10 Imperative Regulatory Trends for Insurers in 2020

Tackling evolving technology risks and protecting insureds against extreme weather events are two of the top priorities as the insurance sector battles to ensure its regulations remain relevant in a rapidly changing world.
By: | February 19, 2020

Complying with constantly evolving regulations at global, federal and state levels presents a perennial game of catch-up for U.S. insurers.

With the risk landscape evolving at a faster rate than ever before, insurance regulators now know the feeling.


The world is in the grip of a host of big new challenges, from social polarization and political turbulence to technological and climate change, many of which are not adequately addressed in insurance laws, and regulators and insurers are busy developing frameworks within which the sector can work to close the protection gap.

This year, the insurance sector is likely to face a raft of issues that test the limits of coverage and existing legal constructs, warned Jeffrey Ellis, partner with Clyde & Co.

He suggested that changes in technology, social media and the environment have comfortably outpaced the insurance and legal constructs that were previously in place.

“As political solutions remain absent, the courts will be forced to deal with these issues,” he told Risk & Insurance®.

While ongoing issues such as medical cost control remain a top priority for state insurance regulators, risks relating to new technology and data security have become existential threats to be addressed, warned Gary Anderberg, senior vice president, claims analytics for Gallagher Bassett.

“Major companies could be put out of business or forced to make expensive and disruptive changes to long-established business practices, depending on what happens in these legal areas.”

Collaboration between industry and regulators is crucial to ensure insurance laws adequately recognize and address these and other emerging issues and, in several cases, is already underway in the form of both official working groups and informal initiatives.

Below are 10 regulatory themes that will feature heavy discussions in the year ahead.

1) Data Security Regulatory Reform

The California Consumer Privacy Act of 2018 (CCPA) took effect on January 1, signaling the start of a new era of accountability in the way U.S. companies secure and manage their customer data.

Jeffrey Ellis, partner, Clyde & Co

The CCPA is “a harbinger of things to come,” EY’s Simon Plummer said, with similar reforms likely to sweep through the U.S. that will change the game for insureds and insurers.

According to Kathryn Ashton, partner at Clyde & Co, “The CCPA, as one of the first major data privacy laws in the U.S., will no doubt lead many businesses to query whether their present insurance program provides coverage for the consumer claims and regulatory actions brought under the Act. However, insurers of all types of policies should be prepared to address policyholder demands for coverage in response to CCPA claims.”

Insurers must also get their own cyber security protocols in order.

New York’s Cybersecurity Regulation for Financial Services Companies and the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model have laid much of the groundwork.

However, Prakash Paran, partner and global co-chair of DLA Piper’s insurance practice, warned that with “no consistency or coordination globally or even between U.S. states with respect [to] data privacy requirements,” the cost and difficulty for insurers of compliance with myriad laws is “staggering.”

He added that the risk of class action litigation in the wake of data privacy breaches is also a growing concern.

2) Property Resiliency

Losses from extreme weather events are on the rise, yet many property owners remain underinsured and are often unaware that their policies do not cover specific perils such as flood, wildfire or earthquake.


To address the protection gap and encourage improved property resiliency, regulators are incentivizing insurers to provide more coverage while rewarding buyers that mitigate their risk.

Regulators are particularly keen to attract more private insurance participation in flood risk and reduce property owners’ reliance on the National Flood Insurance Program.

“I’d like to see the NFIP as the market of last resort. Consumers are served best by a competitive private market,” said NAIC president and South Carolina Department of Insurance Director Ray Farmer.

Several states, he explained, have already lowered fees and removed certain regulatory hurdles for companies selling flood insurance through the admitted or surplus lines marketplace, with statutes allowing insurers to offer premium discounts of up to 40% in some cases for insureds that take measures to protect their properties against storm and flood damage.

Expect more states to adopt similar schemes in 2020.

3) Embracing Parametric Coverage

Parametric products may provide valuable cover for insureds struggling to renew or obtain affordable property coverage areas exposed to extreme weather.

Simon Plummer, principal, EY

As parametrics are not recognized as insurance under prevailing laws, there has been little concrete legislative activity from state insurance departments — and many traditional insurers and parametrics providers are happy to keep it that way for now.

However, according to Clyde & Co partner Vikram Sidhu, members of the insurance industry are in discussions with regulators over how to increase the provision of parametric covers.

