by Marion Leydier, Benjamin Weiner, and Rodrick Gilman Jr.
New Supervisory Framework Applies to Depository Institution Holding Companies Significantly Engaged in Insurance Activities
SUMMARY
The Board of Governors of the Federal Reserve System (“Board”) issued, on September 28, 2022, final guidance (“Final Guidance”) establishing a framework (“Framework”) for the supervision of depository institution holding companies significantly engaged in insurance activities, or “supervised insurance organizations” (“SIOs”).[1] A depository institution holding company is considered to be an SIO if (1) it is an insurance company, or (2) over 25% of its consolidated assets are held by insurance company subsidiaries, or (3) it has been otherwise designated as an SIO by the Board. The Framework provides a risk-based approach to establishing supervisory expectations and conducting supervisory activities; a supervisory rating system with three components for capital management, liquidity management, and governance and controls; and a description of how Board examiners will incorporate and rely on the work of state insurance regulators and other supervisors of SIOs in order to limit supervisory duplication. Board supervisory activities will focus on understanding risks that could threaten the safety and soundness of the SIO or its ability to act as a source of strength for its depository institutions. Each SIO will be classified by the Board as either complex or noncomplex, which will serve as the basis for determining the level of supervisory resources dedicated to the SIO and the frequency and intensity of the Board’s supervisory activities. Classification under the Framework will be based on the Board’s assessment of various factors relating to an SIO’s risk profile, with a firm automatically classified as complex if its depository institution’s average assets exceed $100 billion.
The Framework will become effective November 3, 2022.
SUPERVISORY FRAMEWORK FOR SIOs
Background
The Board supervises and regulates depository institution holding companies, which include bank holding companies (companies that control one or more banks) and savings and loan holding companies (companies that control one or more savings associations), including those significantly engaged in insurance activities (i.e., SIOs).[2]
On February 4, 2022, the Board issued proposed guidance and invited public comment on a framework for the supervision of SIOs (“Proposed Guidance”).[3] The Board received four comments on the proposal and met with stakeholders and obtained supplementary information from certain commenters. The Framework is largely consistent with the Proposed Guidance, but the Final Guidance notes that additional clarity was added to the Framework, primarily in respect of the complexity classification methodology and the continued reliance on supervisory efforts of relevant state insurance regulators.
The Framework and related attachments were issued as Board Supervision & Regulation (“SR”) Letter 22‑8.[4] Board SR Letter 12-17, “Consolidated Supervision Framework for Large Financial Institutions” (December 17, 2012), currently applies to certain large banking and other financial organizations subject to consolidated supervision by the Board.[5] The Final Guidance “clarifies that it supersedes SR Letter 12-17” for SIOs.[6]
Scope of Framework Application
An SIO is defined under the Framework as a depository institution holding company that is an insurance company, or that has over 25% of its consolidated assets held by insurance company subsidiaries, or has been otherwise designated as an SIO by the Board staff. All existing SIOs are savings and loan holding companies, but the Framework would apply to any depository institution holding company that meets the criteria of an SIO. For some SIOs, the top-tier holding company is itself an insurance company, in which case the SIO is subject to supervision by its domiciliary state insurance regulator as well as consolidated supervision by the Board. In all cases, the insurance companies that are subsidiaries of an SIO are subject to the supervision and regulation of the insurance regulators of the states or non-U.S. jurisdictions in which they are domiciled and licensed.
According to the Board staff memo published in connection with the Proposed Guidance, there were only six SIOs as of June 30, 2021, constituting a mixture of property and casualty, title insurance, and life/retirement insurance organizations that own one or more savings associations: Ameriprise Financial Inc., The Auto Club Group, First American Financial Corporation, Ohio Farmers Insurance Company, Teachers Insurance and Annuity Association of America, and United Services Automobile Association.[7] Neither the Final Guidance nor the accompanying Board staff memo includes an updated list of current SIOs.
According to the Final Guidance, the Framework provides a supervisory approach “designed specifically to reflect the differences between banking and insurance,” and recognizes that the “risks arising from insurance activities … are materially different from traditional banking risks.” The Final Guidance acknowledges that most supervisory guidance issued by the Board is intended for institutions primarily engaged in banking activities, and that “practices in nonbanking business lines can be different than those published in supervisory guidance without being considered unsafe or unsound.”[8] The Board indicates it will work with SIOs and state insurance regulators to appropriately assess practices that may be different from those typically observed for banking activities.
