1Amending the act of May 17, 1921 (P.L.682, No.284), entitled "An
2act relating to insurance; amending, revising, and
3consolidating the law providing for the incorporation of
4insurance companies, and the regulation, supervision, and
5protection of home and foreign insurance companies, Lloyds
6associations, reciprocal and inter-insurance exchanges, and
7fire insurance rating bureaus, and the regulation and
8supervision of insurance carried by such companies,
9associations, and exchanges, including insurance carried by
10the State Workmen's Insurance Fund; providing penalties; and
11repealing existing laws," providing for <-electronic delivery 
12of information and posting of policies and endorsements and 
13for risk management and own risk solvency assessment.

14The General Assembly of the Commonwealth of Pennsylvania
15hereby enacts as follows:

<-16Section 1. The act of May 17, 1921 (P.L.682, No.284), known
17as The Insurance Company Law of 1921, is amended by adding an
18article to read:

<-19Section 1. The act of May 17, 1921 (P.L.682, No.284), known 
20as The Insurance Company Law of 1921, is amended by adding a 
21section to read:

22Section 354.7. Electronic Delivery of Information and
23Posting of Policies and Endorsements.--(a) (1) With regard to

1any law or regulation of this Commonwealth requiring an insurer
2to provide, send or deliver information, notices or documents in
3writing to an insured or applicant as part of an insurance
4transaction if the insurer and the insured or applicant have
5agreed to conduct a transaction by electronic means, the
6requirement is satisfied if the information is provided, sent or
7delivered, as the case may be, in an electronic record capable
8of retention by the recipient at the time of receipt. An
9electronic record is not capable of retention by the recipient
10if the sender or its information processing system inhibits the
11ability of the recipient to print or store the electronic
12record. The provisions of the act of December 16, 1999 (P.L.971,
13No.69), known as the "Electronic Transactions Act," shall
14otherwise apply to the insurer and the insured or applicant with
15respect to the providing, sending or delivering of the
16information, notices or documents.

17(2) Any law or regulation requiring an insurer to send
18multiple copies of the information, notices or documents shall
19not apply where the insurer provides, sends or delivers the
20information, notices or documents in accordance with the
21provisions of the "Electronic Transactions Act."

22(3) An insurer providing, sending or delivering
23information, notices or documents shall satisfy any font, size,
24spacing or other format requirements if the electronic
25information, notices or documents as provided, sent or delivered
26by the insurer meet those requirements and may be printed or
27saved by the insured or applicant using programs or applications
28widely available on the Internet and free of charge to use.

29(b) Notwithstanding subsection (a) or any other law or
30regulation of this Commonwealth requiring an insurer to provide,

1send or deliver an insurance policy or endorsement to an
2insured, an insurer may elect to post a policy or endorsement
3that does not contain personally identifiable information on its
4Internet website provided it complies with all of the following:

5(1) The policy or endorsement is easily accessible on the
6Internet website so long as it is in force.

7(2) The policy or endorsement is posted in a manner that
8enables the insured to print and save it using programs or
9applications widely available on the Internet and free of charge
10to use.

11(3) The insurer provides notice, in the manner it normally
12communicates with the insured, at the time of issuance or
13renewal of the policy or endorsement, or at the time of any
14changes to the policy or endorsement, of a method by which the
15insured may obtain, upon request and without charge, a paper or
16electronic copy of the policy or endorsement, or any changes to
17them, and the Internet address where the policy and endorsement
18are posted.

19(4) The insurer provides all of the following information on
20each declarations page, or similar document as appropriate to
21the line of coverage, provided to the insured at the time of
22issuance or renewal:

23(i) A description of the exact policy and endorsement forms
24purchased by the insured.

25(ii) A method by which the insured may obtain, upon request
26and without charge, a paper or electronic copy of the policy or
27endorsement, or any changes to them.

28(iii) The Internet address where the policy and endorsement
29are posted.

30(5) After expiration of the policy or endorsement, the

1insurer archives the expired policies or endorsements in
2accordance with the Insurance Department's general record
3retention requirements and makes them available upon request.

