Self-Insurance Institute Issues Public Comment to Treasury Department

TARGETED NEWS SERVICE (founded 2004) features non-partisan 'edited journalism' news briefs and information for news organizations, public policy groups and individuals; as well as 'gathered' public policy information, including news releases, reports, speeches. For more information contact MYRON STRUCK, editor, [email protected], Springfield, Virginia; 703/304-1897; https://targetednews.com

WASHINGTON, May 23 -- The Self-Insurance Institute of America Inc. has issued a public comment to the U.S. Department of the Treasury. The comment was written on May 16, 2022, and posted on May 17, 2022:

* * *

To: Federal Insurance Office, Attention: Richard Ifft, Room 1410 MT, Department of the Treasury, 1500 Pennsylvania Avenue, N.W., Washington, DC 20220

RE: 2022 Report on the Effectiveness of the Terrorism Risk Insurance Program

Dear Mr. Ifft:

The Self-Insurance Institute of America, Inc. ("SIIA") respectively submits these comments to the Department of Treasury in response to the Request for Comment (the "Request") on the 2022 Report on the Effectiveness of the Terrorism Risk Insurance Program ("TRIP" or "Program"). Specifically, these comments respond to various questions set forth in the Request relating to the participation of captive insurers in TRIP, in addition to emerging trends.

SIIA is a member-based association dedicated to protecting and promoting companies involved in the self-insurance and captive insurance industry. SIIA's membership includes captive owners and industry participants, risk retention groups, third party administrators, excess/stop-loss/reinsurance carriers, self-insured employers, and captive managers.

Overview

A well-functioning Program to encourage risk protection related to terrorism losses continues to be essential, considering the ongoing and evolving threats faced by the private sector. The insurance and reinsurance markets for risks within the United States (continue to evolve, with captive insurance arrangements providing stability and affordability in areas where the commercial insurance/reinsurance markets are not providing sufficient coverage options for businesses. These captive arrangements support an affordable market for terrorism-related risk mitigation and help broaden participation in offering needed terrorism coverage for a variety of organizations. In particular, the current state of the market has resulted in organizations utilizing captive insurance to insure against risks in:

* High-risk geographical areas, including urban centers and areas in proximity to nuclear facilities or other high-risk facilities;

* Various types of properties, including sports facilities and other public venues; and

* Various industries, including residential real-estate, transportation, telecommunications, and utilities.

* NBCR Terrorism Risk

As the Department knows, entities that choose to self-insure their own insurance risks are responsible for any economic loss associated with insuring that risk, while a captive insurance arrangement allows a business or entity to finance a portion of the risk they choose to take on themselves. In some cases, entities that cannot find sufficient or affordable coverage for a particular insurance risk in the fully-insured commercial market - such as terrorism or cyber risk - are self-insuring these risks, often times by financing the risk through a captive. Captives can serve either as (1) a direct insurer in the cases of certain terroristic, cyber, and even COVID-related risks or (2) a reinsurer of a standard commercial carrier (e.g., in cases related to workers' compensation insurance).

Captive Insurance and Terrorism-Related Risks, Worker's Compensation, and Pandemic Risk

Captives in the broader market offer terrorism-related coverage to a number of businesses and entities ranging from religious institutions and industrial and energy producers to sporting and concert venues, habitational living spaces, and major transportation hubs. Captives also provide cyber-related coverage to financial institutions and health care organizations. Importantly, captives contribute to the Program's post-loss sharing mechanism, therefore also contributing to the overall loss payments, and thus, broadening terrorism-risk pool participation.

Where a coverage issue may exist, however, is in the interplay of the terrorism-related risks and the various forms of the "war exclusions" commonly found in virtually all insurance and reinsurance contracts. For example, the question of when does terrorism (particularly in the form of a cyber-based event) become an "undeclared war" is coming to the forefront. For example, would denial of service attacks in countries by non-state, but state-affiliated actors be identified as a form of terrorism or the initial stages of an "undeclared war"?