Proportionality
The application of supervisory guidance and the assignment of supervisory resources will be “based explicitly” on an SIO’s complexity and individual risk profile, and will be applied and conducted “in a manner that is proportionate to each firm’s individual risk profile.” The Board’s supervision will be focused on “resolving supervisory knowledge gaps, monitoring the safety and soundness of the firm, assessing the firm’s management of risks that could potentially impact its ability to act as a source of managerial and financial strength for its depository institution(s), and monitoring for potential systemic risk, if relevant.”[9] The Framework indicates that supervisory expectations will vary based on a firm’s “specific risk profile, size and complexity.”
Complexity Classification
Each SIO will be classified by the Board as either complex or noncomplex based on the Board’s assessment of factors relating to its risk profile. The classification will serve as the basis for determining the level of supervisory resources dedicated to each SIO, as well as the frequency and scope of supervisory activities.
For SIOs classified as complex, dedicated Board supervisory teams will be assigned to execute approved supervisory plans led by a “Central Point of Contact.” The activities listed in the supervisory plans are expected to include “continuous monitoring, targeted topical examinations, coordinated reviews, and an annual roll-up assessment resulting in ratings for the three rating components” (capital management, liquidity management, and governance and controls). These activities will focus on understanding risks that could threaten the safety and soundness of the consolidated organization or its ability to act as a source of strength for its depository institutions. The frequency and intensity of supervisory activities will be based on the SIO’s risk profile and may vary among complex SIOs.
Noncomplex SIOs will require less supervisory oversight relative to complex SIOs. The supervision of noncomplex SIOs will occur “primarily during a rating examination that occurs no less often than every other year and results in the three component ratings.”[10] The supervision of noncomplex firms is expected to rely more heavily on the reports and assessments of the SIO’s other relevant supervisors, although noncomplex SIOs may also be subject, as appropriate, to continuous monitoring, targeted topical examinations, and coordinated reviews.
For SIOs “commencing” Board supervision, the classification assignment will be communicated during the application phase after initial discussions between the Board and the SIO. The classification and risk assessment will be communicated to the SIO along with the supervisory plan for the upcoming supervisory cycle. An SIO may request that the Board review its complexity classification if it has experienced a “significant change” to its risk profile. Thus, it appears each SIO will remain subject to supervision based on its initial complexity classification until such time as the Board reviews, and agrees to change, the classification upon request of the SIO due to a significant change to its risk profile (e.g., as the result of a “major” acquisition or divestiture).
The Final Guidance lists eight factors to be considered by the Board in connection with classifying an SIO as complex or noncomplex. An attachment to SR Letter 22-8, the “SIO Complexity Classification Work Program” (“Work Program”), sets forth in greater detail the considerations involved for each factor and provides a set of questions and data requests with respect to each of the eight factors.[x] Although the risk profile will be the primary basis for assigning a complexity classification, an SIO will be automatically classified as complex if its depository institution’s average assets exceed $100 billion. The eight factors are described below. Weights were not added to the factors (as proposed by some commenters); however, the factors are, according to the Final Guidance, “sequenced in order of expected relative priority.”
- Size of depository institution. An SIO automatically will be classified as complex if its depository institution’s average assets exceed $100 billion. With respect to SIOs with consolidated depository institution average assets of less than $100 billion, the larger the depository institution subsidiary or subsidiaries of the SIO, both in absolute terms and relative to the SIO’s total assets, the “more likely” the SIO will be classified as complex, as this “can materially influence the ability of the SIO to act as a source of financial strength during times of stress.”[12]
- Regulatory oversight. Considerations include the SIO’s current supervisory and regulatory oversight, including ratings and opinions of its supervisors, and the nature and extent of any unregulated or unsupervised activities. The Work Program acknowledges that the assessment of insurance and banking businesses of an SIO will be typically left primarily to the state insurance regulators and functional banking regulator (usually the Office of the Comptroller of the Currency (“OCC”)), respectively. In particular, for SIOs with consolidated depository institution assets of less than $100 billion, Board examiners will rely heavily on the OCC to assess the SIO’s banking operations. The Work Program further states that “SIOs with non-insurance and non-banking activities that have a low probability of negatively influencing the organization’s ability to act as a source of strength for its depository institution(s) typically require fewer resources to effectively supervise and so are more likely to be considered non-complex.”
