PRIOR PRINTER'S NO. 1112 | PRINTER'S NO. 1154 |
THE GENERAL ASSEMBLY OF PENNSYLVANIA
SENATE BILL
No. | 969 | Session of 2013 |
INTRODUCED BY WHITE, STACK, SCHWANK, RAFFERTY AND MENSCH, MAY 29, 2013
SENATOR WHITE, BANKING AND INSURANCE, AS AMENDED, JUNE 4, 2013
AN ACT
<-1Amending the act of May 17, 1921 (P.L.789, No.285), entitled, as
2amended, "An act relating to insurance; establishing an
3insurance department; and amending, revising, and
4consolidating the law relating to the licensing,
5qualification, regulation, examination, suspension, and
6dissolution of insurance companies, Lloyds associations,
7reciprocal and inter-insurance exchanges, and certain
8societies and orders, the examination and regulation of fire
9insurance rating bureaus, and the licensing and regulation of
10insurance agents and brokers; the service of legal process
11upon foreign insurance companies, associations or exchanges;
12providing penalties, and repealing existing laws," providing
13for risk management and own risk solvency assessment.
<-14Amending the act of May 17, 1921 (P.L.682, No.284), entitled "An
15act relating to insurance; amending, revising, and
16consolidating the law providing for the incorporation of
17insurance companies, and the regulation, supervision, and
18protection of home and foreign insurance companies, Lloyds
19associations, reciprocal and inter-insurance exchanges, and
20fire insurance rating bureaus, and the regulation and
21supervision of insurance carried by such companies,
22associations, and exchanges, including insurance carried by
23the State Workmen's Insurance Fund; providing penalties; and
24repealing existing laws," providing for electronic delivery
25of information and posting of policies and endorsements and
26for risk management and own risk solvency assessment.
27The General Assembly of the Commonwealth of Pennsylvania
28hereby enacts as follows:
<-29Section 1. The act of May 17, 1921 (P.L.789, No.285), known
30as The Insurance Department Act of 1921, is amended by adding an
1article to read:
2ARTICLE XIII
3RISK MANAGEMENT AND OWN RISK SOLVENCY ASSESSMENT
4Section 1301. Purpose and scope of article.
5(a) Purpose.--The purpose of this article is to:
6(1) Require an insurer or insurance group to maintain a
7risk management framework and complete an own risk and
8solvency assessment (ORSA).
9(2) Set forth the requirements for filing an ORSA
10summary report with the Insurance Department.
11(3) Provide for the confidential treatment of the ORSA,
12the ORSA summary report and other ORSA-related information,
13which contain trade secrets and other proprietary information
14that, if made public, could potentially cause the insurer or
15insurance group competitive harm or disadvantage.
16(b) Scope.--The requirements of this article shall apply to
17all insurers domiciled in this Commonwealth unless exempt under
18section 1306.
19Section 1302. Definitions.
20The following words and phrases when used in this article
21shall have the meanings given to them in this section unless the
22context clearly indicates otherwise:
23"Commissioner." The Insurance Commissioner of the
24Commonwealth.
25"Department." The Insurance Department of the Commonwealth.
26"Domestic insurer." An insurer that is incorporated or
27organized under the laws of this Commonwealth.
28"Insurance group." The insurers and affiliates included
29within an insurance holding company system as defined in section
301401 of the act of May 17, 1921 (P.L.682, No.284), known as The
1Insurance Company Law of 1921.
2"Insurer." Any fraternal benefit society, health maintenance
3organization, preferred provider organization, company,
4association, exchange, hospital plan corporation as defined in
5and subject to 40 Pa.C.S. Ch. 61 (relating to hospital plan
6corporations) or professional health services plan corporation
7subject to 40 Pa.C.S. Ch. 63 (relating to professional health
8services plan corporations), authorized by the Insurance
9Commissioner to transact the business of insurance in this
10Commonwealth except that the term shall not include:
11(1) the Commonwealth or any agency or instrumentality
12thereof; or
13(2) agencies, authorities or instrumentalities of the
14United States, its possessions and territories, the
15Commonwealth of Puerto Rico, the District of Columbia or a
16state or political subdivision.
17"NAIC." The National Association of Insurance Commissioners
18or successor organization and its affiliates and subsidiaries.
