New York Codes, Rules and Regulations
Title 11 - INSURANCE
Chapter IV - Financial Condition Of Insurer and Reports to Superintendent
Subchapter A - Rules of General Application
Part 82 - Enterprise Risk Management And Own Risk And Solvency Assessment
Section 82.2 - Enterprise risk management
Universal Citation: 11 NY Comp Codes Rules and Regs ยง 82.2
Current through Register Vol. 46, No. 39, September 25, 2024
(a) Pursuant to Insurance Law sections 1503(b), 1604(b), and 1717(b), an entity shall adopt a formal enterprise risk management function that identifies, assesses, monitors, and manages enterprise risk. Except as provided in subdivision (c) of this section, a domestic insurer that is not a member of a holding company system, an article 16 system, or an article 17 system also shall adopt such a formal enterprise risk management function. The enterprise risk management function shall be appropriate for the nature, scale, and complexity of the risk and shall adhere to the following, as relevant:
(1) have an objective enterprise risk
management function headed by an appropriately experienced individual with the
requisite authority and who has access to the board of directors, or if there
is no board of directors, then the governing body, and senior
management;
(2) have a written risk
policy adopted by the respective board or a committee thereof, or if there is
no board of directors, then the governing body, that delineates the insurer's,
holding company system's, article 16 system's, or article 17 system's
risk/reward framework, risk tolerance levels, and risk limits;
(3) provide a process for the identification
and measurement of risk under a sufficiently wide range of outcomes using
techniques that are appropriate to the nature, scale, and complexity of the
risks the insurer, holding company system, article 16 system, or article 17
system bears and are adequate for capital management and solvency
purposes;
(4) have a process of
risk identification and measurement supported by documentation that provides
appropriately detailed descriptions and explanations of risks identified, the
measurement approaches used, key assumptions made, and outcomes of any
plausible adverse scenarios that were run;
(5) use prospective solvency assessments,
including scenario analysis and stress testing;
(6) incorporate risk tolerance levels and
limits in the policies and procedures, business strategy, and day-to-day
strategic decision-making processes;
(7) consider a risk and capital management
process to monitor the level of financial resources relative to economic
capital and regulatory capital requirements;
(8) incorporate investment policy,
asset-liability management policy, effective controls on internal models,
longer-term continuity analysis, and feedback loops to update and improve the
enterprise risk management function continuously;
(9) address all reasonably foreseeable and
relevant material risks including, as applicable, insurance, cybersecurity,
climate change, epidemic, pandemic, underwriting, asset-liability matching,
credit, market, operational, reputational, liquidity, and any other significant
risks;
(10) include an assessment
that identifies the relationship between risk management and the level and
quality of financial resources necessary as determined with quantitative and
qualitative metrics; and
(11)
identify, quantify, and manage any risks to which the insurer may be exposed by
transactions or affiliations with any other member of the holding company
system, article 16 system, or article 17 system of which the insurer is a
member.
(b)
(1) Pursuant to Insurance Law sections
1503(b), 1604(b), and 1717(b), an entity shall file electronically a
confidential enterprise risk report with the superintendent by April 30 of each
year and shall, to the best of such entity's knowledge and belief, identify
therein the material risks within the holding company system, article 16
system, or article 17 system that could pose enterprise risk to the insurer.
Except as provided in subdivision (c) of this section, a domestic insurer that
is not a member of a holding company system, an article 16 system, or an
article 17 system shall file electronically such a confidential enterprise risk
report with the superintendent by April 30th of each year.
(2) The report required to be filed by
paragraph (1) of this subdivision shall describe the entity's or domestic
insurer 's enterprise risk management function, including its risk culture and
governance; risk identification and prioritization; risk appetite, tolerances,
and limits; risk management and controls; and risk reporting and communication.
