United States: Insurance & Reinsurance

In the US, insurance is regulated almost exclusively at the state or territory (rather than the federal) level. The McCarran-Ferguson Act, passed by the US Congress in 1945, explicitly provides for state regulation of insurance. Each US state and territory (referred to hereafter only as “state”) has its own insurance laws and regulations as well as an insurance or financial services regulator that implements and administers such laws and regulations, which cover every aspect of the insurance business including the sale, solicitation, negotiation, issuance, and delivery of insurance contracts, the collection of premiums, the payment of claims, and all other aspects of the post-issue administration of insurance contracts. Such laws and regulations also cover the licensing and regulation of insurers and insurance producers (e.g., insurance agents, brokers, managing general agents, surplus lines brokers, reinsurance intermediaries, third party administrators, and claims adjusters), including with respect to solvency and financial reporting of insurers, market conduct, premium rates and policy forms, and reinsurance, as well as the activities of unlicensed parties. US insurers are primarily regulated by the insurance department of the state in which they are domiciled but must also comply with all applicable laws and regulations of the other states in which they undertake insurance business.

While the insurance laws and regulations and general principles underpinning them tend to be similar across the states, there can be important differences on various issues among them. However, the 50 US states, the District of Columbia and 5 US territories are members of the National Association of Insurance Commissioners (“NAIC”), which helps harmonize insurance laws, regulations and regulatory efforts across the US on key aspects of insurance regulation. Through the NAIC, the insurance regulators of the US states work to establish standards and best practices for insurance regulation, conduct peer review, and coordinate regulatory oversight.

Notwithstanding the foregoing and the McCarran-Ferguson Act, there are indeed various aspects of insurance business, such as health insurance, that are subject to regulation at the federal level. For example, certain life and annuity products which constitute “securities” under the federal US Securities Act of 1933 are subject to regulation by the US Securities and Exchange Commission.

The US states’ insurance laws and regulations contain many provisions that apply to all insurers across different types of business. For example, requirements for licensing, regulation of transactions with affiliates of the insurer, and provisions regarding market conduct generally apply similarly across different types of insurers.

However, the insurance laws and regulations of the US states also include chapters, sections and provisions that only apply to particular lines of insurance business or types of coverages. For example, life insurance is subject to a range of requirements that apply to the life business only. Similarly, lines such as mortgage insurance and financial guaranty insurance tend to be subject to specific sets of laws and requirements.

Reinsurance tends to be subject to lighter regulation compared to direct insurance as are certain lines of business such as ocean marine.

Insurance intermediaries of all types—including insurance agents, brokers, managing general agents, surplus lines brokers, reinsurance intermediaries, third party administrators, claims adjusters and other intermediaries (usually referred to collectively as insurance “producers”)—are subject to regulation under the insurance laws and regulations of the US states.

Insurance producers must be licensed in their states of domicile as well as in all other states where they may wish to undertake insurance business activities, including the sale, solicitation, marketing, negotiation, placement and administration of insurance contracts. Licensing requirements for individual insurance producers include pre-licensing educational course work, successful completion of written examinations and continuing education after licensing. Licenses are issued for specific lines of insurance products and for the types of insurance producer activities that the applicant wishes to undertake (e.g., insurance agent for property and casualty).

Beyond licensing, insurance producers are subject to additional regulatory requirements, such as the requirement that insurance agents appointed to act for an insurer do so subject to a written agreement and that the insurer notify the states in which the insurance agent will be acting on behalf of the insurer.

In addition, insurance producers must comply with all applicable laws for insurance contracts and insurance business.

An insurer must hold a license in every state in which it wishes to engage in the transaction of insurance business. (See question 6 for certain exceptions.)

An entity wishing to be licensed as an insurer must first apply for a license in its domiciliary state. It can take between 3 to 6 months, and often longer, to obtain a license in the domiciliary state. After obtaining a license in the domiciliary state, the insurer can apply to become licensed in other states (referred to as “expansion” licenses). Although the process for applying for expansion licenses in other states can be relatively straightforward, many states apply “seasoning” requirements; that is, states often require that an insurer wishing to expand its license into their states have a minimum number of years of experience in writing the types of insurance business for which it wishes to obtain licenses in their states.