- Product and portfolio risks. Considerations include the breadth and nature of product and portfolio risks, off-balance sheet exposures, and the SIO’s asset-liability management program. Traditional insurance liabilities supported with high-quality assets “require less regulatory oversight,” whereas liabilities “tied to sophisticated hedging programs or that are otherwise complex and assets that are of low quality, illiquid, or overly concentrated” increase the SIO’s risks.
- Organizational structure. Considerations include the number, type, and location of the SIO’s legal entity subsidiaries; guarantees and other arrangements, including reinsurance, among the legal entities within the enterprise; and the purpose for, and intricacy of, the SIO’s organizational structure.
- Quality and level of capital. A “key expectation” of the Board is that the SIO will act as a source of financial strength for its depository institutions, which drives Board consideration of the SIO’s quality and level of both capital and liquidity. In this light, the Board will consider the SIO’s capital level, any “limits to deploying capital” to support its depository institutions (e., fungibility constraints), and the SIO’s “prior support of its subsidiaries during periods of financial stress.” State insurance holding company laws generally impose limitations or conditions (e.g., prior approval or non-disapproval from the relevant state insurance regulator) on the ability of insurance companies to distribute capital or funds to affiliates or enter into certain transactions with affiliates. Regulations designed to protect policyholders of insurance companies can thus limit the transferability of funds from an insurance company to other legal entities within the group (including to other insurance companies). The Framework notes that such fungibility constraints may not be faced by banking organizations.
- Quality and level of liquidity. Similar to the factors relating to capital, the Board will consider the SIO’s liquidity level, any fungibility constraints to deploying liquidity to support its depository institutions, and prior support of its subsidiaries during periods of financial stress.
- International exposure. The Proposed Guidance would have automatically classified an SIO as complex if the SIO had been designated as an “internationally active insurance group” (“IAIG”) by its group-wide insurance supervisor.[13] In response to comments on the Proposed Guidance, this has been removed from the Framework. Instead, the “materiality of an insurance organization’s international operations” will be considered in connection with the complexity classification. An SIO with international operations that materially contribute to its risk profile is more likely to be classified as complex.
- This factor relates to interconnectedness with the broader financial system and potential systemic risk. SIOs “whose failure could contribute to increased instability in the overall financial system of the United States will more likely be considered complex.”
Supervisory Expectations and Supervisory Ratings
SIOs are “required to operate in a safe and sound manner, to comply with all applicable laws and regulations, and to possess sufficient financial and operational strength to serve as a source of strength for their depository institution(s) through a range of stressful yet plausible conditions.” SIOs will be assigned supervisory ratings in each of three components: Capital Management, Liquidity Management, and Governance and Controls. The ratings are: Broadly Meets Expectations, Conditionally Meets Expectations, Deficient-1, and Deficient-2. The ratings are designed with particular emphasis on the obligation that SIOs operate in a safe and sound manner and serve as a source of financial and managerial strength for their depository institutions. The supervisory rating system under the Framework is modeled after the large financial institution rating system adopted by the Board in 2018.[14]
In order to be considered “well managed,” a firm must receive a rating of Conditionally Meets Expectations or better in each of the three rating components. The Framework provides high-level definitions for each rating as well as more granular and specific rating definitions and considerations for each of the three rating components:
Capital Management. In assigning the Capital Management rating, Board examiners will evaluate the extent to which the SIO “maintains sound capital planning practices through effective governance and oversight, effective risk management and controls, maintenance of updated capital policies and contingency plans for addressing potential shortfalls, and incorporation of appropriately stressful conditions into capital planning and projections of capital positions.” Compliance with regulatory capital requirements (e.g., insurance company subsidiaries’ compliance with state insurance risk-based capital (RBC) requirements) and the ability of the SIO to be a source of strength to its depository institutions in a range of stressful, but plausible, economic and financial environments, will be evaluated. The Framework recognizes that the “capital needs for insurance activities are materially different from those of banking activities.”