19"ORSA guidance manual." The current version of the Own Risk
20and Solvency Assessment Guidance Manual developed and adopted by
21the NAIC and as amended. A change in the ORSA guidance manual
22will be effective on January 1 following the calendar year in
23which the change was adopted by the NAIC.
24"ORSA-related information." The ORSA, ORSA summary report,
25risk management framework or any documents, materials or other
26information related to an insurer or insurer group's ORSA, ORSA
27summary or risk management framework.
28"ORSA summary report." The confidential high-level summary
29of an insurer or insurance group's ORSA.
30"Own risk and solvency assessment" or "ORSA"." A
1confidential internal assessment, appropriate to the nature,
2scale and complexity of an insurer or insurance group, conducted
3by that insurer or insurance group, of the material and relevant
4risks associated with the insurer or insurance group's current
5business plan and the sufficiency of capital resources to
6support those risks.
7Section 1303. Risk management framework.
8An insurer shall maintain a risk management framework for
9identifying, assessing, monitoring, managing and reporting its
10material and relevant risks. This requirement may be satisfied
11if the insurance group of which the insurer is a member
12maintains a risk management framework applicable to the
13operations of the insurer.
14Section 1304. ORSA requirement.
15An insurer, or the insurance group of which the insurer is a
16member, shall conduct an ORSA consistent with the guidelines set
17forth in the ORSA guidance manual. The ORSA shall be conducted
18regularly, but no less frequently than annually, and at any time
19when there are significant changes to the risk profile of the
20insurer or the insurance group of which the insurer is a member.
21Section 1305. ORSA summary report.
22(a) General rule.--Beginning January 1, 2015, and every year
23thereafter, a domestic insurer or an insurer that is a member of
24an insurance group of which Pennsylvania is the lead state as
25determined by the financial analysis handbook adopted by the
26NAIC shall submit an ORSA summary report to the department once
27per calendar year. The insurer or insurance group shall
28determine the most appropriate date of filing based upon the
29insurer or insurance group's internal strategic planning
30processes and notify the department of the anticipated date of
1filing by June 1 of each year.
2(b) Exception.--An insurer not required to submit an ORSA
3summary report under subsection (a) shall do so upon the
4department's request, but not more than once per calendar year.
5The insurer shall determine the most appropriate date of the
6filing based upon the insurer's internal strategic planning
7processes and notify the department of the anticipated date of
8filing within 30 days of the department's request.
9(c) Form of summary report.--An insurer may comply with
10subsection (a) or (b) by providing to the department either of
11the following:
12(1) A combination of reports that together contain the
13information described in the ORSA guidance manual.
14(2) A copy of the most recent reports submitted by the
15insurer, or another member of an insurance group of which the
16insurer is a member, to the chief insurance regulatory
17official of another state or to a supervisor or regulator of
18a foreign jurisdiction, if that report is substantially
19similar to the ORSA summary report. For purposes of this
20section, "substantially similar" means containing information
21comparable to the information described in the ORSA guidance
22manual as determined by the commissioner. If the report is in
23a language other than English, it must be accompanied by a
24translation of that report into the English language.
25(d) Attestation.--The ORSA summary report must include a
26signature of the insurer or insurance group's chief risk officer
27or other executive having responsibility for the oversight of
28the insurer's enterprise risk management process attesting to
29the best of that person's belief and knowledge that the insurer
30applies the enterprise risk management process described in the
1ORSA summary report and that a copy of the report has been
2provided to the insurer's board of directors or the appropriate
3committee thereof.
4(e) Compliance with ORSA guidance manual.--The ORSA summary
5report must be prepared in accordance with the ORSA guidance
6manual. Documentation and supporting information must be
7maintained and made available upon request in an examination
8conducted pursuant to section 1406 of the act of May 17, 1921
9(P.L.682, No.284), known as The Insurance Company Law of 1921,
10or Article IX.
11(f) Review by department.--The department shall review the
12ORSA summary report and make additional requests for information
13using procedures similar to current procedures for coordinating
14analysis and examination of multistate or global insurers and
15insurance groups.
16(g) Summary of material changes and updates.--The ORSA
17summary report should also include a short summary of material
18changes and updates to the ORSA summary report since the prior
19year.
20Section 1306. Exemption.