All states (other than certain territories) have adopted the Uniform Certificate of Authority Applications (“UCAA”) – a system established by the NAIC which streamlines the application process by creating standardized application forms. However, some states have additional filing requirements, and each state performs an independent review of all applications. The UCAA Primary Application, which a newly formed company uses to seek a certificate of authority to do business in its domiciliary state, calls for the disclosure of information related to minimum capital and surplus requirements, statutory deposit requirements, name approval, a plan of operation (which includes financial statements and projections), any holding company financial information, biographical information regarding officers and directors, and other similar matters.

Control of an insurer is heavily regulated. The requirements of the state where the company is or will be domiciled govern. Under the insurance laws and regulations of the US states, any party owning more than 10% of an insurer, directly or indirectly, or having other indicia of control such as through management agreements, is usually subject to regulation as a controlling person of that insurer, although it can be possible to submit a disclaimer of control which request must be approved by the insurer’s domiciliary state. However, even if such a disclaimer is approved, the party disclaiming control remains subject to certain applicable insurance laws and regulations.

Controlling persons are subject to various filing and disclosure requirements upon the establishment of a new insurer and acquisition of control of an insurer (including indirectly through the acquisition of the holding company or an intermediate parent company of the insurer). For example, any party wishing to acquire control of an insurer or an insurance holding company must file an application for approval of the acquisition of control (a “Form A” application) with the domiciliary state of the insurer along with the required information regarding the applicant and its affiliates including all individuals who are directors, officers and greater than 10% owners of the applicant.

After the acquisition of control is approved, controlling persons become subject to a full range of “insurance holding company” laws, which govern ongoing filing and disclosure requirements regarding the controlling persons, affiliated transactions between the controlled insurer and its affiliates within the controlling group, and other matters.

There are generally no restrictions on foreign ownership, other than direct or indirect control by foreign governments.

Unlicensed insurers may apply to become eligible to insure risks from insureds in the US states on a surplus lines basis. Any surplus lines insurance placements must be done in accordance with applicable laws, including such placements having to be made through a licensed surplus lines broker and with the submission of required filings and payment of surplus lines premium tax for each surplus lines insurance policy. However, as a general matter, surplus lines insurance policies are not subject to the broad range of laws and regulations that otherwise apply to insurance contracts, such as the requirement to file premium rates and insurance contract forms with the states for most types of coverages.

Surplus lines insurance may only be placed for risks that licensed insurers in the state are unable or unwilling to insure. As a general matter, the surplus lines laws allow for surplus lines placements if the surplus lines broker is unable to obtain coverage for the insured from licensed insurers after conducting a diligent search (i.e., canvassing a certain number of licensed insurers to check whether they would be willing to insure the given risk). Many states also maintain lists of particular coverages and risks that may be placed on a surplus lines basis without a diligent search because licensed insurers are understood to be unable or unwilling to cover them. In addition, coverages may be placed directly on a surplus lines basis even if the coverage is potentially available from licensed insurers if the insured is an “exempt commercial purchaser”, which is defined under US federal law to mean large commercial insureds that meet certain criteria for revenues, employees, annual premiums paid and risk management.

In addition to surplus lines, unlicensed insurers can assume risks from the US states through a few other avenues. US insureds generally have the right to go out of their state to directly procure insurance from insurers that are not licensed in their state, subject to the payment of direct procurement taxes in the state of the insured and subject to the insurer not undertaking insurance business activities in the state of the insured. Many states also allow “industrial insureds” (which are typically defined in a similar way as “exempt commercial purchasers” discussed above) to buy insurance coverages from unlicensed insurers and have other exemptions for certain lines such as ocean marine.

Finally, many US states do not require an insurer to hold a license in state in order to undertake reinsurance business within their jurisdiction. However, this exemption is found in many variations in the different states, such that it is prudent to consider the specific laws and regulations of a given US state before undertaking reinsurance business activities in that state without a reinsurer license. From the perspective of US ceding insurance companies, they are allowed to obtain reinsurance coverages from unlicensed reinsurers. However, unlicensed reinsurers must usually post collateral such as in the form of letters of credit or trust accounts satisfying the regulatory requirements for credit for reinsurance in the domiciliary state of the ceding company.