The Board intends to rely “to the fullest extent possible” on information provided by state insurance regulators, including the SIO’s own risk and solvency assessment (“ORSA”) and the insurance regulator’s written assessment of the ORSA. All states have adopted legislation requiring insurance companies, or the relevant insurance holding company on a group-wide level, to prepare an ORSA to assess the adequacy of the insurer’s or holding company’s risk management and current and prospective capital position under normal and stress scenarios. The Framework does not otherwise provide any detail regarding the expected methodology, framework, or parameters of the stress scenarios and stress testing contemplated to be conducted by SIOs to comply with the Framework’s capital and liquidity management supervisory expectations.[15]
The Board expects SIOs to have a “sound internal control framework” for their capital-planning process, and a capital management policy that reflects the capital needs of the insurance and banking businesses based on their risks, which is approved by the SIO’s board of directors or a board committee and is re-evaluated periodically and revised as needed. The internal control framework should be independently validated periodically by the SIO’s internal audit function. The capital management program should incorporate “appropriately stressful conditions and events that could adversely affect the firm’s capital adequacy and capital planning” and should use “at least one scenario that stresses the specific vulnerabilities of the firm’s activities and associated risks, including those related to the firm’s insurance activities and its banking activities.” Estimation approaches to project the impact on capital positions of various stressful conditions and events should be “independently validated.”
Liquidity Management. The Framework recognizes that SIOs are “typically less exposed to traditional liquidity risk than banking organizations” and although some insurance products, e.g., annuities, are potentially exposed to “call risk,” these products generally possess product features (e.g., surrender charges, tax treatment, etc.) that mitigate liquidity risk. The Framework states that some “non-traditional life insurance and retirement products” may create liquidity risk through features permitting payments at the request of policyholders without the occurrence of an insured event; the risks of some insurance products are often mitigated using derivatives; and differences between collateral requirements related to hedging and the related liability cash flows may also generate liquidity risk. SIOs significantly engaged in such activities are expected to have correspondingly more sophisticated liquidity risk management programs. A liquidity risk management program must also include cash flow forecasting “with appropriate granularity.” SIOs are expected to perform liquidity stress testing at least annually and more frequently, if necessary, based on their risk profiles. The scenarios used in liquidity stress testing should include both idiosyncratic and system-wide stress events, and SIOs should hold a “liquidity buffer comprised of highly liquid assets to meet stressed net cash outflows.” The liquidity buffer is expected to use “appropriate haircuts based on asset quality, duration, and expected market illiquidity based on the stress scenario assumptions.” Liquidity stress testing should also reflect the expected impact on collateral requirements.
SIOs are also advised under the Framework to carefully consider in their stress testing and liquidity risk management any fungibility limitations that constrain the ability to transfer funds from an insurance company subsidiary to other affiliates within the group. Liquidity stress testing should account for intercompany liquidity fungibility, and liquidity management at the top-tier depository institution holding company should incorporate any fungibility constraints.
The Framework references SR Letter 10-6, “Interagency Policy Statement on Funding and Liquidity Risk Management” (March 17, 2010), for guidance on this topic, but notes that guidance on intra-day liquidity management would only be applicable for SIOs with material intra-day liquidity risks. However, the Framework also advises that specific references to liquid assets in the SR guidance “may be more broadly interpreted to include other asset classes such as certain investment-grade corporate bonds.”
As with the Capital Management component, the Framework provides that Board examiners must rely “to the fullest extent possible” on each SIO’s ORSA. For SIOs with material life insurance operations, Board examiners will also rely on information submitted by the SIO to comply with the liquidity stress framework recently developed by the National Association of Insurance Commissioners (“NAIC”).[16] As with the Capital Management expectations, the Framework does not otherwise provide any detail regarding the expected methodology, framework, or parameters relating to the liquidity stress scenarios, stress testing and liquidity buffers contemplated by the Framework’s liquidity management supervisory expectations.
