Industry Issues | ERM & Emerging Risks

State Legislative/Regulatory News

New Hampshire Enacts SB-194, Insurance Data Security Law
NH establishes standards for data security, the investigation of a cybersecurity event, and notification of a breach to the insurance commissioner.

Delaware Enacts The Insurance Data Security Act
DE establishes standards for data security for Insurance Code licensees, and standards for the investigation of and notification to the Commissioner of a cybersecurity event affecting licensees.

Alaska Enacts Corporate Governance Annual Disclosure Act
AK House Bill 78 requires insurers or insurance groups domiciled in the state to file a CGAD.

Connecticut Enacts HB-7424, Insurance Data Security Law
The state's budget bill enacts the Insurance Data Security Law and takes effect October 1, 2020.

Mississippi Issues Compliance Guide for Insurance Data Security Act
MS DOI issues bulletin 2019-4 to guide compliance with MS Senate Bill 2831, the Insurance Data Security Act (effective July 1, 2019).

Ohio Omnibus Bill Enacts NAIC Insurance Data Security Model Law
Senate Bill 273 was signed by the governor on Dec. 19, with effective date March 20, 2019.

Michigan Enacts NAIC Insurance Data Security Model Law
Michigan enacted House Bill 6491, the NAIC's Insurance Data Security Model Law, and House Bill 6406, which preempts entities and persons regulated pursuant to the Insurance Code from the Identity Theft Protection Act.

Rhode Island DBR Issues Insurance Bulletin 2018-17, Blockchain Technology
The Rhode Island Department of Business Regulation Insurance Division (DBR) has issued Bulletin 2018-17 regarding Use of Distributed Ledger Technology in Insurance. 

California DOI encourages insurers to join FS-ISAC to share cybersecurity information
On October 31, 2018, CDI Commissioner Dave Jones sent a letter to insurer CEOs encouraging them to join and participate in the Financial Services Information Sharing and Analysis Center.

South Carolina DOI Publishes Second Bulletin on Data Security Act
The South Carolina Department of Insurance has issued Bulletin 2018-09 Cybersecurity Event Reporting Form. This is the second bulletin issued regarding implementation of the South Carolina Insurance Data Security Act.

South Carolina Insurance Data Security Act, Regulatory and Issues Update
The SC DOI will host an informational meeting regarding its Insurance Data Security Act (IDSA) in September. This bulletin also looks ahead to some potential legislation in 2019 and provides an update on a regulatory issue. 

Sweeping California Consumer Privacy Bill (AB 375) Approved by Governor
The Consumer Privacy Act requires companies to disclose how they will use data collected from consumers, and consumers can ask businesses to delete information from their databases. The law will take effect in 2020.

South Carolina DOI Publishes Bulletin on Insurance Data Security Law
SC DOI Bulletin 2018-2 is the first in an expected series, providing information regarding the state's enactment of the NAIC's Insurance Data Security Model Law. 

South Dakota Adopts ORSA Guidance Manual
The SD Department of Labor and Regulation/Division of Insurance has adopted SDCL 20:06:09 , which adopts the NAIC ORSA Guidance Manual, 2014 edition. The  ... more >

New York DFS Issues Guidance Related to the Equifax Data Breach

New York DFS Posts FAQs on the Cybersecurity Requirements for Financial Services Companies Regulation

North Carolina Adopts NAIC's ORSA Model Act
NC HB 383 adopts the NAIC ORSA Model Act which requires an insurer to conduct an ORSA at least annually when there are significant changes to its risk profile. The law has ... more >

News Article: Extracting Business Value via ORSA

South Carolina Enacts ORSA Bill
South Carolina enacted SB 254, which requires domiciled insurers to conduct an Own Risk and Solvency Assessment. The bill is effective January 1, 2018.

Utah Enacts HB 42 to Amend Insurance Code, Adopt ORSA Model Act
Utah has enacted House Bill 42 which modifies numerous provisions of the insurance code, including adoption of the NAIC ORSA Model Act. This bill becomes effective May 9, 2017.

