conducted by that
23insurer or insurance group, of the material and relevant risks
24associated with the insurer or insurance group's current
25business plan and the sufficiency of capital resources to
26support those risks.

27Section 2603. Risk management framework.

28An insurer shall maintain a risk management framework for
29identifying, assessing, monitoring, managing and reporting its
30material and relevant risks. This requirement may be satisfied

1if the insurance group of which the insurer is a member
2maintains a risk management framework applicable to the
3operations of the insurer.

4Section 2604. ORSA requirement.

5An insurer, or the insurance group of which the insurer is a
6member, shall conduct an ORSA consistent with the guidelines set
7forth in the ORSA guidance manual. The ORSA shall be conducted
8regularly, but no less frequently than annually, and at any time
9when there are significant changes to the risk profile of the
10insurer or the insurance group of which the insurer is a member.

11Section 2605. ORSA summary report.

12(a) General rule.--Beginning January 1, 2015, and every year
13thereafter, a domestic insurer or an insurer that is a member of
14an insurance group of which Pennsylvania is the lead state as
15determined by the financial analysis handbook adopted by the
16NAIC shall submit an ORSA summary report to the department once
17per calendar year. The insurer or insurance group shall
18determine the most appropriate date of filing based upon the
19insurer or insurance group's internal strategic planning
20processes and notify the department of the anticipated date of
21filing by June 1 of each year.

22(b) Exception.--An insurer not required to submit an ORSA
23summary report under subsection (a) shall do so upon the
24department's request, but not more than once per calendar year.
25The insurer shall determine the most appropriate date of the
26filing based upon the insurer's internal strategic planning
27processes and notify the department of the anticipated date of
28filing within 30 days of the department's request.

29(c) Form of summary report.--An insurer may comply with
30subsection (a) or (b) by providing to the department either of

1the following:

2(1) A combination of reports that together contain the
3information described in the ORSA guidance manual.

4(2) A copy of the most recent reports submitted by the
5insurer, or another member of an insurance group of which the
6insurer is a member, to the chief insurance regulatory
7official of another state or to a supervisor or regulator of
8a foreign jurisdiction, if that report is substantially
9similar to the ORSA summary report. For purposes of this
10section, "substantially similar" means containing information
11comparable to the information described in the ORSA guidance
12manual as determined by the commissioner. If the report is in
13a language other than English, it must be accompanied by a
14translation of that report into the English language.

15(d) Attestation.--The ORSA summary report must include a
16signature of the insurer or insurance group's chief risk officer
17or other executive having responsibility for the oversight of
18the insurer's risk management process attesting to the best of
19that person's belief and knowledge that the insurer applies the
20risk management process described in the ORSA summary report and
21that a copy of the report has been provided to the insurer's
22board of directors or the appropriate committee thereof.

23(e) Compliance with ORSA guidance manual.--The ORSA summary
24report must be prepared in accordance with the ORSA guidance
25manual. Documentation and supporting information must be
26maintained and made available upon request in an examination
27conducted pursuant to section 1406 or Article IX of the act of
28May 17, 1921 (P.L.789, No.285), known as The Insurance
29Department Act of 1921.

30(f) Review by department.--The department shall review the

1ORSA summary report and make additional requests for information
2using procedures similar to current procedures for coordinating
3analysis and examination of multistate or global insurers and
4insurance groups.

5(g) Summary of material changes and updates.--The ORSA
6summary report should also include a short summary of material
7changes and updates to the ORSA summary report since the prior
8year.

9Section 2606. Exemption.

10(a) General rule.--An insurer is exempt from the
11requirements of this article, if:

12(1) the insurer has annual direct written and
13unaffiliated assumed premium, including international direct
14and assumed premium but excluding premiums reinsured with the
15Federal Crop Insurance Corporation and Federal Flood Program,
16less than $500,000,000; and

17(2) the insurer is a member of an insurance group, the
18insurance group has annual direct written and unaffiliated
19assumed premium including international direct and assumed
20premium, but excluding premiums reinsured with the Federal
21Crop Insurance Corporation and Federal Flood Program, less
22than $1,000,000,000.