4(c) Upon satisfactory evidence of the violation of this
5section by an insurer, the Insurance Commissioner may, in his
6discretion, pursue one or more of the following courses of
7action:

8(1) Suspend or revoke the license of the insurer.

9(2) Refuse, for a period not to exceed one year thereafter,
10to issue a new license to the insurer.

11(3) Impose a fine of not more than one thousand dollars
12($1,000) for each act in violation of this section.

13Section 2. The act is amended by adding an article to read:

14ARTICLE XXVI

15RISK MANAGEMENT AND OWN RISK SOLVENCY ASSESSMENT

16Section 2601. Purpose and scope of article.

17(a) Purpose.--The purpose of this article is to:

18(1) Require an insurer or insurance group to maintain a
19risk management framework and complete an own risk and
20solvency assessment (ORSA).

21(2) Set forth the requirements for filing an ORSA
22summary report with the Insurance Department.

23(3) Provide for the confidential treatment of the ORSA,
24the ORSA summary report and other ORSA-related information,
25which contain trade secrets and other proprietary information
26that, if made public, could potentially cause the insurer or
27insurance group competitive harm or disadvantage.

28(b) Scope.--The requirements of this article shall apply to
29all insurers domiciled in this Commonwealth unless exempt under
30section 2606.

1Section 2602. Definitions.

2The following words and phrases when used in this article
3shall have the meanings given to them in this section unless the
4context clearly indicates otherwise:

5"Commissioner." The Insurance Commissioner of the
6Commonwealth.

7"Department." The Insurance Department of the Commonwealth.

8"Insurance group." The insurers and affiliates included
9within an insurance holding company system as defined in section
101401.

11"Insurer." Any fraternal benefit society, health maintenance
12organization, preferred provider organization, company,
13association, exchange, hospital plan corporation as defined in
14and subject to 40 Pa.C.S. Ch. 61 (relating to hospital plan
15corporations) or professional health services plan corporation
16subject to 40 Pa.C.S. Ch. 63 (relating to professional health
17services plan corporations), authorized by the Insurance
18Commissioner to transact the business of insurance in this
19Commonwealth except that the term shall not include:

20(1) the Commonwealth or any agency or instrumentality
21thereof; or

22(2) agencies, authorities or instrumentalities of the
23United States, its possessions and territories, the
24Commonwealth of Puerto Rico, the District of Columbia or a
25state or political subdivision.

26"NAIC." The National Association of Insurance Commissioners
27or successor organization and its affiliates and subsidiaries.

28"ORSA guidance manual." The current version of the Own Risk 
29and Solvency Assessment Guidance Manual developed and adopted by
30the NAIC and as amended. A change in the ORSA guidance manual

1will be effective on January 1 following the calendar year in
2which the change was adopted by the NAIC.

3"ORSA-related information." The ORSA, ORSA summary report,
4risk management framework or any documents, materials or other
5information related to an insurer or insurer group's ORSA, ORSA
6summary or risk management framework.

7"ORSA summary report." The confidential high-level summary
8of an insurer or insurance group's ORSA.

9"Own risk and solvency assessment" or "ORSA." A confidential
10internal assessment, appropriate to the nature, scale and
11complexity of an insurer or insurance group, conducted by that
12insurer or insurance group, of the material and relevant risks
13associated with the insurer or insurance group's current
14business plan and the sufficiency of capital resources to
15support those risks.

16Section 2603. Risk management framework.

17An insurer shall maintain a risk management framework for
18identifying, assessing, monitoring, managing and reporting its
19material and relevant risks. This requirement may be satisfied
20if the insurance group of which the insurer is a member
21maintains a risk management framework applicable to the
22operations of the insurer.

23Section 2604. ORSA requirement.

24An insurer, or the insurance group of which the insurer is a
25member, shall conduct an ORSA consistent with the guidelines set
26forth in the ORSA guidance manual. The ORSA shall be conducted
27regularly, but no less frequently than annually, and at any time
28when there are significant changes to the risk profile of the
29insurer or the insurance group of which the insurer is a member.