Unlicensed reinsurers can apply for certain types of status or recognition in the states (such as “accredited reinsurers”, “certified reinsurers”, and reinsurers from certain “reciprocal jurisdictions” including the EU and the UK), for which the qualifications usually depend on factors such as the domiciliary jurisdiction of the reinsurer, its minimum capital and surplus, and its financial ratings. Such status or recognition can mean that the unlicensed reinsurer may not need to post any collateral or may only be required to post a certain percentage of the collateral that an unlicensed reinsurer would otherwise need to post to allow its US ceding companies to receive credit for the reinsurance on their statutory financial statements.

A US branch of an alien (i.e., non-US) insurer is subject to the similar license requirements, financial and solvency regulation, market conduct rules and other requirements that apply to insurers domiciled in the US. Additionally, certain states require alien insurers to hold assets in a trust account at an acceptable US financial institution for the protection and benefit of US policyholders and creditors.

Non-US insurance intermediaries are generally not able to set up US branches and must instead have a US entity to become a licensed insurance producer in the US.

Persons or entities that sell insurance policies or engage in other regulated insurance activities without a license in a state may be subject to monetary penalties. State regulators may also issue orders prohibiting them from engaging in insurance activities in their state. Persons or entities operating without a license may also be subject to criminal prosecution depending upon the nature of the activities in which they are engaged and the applicable statutes in the relevant states.

Enforcement of insurance laws and regulations by insurance regulatory authorities is robust across the US states, although it varies depending on the state in which any infraction takes place as well as other factors including the nature, severity, and scope of the infraction and the harm that it causes. Regulators have a broad array of enforcement actions that they may take in response to violations of their states’ laws, including monetary penalties, the suspension or revocation of licenses, issuance of cease and desist orders, and criminal prosecution for certain violations. State insurance regulators have broad powers to examine and investigate licensed persons and entities as well as to pursue actions against unlicensed parties.

The key areas of focus for enforcement of insurance laws and regulations vary including based on specific issues of concern due to public policy and consumer considerations at any given time. However, as a general matter, the states’ insurance regulators seek to enforce all applicable insurance laws and regulations.

Insurers in the US are subject to a broad range of capital and surplus requirements as well as financial solvency regulation. In addition to minimum capital and surplus requirements, insurers are subject to risk-based capital (“RBC”) requirements, which take into account various risk factors such as credit, asset, underwriting, and other risks (e.g., interest rate risk). The RBC rules require an insurer with a higher amount of risk to hold a higher amount of capital.

States monitor insurers’ solvency in various ways. Among the primary monitoring tools is the requirement that insurers file quarterly and annual financial statements with state insurance departments that include substantial details regarding insurers’ assets, investments, liabilities, and income. Other tools include the mandatory submission by insurers to annual audits by independent certified public accountants and periodic examinations by state regulators.

If an insurer’s capital falls below certain specified levels, insurance state regulators have the statutory authority to take certain actions and impose certain controls. Depending on the financial state of an insurer, it might eventually be placed into receivership, rehabilitation or even liquidation proceedings. Insurer insolvency proceedings are handled under state insurance laws and under the jurisdiction of state courts.

The discussion above regarding solvency regulation of insurers applies also to licensed reinsurers.

There are no uniform minimum capital requirements for insurers across the US states. Instead, each state sets the minimum level of capital and surplus that insurers are required to maintain. The minimum capital and surplus requirements depend on the types of business that a company writes with different requirements typically set for property and casualty, life, accident and health, and other lines of insurance. Under the RBC approach discussed above, insurers are required to maintain additional capital and surplus levels beyond the minimum requirements based on various risk factors applicable to their business and operations.

Every US state has separate guaranty funds that protects policyholders from the insolvency of life and health insurers as well as property and casualty insurers. Certain lines of insurance such as financial guaranty, mortgage guaranty, credit and ocean marine as well as reinsurance are not covered by the guaranty funds.

The guaranty funds are overseen and run by each state’s regulator and are usually operated by a not-for-profit association. Membership in a state’s guaranty fund association is often compulsory for insurers licensed to do business in that state for the lines of business covered by the guaranty fund, and member insurers are required to make periodic payments into the guaranty fund.

The claim payouts to insureds by guaranty funds are often subject to limits under the state insurance laws in order to ensure that the fund remains solvent. In addition, guaranty fund protections do not protect large commercial insureds exceeding state-specific thresholds.