23(b) Partial exemption for insurer.--If an insurer is exempt
24under subsection (a)(1), but the insurance group of which the
25insurer is a member is not exempt under subsection (a)(2), then
26the ORSA summary report must include every insurer within the
27insurance group. This requirement may be satisfied by the
28submission of more than one ORSA summary report for any
29combination of insurers if the reports include every insurer
30within the insurance group.

1(c) Partial exemption for insurance group.--If an insurer is
2not exempt under subsection (a)(1), but the insurance group of
3which the insurer is a member is exempt under subsection (a)(2),
4then the insurer shall file the ORSA summary report applicable
5only to the insurer.

6(d) Waiver.--An insurer that is not exempt under subsection
7(a) may apply to the commissioner for a waiver from the
8requirements of this article based upon unique circumstances. If
9the insurer is a member of an insurance group with insurers
10domiciled in more than one state, the commissioner shall
11coordinate with the lead state commissioner and with the other
12domiciliary commissioners in considering whether to grant the
13insurer's request for a waiver. In deciding whether to grant the
14insurer's request for waiver, the commissioner may consider:

15(1) The type and volume of business written.

16(2) Ownership and organizational structure.

17(3) Material reduction in risk or risk exposures.

18(4) Any other factor the commissioner determines to be
19relevant to whether a wavier should be granted.

20(e) Additional requirements.--Notwithstanding the exemptions
21under subsection (a):

22(1) The commissioner may require that an insurer
23maintain a risk management framework, conduct an ORSA and
24file an ORSA summary report based on unique circumstances,
25including the type and volume of business written, ownership
26and organizational structure, Federal agency requests and
27international supervisor requests. <-If the commissioner 
28requires an insurer to maintain a risk management framework, 
29conduct an ORSA and file an ORSA summary report under this 
30paragraph, the insurer shall have one year after receiving
 

1written notice to comply with the requirement.

2(2) The commissioner may require that an insurer
3maintain a risk management framework, conduct an ORSA and
4file an ORSA summary report if the insurer:

5(i) has risk-based capital for a company action
6level event as set forth in sections 506-A and 505-B of
7the act of May 17, 1921 (P.L.789, No.285), known as The
8Insurance Department Act of 1921;

9(ii) meets one or more of the standards of an
10insurer deemed to be in hazardous financial condition as
11defined in 31 Pa. Code Pt. VIII Ch. 160 (relating to
12standards to define insurers deemed to be in hazardous
13financial condition); or

14(iii) otherwise exhibits qualities of a troubled
15insurer as determined by the commissioner.

16(3) If an insurer exempt under subsection (a) no longer
17qualifies for that exemption due to changes in premium as
18reflected in the insurer's most recent annual statement or in
19the most recent annual statements of the insurers within the
20insurance group of which the insurer is a member, the insurer
21shall have one year after the year the threshold is exceeded
22to comply with the requirements of this article.

23Section 2607. Third-party consultants.

24(a) Authorization.--The department may retain, at the
25insurer's expense, third-party consultants, including attorneys,
26actuaries, accountants and other experts not otherwise a part of
27the department's staff as may be reasonably necessary to assist
28the department in reviewing the risk management framework, ORSA,
29ORSA summary report or the insurer's compliance with this
30article.

1(b) Control.--Any persons retained under subsection (a)
2shall be under the direction and control of the department and
3shall act in a purely advisory capacity.

4(c) Confidentiality.--Third-party consultants shall be
5subject to the same confidentiality standards and requirements
6as the department.

7(d) Verification.--As part of the retention process, a
8third-party consultant shall verify to the department, with
9notice to the insurer, that it is free of a conflict of interest
10and that it has internal procedures in place to monitor
11compliance with a conflict and to comply with the
12confidentiality standards and requirements of this act.

13(e) Written consent.--A retention agreement with a third-
14party consultant shall expressly require the written consent of
15the insurer prior to making public information provided under
16this act, as required under section 2608(a).

17Section 2608. Confidentiality.

18(a) General rule.--The ORSA-related information in the
19possession of or the control of the department that is produced
20by, obtained by or disclosed to, the department or any other
21person under this article shall be privileged and given
22confidential treatment and shall not be:

23(1) Subject to discovery or admissible as evidence, in a
24private civil action.