Governance and Controls. The Governance and Controls rating is derived from an assessment of the effectiveness of an SIO’s board and senior management and independent risk management and controls. The Framework provides supervisory expectations and rating considerations regarding board and senior management effectiveness and independent risk management and controls, and also sets forth six key categories of risk to which these expectations and considerations will be applied.
SIOs are expected to “align their strategic business objectives with their risk appetite and risk management capabilities; maintain effective and independent risk management and control functions including internal audit; promote compliance with laws and regulations; and remain a source of financial and managerial strength for their depository institution(s).”
With respect to board and senior management effectiveness, SIOs classified as complex are expected to take into consideration the Board’s guidance set forth in SR Letter 21-3, “Supervisory Guidance on Board of Directors’ Effectiveness” (February 26, 2021). The Board indicates that it will rely to the fullest extent possible on state insurance regulators to evaluate and assess how firms manage the pricing, underwriting, and reserving risk of their insurance operations.
With respect to independent risk management and controls, SIOs are expected to demonstrate that their internal controls are appropriate and tested for effectiveness and sustainability, and internal audit should be an integral part of an SIO’s internal control system and risk management structure. The Framework expects the “largest, most complex” SIOs to maintain internal audit practices that are similar to those at banking organizations and to follow existing Board guidance in accordance with SR Letter 03-5, “Amended Interagency Guidance on the Internal Audit Function and its Outsourcing” (April 22, 2003) and SR Letter 13-1, “Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing” (January 23, 2013), both of which will apply to all SIOs classified as complex.[17]
The principles of sound risk management are intended to apply to the “entire spectrum of risk management activities” of an SIO, including the six risks specified:
- Credit risk. Risks relating to the “composition, concentration, and quality of the consolidated investment portfolio; the level of a firm’s reinsurance recoverables, the credit quality of the individual reinsurers, and the amount of collateral held for reinsured risks; and credit exposures associated with derivatives, securities lending, or other activities that may also have off-balance sheet counterparty credit exposures.”
- Market risk. Inherent market risk due to the investment portfolio or as a result of product offerings, including variable and indexed life insurance and annuity products, and asset/wealth management businesses. The Final Guidance indicates interest rate risk is generally a small risk for property and casualty insurers but can be a significant risk for life insurers with certain life and annuity products that are spread-based, longer in duration, or that include embedded product guarantees. Likewise, equity market risk may be significant for life insurers that issue guarantees tied to equity markets, or for insurers with large common equity allocations in their investment portfolios. Foreign exchange and commodity risk are considered to be low for SIOs but could be material for some complex SIOs.
- Model risk. Risks relating to reliance on models for product pricing and reserving, risk and capital management, strategic planning and other purposes. The Framework provides that SR Letter 11-7, “Guidance on Model Risk Management” (April 4, 2011), is applicable to all SIOs. The Board indicates it will collaborate with state insurance regulators on their findings relating to insurance models, and the Board acknowledges the significant role of actuaries as described in actuarial standards of practice on model risk management.
- Legal risk. Risks “arising from the potential that unenforceable contracts, lawsuits, or adverse judgments can disrupt or otherwise negatively affect the operations or financial condition” of an SIO.
- Compliance risk. Risks arising from regulatory sanctions, fines, penalties, or losses resulting from failure to comply with laws, regulations, or other supervisory requirements applicable to a firm. The “principles-based guidance” in existing SR Letters related to legal and compliance risk is, according to the Framework, applicable to SIOs. In particular, SR Letter 08-8, “Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles” (February 26, 2021), is applicable to complex SIOs. For noncomplex SIOs, the Board will assess legal and compliance risk management based on the guidance in SR Letter 16-11, “Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $100 Billion” (February 17, 2021). The Framework provides that compliance programs are expected to support regulatory compliance with both Bank Secrecy Act / Anti-Money Laundering (“BSA/AML”) and Office of Foreign Assets Control (“OFAC”) requirements.[18] In evaluating BSA/AML and OFAC compliance programs, “it may be necessary for examiners to review compliance with BSA/AML and OFAC requirements at individual subsidiaries or affiliates in order to fully assess the material risks of the [SIO].” Examples of compliance issues that may result in a Deficient-1 or Deficient-2 rating include informal or formal enforcement actions by the Board or another regulator tied to violations of laws and regulations that indicate “severe deficiencies” in governance and controls.[19]
- Operational risk. Risks of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. Cybersecurity/information technology risks are included as a subset of operational risk. All SIOs are required to notify the Board of any computer-security notification incidents in accordance with 12 C.F.R. Part 225, Subpart N and SR Letter 22-4, “Contact Information in Relation to Computer-Security Incident Notification Requirements” (March 29, 2022). Board examiners of SIOs will also utilize guidance on mitigating cybersecurity and information technology risks set forth in the Federal Financial Institutions Examination Council’s (FFIEC) IT Handbooks. Third-party risk is another subset of operational risk and arises from a firm’s use of service providers to perform operational or service functions. SR Letter 13-19, “Guidance on Managing Outsourcing Risk” (February 26, 2021), will apply to all SIOs.
