With emphasis on transparency, carriers must maintain paper trail to avoid penalties

From Eliot Spitzer probes to the evolving landscape of individual state laws and regulations, the face of records management is changing rapidly, and insurers that fail to keep pace might confront fines, penalties, judgments and other consequences.

Insurers have long been aware of state records retention requirements. However, while state auditors can target record retention practices, penalties for failure to comply in the past have been rare enough that strict compliance may have been a low priority for some.

Now, with investigators and regulators focusing upon “transparency” in the financial services industry, the potential consequences for failure to maintain an adequate paper trail properly can lead to serious financial–if not criminal, consequences.

Sarbanes-Oxley Impact

As with most insurance regulations, insurer records retention requirements vary by state, with some having passed legislation and others promulgating regulations and/or guidelines through the insurance department.

These rules set time limits for the retention of various categories of documents maintained by insurance companies, such as policies, claim files, licensing records and financial records. Some states break down these and other categories into numerous specific subcategories.

Generally, the minimum retention period is anywhere from five to 10 years. Some states set guidelines for what constitutes adequate maintenance of records, while others specifically require the adoption of a records retention plan.

While failure to comply with these rules may in some instances result in little more than a few lines on a market conduct examination report, the scrutiny of state insurance departments on records retention issues may increase if the National Association of Insurance Commissioners decides to adopt, as part of its model audit rule, provisions similar to those of the Sarbanes-Oxley Act.

Since 2002, the Sarbanes-Oxley Act–including its provisions relating to records retention and documentation of internal controls–has applied to publicly traded insurers. Depending upon what, if any, parts of the Sarbanes-Oxley Act are incorporated into the NAIC model rule, compliance may become a concern for privately held and mutual insurance companies, as well.

While a failure to comply with records retention requirements may not lead to dire consequences by itself, the underlying purpose of the requirements is to be able to document and justify the company’s actions.

With New York Attorney General Eliot Spitzer’s office and other agencies launching probes into finite reinsurance transactions and bid-rigging between brokers and their insurance company partners, it is clear that more and more transparency will be required concerning the finances and operations of the insurance industry.

Thus, insurance companies need to be especially vigilant in maintaining records of their actions in a manner that will allow for appropriate disclosure to investigators.

Preservation Of Evidence

Even if a company has not engaged in financial wrongdoing, it may still find itself vulnerable to stiff fines or criminal penalties if, when faced with a threatened probe or litigation, it fails to preserve potential evidence.

One prominent example is Arthur Andersen’s conviction for obstruction of justice resulting from its document shredding policy in the face of a Department of Justice probe into Enron, now on appeal before the U.S. Supreme Court. While the Supreme Court may overturn the conviction, the damage to Arthur Andersen is already done.

There have been other cases where, even in the absence of clear wrongdoing, companies have faced stiff penalties for failing to preserve documents and electronically stored data in the face of an investigation.

Not only does the failure to preserve evidence bring with it the potential for criminal penalties, but it often results in adverse inferences that harm a company’s position relating to the subject matter of the litigation or investigation.

In the context of litigation, it should be noted that proposed revisions to Rules 26 and 34 of the Federal Rules of Civil Procedure would specifically incorporate electronically stored data into the definition of discoverable evidence and potentially ease the discovery of such evidence.

The proposed rules also allow for broad protective orders relating to the preservation of evidence, and records retention polices need to be flexible enough to comply with such potential directives.

Implementing A Policy

Existing records retention policies generally break down documents by type or subject matter, and provide tables showing the retention periods for each type of document or file.

Determining the appropriate retention period for a given class of documents may be complicated by the number of potentially applicable laws, regulations and business considerations. Moreover, the policy must strike the appropriate balance between which specific types of documents should be kept and which discarded.

The cost of implementing a document retention policy is large enough–the cost of paying lawyers to sift through unnecessary piles of documents once litigation commences should be cut down to the extent possible by clear guidelines regarding document destruction.

The major challenge for most insurers is in creating the plan to implement the policy, which is also where the real costs begin. It is no longer sufficient merely to compare the costs associated with onsite storage of paper documents to the costs of archiving them elsewhere.

The management of electronic data is an immense challenge, particularly in the face of changing media and technologies. An inventory of all potential sources of electronically stored data should be undertaken as a starting point. From there, it is often a matter of what the latest technology can provide.

For example, the market offers competing e-mail and instant messaging storage and archiving systems, some of which are specifically geared to track and implement compliance objectives automatically under various laws and regulations. This is in addition to the usual safeguards against the theft, corruption or loss of electronic data, such as virus-protection software, firewalls, encryption technology and backup systems in the event of system failure.

Despite the best information technology has to offer, it is likely that employees will be left with making decisions respecting which records to maintain and which to discard. Insurers should delegate document retention authority among different departments and maintain reporting and auditing structures.

Ultimately, to be effective, appropriate document retention and destruction practices should be incorporated into the daily routine of the company.

Dan H. Wright is an associate in the Insurance and Reinsurance Department of Edwards & Angell in Providence, R.I., a national law firm focusing on private equity and venture capital, financial services and technology. He may be reached at DWright@EdwardsAngell.com.

Caption For Shredder Pic

Even if an insurer has not engaged in wrongdoing, it may still be vulnerable to stiff fines or criminal penalties if, when faced with a threatened probe or litigation, it fails to preserve potential evidence.