For as long as it has existed, the focus of state insurance department regulation has been to protect the consumer from the actions of insurance companies. As it turns out, the regulators have been concerned about the wrong issue. Now we know the objective of these regulations should have been aimed at protecting the insurance companies from themselves.

State insurance departments are charged with regulating the insurance companies domiciled or doing business in their respective states. As part of this responsibility the insurance department has the power to approve or forbid the sale of any insurance policy in their jurisdiction. Generally insurance departments use three criteria in the policy approval process:

  1. 1.  Are the policies in compliance with current state insurance law?
  2. 2.  Are the policies written in a way that the consumer can easily understand the benefits and fees of the policy?
  3. 3.  Are the promotional sales materials and the conduct of the marketing effort consistent with what the policy promises and in compliance with approved marketing practices?

In addition, state insurance departments audit insurance companies to make sure that claims and benefits are paid as promised and that only the approved marketing materials and sales tactics are being used. All of these efforts are designed to protect the consumer against inappropriate actions by the insurance company.

That is all well and good, but this approach left one gaping black hole in insurance company supervision. In the product approval process, there is no requirement for the insurance company to demonstrate that it is capable of delivering on the promises made in the policy. The state insurance departments have assumed the companies were “big boys,” run by intelligent, experienced executives who would not take actions that would damage their companies. After all, these companies have legions of sophisticated, intelligent accounting, investment and actuarial people who certainly know what they are doing. That assumption has proved to be a fallacy.

The problem is that if the insurance companies are unable to live up to the promises they make in the policies – no matter how compliant the policies are with state law – the policyholder will be the ultimate loser. This is not a criticism of state insurance departments, because they have only been charged with the compliance of a product, not the financial credibility of the company offering the product. And, the departments have never been staffed with individuals who could properly analyze the capability of insurance companies to meet the risks they have assumed. (The insurance departments will never admit it, but there has always been a tacit understanding and reliance on commercial rating agencies to make assessments as to insurance company risk assumption.)

The current financial crisis has revealed that a number of insurance industry giants – if not the entire industry – may be unable to meet the guarantees and promises they have made in their policies. It has been estimated that companies such as Hartford, Prudential, Met Life and a number of others have made policy guarantees that have put the companies in the hole by at least $50 billion and growing. (This number is for variable annuities only and does not take into account liabilities that may be buried in fixed or indexed annuities.) This is why these companies have been in such a mad dash to raise additional capital and restructure themselves as banks in an effort to participate in some of the federal bailout funds.

The irony is that all of the policies responsible for creating this unanticipated liability and threatening the very viability of the companies were fully compliant and approved in the states where they were sold.

As I have written before, the press of competition and the desire for growth and short term profits (not to mention increased bonuses) has caused the management of many companies to lose sight of (or ignore) the fundamental principles of managing an insurance company, which is the identification, understanding and management of risk. The assumption of many is that insurance companies are in business to assume risk, but that is incorrect. Insurance companies are in the business of managing and mitigating the risks of others and for that they receive a fee. When insurance companies assume the risks of others or haphazardly make unreasonable promises in a rush to increase sales – as many companies have done – they violate the very definition of insurance. In doing so they put in doubt both the future of the company and the policyholder.

Roy C. Smith Professor Roy C. Smith of the Stern School of Business was talking about banks, but he could have just as easily included many insurance companies when he said, “They pushed to get earnings, but in doing so, they took on more risk than they probably should have …. Safe and soundness has to be no less important than growth and profits but that was subordinated by these guys.” Unfortunately, this is a subtlety of insurance management that is well beyond the capabilities and prevue of the current regulatory system.

New Regulation is Needed

If the consumer is to be properly protected by assuring that promises and guarantees made by insurance companies are met and if the viability of insurance companies are to be protected against the haphazard actions of management seeking short-term results, then an entirely new type of insurance industry regulation is needed. The focus of insurance regulation must be expanded to include the transparent disclosure of the type of risks being assumed by the insurance companies, the potential impact of those risks and the strategy the companies have to manage and mitigate those risks.

What is needed is a type of Sarbanes-Oxley (SOX) regulation in order to create complete transparency as to the type and amount of risk being taken by insurance companies and how they plan to manage those risks.

Sarbanes-Oxley was implemented in an effort to counter abuses and even fraud that had plagued the financial reporting of many companies. While it appeared to be onerous and complicated, SOX had a simple objective of transparency in reporting financial numbers. It boiled down to three points: 1) The companies had to warrant that the numbers presented were correct, 2) The companies had to prove that controls were in place to assure the numbers were correct, and 3) The numbers needed to be available to everyone on a level playing field.

Regulation for the insurance industry should follow the same path with transparency of risk being the primary objective. In addition to demonstrating that the policies designed, sold and issued are in compliance with law, the following should be required:

  1. 1. Insurance companies will clearly define the risks being assumed in the policy
  2. 2. Demonstrate an understanding of the potential size of the risk, and
  3. 3. Disclose a specific plan for the management and mitigation of the risks.

Accountability should also be an important element of this regulation. Under SOX the members of the company board of directors (especially members of the audit committee) are held personally accountable for the veracity of the numbers being presented. This accountability is both financial and legal, i.e. directors can be sued and even prosecuted if incorrect numbers are reported.

Future insurance industry regulation should take the same approach by raising the level of responsibility for assuring that risk has been understood and managed to the very highest levels of the company. It should demand that each company have a qualified “risk assessment manager” who is functionally independent and reports directly to the audit committee of the board of directors. (Just as the internal auditor does.) The risk assessment manager should be independent of management and have the power to prevent the development and sale of any policy until the potential risks and the management of those risks has been fully vetted.

Sarbanes-Oxley was not perfect and there was much gnashing of teeth over its implementation, but that just proved how much such regulation was needed. I believe most would agree today that the legislation was needed and that it has worked. Likewise, there will be those in the insurance industry – especially the accountants and actuaries – who will resist such an approach to insurance regulation. They will claim it is not needed and is something they can do themselves. Yes, they can do it themselves, but clearly they haven’t and something needs to be done if insurance companies are to be protected from themselves and the consumer protected.

My belief is that the insurance industry has the potential to provide safe and secure financial products needed by the consumer and can gain a leading role in the financial services industry. However, this cannot be fulfilled unless and until insurance companies once again demonstrate that they understand and respect risk since this will allow the companies to once again regain the confidence of the consumer.

The reality is that as difficult and intrusive as this type of regulation may be, it is the best thing that can happen to the insurance companies.



  1. It is an important regulation at the right time since the nature of risks now a days becoming broader in connection to tchnology so insurers and isureds shuld have to know this new evironment.

Leave a Reply

Your email address will not be published. Required fields are marked *