Incorporating the Work of Other Supervisors
The Framework states that the oversight of SIOs will rely “to the fullest extent possible” on work performed by other supervisors, and that Board supervision is not intended to duplicate or replace supervision by other relevant supervisors of the SIO. Board examiners will coordinate with state insurance regulators before commencing certain supervisory activities, meet periodically with state insurance regulators, and review specific reports required to be submitted by SIOs to state insurance regulators. These reports include the annual ORSA, the state insurance regulator’s written assessment of the ORSA, results from any state insurance examination activities, the Corporate Governance Annual Disclosure, financial analysis memos, risk assessments, material risk determinations, material transaction filings (Form D), the insurance holding company system annual registration statements (Form B), submissions for the NAIC liquidity stress test framework, and other state insurance supervisory material.
The Board states that it expects to coordinate with applicable state insurance regulators and to utilize the work of the OCC, Federal Deposit Insurance Corporation (FDIC), Securities and Exchange Commission (SEC), Financial Crimes Enforcement Network (FinCEN), Internal Revenue Service (IRS), and other relevant supervisors, with the goal of achieving its supervisory objectives while eliminating unnecessary burden and supervisory duplication. The Board and all state insurance regulators have entered into Memorandums of Understanding (MOU) allowing supervisors to freely exchange information relevant for the effective supervision of SIOs. The Board intends to engage in routine discussions (at least annually) with state insurance regulators, document input and consider assessments received from state insurance regulators, and participate in any supervisory colleges established with respect to an SIO.[20] The Board expects state insurance regulators to “share proactively” with the Board their supervisory opinions and relevant documents. In the event the Board “determines that it is necessary to perform supervisory activities related to aspects of the [SIO] that also fall under the jurisdiction of the state insurance regulator,” it will communicate the rationale and result of these activities to the state insurance regulator (the Framework does not explicitly require the Board to communicate with state insurance regulators prior to undertaking the relevant activities).
Regulatory Reporting
With respect to existing Board reporting requirements to which SIOs may already be subject, commenters to the Proposed Guidance requested SIOs not be required to continue reporting on the FR Y-6 or submit FR Y-10, FR Y-11, or FR 2314 reports for passive real estate and other investments held by insurance companies. According to the Final Guidance, the Board does not contemplate any changes to current Board regulatory reporting requirements, but the Board will “consider incorporating these suggestions in future revisions of these reporting forms.”
Endnotes
[1] Board of Governors of the Federal Reserve System, Final Guidance, Framework for the Supervision of Insurance Organizations (Oct. 4, 2022), available at: https://www.federalregister.gov/documents/2022/10/04/2022-21414/framework-for-the-supervision-of-insurance-organizations; Federal Register, Vol. 87, No. 191, 60160 (Oct. 4, 2022), available at: https://www.govinfo.gov/content/pkg/FR-2022-10-04/pdf/2022-21491.pdf. See also, Board of Governors of the Federal Reserve System, Staff Memo, Framework for the Supervision of Insurance Organizations (Sept. 9, 2022), available at: Board memo: Framework for the Supervision of Insurance Organizations (federalreserve.gov).