30Section 2605. ORSA summary report.

1(a) General rule.--Beginning January 1, 2015, and every year
2thereafter, a domestic insurer or an insurer that is a member of
3an insurance group of which Pennsylvania is the lead state as
4determined by the financial analysis handbook adopted by the
5NAIC shall submit an ORSA summary report to the department once
6per calendar year. The insurer or insurance group shall
7determine the most appropriate date of filing based upon the
8insurer or insurance group's internal strategic planning
9processes and notify the department of the anticipated date of
10filing by June 1 of each year.

11(b) Exception.--An insurer not required to submit an ORSA
12summary report under subsection (a) shall do so upon the
13department's request, but not more than once per calendar year.
14The insurer shall determine the most appropriate date of the
15filing based upon the insurer's internal strategic planning
16processes and notify the department of the anticipated date of
17filing within 30 days of the department's request.

18(c) Form of summary report.--An insurer may comply with
19subsection (a) or (b) by providing to the department either of
20the following:

21(1) A combination of reports that together contain the
22information described in the ORSA guidance manual.

23(2) A copy of the most recent reports submitted by the
24insurer, or another member of an insurance group of which the
25insurer is a member, to the chief insurance regulatory
26official of another state or to a supervisor or regulator of
27a foreign jurisdiction, if that report is substantially
28similar to the ORSA summary report. For purposes of this
29section, "substantially similar" means containing information
30comparable to the information described in the ORSA guidance

1manual as determined by the commissioner. If the report is in
2a language other than English, it must be accompanied by a
3translation of that report into the English language.

4(d) Attestation.--The ORSA summary report must include a
5signature of the insurer or insurance group's chief risk officer
6or other executive having responsibility for the oversight of
7the insurer's risk management process attesting to the best of
8that person's belief and knowledge that the insurer applies the
9risk management process described in the ORSA summary report and
10that a copy of the report has been provided to the insurer's
11board of directors or the appropriate committee thereof.

12(e) Compliance with ORSA guidance manual.--The ORSA summary
13report must be prepared in accordance with the ORSA guidance
14manual. Documentation and supporting information must be
15maintained and made available upon request in an examination
16conducted pursuant to section 1406 or Article IX of the act of
17May 17, 1921 (P.L.789, No.285), known as The Insurance
18Department Act of 1921.

19(f) Review by department.--The department shall review the
20ORSA summary report and make additional requests for information
21using procedures similar to current procedures for coordinating
22analysis and examination of multistate or global insurers and
23insurance groups.

24(g) Summary of material changes and updates.--The ORSA
25summary report should also include a short summary of material
26changes and updates to the ORSA summary report since the prior
27year.

28Section 2606. Exemption.

29(a) General rule.--An insurer is exempt from the
30requirements of this article, if:

1(1) the insurer has annual direct written and
2unaffiliated assumed premium, including international direct
3and assumed premium but excluding premiums reinsured with the
4Federal Crop Insurance Corporation and Federal Flood Program,
5less than $500,000,000; and

6(2) the insurer is a member of an insurance group, the
7insurance group has annual direct written and unaffiliated
8assumed premium including international direct and assumed
9premium, but excluding premiums reinsured with the Federal
10Crop Insurance Corporation and Federal Flood Program, less
11than $1,000,000,000.

12(b) Partial exemption for insurer.--If an insurer is exempt
13under subsection (a)(1), but the insurance group of which the
14insurer is a member is not exempt under subsection (a)(2), then
15the ORSA summary report must include every insurer within the
16insurance group. This requirement may be satisfied by the
17submission of more than one ORSA summary report for any
18combination of insurers if the reports include every insurer
19within the insurance group.

20(c) Partial exemption for insurance group.--If an insurer is
21not exempt under subsection (a)(1), but the insurance group of
22which the insurer is a member is exempt under subsection (a)(2),
23then the insurer shall file the ORSA summary report applicable
24only to the insurer.

