This is the first installment of a two-part look at the top 10 insurance regulatory developments of 2020 by lawyers at Locke Lord. The first part covers COVID-19, Insurtechs, Data Privacy, Race Equality and Pharmacy Benefit Managers. ThThe second installment on January 26 will look at Antitrust, Captives, Service Contracts, Travel Insurance and Surplus Lines.
COVID – 19 Pandemic unrest
The COVID-19 pandemic has had serious adverse effects on virtually all US businesses, including insurance. While the business interruption insurance disputes dominated insurance news this year and the impact on property and casualty insurers writing this type of coverage and their insured corporate clients, state insurance regulators also faced significant post-pandemic challenges. Their responses included:
- Imposing moratoriums on cancellations and non-renewals of certain types of insurance policies for those who fail to pay insurance premiums based on COVID-19-related financial difficulties
- Demand a postponement of the collection of insurance premiums by insurers
- Require auto insurance premiums to be refunded based on reduced risk exposures due to government emergency to provide shelter
- Facilitate remote testing and licensing of insurance agents
- Facilitate the use of electronic signatures, remote online notaries and telecare
- Require cost-sharing (deductible and co-payment) exemption under health insurance policies for COVID-19 testing
- Early refill of prescription drugs covered by health plans
- Suspension of time limits for filing insurance claims and appeals
- Research into network adequacy requirements for health insurers
All in all, state insurance regulators responded quickly and aggressively to the pandemic-induced challenges facing the insurance industry and the insurance customers they protect.
On the federal side, in May, the US House of Representatives introduced the Pandemic Risk Insurance Act ("PRIA"), modeled on the Terrorism Risk Insurance Act of 2002, as amended ("TRIA"). PRIA has been characterized by Congressman Maxine Waters as "a reinsurance program similar to (TRIA) for pandemics, by covering the aggregate insurance losses insurance companies would face." PRIA would require participating insurers to & # 39; make insurance coverage & # 39; available & # 39; for a & # 39; covered public health emergency & # 39; including & # 39; any outbreak of an infectious disease or pandemic & # 39; is subject to terms that are not materially different from those that apply to losses arising from other.Like TRIA, participating insurers should meet individual and industry-wide deductibles before claiming federal compensation for losses. However, it is critical that, as currently envisaged, participation in the Pandemic Risk Insurance Program would be voluntary in nature, while TRIA is a mandatory program that applies to certain commercial property and casualty insurance policies.
InsurTech Growth and Regulatory Response
Despite, or perhaps because of, the COVID-19 pandemic, no area of technology was hotter than insurtech in 2020. With multiple companies entering both SPAC trades (Clover and Metromile) and direct quotations (Lemonade, Root and OSCAR). went the stock market, as In addition to investments that others estimate at more than a billion dollars (Hippo), insurtech quickly moved from niche to mainstream, fueled in part by the industry's focus on automation, efficiency and digital platforms that allowed them to scale despite COVID 19 restrictions.
The National Association of Insurance Commissioners ("NAIC") recognized the rapid development of technology-assisted insurance platforms and responded with both reforms to previously outdated laws that hindered these insurtech business models and increased focus on the possible future regulation of big data , artificial intelligence, machine learning, and accelerated adoption in the insurance industry.
As for the reforms, the NAIC has updated the language in its Model Unfair Trade Practices Act regarding anti-rebates and incentives that previously limited almost all rebates and incentives to allow the provision of certain services and items at reduced or no cost , if so. items or services result in risk mitigation, along with other accommodative revisions. This change has been the focus of insurtechs for a number of years and, for example, would allow a commercial insurance company to offer its policyholders a free water leak detection system as a way to limit damage from broken pipes.
As for more regulation of insurtechs, while the NAIC has not passed or recommended specific model laws or regulations regarding artificial intelligence and machine learning, the Big Data and Artificial Intelligence Working Group has adopted the & # 39; Principles of AI & # 39; adopted, outlining the five principles it will use in evaluating the regulation of AI, namely that the use of AI by the insurance industry is (i) fair and ethical, (ii) responsible, (iii) compliant, (iv) transparent, and (v) must be safe, secure and robust. Additionally, the NAIC's Producer Licensing Task Force is finalizing a white paper on the role of chatbots and artificial intelligence (AI) in insurance distribution and the potential need for regulatory oversight of these technologies, something the insurtech industry has to offer. will do. become highly focused in 2021, especially in light of California's recent adoption of the BOT Trading. Likewise, the Casualty Actuarial and Statistical Task Force approved a white paper on the regulatory review of predictive models, while the Accelerated Underwriting Working Group continued its work on developing regulatory guidelines regarding the use of external data and data analysis in accelerated term life insurance.