[2] The Board is also developing a consolidated capital framework for SIOs. In 2019, the Board invited comment on a proposal to establish a risk-based capital framework designed specifically for SIOs, termed the Building Block Approach, that would adjust and aggregate existing legal entity capital requirements to determine an enterprise-wide capital requirement. Board of Governors of the Federal Reserve System, Notice of Proposed Rulemaking, Regulatory Capital Rules: Risk-Based Capital Requirements for Depository Institution Holding Companies Significantly Engaged in Insurance Activities (Sep. 6, 2019), available at: 2022-02383.pdf (govinfo.gov). For additional information on this proposal, see our memorandum to clients: Federal Reserve Proposes Regulatory Capital Framework for Insurance Depository Institution Holding Companies (Oct. 10, 2019), available at: https://www.sullcrom.com/federal-reserve-proposes-regulatory-capital-framework-for-supervised-insurance-groups.
[3] Board of Governors of the Federal Reserve System, Proposed Guidance, Framework for the Supervision of Insurance Organizations (Feb. 3, 2022), available at: 2022-02383.pdf (govinfo.gov).
[4] Board of Governors of the Federal Reserve System, SR 22-8: Framework for the Supervision of Insurance Organizations (Sep. 27, 2022), available at: https://www.federalreserve.gov/supervisionreg/srletters/SR2208.pdf.
[5] Board of Governors of the Federal Reserve System, SR 12-17: Consolidated Supervision Framework for Large Financial Institutions (Dec. 17, 2012), available at: https://www.federalreserve.gov/supervisionreg/srletters/sr1217.htm. SR Letter 12-17 applies to “Large Institution Supervision Coordinating Committee Firms” (“LISCC Firms”), large banking organizations and large foreign banking organizations (as defined therein). According to SR Letter 20-30: Financial Institutions Subject to the LISCC Supervisory Program (March 31, 2021) (available at: https://www.federalreserve.gov/supervisionreg/srletters/sr2030.htm), LISCC Firms do not include insurance savings and loan holding companies, although an insurance organization or other nonbank financial institution designated as systemically important by the Financial Stability Oversight Council (“FSOC”) would be considered an LISCC Firm. No financial institution is currently designated as systemically important by the FSOC.
[6] According to the new SR 22-8, SR 22-8 “partially supersedes” SR Letter 12-17. It is unclear, given what is said in the Final Guidance, to what extent SR Letter 12-17 could “partially” apply to SIOs.
[7] Board of Governors of the Federal Reserve System, Staff Memo, Proposed Framework for the Supervision of Insurance Organizations (Jan. 12, 2022), available at: Subject: Proposed Framework for the Supervision of Insurance Organizations (federalreserve.gov). See also, the Annual Report for 2021 issued by the Board, which indicates that the Board supervises, as of year‑end 2021, six depository institution holding companies significantly engaged in insurance activities, available at: https://www.federalreserve.gov/publications/2021-ar-supervision-and-regulation.htm.
[8] The Final Guidance indicates that Board supervisory guidance issued since the transfer of oversight of savings and loan holding companies to the Board in 2011 has expressly stated its applicability to savings and loan holding companies, and that this practice will continue. The Board does not intend to continually update SR Letter 14-9, “Incorporation of Federal Reserve Policies into the Savings and Loan Holding Company Supervision Program” (Nov. 14, 2014), as that was designed only to clarify what Board supervisory guidance issued prior to the 2011 transfer applied to savings and loan holding companies.
[9] Reference to potential systemic risk was added to the final Framework and did not appear in the Proposed Guidance.
[10] The Proposed Guidance contemplated that all SIOs, including those classified as noncomplex, would be subject to an annual risk assessment and rating. Under the Framework, noncomplex SIOs “may be rated every other year, depending on the organization’s risk profile.” This aligns, as requested by commenters, the risk assessment of noncomplex SIOs with periodic rating examinations as described in SR Letter 13-21, “Inspection Frequency and Scope Requirements for Bank Holding Companies and Savings and Loan Holding Companies with Total Consolidated Assets of $10 Billion or Less” (March 6, 2019).
[11] The Work Program was not included in the Proposed Guidance and was added to provide additional transparency, as requested by commenters.
[12] According to the Framework, “[l]arge, well-established, and financially strong supervised insurance organizations with relatively small depository institutions can be classified as noncomplex if, in the opinion of Board staff, the corresponding level of supervisory oversight is sufficient to accomplish its objectives.”
