Sweeping federal legislation passed in the wake of September 11 has had significant impact on the insurance industry, but few details have been provided regarding implementation requirements, audits or enforcement. The result is a seemingly endless stream of new federal guidelines and regulations to further define the legislation.
Although they were passed in October 2001, Presidential Executive Order 13224 and the USA Patriot Act are still not well defined or understood. Property & casualty insurers still have unanswered questions about the Terrorism Risk Insurance Act of 2002.
Pending legislation, such as optional federal chartering, remains on the legislative docket. With the federal governments lack of experience in insurance regulation, there is ample opportunity for confusion and also for conflict with state regulation.
Compliance with the federal legislation necessitates major changes in business processes, IT systems, organizational structure and insurance products. Insurers need to be prepared to quickly and effectively comply with new regulations and those that are bound to follow.
However, many in the industry have not taken action. For example, many companies believe they are exempted from OFAC (Office of Foreign Assets Control) compliance, which applies to all U.S.-based entities. Anti-money-laundering provisions of the USA Patriot Act have major implications for life insurance IT systems, but some insurers have ignored the proposed regulations, waiting for the deferred final regulations before making any plans for compliance.
Similarly, the Terrorism Risk Insurance Act of 2002 was effective immediately upon its passage, leaving many insurers out of compliance, with major product and pricing questions still to be resolved.
The combination of legislative lack of definition and the significant impact of these laws across insurance organizations creates serious problems. No longer can compliance be thought of as a reactive process. Insurers must change their thinking and be proactive.
Compliance requires input from many functions within the organization including customer service, underwriting, claims, finance, actuarial, IT, legal and compliance. These areas need to work together proactively to understand the effect that current and future legislation will have on their businesss products, processes, organizational structure and IT systems and to determine a reasonable and cost-effective solution for legislative compliance.