West Virginia Enacts Own Risk And Solvency Assessment Bill
West Virginia enacted HB2619, adopting the Risk Management Framework and ORSA Act. The bill was signed by the governor on April 26, 2017, and is effective January 1, 2018.

Idaho Enacts NAIC's ORSA Model Act
Idaho has enacted House Bill 100, which adopts the NAIC Risk Management and ORSA Model Act. The bill was approved and signed by the governor on March 20, 2017 and is effective ...

California To Hold Public Hearing Regarding Regulation of Autonomous Vehicles
The California Department of Motor Vehicles has proposed amendments to certain rules to include the testing of vehicles that do not require the presence of a driver inside the ...

South Dakota Exempts Certain Unmanned Aircraft Systems
South Dakota enacted Senate Bill 22 by creating new provisions in Section 1 50-11-8 and 50-11-9 that exempts unmanned aircraft or drones from requirements to be registered ...

Mississippi Adopts NAIC's ORSA Act
Mississippi has enacted SB 2298 which adopts the NAIC’s Own Risk and Solvency Assessment (ORSA) Model Act. The ORSA provisions take effect on January 1, 2018. 

South Dakota Enacts NAIC's ORSA Model Act
South Dakota has enacted HB 1060 which adopts the NAIC’s Risk Management and Own Risk and Solvency Assessment (ORSA) Model Act. The law will become effective ...

New York Department of Financial Services Adopts First-in-the-Nation Cybersecurity Regulation
The New York DFS has adopted amendments to 23 NYCRR 500 which establishes cybersecurity requirements for financial services companies, such as insurance companies. The ...

PCI submits comment on revised New York DFS Cybersecurity Requirements for Financial Services Companies
PCI raises concern about the significant burdens, costs and compliance difficulties posed by the proposed regulation.

Massachusetts Enacts ORSA Bill
Massachusetts has enacted Senate Bill 2517, which adopts the NAIC Risk Management and Own Risk and Solvency Assessment (ORSA) model act. The bill requires insurers ...

Oregon Adopts ORSA Guidance Manual
The Oregon Department of Consumer and Business Services has adopted OR ADC 836-011-0030, which adopts the NAIC Own Risk and Solvency Assessment (ORSA) Guidance ...

New York DFS Publishes Revised Proposed Cybersecurity Regulation
The revised regulation places greater emphasis on a risk-based approach to cybersecurity, and includes substantial revisions to sections on third party vendors, encryption of nonpublic ...

New York DFS Proposes Cybersecurity Requirements for Financial Services Companies
The New York DFS has issued proposed regulations, which establish cybersecurity requirements for financial services companies. PCI anticipates an official publication of ...

State Mandated Terrorism Data Call
The deadline for responding to the state terrorism insurance data call has been extended to November 1, 2016. PCI has obtained some clarifying advise from state regulators ...

Hawaii Enacts SB 2853 Adopting ORSA Amendments
Hawaii has enacted Senate Bill 2853 which adopts the NAIC Risk Management and Own Risk and Solvency Assessment (ORSA) Model Act. This bill became effective June 29, 2016.

Alabama Adopts NAIC's ORSA Model Act
Alabama has enacted Senate Bill 170 which adopts the National Association of Insurance Commissioner's Risk Management and Own Risk and Solvency ... 

Florida Adopts NAIC's ORSA, Corporate Governance Acts
Florida has enacted Senate Bill 1422 which adopts the National Association of Insurance Commissioners' Own Risk and Solvency Assessment Model Act and the Corporate ...

Arizona Enacts HB 2188, ORSA Model Law
Arizona has enacted House Bill 2188, requiring an insurer to maintain a risk management framework, conduct an ORSA and file an ORSA summary report. This bill becomes ...

Colorado Enacts ORSA Requirements
Colorado has enacted Senate Bill 29 enacting the ORSA insurance laws necessary to maintain accreditation with the National Association of Insurance Commissioners (NAIC).