“The traditional claims process can be very lengthy and expensive, and regulators recognize that they need to inject funds quickly into their communities when there is a natural catastrophe,” he said.

Parametric product offerings have been launched in California and Florida against earthquake and hurricane risks, respectively. And it may not be too long before other state departments encourage parametric offerings, particularly for consumers.

“Both insurers and insurance regulators will need to be increasingly innovative to help U.S. insureds prepare for the consequences of climate change,” said Sidhu.

4) Artificial Intelligence

In January, the White House issued a draft memo proposing the principles that would shape the future oversight of artificial intelligence across a range of key industries.

AI is playing an increasing role in all areas of insurance, from underwriting to marketing and claims. While there is not yet any hard and firm regulation of the use of this technology, the NAIC’s Innovation and Technology Task Force is working to develop high level guidance.

In 2019, New York’s Department of Financial Services raised concerns that AI could lead to unlawful discrimination and lack of transparency — issues insurers and regulators must tackle in 2020.

“AI is critically important to the insurance business and is developing faster than any regulator can keep up with,” said DLA Piper’s Paran.

“The difficulty is that AI decisions may be so complex or involve so many rating factors that the ultimate decision may be inexplicable. Regulators are asking reasonable questions, such as ‘How do you monitor a computer for bias or discrimination or does the output of AI need to be explainable and if so to whom?’ Insurers do not always have answers that are sufficiently transparent.”

According to the NAIC’s Farmer, regulators are doing all they can do to facilitate the use of new technology in the insurance space — some, such as Connecticut and Kentucky, have even set up Insurtech incubator programs — though consumer protection is still the primary concern.

“I encourage every company with a new tech product to come and sit and talk.”

5) Long-term Care Insurance Rates

This is an oldie, but long-term care insurance rates still top of most regulators’ agendas.

With the cost of long-term care sky rocketing, heavy losses are forcing insurers to sharply up rates. While some states have given insurers free reign, others have attempted to restrict them and others have blocked the hikes altogether.

In an attempt to preserve the balance between insurers’ solvency and the provision of adequate care, and to bring some clarity and consistency to the marketplace, a 40-state NAIC working group has for the past 18 months been honing guidelines for regulators and insurers to work from.

“This remains the number one issue in my state and for at the NAIC level as well,” said South Carolina’s Farmer. “Hopefully by the end of 2020, we will have a clear path forward for companies, regulators and consumers.”

6) Opioids for Injured Workers

Prescribing rates of opioids are falling; according to the California Workers Compensation Institute, the percentage of all prescriptions of opioids to injured workers fell from 30.5% in 2009 to 18% in 2017.

Kathryn Ashton, partner, Clyde & Co

However, the country remains gripped by an opioid addition ‘crisis,’ which remains a top priority for lawmakers across the land.

According to PwC, there are currently more than 90 bills in state legislatures relating to opioid prescribing, though at a federal level, “the John S. McCain Opioid Addiction and Prevention Act [which would limit initial opioid prescriptions to seven days’ supply] will be the one to watch as we move into 2020.”

Given the huge relevance of opioid prescriptions to long-term health care and workers’ compensation claims, insurers and employers will be keeping a close eye on legislation being penned across the country in 2020.

7) Health Data

A crucial subclass within the broader theme of data security is the management of health data, particularly when transferred via emerging channels such as telehealth.


A new bill in Congress, the National Health Strategy and Data Advancement Act, aims to align all federal telehealth programs. However, Gallagher Bassett’s Anderberg pointed out that health industry regulations, including recent updates involving electronic communications to the Health Insurance Portability and Accountability Act (HIPAA), do not apply to P&C claims handlers and other insurance vendors that may deal with much of the same sensitive patient data.

“We deal with patient data in virtually every workers’ compensation claim we touch, and in auto liability claims involving personal injury,” he said.

“While comp is not included under HIPAA, what about other P&C lines and the new, rather tight, HIPAA communication requirements? We have to be on our toes and show good faith in compliance.”

8) Wearables Claims Data

A related issue concerns the growing use of wearables in various sectors to track and measure employee safety and performance.

Rules around the correct handling and protection of data derived from wearables during the claims process are yet to be clarified.

Anderberg warned this data could bear on the AOE/COE determination in comp claims and one such case has already gone to the courts.

“Are we going to get batted back and forth from one court decision to another or can we look for some useful legislative assistance?” he asked.