21(a) General rule.--An insurer is exempt from the
22requirements of this article, if:
23(1) the insurer has annual direct written and
24unaffiliated assumed premium, including international direct
25and assumed premium but excluding premiums reinsured with the
26Federal Crop Insurance Corporation and Federal Flood Program,
27less than $500,000,000; and
28(2) the insurer is a member of an insurance group, the
29insurance group has annual direct written and unaffiliated
30assumed premium including international direct and assumed
1premium, but excluding premiums reinsured with the Federal
2Crop Insurance Corporation and Federal Flood Program, less
3than $1,000,000,000.
4(b) Partial exemption for insurer.--If an insurer is exempt
5under subsection (a)(1), but the insurance group of which the
6insurer is a member is not exempt under subsection (a)(2), then
7the ORSA summary report must include every insurer within the
8insurance group. This requirement may be satisfied by the
9submission of more than one ORSA summary report for any
10combination of insurers if the reports include every insurer
11within the insurance group.
12(c) Partial exemption for insurance group.--If an insurer is
13not exempt under subsection (a)(1), but the insurance group of
14which the insurer is a member is exempt under subsection (a)(2),
15then the insurer shall file the ORSA summary report applicable
16only to the insurer.
17(d) Waiver.--An insurer that is not exempt under subsection
18(a) may apply to the commissioner for a waiver from the
19requirements of this article based upon unique circumstances. If
20the insurer is a member of an insurance group with insurers
21domiciled in more than one state, the commissioner shall
22coordinate with the lead state commissioner and with the other
23domiciliary commissioners in considering whether to grant the
24insurer's request for a waiver. In deciding whether to grant the
25insurer's request for waiver, the commissioner may consider:
26(1) The type and volume of business written.
27(2) Ownership and organizational structure.
28(3) Material reduction in risk or risk exposures.
29(4) Any other factor the commissioner determines to be
30relevant to whether a wavier should be granted.
1(e) Additional requirements.--Notwithstanding the exemptions
2under subsection (a):
3(1) The commissioner may require that an insurer
4maintain a risk management framework, conduct an ORSA and
5file an ORSA summary report based on unique circumstances,
6including the type and volume of business written, ownership
7and organizational structure, Federal agency requests and
8international supervisor requests.
9(2) The commissioner may require that an insurer
10maintain a risk management framework, conduct an ORSA and
11file an ORSA summary report if the insurer:
12(i) has risk-based capital for a company action
13level event as set forth in sections 506-A and 505-B;
14(ii) meets one or more of the standards of an
15insurer deemed to be in hazardous financial condition as
16defined in 31 Pa. Code Part VIII, Ch. 160 (relating to
17standards to define insurers deemed to be in hazardous
18financial condition); or
19(iii) otherwise exhibits qualities of a troubled
20insurer as determined by the commissioner.
21(3) If an insurer exempt under subsection (a) no longer
22qualifies for that exemption due to changes in premium as
23reflected in the insurer's most recent annual statement or in
24the most recent annual statements of the insurers within the
25insurance group of which the insurer is a member, the insurer
26shall have one year after the year the threshold is exceeded
27to comply with the requirements of this article.
28Section 1307. Third-party consultants.
29The department may retain, at the insurer's expense, third-
30party consultants, including attorneys, actuaries, accountants
1and other experts not otherwise a part of the department's staff
2as may be reasonably necessary to assist the department in
3reviewing the risk management framework, ORSA, ORSA summary
4report or the insurer's compliance with this article. Any
5persons so retained shall be under the direction and control of
6the department and shall act in a purely advisory capacity.
7Third-party consultants are subject to the same confidentiality
8standards and requirements as the department.
9Section 1308. Confidentiality.
10(a) General rule.--The ORSA-related information that is
11produced by, obtained by or disclosed to, the department or any
12other person under this article shall be privileged and given
13confidential treatment and shall not be:
14(1) Subject to discovery or admissible as evidence in a
15private civil action.
16(2) Subject to subpoena.
17(3) Subject to the act of February 14, 2008 (P.L.6,
18No.3), known as the Right-to-Know Law.
19(4) Made public by the department or any other person
20without the prior written consent of the insurer to which it
21pertains, except as provided in subsection (c).
22(b) Private civil actions.--The commissioner, department or
23any individual or person who receives ORSA-related information
24while acting under the authority of the commissioner or
25department or with whom the ORSA-related information is shared
26pursuant to this article shall not be permitted or required to
27testify in any private civil action concerning the ORSA-related
28information.
29(c) Use of ORSA-related information by the department.--To
30assist in the performance of regulatory duties, the department:
1(1) May use ORSA-related information in furtherance of
2any regulatory or legal action brought as part of the
3department's official duties.