Expansion of data privacy and security rules
California Consumer Privacy Act
Like any other company that collects or receives non-public consumer information about California residents, the insurance industry will be affected by the California Privacy Rights Act ("CPRA"). The CPRA, which was passed in November 2020 as a voter passage of California's Proposition 24 voting initiative, increases and strengthens consumer privacy protections under the California Consumer Privacy Act, which was enforced on July 1, 2020. The CPRA, among other new ones created privacy rights for consumers, gives consumers the right to restrict the use and disclosure of a new category of "sensitive" personal information, including health, financial, racial and precise geolocation data. It also allows consumers to correct inaccurate data about them and creates the California Privacy Protection Agency, a new government agency that will enforce the CCPA in place of the California Attorney General.
National Association of Insurance Commissioners Data Security and Privacy Laws
The NAIC's Data Security Model Act, a cybersecurity breach law that applies to most insurance industry licensees, has now been passed in one form or another in eleven states. In 2020 Indiana, Louisiana and Virginia were part of this list, which is likely to expand in 2021.
Established in late 2019, the NAIC & # 39; s Privacy Protections (D) Working Group began work in 2020 reviewing the needs and area for modernizing the NAIC & # 39; s Insurance Information and Privacy Protection Model Act ( established in 1982) and Privacy of Consumer Financial and Health Information Regulation (created in 2000 in the wake of the Gramm-Leach-Bliley Act). The possible upgrades of these two models can take the form of certain concepts from the CCPA and the General Data Protection Regulation of the European Union.
NY Department of Financial Services First Cybersecurity Regulation Enforcement
In July 2020, the New York Department of Financial Services filed its first enforcement action under its cybersecurity ordinance against First American Title Insurance Company for alleged unauthorized access to hundreds of millions of documents containing consumers' non-public personal information, due to a known vulnerability on the public website of the business, making the data accessible without login or authentication requirements. This case serves as a strong warning that the NYDFS will prosecute other alleged violations of its cybersecurity regulations.
Racial Equality and Insurance
In the wake of national awareness regarding the impact of race on various institutions in the United States, the NAIC formed the NAIC Special Committee on Race and Insurance (& # 39; Special Committee & # 39;) and wondered: & # 39; Does the disparate impact of risk-based pricing decisions constitute unfair discrimination? "The fact is, you don't have to worry.
Nearly all states follow some version of the NAIC's Unfair Trade Practice Act ("Model Act"), which generally prohibits "unfair discrimination" against "individuals or risks of the same class and of essentially the same. danger "prohibits with respect for both rates and insurability. "The Model Act further specifically prohibits taking into account the sex, marital status, race, religion or national origin of the individual, but only with regard to insurability, not with regard to the rates charged to such consumers (except in the case of race, which was prohibited under the Civil Rights Act of 1964) Notably, only a handful of states have explicit laws restricting the use of certain of these factors in certain insurance policies (for example, Michigan now prohibits all non-driving factors in setting personal car insurance rates and New York, through its No. 1 Circular, now essentially requires life insurers to prove that all AI, machine learning and 'alternative data' and their sources do No bans discriminatory disparate impact on protected classes) Instead, most states do not have much specificity in their statutes. or regulations set out what constitutes unfair discrimination
The NAIC, state insurance regulators, consumer attorneys, and the insurance industry as a whole are focused on the exponential growth of the industry's dependence on artificial intelligence, machine learning and big data. Some observers have predicted the end of most risk-based underwriting and pricing as we know it today for much of the insurance industry in light of these issues, in much the same way that health insurance contracting was simplified through the Affordable Care Act. However, it is more likely that regulation will focus on monitoring to ensure that such disparate effects do not occur, and that they will be remedied immediately when they occur.
Regulations for pharmacy managers
In recent years, several states have passed legislation aimed at regulating pharmacy fee managers ("PPEs") to protect small or mom-and-pop pharmacies that, in some cases, received reimbursements from PPE & # 39 s for prescription drugs that fall under the health sector. plan less than the cost of the pharmacy to buy these drugs. In December 2020, the Supreme Court, in Rutledge v Pharmaceutical Care Management Assn. (an 8 to 0 opinion), ruled that an Arkansas PPE statute was not waived by ERISA.
Arkansas law requires that PPE (a) regularly publish their lists of maximum allowable costs (& # 39; MAC & # 39;) for prescription drugs when their wholesale costs increase and (b) reimburse pharmacies for their purchases from prescription drugs at a price equal to or higher than their price. wholesale costs and allows pharmacies to refuse to sell a prescription medicine if the reimbursement rate of a PPE is lower than the purchase cost of a pharmacy. The Court ruled that ERISA did not override the Arkansas PPE Act because, although the law had the effect of increasing the cost of a benefits plan, the law did not force employer-sponsored collective health plans to approve substantial plan changes. that not all state laws that affect an ERISA plan and the Arkansas PPE Act do not refer to ERISA, do not apply exclusively to ERISA plans, and apply to PPE, whether or not they have an ERISA manage plan. This decision overturns a 2018 Eighth Circuit case in which ERISA advocated a similar law in North Dakota, and should prevent an appeal pending in the tenth circuit of an Oklahoma District Court case involving an Oklahoma PPE law. maintained against an ERISA preemption challenge.
Next: Antitrust, captives, service contracts, travel insurance and redundant lines.