Insurance holding companies and groups are subject to a broad range of insurance laws and regulations, including as discussed above in question 5. Following the 2008 financial crisis, the NAIC and the US states have developed additional group supervision mechanisms and requirements, which is often referred to as the “windows and walls” approach–i.e., windows into the activities of group members through which regulators can monitor the potential impact of such activities on insurance companies, and walls between group members to protect insurance company capital. Group supervision also includes communication between regulators and “supervisory colleges”, disclosure and filing requirements for group information, enforcement and group capital assessments. For example, insurers must file an annual enterprise risk report identifying risks within their holding company systems.

Additionally, the NAIC adopted amendments to its model holding company system law to facilitate a group capital calculation (“GCC”). The GCC is designed to assist state insurance regulators in identifying risks which may arise within an insurer’s holding company system by, for example, providing regulators with insight into the financial condition of non-insurance entities within a holding group, how capital is distributed across an entire group, and whether and to what degree insurers may be supporting the operations of non-insurance entities within their holding group.

The US states require that directors, executive officers, and owners of 10% or more of the voting securities of insurers as well as controlling parties within the insurance holding group submit certain biographical information, pass background checks, and be approved by state insurance regulators.

Senior managers may be held personally liable for regulatory breaches for certain violations of insurance laws and regulations in the US states, especially if the senior managers engage in fraud or other intentional misconduct.

Most states do not impose minimum presence requirements in order to undertake insurance activities in their jurisdictions. However, licensed insurers and insurance producers are subject to requirements that typically translate into necessitating a certain minimum presence in their domiciliary states, although the minimum presence needed to satisfy regulatory requirements can vary among the states.

Any outsourcing of services by insurers must comply with the broad range of insurance laws and regulations that apply to insurers, including with respect to cyber security, data privacy and protection, maintenance of books and records, and contracts with insurance producers.

Insurers in the US are expected to have business continuity and disaster recovery plans, which are reviewed by regulators as part of ongoing risk assessment of insurers.

The insurance laws and regulations of the US states contain detailed requirements and restrictions with respect to the kinds and amounts of the assets in which an insurer is permitted to invest, which vary depending on the type of insurer (such as property and casualty versus life). As a general matter, permitted investments are restricted to certain safe and highly liquid asset classes such as US Treasury bills and there are limitations on other types of investments. Only those investments which are permitted by US state insurance laws and regulations count as admitted assets for purposes of insurers’ capital and surplus requirements.

Each state regulates insurance sales practices and marketing within its jurisdiction. State laws often require certain terms and conditions to be included in, or omitted from, insurance policies. The types of terms and conditions vary by state and line of business, but generally they relate to the aspects of insurance contracts such as cancellation and renewal and notice of loss requirements.

State insurance laws also prohibit insurers from unfair and discriminatory market practices such as selling, underwriting, or adjusting claims based on impermissible factors, including a policyholder’s race, religion or credit history. In addition, the US state insurance laws and regulations contain detailed requirements and restrictions on advertising and marketing of insurance products–i.e., requiring that insurance advertisements be truthful, not misleading, and not omit material facts. Additionally, insurers and insurance producers are restricted from offering (potential) insureds rebates or other inducements for the purchase of insurance (which includes, for example, sharing a commission with a prospective insured or giving a prospective insured anything of value which is not specified in the insurance policy other certain statutorily-specified amount or permissible benefit); the policies and regulation of rebates and inducements are being reconsidered and updated by many states at this time.

Additionally, courts have also interpreted terms to be implied in policies. For instance, some courts have implied into policies a duty on the part of insurers to carry out their policy obligations in good faith and deal fairly and honestly with their policyholders. Various states may recognize a cause of action against insurers (independent and separate from breach of contract claims) for violations of their duty of good faith and fair dealing, allowing insureds to seek exemplary or punitive damages beyond the limits of a policy.

The states generally view a communication made to their residents via e-mail, the internet or other electronic means as being the same as communication made via traditional media for purposes of the relevant licensing and other insurance regulatory requirements. Therefore, solicitations and other sales activities conducted online from out-of-state are generally subject to the same requirements as sales activities undertaken in state.