He also questioned whether certain data from wearables such as vital sign readings, for example, should be considered private personal health information.

“The technology is running way out ahead of the regulation,” he warned.

9) Conduct and Reporting Standards

Updates to conduct, governance and accounting regulations continue to come thick and fast for insurers, an ongoing challenge complicated by the quirks of a 50-state regulatory system.

Globally, the implementation deadline for IFRS 17, while delayed, is still a concern for some insurers, EY’s Plummer told Risk & Insurance. Meanwhile, Global Capital Insurance Standards (ICS), if implemented in the version currently being proposed, will also have a major impact on variable annuity and complementary pension products for U.S. life insurers in particular, he noted.

Mikhail Raybshteyn, deputy leader, EY’s Americas Captive Insurance Services

Life insurers also need to prepare for accounting changes under Targeted Improvements to the Accounting for Long Duration Contracts (LTDI).

“While LDTI has now been delayed to 2022–2024, these changes are likely to impact core systems and processes. Insurers don’t have much time to lose in preparing for these changes,” Plummer explained.

In addition to financial reporting becoming more stringent, recent regulatory actions and proposals have also focused on sales practices.

Complying will require considerable management attention, and with margins and growth rates under pressure, additional investment in compliance will feel burdensome to many insurers.

“A better approach is to define where investments to meet regulatory requirements can also generate meaningful performance improvements,” Plummer suggested.

10) Captive Regulation and Taxation

The perennial scrutiny of captive arrangements continues in 2020, with questions lingering over the state of Washington’s contrarian stance.

Last year, Washington levied taxes on two large captives it deemed to be writing business within its borders without a license. While unusual, this could set a worrying precedent for captives that write across state lines.

“It’s too early to tell if this is an isolated incident as litigation is yet to be opened,” said the NAIC’s Farmer.


Meanwhile, the hardening of the traditional insurance market should keep captive regulators busy as corporations consider writing additional lines of coverage through their captives.

Changes in the U.S. tax rate have introduced structures that take on foreign risk, adding further complexity, while captive owners themselves face increasing requirements regarding reporting, auditing, non-insurance activities and inter-company arrangements.

“Regulators are looking at whether captives have adequate processes and procedures in place to govern in an ever-increasingly complex world,” noted Mikhail Raybshteyn, deputy leader of EY’s Americas Captive Insurance Services.

“The [current focus] is enabling captive growth while making sure appropriate guidelines and regulations are in place to support it.” &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Risk Scenario

The Betrayal of Elizabeth

In this Risk Scenario, Risk & Insurance explores what might happen in the event a telemedicine or similar home health visit violates a patient's privacy. What consequences await when a young girl's tele visit goes viral?
By: | October 12, 2020
Risk Scenarios are created by Risk & Insurance editors along with leading industry partners. The hypothetical, yet realistic stories, showcase emerging risks that can result in significant losses if not properly addressed.

Disclaimer: The events depicted in this scenario are fictitious. Any similarity to any corporation or person, living or dead, is merely coincidental.


Elizabeth Cunningham seemingly had it all. The daughter of two well-established professionals — her father was a personal injury attorney, her mother, also an attorney, had her own estate planning practice — she grew up in a house in Maryland horse country with lots of love and the financial security that can iron out at least some of life’s problems.

Tall, good-looking and talented, Elizabeth was moving through her junior year at the University of Pennsylvania in seemingly good order; check that, very good order, by all appearances.

Her pre-med grades were outstanding. Despite the heavy load of her course work, she’d even managed to place in the Penn Relays in the mile, in the spring of her sophomore season, in May of 2019.

But the winter of 2019/2020 brought challenges, challenges that festered below the surface, known only to her and a couple of close friends.

First came betrayal at the hands of her boyfriend, Tom, right around Thanksgiving. She saw a message pop up on his phone from Rebecca, a young woman she thought was their friend. As it turned out, Rebecca and Tom had been intimate together, and both seemed game to do it again.

Reeling, her holiday mood shattered and her relationship with Tom fractured, Elizabeth was beset by deep feelings of anxiety. As the winter gray became more dense and forbidding, the anxiety grew.

Fed up, she broke up with Tom just after Christmas. What looked like a promising start to 2020 now didn’t feel as joyous.