The report also shall provide information regarding the following areas that
could produce enterprise risk, provided that the information has not already
been disclosed in a registration statement filed pursuant to Insurance Law
sections 1503(a), 1604(a), or 1717(a) during the prior 12 months:
(i) any material developments regarding
strategy, internal audit findings, compliance or risk management affecting the
insurer, holding company system, article 16 system, or article 17
system;
(ii) any acquisition or
disposal of insurance entities and reallocation of existing financial or
insurance entities with regard to the insurer, holding company system, article
16 system, or article 17 system;
(iii) any changes in the shareholders of the
insurer, holding company system, article 16 system, or article 17 system
exceeding ten percent or more of voting securities;
(iv) developments in any investigations,
regulatory activities, or litigation that could have a significant bearing or
impact on the insurer, holding company system, article 16 system, or article 17
system;
(v) the business plan of
the insurer, holding company system, article 16 system, or article 17 system,
and a summary of the insurer's or system's strategies for the next 12
months;
(vi) the identification of
any material concerns regarding the insurer, holding company system, article 16
system, or article 17 system by a supervisory college, if any, held during the
last year;
(vii) the identification
of capital resources and material distribution patterns with regard to the
insurer, holding company system, article 16 system, or article 17
system;
(viii) the identification
of any negative movement, or any discussions with nationally recognized
statistical rating organizations, that may have caused, or may cause, potential
negative movement in the credit ratings and individual insurer financial
strength ratings assessment of the insurer, holding company system, article 16
system, or article 17 system (including both the rating and outlook);
(ix) information on any corporate or parental
guarantees throughout the holding company system, article 16 system, or article
17 system, and the expected source of liquidity should the guarantees be called
upon; and
(x) the identification of
any material activity or development of the insurer, holding company system,
article 16 system, or article 17 system that, in the opinion of senior
management, could adversely affect the insurer, holding company system, article
16 system, or article 17 system.
(3) The report required to be filed pursuant
to paragraph (1) of this subdivision shall include:
(i) with regard to an entity, a signature of
the entity's chief risk officer or other executive having responsibility for
the oversight of the enterprise risk management function attesting to the best
of his or her knowledge and belief that the report identifies any material
risks within the holding company system, article 16 system, or article 17
system that could pose enterprise risk to any insurer within the system, and
that a copy of the report has been provided to the entity's board of directors
or the appropriate committee thereof, or if there is no board of directors,
then to the entity's governing body; or
(ii) with regard to a domestic insurer, a
signature of the domestic insurer's chief risk officer or other executive
having responsibility for the oversight of the enterprise risk management
function attesting to the best of his or her knowledge and belief that the
report identifies any material risks within the domestic insurer that could
pose enterprise risk to the domestic insurer, and that a copy of the report has
been provided to the domestic insurer's board of directors or the appropriate
committee thereof, or if there is no board of directors, then to the insurer's
governing body.
(4) The
entity or domestic insurer required to file a report pursuant to paragraph (1)
of this subdivision may attach the appropriate form most recently filed with
the United States Securities and Exchange Commission, provided that such entity
or domestic insurer includes specific references to those areas listed in
paragraph (2) of this subdivision for which the form provides responsive
information. If the entity is not domiciled in the United States, then it may
attach its most recent public audited financial statement filed in its country
of domicile, provided that the entity includes specific references to those
areas listed in paragraph (2) of this subdivision for which the financial
statement provides responsive information.
(5) If the entity or domestic insurer
required to file a report pursuant to paragraph (1) of this subdivision has not
disclosed any information pursuant to paragraph (2) of this subdivision, then
such entity or domestic insurer shall include a statement affirming that, to
the best of its knowledge and belief, it has not identified enterprise risk
subject to disclosure pursuant to paragraph (2) of this subdivision.
(c) A domestic insurer shall be exempt from the requirements of this section if it is not a member of a holding company system, an article 16 system, or an article 17 system, and has annual direct written premium and unaffiliated assumed premium, including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of less than $500 million.
Disclaimer: These regulations may not be the most recent version. New York may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