Insurance policies issued to individual consumers tend to be much more heavily regulated under the US states’ insurance laws and regulations than most commercial policies, especially insurance policies that are issued to large commercial insureds. Many states have rules protecting personal lines policies issued to individual consumers. These rules vary from state to state but may include protections limiting insurers’ abilities to cancel policies, requiring certain minimum levels of benefits/coverage and restricting the use of mandatory arbitration clauses.

With respect to pricing of insurance products, most coverages offered to consumers are subject to states’ insurance regulatory requirements that the premiums to be charged for insurance coverages be filed with the states for their review and approval. Moreover, anti-rebating and inducement restrictions as discussed in question 19 are another way in which states regulate pricing of insurance products for consumers.

Insurance coverage lawsuits may be brought in state or federal courts in the US. Federal courts, however, may preside over insurance disputes only in certain circumstances, including, for instance, where the amount in controversy is $75,000 or more and there is a complete diversity of citizenship between the parties to the lawsuit (i.e., the plaintiff and defendant are from different states or countries). Courts’ knowledge and experience in handling insurance coverage disputes varies by state and locality within a state. Courts in states with larger commercial centers, such as New York, California, and Illinois, typically have numerous insurance coverage disputes pending on their dockets. Some states have established courts to handle complex commercial cases, including insurance coverage cases that exceed various minimum amounts in dispute.

The period of time it takes for coverage cases to be resolved depends on the jurisdiction in which a case is brought as well as the type and number of issues and parties involved. The length of time may also depend upon the individual judge assigned to preside over the case.

Alternative dispute resolution is well-established in most states. Arbitration clauses, where permissible under state law (see below), are frequently found in insurance policies. As a general rule, courts favor allowing arbitration, and any doubt as to whether a dispute is arbitrable is generally resolved by courts in favor of arbitration. Courts will rarely interfere with an ongoing arbitration proceeding, and it is very difficult in most states to overturn an arbitration award.

However, a number of states have laws prohibiting or limiting the enforceability of mandatory arbitration clauses in certain types of insurance policies. Many, but not all, courts have upheld these laws and ordered insurers to litigate rather than arbitrate coverage disputes with their policyholders.

In addition, courts often encourage parties to mediate their disputes. Many courts have discretionary authority to compel the parties to mediate and/or have mandatory mediation programs for certain cases based on the type of case or the monetary amount. In some jurisdictions, courts will impose adverse cost sanctions on parties who unreasonably refuse to comply with mandatory mediation procedures.

The US states’ insurance laws have historically not allowed for statutory transfer mechanisms for sales or transfers of books of insurance or reinsurance business. As a result, parties wishing to sell or transfer books of legacy insurance business have used approaches such as loss portfolio transfers through reinsurance. However, recently several states have enacted restructuring mechanisms such as Insurance Business Transfers (“IBTs”) and corporate divisions, although the details regarding requirements and restrictions for such mechanisms differ among the states that have adopted them.

An IBT can allow the transfer and novation of legacy business from the seller to an assuming insurer without the need to obtain policyholder consent. IBTs are now permitted, in various forms and subject to different requirements and restrictions, in states such as Arizona, Oklahoma, Rhode Island and Vermont.

In a corporate division, an insurer divides into 2 (or more) insurance companies and, depending on the state, creates isolated blocks of business for sale to third parties. The allocation of assets and liabilities for the blocks of business divided between the resulting insurers after the corporate division occurs without policyholder consent. States that have adopted statutes allowing insurance companies to engage in corporate divisions include Arizona, Connecticut, Illinois, Michigan and Pennsylvania.

Among the primary challenges to forming new insurers is complying with the laws and regulations of up to 50 states and the territories where a new insurer would like to write business. Other challenges include raising and maintaining sufficient capital and surplus requirements as well as competing against well-established and trusted competitors.

Although most, if not all, states’ insurance regulators are generally welcoming of new market entrants (who are, of course, expected to set up their new businesses in compliance with applicable laws and regulations), various states are understood as being more favorable jurisdictions for newcomers than others.