Right around the end of the year, she plucked a copy of her father’s New York Times from the table in his study. A budding physician, her eyes were drawn to a piece about an outbreak of a highly contagious virus in Wuhan, China.

“Sounds dreadful,” she said to herself.

Within three months, anxiety gnawed at Elizabeth daily as she sat cloistered in her family’s house in Bel Air, Maryland.

It didn’t help matters that her brother, Billy, a high school senior and a constant thorn in her side, was cloistered with her.

She felt like she was suffocating.

One night in early May, feeling shutdown and unable to bring herself to tell her parents about her true condition, Elizabeth reached out to her family physician for help.

Dr. Johnson had been Elizabeth’s doctor for a number of years and, being from a small town, Elizabeth had grown up and gone to school with Dr. Johnson’s son Evan. In fact, back in high school, Evan had asked Elizabeth out once. Not interested, Elizabeth had declined Evan’s advances and did not give this a second thought.

Dr. Johnson’s practice had recently been acquired by a Virginia-based hospital system, Medwell, so when Elizabeth called the office, she was first patched through to Medwell’s receptionist/scheduling service. Within 30 minutes, an online Telehealth consult had been arranged for her to speak directly with Dr. Johnson.

Due to the pandemic, Dr. Johnson called from the office in her home. The doctor was kind. She was practiced.

“So can you tell me what’s going on?” she said.

Elizabeth took a deep breath. She tried to fight what was happening. But she could not. Tears started streaming down her face.

“It’s just… It’s just…” she managed to stammer.

The doctor waited patiently. “It’s okay,” she said. “Just take your time.”

Elizabeth took a deep breath. “It’s like I can’t manage my own mind anymore. It’s nonstop. It won’t turn off…”

More tears streamed down her face.

Patiently, with compassion, the doctor walked Elizabeth through what she might be experiencing. The doctor recommended a follow-up with Medwell’s psychology department.

“Okay,” Elizabeth said, some semblance of relief passing through her.

Unbeknownst to Dr. Johnson, her office door had not been completely closed. During the telehealth call, Evan stopped by his mother’s office to ask her a question. Before knocking he overheard Elizabeth talking and decided to listen in.


As Elizabeth was finding the courage to open up to Dr. Johnson about her psychological condition, Evan was recording her with his smartphone through a crack in the doorway.

Spurred by who knows what — his attraction to her, his irritation at being rejected, the idleness of the COVID quarantine — it really didn’t matter. Evan posted his recording of Elizabeth to his Instagram feed.

#CantManageMyMind, #CrazyGirl, #HelpMeDoctorImBeautiful is just some of what followed.

Elizabeth and Evan were both well-liked and very well connected on social media. The posts, shares and reactions that followed Evan’s digital betrayal numbered in the hundreds. Each one of them a knife into the already troubled soul of Elizabeth Cunningham.

By noon of the following day, her well-connected father unleashed the dogs of war.

Rand Davis, the risk manager for the Medwell Health System, a 15-hospital health care company based in Alexandria, Virginia was just finishing lunch when he got a call from the company’s general counsel, Emily Vittorio.

“Yes?” Rand said. He and Emily were accustomed to being quick and blunt with each other. They didn’t have time for much else.

“I just picked up a notice of intent to sue from a personal injury attorney in Bel Air, Maryland. It seems his daughter was in a teleconference with one of our docs. She was experiencing anxiety, the daughter that is. The doctor’s son recorded the call and posted it to social media.”

“Great. Thanks, kid,” Rand said.

“His attorneys want to initiate a discovery dialogue on Monday,” Emily said.

It was Thursday. Rand’s dreams of slipping onto his fishing boat over the weekend evaporated, just like that. He closed his eyes and tilted his face up to the heavens.

Wasn’t it enough that he and the other members of the C-suite fought tooth and nail to keep thousands of people safe and treat them during the COVID-crisis?

He’d watched the explosion in the use of telemedicine with a mixture of awe and alarm. On the one hand, they were saving lives. On the other hand, they were opening themselves to exposures under the Health Insurance Portability and Accountability Act. He just knew it.

He and his colleagues tried to do the right thing. But what they were doing, overwhelmed as they were, was simply not enough.


Within the space of two weeks, the torture suffered by Elizabeth Cunningham grew into a class action against Medwell.

In addition to the violation of her privacy, the investigation by Mr. Cunningham’s attorneys revealed the following:

Medwell’s telemedicine component, as needed and well-intended as it was, lacked a viable informed consent protocol.