25(d) Waiver.--An insurer that is not exempt under subsection
26(a) may apply to the commissioner for a waiver from the
27requirements of this article based upon unique circumstances. If
28the insurer is a member of an insurance group with insurers
29domiciled in more than one state, the commissioner shall
30coordinate with the lead state commissioner and with the other

1domiciliary commissioners in considering whether to grant the
2insurer's request for a waiver. In deciding whether to grant the
3insurer's request for waiver, the commissioner may consider:

4(1) The type and volume of business written.

5(2) Ownership and organizational structure.

6(3) Material reduction in risk or risk exposures.

7(4) Any other factor the commissioner determines to be
8relevant to whether a wavier should be granted.

9(e) Additional requirements.--Notwithstanding the exemptions
10under subsection (a):

11(1) The commissioner may require that an insurer
12maintain a risk management framework, conduct an ORSA and
13file an ORSA summary report based on unique circumstances,
14including the type and volume of business written, ownership
15and organizational structure, Federal agency requests and
16international supervisor requests. If the commissioner 
17requires an insurer to maintain a risk management framework, 
18conduct an ORSA and file an ORSA summary report under this 
19paragraph, the insurer shall have one year after receiving 
20written notice to comply with the requirement.

21(2) The commissioner may require that an insurer
22maintain a risk management framework, conduct an ORSA and
23file an ORSA summary report if the insurer:

24(i) has risk-based capital for a company action
25level event as set forth in sections 506-A and 505-B of
26the act of May 17, 1921 (P.L.789, No.285), known as The
27Insurance Department Act of 1921;

28(ii) meets one or more of the standards of an
29insurer deemed to be in hazardous financial condition as
30defined in 31 Pa. Code Pt. VIII Ch. 160 (relating to

1standards to define insurers deemed to be in hazardous
2financial condition); or

3(iii) otherwise exhibits qualities of a troubled
4insurer as determined by the commissioner.

5(3) If an insurer exempt under subsection (a) no longer
6qualifies for that exemption due to changes in premium as
7reflected in the insurer's most recent annual statement or in
8the most recent annual statements of the insurers within the
9insurance group of which the insurer is a member, the insurer
10shall have one year after the year the threshold is exceeded
11to comply with the requirements of this article.

12Section 2607. Third-party consultants.

13(a) Authorization.--The department may retain, at the
14insurer's expense, third-party consultants, including attorneys,
15actuaries, accountants and other experts not otherwise a part of
16the department's staff as may be reasonably necessary to assist
17the department in reviewing the risk management framework, ORSA,
18ORSA summary report or the insurer's compliance with this
19article.

20(b) Control.--Any persons retained under subsection (a)
21shall be under the direction and control of the department and
22shall act in a purely advisory capacity.

23(c) Confidentiality.--Third-party consultants shall be
24subject to the same confidentiality standards and requirements
25as the department.

26(d) Verification.--As part of the retention process, a
27third-party consultant shall verify to the department, with
28notice to the insurer, that it is free of a conflict of interest
29and that it has internal procedures in place to monitor
30compliance with a conflict and to comply with the

1confidentiality standards and requirements of this act.

2(e) Written consent.--A retention agreement with a third-
3party consultant shall expressly require the written consent of
4the insurer prior to making public information provided under
5this act, as required under section 2608(a).

6Section 2608. Confidentiality.

7(a) General rule.--The ORSA-related information in the
8possession of or the control of the department that is produced
9by, obtained by or disclosed to, the department or any other
10person under this article shall be privileged and given
11confidential treatment and shall not be:

12(1) Subject to discovery or admissible as evidence, in a
13private civil action.

14(2) Subject to subpoena.

15(3) Subject to the act of February 14, 2008 (P.L.6,
16No.3), known as the Right-to-Know Law.

17(4) Made public by the department or any other person
18without the prior written consent of the insurer to which it
19pertains, except as provided in subsection (c).