[13] Under model insurance holding company laws adopted generally by all states, an insurance holding company registered as such in a state is an IAIG if: (a) premiums are written in at least three countries, (b) the percentage of gross premiums written outside the United States is at least 10% of the insurance holding company’s total gross written premiums, and (c) based on a three-year rolling average, the total assets of the insurance holding company are at least $50 billion, or the total gross written premiums of the insurance holding company are at least $10 billion. Although designation as an IAIG does not automatically result in a complex SIO classification, the Work Program does include a question on whether the SIO has been so designated.
[14] Board of Governors of the Federal Reserve System, Final Rule, Large Financial Institution Rating System; Regulations K and LL (Nov. 21, 2018), 12 C.F.R. Parts 211 and 238. The Board has expressly not applied to SIOs the supervisory rating systems applicable to other depository institution holding companies under the LFI and RFI/C(D) ratings systems. Savings and loan holding companies significantly engaged in insurance activities have instead been receiving “indicative supervisory ratings.”
[15] The Proposed Guidance referenced, in connection with expectations regarding sound governance over the SIO’s capital planning process, SR Letter 15-19, “Federal Reserve Supervisory Assessment of Capital Planning and Positions for Firms Subject to Category II and III Standards” (Jan. 15, 2021), stating that this SR Letter would be applicable to complex SIOs, but only focus on the sections most relevant for the SIO. The Framework makes no reference to this SR Letter.
[16] The NAIC’s liquidity stress test framework was first adopted in 2020, but is currently modified on a yearly basis due to the NAIC’s recognition that, “at least in the early years, the stress testing process and analyses [under the framework] will be iterative.” See NAIC 2021 Liquidity Stress Test Framework for Life Insurers Meeting the Scope Criteria (Feb. 15, 2022), available at: https://content.naic.org/sites/default/files/inline-files/Final%202021%20LST%20Framework.pdf, at pg. 5. Currently, life insurance groups or entities that exceed specified thresholds for any of six activities (fixed and indexed annuities, funding agreements, derivatives, securities lending, repurchase agreements, and borrowed money) (i.e., “scope criteria”) are subject to the liquidity stress testing framework. The NAIC model insurance holding company act requires the ultimate controlling person of an insurer that meets these scope criteria to file with the “lead state” insurance regulator on an annual basis the results of a liquidity stress test performed in accordance with the liquidity stress test framework. Under the 2021 liquidity stress test framework, liquidity stress test results were required to be filed with the “lead state” insurance regulator by June 30, 2022.
[17] The Proposed Guidance noted explicitly that SIOs would not be subject to the enhanced prudential standards rule under Regulation YY, 12 C.F.R. part 252, which imposes stress testing, risk management, liquidity buffer, risk committee, counterparty credit limit, and other enhanced prudential standards to certain U.S. and foreign banking organizations (and also would apply to any nonbank financial companies designated as systemically important by FSOC). The Framework does not reference Regulation YY.
[18] The Framework notes that SIOs are not defined as financial institutions under the BSA and are not required to have an AML program, unless the firm is directly selling certain “covered” insurance products. However, certain subsidiaries and affiliates of SIOs, such as insurance companies and banks, are defined as financial institutions under 31 U.S.C. 5312(a)(2) and must develop and implement a written BSA/AML compliance program and comply with other BSA requirements.
[19] This was changed from the Proposed Guidance, as commenters noted state insurance and other regulators may have different thresholds for enforcement actions, and the materiality of enforcement actions should be of more importance than the existence of an enforcement action.
[20] Under state insurance holding company laws, state insurance regulators are authorized to establish and participate in a supervisory college with other relevant regulators (including the Board and applicable non-U.S. regulators) for supervision of a domestic insurer that is part of an insurance holding company with international operations. Supervisory colleges are joint meetings of interested regulators with one another and/or with company officials and generally involve discussions concerning financial data, corporate governance, and enterprise risk management functions.
This article was originally published as a Client Memo by Sullivan & Cromwell LLP. Marion Leydier and Benjamin Weiner are Partners and Rodrick Gilman Jr. is Special Counsel at Sullivan & Cromwell LLP.
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.