The consultation with Elizabeth, and as it turned out, hundreds of additional patients in Maryland, Pennsylvania and West Virginia, violated telemedicine regulations in all three states.

Numerous practitioners in the system took part in teleconferences with patients in states in which they were not credentialed to provide that service.

Even if Evan hadn’t cracked open Dr. Johnson’s door and surreptitiously recorded her conversation with Elizabeth, the Medwell telehealth system was found to be insecure — yet another violation of HIPAA.

The amount sought in the class action was $100 million. In an era of social inflation, with jury awards that were once unthinkable becoming commonplace, Medwell was standing squarely in the crosshairs of a liability jury decision that was going to devour entire towers of its insurance program.

Adding another layer of certain pain to the equation was that the case would be heard in Baltimore, a jurisdiction where plaintiffs’ attorneys tended to dance out of courtrooms with millions in their pockets.

That fall, Rand sat with his broker on a call with a specialty insurer, talking about renewals of the group’s general liability, cyber and professional liability programs.

“Yeah, we were kind of hoping to keep the increases on all three at less than 25%,” the broker said breezily.

There was a long silence from the underwriters at the other end of the phone.

“To be honest, we’re borderline about being able to offer you any cover at all,” one of the lead underwriters said.

Rand just sat silently and waited for another shoe to drop.

“Well, what can you do?” the broker said, with hope draining from his voice.

The conversation that followed would propel Rand and his broker on the difficult, next to impossible path of trying to find coverage, with general liability underwriters in full retreat, professional liability underwriters looking for double digit increases and cyber underwriters asking very pointed questions about the health system’s risk management.

Elizabeth, a strong young woman with a good support network, would eventually recover from the damage done to her.

Medwell’s relationships with the insurance markets looked like it almost never would. &


Risk & Insurance® partnered with Allied World to produce this scenario. Below are Allied World’s recommendations on how to prevent the losses presented in the scenario. This perspective is not an editorial opinion of Risk & Insurance.®.

The use of telehealth has exponentially accelerated with the advent of COVID-19. Few health care providers were prepared for this shift. Health care organizations should confirm that Telehealth coverage is included in their Medical Professional, General Liability and Cyber policies, and to what extent. Concerns around Telehealth focus on HIPAA compliance and the internal policies in place to meet the federal and state standards and best practices for privacy and quality care. As states open businesses and the crisis abates, will pre-COVID-19 telehealth policies and regulations once again be enforced?

Risk Management Considerations:

The same ethical and standard of care issues around caring for patients face-to-face in an office apply in telehealth settings:

  • maintain a strong patient-physician relationship;
  • protect patient privacy; and
  • seek the best possible outcome.

Telehealth can create challenges around “informed consent.” It is critical to inform patients of the potential benefits and risks of telehealth (including privacy and security), ensure the use of HIPAA compliant platforms and make sure there is a good level of understanding of the scope of telehealth. Providers must be aware of the regulatory and licensure requirements in the state where the patient is located, as well as those of the state in which they are licensed.

A professional and private environment should be maintained for patient privacy and confidentiality. Best practices must be in place and followed. Medical professionals who engage in telehealth should be fully trained in operating the technology. Patients must also be instructed in its use and provided instructions on what to do if there are technical difficulties.

This case study is for illustrative purposes only and is not intended to be a summary of, and does not in any way vary, the actual coverage available to a policyholder under any insurance policy. Actual coverage for specific claims will be determined by the actual policy language and will be based on the specific facts and circumstances of the claim. Consult your insurance advisors or legal counsel for guidance on your organization’s policies and coverage matters and other issues specific to your organization.

This information is provided as a general overview for agents and brokers. Coverage will be underwritten by an insurance subsidiary of Allied World Assurance Company Holdings, Ltd, a Fairfax company (“Allied World”). Such subsidiaries currently carry an A.M. Best rating of “A” (Excellent), a Moody’s rating of “A3” (Good) and a Standard & Poor’s rating of “A-” (Strong), as applicable. Coverage is offered only through licensed agents and brokers. Actual coverage may vary and is subject to policy language as issued. Coverage may not be available in all jurisdictions. Risk management services are provided or arranged through AWAC Services Company, a member company of Allied World. © 2020 Allied World Assurance Company Holdings, Ltd. All rights reserved.

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]