4(2) May share ORSA-related information with the NAIC,
5regulatory or law enforcement officials of this Commonwealth
6or other jurisdictions, group supervisors and members of any
7supervisory college under section 1406.1 of the act of May
817, 1921 (P.L.682, No.284), known as The Insurance Company
9Law of 1921, provided that, prior to receiving the ORSA-
10related information, the recipient demonstrates by written
11statement the necessary authority and intent to provide the
12same confidential treatment as required by this article.
13(3) May receive and maintain as confidential ORSA-
14related information from the NAIC, regulatory or law
15enforcement officials of this Commonwealth or other
16jurisdictions, group supervisors and members of any
17supervisory college under section 1406.1 of The Insurance
18Company Law of 1921 in which the ORSA-related information is
19confidential by law in those jurisdictions. ORSA-related
20information obtained under this paragraph shall be given
21confidential treatment, may not be subject to subpoena and
22may not be made public by the department, commissioner or any
23other person.
24(4) Shall enter into written agreements with the NAIC or
25a third-party consultant governing sharing and use of
26information provided under this article that includes all of
27the following:
28(i) Specific procedures and protocols for
29maintaining the confidentiality and security of ORSA-
30related information.
1(ii) Procedures and protocols for sharing ORSA-
2related information with regulators from other states in
3which the insurance group has domiciled insurers,
4including a written acknowledgment of the recipient's
5intent and legal authority to maintain the confidential
6and privileged status of the ORSA-related information.
7(iii) A provision specifying that ownership of the
8ORSA-related information shared remains with the
9department and that the use of the ORSA-related
10information is subject to the direction and approval of
11the department.
12(iv) A provision that prohibits storing, in a
13permanent database after the underlying analysis is
14completed, ORSA-related information shared pursuant to
15this article.
16(v) A provision requiring the NAIC or third-party
17consultant, where permitted by law, to give prompt notice
18to the department and to the insurer regarding any
19subpoena, request for disclosure or request for
20production of the insurer's ORSA-related information in
21the possession of the NAIC or third-party consultant.
22(vi) A requirement that the NAIC or third-party
23consultant would consent to intervention by an insurer in
24any judicial or administrative action in which the NAIC
25or third-party consultant may be required to disclose
26ORSA-related information or other confidential
27information about the insurer or insurer group that was
28shared under this article.
29(d) No delegation.--The sharing of information by the
30department under this article shall not constitute a delegation
1of regulatory authority or rulemaking. The department is solely
2responsible for the administration, execution and enforcement of
3this article.
4(e) No waiver of privilege or confidentiality.--The sharing
5of ORSA-related information by the department as authorized by
6this article shall not constitute a waiver of any applicable
7privilege or claim of confidentiality.
8(f) Information with third parties.--ORSA-related
9information in the possession or control of the NAIC or a third-
10party consultant as provided under this article shall:
11(1) Be confidential and privileged.
12(2) Not be subject to the Right-to-Know Law.
13(3) Not be subject to subpoena.
14(4) Not be subject to discovery or admissible in
15evidence in any private civil action.
16Section 1309. Sanctions.
17An insurer that fails to timely file an ORSA summary report
18as required under this article or by regulation shall be
19required to pay a penalty of $200 for each day of delay. The
20maximum penalty under this section is $25,000 per year.
21Section 1310. Regulations.
22The department may promulgate rules and regulations and issue
23such orders as are necessary to administer and enforce this
24article.
25Section 2. This act shall take effect January 1, 2015, or
26immediately, whichever is later.
27Section 1. The act of May 17, 1921 (P.L.682, No.284), known
28as The Insurance Company Law of 1921, is amended by adding a
29section to read:
30Section 354.7. Electronic Delivery of Information and
1Posting of Policies and Endorsements.--(a) (1) With regard to
2any law or regulation of this Commonwealth requiring an insurer
3to provide, send or deliver information, notices or documents in
4writing to an insured or applicant as part of an insurance
5transaction, if the insurer and the insured or applicant have
6agreed to conduct a transaction by electronic means, the
7requirement is satisfied if the information is provided, sent or
8delivered, as the case may be, in an electronic record capable
9of retention by the recipient at the time of receipt. An
10electronic record is not capable of retention by the recipient
11if the sender or its information processing system inhibits the
12ability of the recipient to print or store the electronic
13record. The provisions of the act of December 16, 1999 (P.L.971,
14No.69), known as the "Electronic Transactions Act," shall
15otherwise apply to the insurer and the insured or applicant with
16respect to the providing, sending or delivering of the
17information, notices or documents.