25(2) Subject to subpoena.

26(3) Subject to the act of February 14, 2008 (P.L.6,
27No.3), known as the Right-to-Know Law.

28(4) Made public by the department or any other person
29without the prior written consent of the insurer to which it
30pertains, except as provided in subsection (c).

1(b) Private civil actions.--The commissioner, department or
2any individual or person who receives ORSA-related information
3while acting under the authority of the commissioner or
4department or with whom the ORSA-related information is shared
5pursuant to this article shall not be permitted or required to
6testify in any private civil action concerning the ORSA-related
7information.

8(c) Use of ORSA-related information by the department.--To
9assist in the performance of regulatory duties, the department:

10(1) May use ORSA-related information in furtherance of
11any regulatory or legal action brought as part of the
12department's official duties.

13(2) May share ORSA-related information with the NAIC,
14regulatory or law enforcement officials of this Commonwealth
15or other jurisdictions, group supervisors, members of any
16supervisory college under section 1406.1 and with third-party
17consultants under section 2607, provided that, prior to
18receiving the ORSA-related information, the recipient
19demonstrates by written statement the necessary authority and
20intent to provide the same confidential treatment as required
21by this article.

22(3) May receive and maintain as confidential ORSA-
23related information from the NAIC, regulatory or law
24enforcement officials of this Commonwealth or other
25jurisdictions, group supervisors and members of any
26supervisory college under section 1406.1 in which the ORSA-
27related information is confidential by law in those
28jurisdictions. ORSA-related information obtained under this
29paragraph shall be given confidential treatment, may not be
30subject to subpoena and may not be made public by the

1department, commissioner or any other person.

2(d) Written agreements.--The department shall enter into
3written agreements with the NAIC or a third-party consultant
4governing sharing and use of information provided under this
5article that includes all of the following:

6(1) Specific procedures and protocols for maintaining
7the confidentiality and security of ORSA-related information.

8(2) Procedures and protocols for sharing ORSA-related
9information with regulators from other states in which the
10insurance group has domiciled insurers, including a written
11acknowledgment of the recipient's intent and legal authority
12to maintain the confidential and privileged status of the
13ORSA-related information.

14(3) A provision specifying that ownership of the ORSA-
15related information shared remains with the department and
16that the use of the ORSA-related information is subject to
17the direction and approval of the department.

18(4) A provision that prohibits storing, in a permanent
19database after the underlying analysis is completed, ORSA-
20related information shared pursuant to this article.

21(5) A provision requiring the NAIC or third-party
22consultant, where permitted by law, to give prompt notice to
23the department and to the insurer regarding any subpoena,
24request for disclosure or request for production of the
25insurer's ORSA-related information in the possession of the
26NAIC or third-party consultant.

27(6) A requirement that the NAIC or third-party
28consultant would consent to intervention by an insurer in any
29judicial or administrative action in which the NAIC or third-
30party consultant may be required to disclose ORSA-related

1information or other confidential information about the
2insurer or insurer group that was shared under this article.

3(e) No delegation.--The sharing of information by the
4department under this article shall not constitute a delegation
5of regulatory authority or rulemaking. The department is solely
6responsible for the administration, execution and enforcement of
7this article.

8(f) No waiver of privilege or confidentiality.--The sharing
9of ORSA-related information with, to or by the department as
10authorized by this article shall not constitute a waiver of any
11applicable privilege or claim of confidentiality.

12(g) Information with third parties.--ORSA-related
13information in the possession or control of the NAIC or a third-
14party consultant as provided under this article shall:

15(1) Be confidential and privileged.

16(2) Not be subject to the Right-to-Know Law.

17(3) Not be subject to subpoena.

18(4) Not be subject to discovery or admissible as
19evidence, in any private civil action.

20Section 2609. Sanctions.

21An insurer that fails to timely file an ORSA summary report
22as required under this article or by regulation shall be
23required to pay a penalty of $200 for each day of delay. The
24maximum penalty under this section is $25,000 per year.

25Section 2610. Regulations.

26The department may promulgate rules and regulations and issue
27such orders as are necessary to administer and enforce this
28article.

29Section 2. This act shall take effect January 1, 2015.