Digital innovation in the insurance industry has taken off rapidly in the US in the last 5-10 years or so. Initially, digital innovation was primarily undertaken by newcomer “insurtechs”. However, most incumbent insurers have come to engage in digital innovation themselves, including by entering into partnerships with startup insurtechs. Every aspect of the insurance business and relationship, from sales and marketing to administration of insurance contracts, is being revolutionized by digital innovation, although most of the changes thus far have been concentrated primarily on the consumer and small and medium enterprises part of the insurance market. The COVID-19 pandemic has led to further innovation and implementation of new ways of doing insurance business as the insurance industry has had to adjust to the restrictions brought about by the pandemic.

Digitization of insurance sales and claims handling has been increasing rapidly across the US as part of the digital innovation discussed above. US insurance regulators favor such digitization as a way to modernize the insurance industry and deliver benefits of digitization to insureds and the insurance marketplace. At the same time, the regulators also continue to remain focused on enforcing the insurance laws and regulations, which apply as a general matter to digitized insurance sales and claims handling in the same way as to traditional ways of selling and administering insurance. A few states have had more robust regulatory support for digitization and innovation such as through insurtech innovation “sandboxes”.

Insurers’ use of customer data is subject to a patchwork of US federal and state laws and regulations. With respect to US federal laws, the Fair Credit Reporting Act (“FCRA”) regulates the use of consumer credit reports by insurance companies and provides consumers with certain rights in the event of an adverse underwriting decision based on such reports; the Gramm-Leach-Bliley Act (“GLBA”) requires the implementation and disclosure of certain privacy practices as regards nonpublic personal information held by insurers; and the Health Insurance Portability and Accountability Act (“HIPAA”) imposes significant privacy and security obligations on health insurers relating to the protected health information of insureds.

In addition to the foregoing, insurers are also subject to US state privacy and cybersecurity laws. States typically require insurers to disclose and use a privacy policy and to notify affected insureds in the event of an information security breach. However, certain states have implemented more demanding privacy and security requirements. For example, California provides consumers with the right to access their personal information which is held by insurers operating in California (subject to certain conditions), require that such insurers delete their personal information, opt out of the sale by such insurers of their personal information, and be free of discrimination when exercising any of the foregoing rights. New York has adopted a cybersecurity regulation, which imposes comprehensive obligations on insurers, insurance producers, and other insurance industry participants licensed by the New York Department of Financial Services to protect information systems and the non-public information stored on such systems, including by maintaining a cybersecurity program and by developing cybersecurity policies regarding information security, data governance, asset inventory and device management, access controls and identity management, business continuity and disaster recovery planning, and systems and network operations (among other things). Other states have adopted similar cybersecurity regulations that are based on the NAIC’s Data Security Model Law.

As a general matter, US federal and state data security and privacy laws do not impose additional restrictions or requirements specifically on the transfer by an insurer of customer data overseas. However, the customer data must be handled and protected in accordance with applicable laws. As discussed in question 28, insurers are subject to various laws and regulations with respect to the use and disclosure of customer data, which impose various requirements with respect to the sharing of customer data and apply to disclosures made by an insurer overseas. For example, HIPAA prohibits covered entities (including health insurers) from disclosing “protected health information” to a business associate – i.e., a third party which performs certain services for a covered entity that involve access to protected health information – other than pursuant to a business associate agreement and solely for HIPAA-compliant purposes.

Insurers in the US are subject to a patchwork of ESG regulatory requirements and oversight. For example, the NAIC has recently adopted a disclosure framework for insurers aligned with the Task Force on Climate-Related Financial Disclosures (TCFD), which will apply for insurers required to complete the NAIC Climate Risk Disclosure Survey (as is currently required by 15 US states, including California, Connecticut, Delaware, Massachusetts, New York, Pennsylvania, and Washington). Similarly, the NAIC’s Special (EX) Committee on Race and Insurance is considering issues such as race, diversity, and inclusion within the insurance sector and access to insurance products, while states like New York have issued regulatory guidance on diversity, equity and inclusion.

The US insurance market remains the largest and most sophisticated in the world. In the recent past, various types of coverages have experienced especially rapid growth. A few examples of such rapidly growing coverages include cyber insurance, pet insurance, and representations and warranties insurance in mergers and acquisitions transactions. The COVID-19 pandemic and the post-pandemic period will likely see many new opportunities for insurance coverages and businesses in the US. In addition, climate change and responses thereto, including the further development of new energy sources and technologies, are also expected to drive the development of new insurance products and markets.