18(2) Any law or regulation requiring an insurer to send
19multiple copies of the information, notices or documents shall
20not apply where the insurer provides, sends or delivers the
21information, notices or documents in accordance with subsection
22(a).
23(3) An insurer providing, sending or delivering
24information, notices or documents shall satisfy any font, size,
25spacing or other format requirements if the electronic
26information, notices or documents as provided, sent or delivered
27by the insurer meet those requirements and may be printed or
28saved by the insured or applicant using programs or applications
29widely available on the Internet and free of charge to use.
30(b) Notwithstanding subsection (a) or any other law or
1regulation of this Commonwealth requiring an insurer to provide,
2send or deliver an insurance policy or endorsement to an
3insured, an insurer may elect to post a policy or endorsement
4that does not contain personally identifiable information on its
5Internet website provided it complies with all of the following:
6(1) The policy or endorsement is easily accessible on the
7Internet website so long as it is in force.
8(2) The policy or endorsement is posted in a manner that
9enables the insured to print and save it using programs or
10applications widely available on the Internet and free of charge
11to use.
12(3) The insurer provides notice, in the manner it normally
13communicates with the insured, at the time of issuance or
14renewal of the policy or endorsement, or at the time of any
15changes to the policy or endorsement, of a method by which the
16insured may obtain, upon request and without charge, a paper or
17electronic copy of the policy or endorsement, or any changes to
18them, and the Internet address where the policy and endorsement
19are posted.
20(4) The insurer provides all of the following information on
21each declarations page provided to the insured at the time of
22issuance or renewal:
23(i) A description of the exact policy and endorsement forms
24purchased by the insured.
25(ii) A method by which the insured may obtain, upon request
26and without charge, a paper or electronic copy of the policy or
27endorsement, or any changes to them.
28(iii) The Internet address where the policy and endorsement
29are posted.
30(5) After expiration of the policy or endorsement, the
1insurer archives the expired policies or endorsements in
2accordance with the Insurance Department's general record
3retention requirements and makes them available upon request.
4(c) Upon satisfactory evidence of the violation of this
5section by an insurer, the Insurance Commissioner may, in his
6discretion, pursue one or more of the following courses of
7action:
8(1) Suspend or revoke the license of the insurer.
9(2) Refuse, for a period not to exceed one year thereafter,
10to issue a new license to the insurer.
11(3) Impose a fine of not more than one thousand dollars
12($1,000) for each act in violation of this section.
13Section 2. The act is amended by adding an article to read:
14ARTICLE XXVI
15RISK MANAGEMENT AND OWN RISK
16SOLVENCY ASSESSMENT
17Section 2601. Purpose and scope of article.
18(a) Purpose.--The purpose of this article is to:
19(1) Require an insurer or insurance group to maintain a
20risk management framework and complete an own risk and
21solvency assessment (ORSA).
22(2) Set forth the requirements for filing an ORSA
23summary report with the Insurance Department.
24(3) Provide for the confidential treatment of the ORSA,
25the ORSA summary report and other ORSA-related information,
26which contain trade secrets and other proprietary information
27that, if made public, could potentially cause the insurer or
28insurance group competitive harm or disadvantage.
29(b) Scope.--The requirements of this article shall apply to
30all insurers domiciled in this Commonwealth unless exempt under
1section 2606.
2Section 2602. Definitions.
3The following words and phrases when used in this article
4shall have the meanings given to them in this section unless the
5context clearly indicates otherwise:
6"Commissioner." The Insurance Commissioner of the
7Commonwealth.
8"Department." The Insurance Department of the Commonwealth.
9"Insurance group." The insurers and affiliates included
10within an insurance holding company system as defined in section
111401.
12"Insurer." Any fraternal benefit society, health maintenance
13organization, preferred provider organization, company,
14association, exchange, hospital plan corporation as defined in
15and subject to 40 Pa.C.S. Ch. 61 (relating to hospital plan
16corporations) or professional health services plan corporation
17subject to 40 Pa.C.S. Ch. 63 (relating to professional health
18services plan corporations), authorized by the Insurance
19Commissioner to transact the business of insurance in this
20Commonwealth except that the term shall not include:
21(1) the Commonwealth or any agency or instrumentality
22thereof; or
23(2) agencies, authorities or instrumentalities of the
24United States, its possessions and territories, the
25Commonwealth of Puerto Rico, the District of Columbia or a
26state or political subdivision.