20(b) Private civil actions.--The commissioner, department or
21any individual or person who receives ORSA-related information
22while acting under the authority of the commissioner or
23department or with whom the ORSA-related information is shared
24pursuant to this article shall not be permitted or required to
25testify in any private civil action concerning the ORSA-related
26information.

27(c) Use of ORSA-related information by the department.--To
28assist in the performance of regulatory duties, the department:

29(1) May use ORSA-related information in furtherance of
30any regulatory or legal action brought as part of the

1department's official duties.

2(2) May share ORSA-related information with the NAIC,
3regulatory or law enforcement officials of this Commonwealth
4or other jurisdictions, group supervisors, members of any
5supervisory college under section 1406.1 and with third-party
6consultants under section 2607, provided that, prior to
7receiving the ORSA-related information, the recipient
8demonstrates by written statement the necessary authority and
9intent to provide the same confidential treatment as required
10by this article.

11(3) May receive and maintain as confidential ORSA-
12related information from the NAIC, regulatory or law
13enforcement officials of this Commonwealth or other
14jurisdictions, group supervisors and members of any
15supervisory college under section 1406.1 in which the ORSA-
16related information is confidential by law in those
17jurisdictions. ORSA-related information obtained under this
18paragraph shall be given confidential treatment, may not be
19subject to subpoena and may not be made public by the
20department, commissioner or any other person.

21(d) Written agreements.--The department shall enter into
22written agreements with the NAIC or a third-party consultant
23governing sharing and use of information provided under this
24article that includes all of the following:

25(1) Specific procedures and protocols for maintaining
26the confidentiality and security of ORSA-related information.

27(2) Procedures and protocols for sharing ORSA-related
28information with regulators from other states in which the
29insurance group has domiciled insurers, including a written
30acknowledgment of the recipient's intent and legal authority

1to maintain the confidential and privileged status of the
2ORSA-related information.

3(3) A provision specifying that ownership of the ORSA-
4related information shared remains with the department and
5that the use of the ORSA-related information is subject to
6the direction and approval of the department.

7(4) A provision that prohibits storing, in a permanent
8database after the underlying analysis is completed, ORSA-
9related information shared pursuant to this article.

10(5) A provision requiring the NAIC or third-party
11consultant, where permitted by law, to give prompt notice to
12the department and to the insurer regarding any subpoena,
13request for disclosure or request for production of the
14insurer's ORSA-related information in the possession of the
15NAIC or third-party consultant.

16(6) A requirement that the NAIC or third-party
17consultant would consent to intervention by an insurer in any
18judicial or administrative action in which the NAIC or third-
19party consultant may be required to disclose ORSA-related
20information or other confidential information about the
21insurer or insurer group that was shared under this article.

22(e) No delegation.--The sharing of information by the
23department under this article shall not constitute a delegation
24of regulatory authority or rulemaking. The department is solely
25responsible for the administration, execution and enforcement of
26this article.

27(f) No waiver of privilege or confidentiality.--The sharing
28of ORSA-related information with, to or by the department as
29authorized by this article shall not constitute a waiver of any
30applicable privilege or claim of confidentiality.

1(g) Information with third parties.--ORSA-related
2information in the possession or control of the NAIC or a third-
3party consultant as provided under this article shall:

4(1) Be confidential and privileged.

5(2) Not be subject to the Right-to-Know Law.

6(3) Not be subject to subpoena.

7(4) Not be subject to discovery or admissible as
8evidence, in any private civil action.

9Section 2609. Sanctions.

10An insurer that fails to timely file an ORSA summary report
11as required under this article or by regulation shall be
12required to pay a penalty of $200 for each day of delay. The
13maximum penalty under this section is $25,000 per year.

14Section 2610. Regulations.

15The department may promulgate rules and regulations and issue
16such orders as are necessary to administer and enforce this
17article.

<-18Section 2. This act shall take effect January 1, 2015.

<-19Section 3. This act shall take effect as follows:

20(1) The addition of section 354.7 of the act shall take
21effect in 60 days.

22(2) This section shall take effect immediately.

23(3) The remainder of this act shall take effect January
241, 2015.