With respect to workers' compensation (and as the scope of this coverage derives directly from various state and federal laws), there is no exclusion for injury to or the death of an employee(s) from a terroristic act provided that such act arises out of and in the course of employment. Thus, the standard workers' compensation policy covers them. And, since captives almost exclusively reinsure an admitted workers' compensation carrier, they too do not exclude coverage.

One other important issue for the Department to consider is how the COVID-19 pandemic has changed the design of risk and reinsurance programs, in addition to whether or not both the TRIP and potential pandemic risk created in the future may provide mutual benefits.

Captive Insurance and Cyber Risks

Cyberattacks are a real threat in today's ever-evolving cyber risk landscape, made particularly important as the COVID-19 pandemic forced many organizations to accelerate digital transformations already underway. For example, E-commerce is booming, while schools and offices have adopted and adapted to online distance learning classes and remote working. This rapid transformation has further increased systemic vulnerabilities to cyberattacks. Various scenarios estimating catastrophic damage from cyber events have ranged from tens of billions to hundreds of billions of dollars.

The treatment of cyber coverage under TRIP has enabled more robust participation among insurers and reinsurers due to the mitigation of losses under some extreme scenarios. The cyber threat landscape is continually changing and evolving as attackers develop new tools and discover new attack vectors. Machine learning and artificial intelligence are being increasingly used by both attackers and defenders, and the importance of these tools is likely to increase in the future. Modern computer networks are complex systems and a weakness in any component of the system could render the entire system vulnerable.

Cyberattacks also do not adhere to geographical boundaries. This may lead to many scenarios where a cyberattack outside the U.S. would lead to substantial damage and losses within it. In general, providing coverage under TRIP for damage inside the U.S. from a foreign event would be best considered as a type of loss that was envisioned to fall under the umbrella of coverages under the Program. Foreign events such as those contemplated in Treasury's inquiry would meet the intent of covered damage under TRIP and as such should be covered.

Currently, coverage for cyber or terrorism may be offered on either a stand-alone or embedded basis. While many captives generally address the economic impact of a cyber event (including ransomware) on the policyholder's business, they often may not provide coverage for potential liabilities to third-parties from such an attack. As a result, there have been significant losses. Such risks and losses are likely going to increase as carriers increase and strengthen underwriting standards and required service vendor purchases in order to offer their coverage. In fact, some businesses have been experiencing upwards of 50% growth in premiums while also experiencing significant increases in deductibles, or lowering of limits and sub-limits on coverage. That change is likely to affect a number of small- and medium-sized businesses that do not have the financial resources to engage the highly robust cyber security services that some standard carriers now mandate for coverage.

Size and Scope of TRIP

The Department should be aware that in addition to larger U.S. businesses and institutions being able to utilize the TRIP program, that same protection should also be extended to the many small and medium-sized American businesses and others that are exposed to terrorism-related risks and that are largely unable to access appropriate protection under the current Program. As outlined in the Request, TRIP was established to ensure the continued widespread availability and affordability of property and casualty insurance for terrorism risk, and to build capacity to absorb any future losses. Thus, SIIA recommends that the Department consider examining the appropriate size and scope of TRIP, which could and should include small- and medium-sized businesses that run the risk of significant losses from the same terrorism-related risks that large businesses face.

Thank you in advance for considering these comments. Please do not hesitate to contact me if you have questions, or if members of SIIA can serve as a resource on these issues.

Sincerely,

Ryan C. Work

Senior Vice President, Government Relations

Self-Insurance Institute of America, Inc.

TARGETED NEWS SERVICE (founded 2004) features non-partisan 'edited journalism' news briefs and information for news organizations, public policy groups and individuals; as well as 'gathered' public policy information, including news releases, reports, speeches. For more information contact MYRON STRUCK, editor, [email protected], Springfield, Virginia; 703/304-1897; https://targetednews.com