27"NAIC." The National Association of Insurance Commissioners
28or successor organization and its affiliates and subsidiaries.
29"ORSA guidance manual." The current version of the Own Risk
30and Solvency Assessment Guidance Manual developed and adopted by
1the NAIC and as amended. A change in the ORSA guidance manual
2will be effective on January 1 following the calendar year in
3which the change was adopted by the NAIC.
4"ORSA-related information." The ORSA, ORSA summary report,
5risk management framework or any documents, materials or other
6information related to an insurer or insurer group's ORSA, ORSA
7summary or risk management framework.
8"ORSA summary report." The confidential high-level summary
9of an insurer or insurance group's ORSA.
10"Own risk and solvency assessment" or "ORSA." A confidential
11internal assessment, appropriate to the nature, scale and
12complexity of an insurer or insurance group, conducted by that
13insurer or insurance group, of the material and relevant risks
14associated with the insurer or insurance group's current
15business plan and the sufficiency of capital resources to
16support those risks.
17Section 2603. Risk management framework.
18An insurer shall maintain a risk management framework for
19identifying, assessing, monitoring, managing and reporting its
20material and relevant risks. This requirement may be satisfied
21if the insurance group of which the insurer is a member
22maintains a risk management framework applicable to the
23operations of the insurer.
24Section 2604. ORSA requirement.
25An insurer, or the insurance group of which the insurer is a
26member, shall conduct an ORSA consistent with the guidelines set
27forth in the ORSA guidance manual. The ORSA shall be conducted
28regularly, but no less frequently than annually, and at any time
29when there are significant changes to the risk profile of the
30insurer or the insurance group of which the insurer is a member.
1Section 2605. ORSA summary report.
2(a) General rule.--Beginning January 1, 2015, and every year
3thereafter, a domestic insurer or an insurer that is a member of
4an insurance group of which Pennsylvania is the lead state as
5determined by the financial analysis handbook adopted by the
6NAIC shall submit an ORSA summary report to the department once
7per calendar year. The insurer or insurance group shall
8determine the most appropriate date of filing based upon the
9insurer or insurance group's internal strategic planning
10processes and notify the department of the anticipated date of
11filing by June 1 of each year.
12(b) Exception.--An insurer not required to submit an ORSA
13summary report under subsection (a) shall do so upon the
14department's request, but not more than once per calendar year.
15The insurer shall determine the most appropriate date of the
16filing based upon the insurer's internal strategic planning
17processes and notify the department of the anticipated date of
18filing within 30 days of the department's request.
19(c) Form of summary report.--An insurer may comply with
20subsection (a) or (b) by providing to the department either of
21the following:
22(1) A combination of reports that together contain the
23information described in the ORSA guidance manual.
24(2) A copy of the most recent reports submitted by the
25insurer, or another member of an insurance group of which the
26insurer is a member, to the chief insurance regulatory
27official of another state or to a supervisor or regulator of
28a foreign jurisdiction, if that report is substantially
29similar to the ORSA summary report. For purposes of this
30section, "substantially similar" means containing information
1comparable to the information described in the ORSA guidance
2manual as determined by the commissioner. If the report is in
3a language other than English, it must be accompanied by a
4translation of that report into the English language.
5(d) Attestation.--The ORSA summary report must include a
6signature of the insurer or insurance group's chief risk officer
7or other executive having responsibility for the oversight of
8the insurer's risk management process attesting to the best of
9that person's belief and knowledge that the insurer applies the
10risk management process described in the ORSA summary report and
11that a copy of the report has been provided to the insurer's
12board of directors or the appropriate committee thereof.
13(e) Compliance with ORSA guidance manual.--The ORSA summary
14report must be prepared in accordance with the ORSA guidance
15manual. Documentation and supporting information must be
16maintained and made available upon request in an examination
17conducted pursuant to section 1406 or Article IX of the act of
18May 17, 1921 (P.L.789, No.285), known as The Insurance
19Department Act of 1921.
20(f) Review by department.--The department shall review the
21ORSA summary report and make additional requests for information
22using procedures similar to current procedures for coordinating
23analysis and examination of multistate or global insurers and
24insurance groups.
25(g) Summary of material changes and updates.--The ORSA
26summary report should also include a short summary of material
27changes and updates to the ORSA summary report since the prior
28year.
29Section 2606. Exemption.
30(a) General rule.--An insurer is exempt from the
1requirements of this article, if:
2(1) the insurer has annual direct written and
3unaffiliated assumed premium, including international direct
4and assumed premium but excluding premiums reinsured with the
5Federal Crop Insurance Corporation and Federal Flood Program,
6less than $500,000,000; and
7(2) the insurer is a member of an insurance group, the
8insurance group has annual direct written and unaffiliated
9assumed premium including international direct and assumed
10premium, but excluding premiums reinsured with the Federal
11Crop Insurance Corporation and Federal Flood Program, less
12than $1,000,000,000.
13(b) Partial exemption for insurer.--If an insurer is exempt
14under subsection (a)(1), but the insurance group of which the
15insurer is a member is not exempt under subsection (a)(2), then
16the ORSA summary report must include every insurer within the
17insurance group. This requirement may be satisfied by the
18submission of more than one ORSA summary report for any
19combination of insurers if the reports include every insurer
20within the insurance group.
21(c) Partial exemption for insurance group.--If an insurer is
22not exempt under subsection (a)(1), but the insurance group of
23which the insurer is a member is exempt under subsection (a)(2),
24then the insurer shall file the ORSA summary report applicable
25only to the insurer.
26(d) Waiver.--An insurer that is not exempt under subsection
27(a) may apply to the commissioner for a waiver from the
28requirements of this article based upon unique circumstances. If
29the insurer is a member of an insurance group with insurers
30domiciled in more than one state, the commissioner shall
1coordinate with the lead state commissioner and with the other
2domiciliary commissioners in considering whether to grant the
3insurer's request for a waiver. In deciding whether to grant the
4insurer's request for waiver, the commissioner may consider:
5(1) The type and volume of business written.
6(2) Ownership and organizational structure.
7(3) Material reduction in risk or risk exposures.
8(4) Any other factor the commissioner determines to be
9relevant to whether a wavier should be granted.
10(e) Additional requirements.--Notwithstanding the exemptions
11under subsection (a):
12(1) The commissioner may require that an insurer
13maintain a risk management framework, conduct an ORSA and
14file an ORSA summary report based on unique circumstances,
15including the type and volume of business written, ownership
16and organizational structure, Federal agency requests and
17international supervisor requests.
18(2) The commissioner may require that an insurer
19maintain a risk management framework, conduct an ORSA and
20file an ORSA summary report if the insurer:
21(i) has risk-based capital for a company action
22level event as set forth in sections 506-A and 505-B;
23(ii) meets one or more of the standards of an
24insurer deemed to be in hazardous financial condition as
25defined in 31 Pa. Code Pt. VIII Ch. 160 (relating to
26standards to define insurers deemed to be in hazardous
27financial condition); or
28(iii) otherwise exhibits qualities of a troubled
29insurer as determined by the commissioner.
30(3) If an insurer exempt under subsection (a) no longer
1qualifies for that exemption due to changes in premium as
2reflected in the insurer's most recent annual statement or in
3the most recent annual statements of the insurers within the
4insurance group of which the insurer is a member, the insurer
5shall have one year after the year the threshold is exceeded
6to comply with the requirements of this article.
7Section 2607. Third-party consultants.
8The department may retain, at the insurer's expense, third-
9party consultants, including attorneys, actuaries, accountants
10and other experts not otherwise a part of the department's staff
11as may be reasonably necessary to assist the department in
12reviewing the risk management framework, ORSA, ORSA summary
13report or the insurer's compliance with this article. Any
14persons so retained shall be under the direction and control of
15the department and shall act in a purely advisory capacity.
16Third-party consultants are subject to the same confidentiality
17standards and requirements as the department. As part of the
18retention process, a third-party consultant shall verify to the
19department, with notice to the insurer, that it is free of any
20conflict of interest and that it has internal procedures in
21place to monitor compliance with any conflicts and to comply
22with this article's confidentiality standards and requirements.
23The retention agreement with a third-party consultant shall
24expressly require the written consent of the insurer prior to
25making public any information provided pursuant to this act, as
26required under section 2608(a).
27Section 2608. Confidentiality.
28(a) General rule.--The ORSA-related information in the
29possession of or the control of the department that is produced
30by, obtained by or disclosed to, the department or any other
1person under this article shall be privileged and given
2confidential treatment and shall not be:
3(1) Subject to discovery or admissible as evidence, in a
4private civil action.
5(2) Subject to subpoena.
6(3) Subject to the act of February 14, 2008 (P.L.6,
7No.3), known as the Right-to-Know Law.
8(4) Made public by the department or any other person
9without the prior written consent of the insurer to which it
10pertains, except as provided in subsection (c).
11(b) Private civil actions.--The commissioner, department or
12any individual or person who receives ORSA-related information
13while acting under the authority of the commissioner or
14department or with whom the ORSA-related information is shared
15pursuant to this article shall not be permitted or required to
16testify in any private civil action concerning the ORSA-related
17information.
18(c) Use of ORSA-related information by the department.--To
19assist in the performance of regulatory duties, the department:
20(1) May use ORSA-related information in furtherance of
21any regulatory or legal action brought as part of the
22department's official duties.
23(2) May share ORSA-related information with the NAIC,
24regulatory or law enforcement officials of this Commonwealth
25or other jurisdictions, group supervisors, members of any
26supervisory college under section 1406.1 and third-party
27consultants pursuant to section 2607, provided that, prior to
28receiving the ORSA-related information, the recipient
29demonstrates by written statement the necessary authority and
30intent to provide the same confidential treatment as required
1by this article.
2(3) May receive and maintain as confidential ORSA-
3related information from the NAIC, regulatory or law
4enforcement officials of this Commonwealth or other
5jurisdictions, group supervisors and members of any
6supervisory college under section 1406.1 in which the ORSA-
7related information is confidential by law in those
8jurisdictions. ORSA-related information obtained under this
9paragraph shall be given confidential treatment, may not be
10subject to subpoena and may not be made public by the
11department, commissioner or any other person.
12(d) Agreements for use of ORSA-related information.--The
13department shall enter into written agreements with the NAIC or
14a third-party consultant governing sharing and use of
15information provided under this article that includes all of the
16following:
17(1) Specific procedures and protocols for maintaining
18the confidentiality and security of ORSA-related information.
19(2) Procedures and protocols for sharing ORSA-related
20information with regulators from other states in which the
21insurance group has domiciled insurers, including a written
22acknowledgment of the recipient's intent and legal authority
23to maintain the confidential and privileged status of the
24ORSA-related information.
25(3) A provision specifying that ownership of the ORSA-
26related information shared remains with the department and
27that the use of the ORSA-related information is subject to
28the direction and approval of the department.
29(4) A provision that prohibits storing, in a permanent
30database after the underlying analysis is completed, ORSA-
1related information shared pursuant to this article.
2(5) A provision requiring the NAIC or third-party
3consultant, where permitted by law, to give prompt notice to
4the department and to the insurer regarding any subpoena,
5request for disclosure or request for production of the
6insurer's ORSA-related information in the possession of the
7NAIC or third-party consultant.
8(6) A requirement that the NAIC or third-party
9consultant would consent to intervention by an insurer in any
10judicial or administrative action in which the NAIC or third-
11party consultant may be required to disclose ORSA-related
12information or other confidential information about the
13insurer or insurer group that was shared under this article.
14(e) No delegation.--The sharing of information by the
15department under this article shall not constitute a delegation
16of regulatory authority or rulemaking. The department is solely
17responsible for the administration, execution and enforcement of
18this article.
19(f) No waiver of privilege or confidentiality.--The sharing
20of ORSA-related information by the department as authorized by
21this article shall not constitute a waiver of any applicable
22privilege or claim of confidentiality.
23(g) Information with third parties.--ORSA-related
24information in the possession or control of the NAIC or a third-
25party consultant as provided under this article shall:
26(1) Be confidential and privileged.
27(2) Not be subject to the Right-to-Know Law.
28(3) Not be subject to subpoena.
29(4) Not be subject to discovery or admissible as
30evidence, in any private civil action.
1Section 2609. Sanctions.
2An insurer that fails to timely file an ORSA summary report
3as required under this article or by regulation shall be
4required to pay a penalty of $200 for each day of delay. The
5maximum penalty under this section is $25,000 per year.
6Section 2610. Regulations.
7The department may promulgate rules and regulations and issue
8such orders as are necessary to administer and enforce this
9article.
10Section 3. This act shall take effect January 1, 2015.