I’ve been publicly critical of the Insurance Data Protection Act, which was endorsed yesterday by a 7-5 tally of the House Financial Services Committee’s insurance subcommittee.

It’s been interesting to see that I was joined in my criticism by the likes of Ranking Member Luis Guttierez, D-Ill., and opposed by most of the major property and casualty trade associations, who supported the measure. For instance, the Property Casualty Insurers Association of America’s Ben McKay said in a press release :

This commonsense bill will help reduce costly, duplicative information requests on insurers…The Insurance Data Protection Act reinforces the Dodd-Frank Act that specifically required the Federal Insurance Office to seek data from state regulators first before imposing burdensome data demands on insurance companies.

It’s not often that I find myself agreeing with Luis Guttierez and disagreeing with PCI, so it’s fair to ask what I’m seeing here that the industry isn’t.

Formally introduced Dec. 5 by Rep. Steve Stivers, R-Ohio, (though it had earlier been the subject of a subcommittee hearing when it was a draft bill with no formal sponsor) H.R. 3559 would amend the Dodd-Frank Act to abolish the newly created Federal Insurance Office’s ability to subpoena information directly from insurance companies. It also places new restrictions on what the office can do with information it gathers from the states, the NAIC or other sources, and how that information is to be treated when it is shared. Stivers characterized the bill as a job-saver:

“Every job creator in America understands that burdensome and duplicative regulations cost consumers and cost jobs.  This bill will cut red tape and protect consumer privacy,” said Rep. Stivers.

Painted in that light, it’s easy to see why industry would support it. Insurers already must respond to hundreds of data requests from state regulators and the NAIC, and many affliates of insurers must respond to other regulatory authorities as well. Data collection can be a costly process, particularly when the information regulators are seeking is not a format insurers are accustomed to tracking. I’m fully sympathetic with the industry’s concern that FIO not be granted undue power to make unreasonable requests for data.

But words like “undue” and “unreasonable” are doing a lot of the work in that sentence. In truth, Dodd-Frank gave FIO only a very limited ability to collect data. Wherever possible, it must first turn to the states or other publicly available sources for information on insurance markets. It may request information directly from insurers only when that information cannot be obtained any other way, and even then, smaller insurers and insurance agencies are explicitly exempted from the requirement. Moreover, before it could issue a subpoena, the office must establish to a court’s satisfaction that:

  1. It needs the information it is requesting; and
  2. A subpoena is the only way to obtain it.

The retorts offered by some that further data collection from insurers would never be necessary because insurance is not systemically risky and that states already collect any information the FIO could ever need are short-sighted non-starters. There are plenty of reasons to want to collect information from insurers besides monitoring their systemic risk. Indeed, the whole reason FIO was created in the first place was to provide insurance expertise to the federal government, which takes up hundreds of bills and regulations every year that have direct or indirect impact on the business of insurance.

Moreover, states and the NAIC launch new data requests all the time. Obviously, if the states were already possessed with omniscience and the answers to any question that could ever be asked about insurance, such requests would not be necessary. (Indeed, as covered in my recent podcast with Daniel Schwarcz of the University of Minnesota Law School, there are currently serious concerns about the lack of oversight states have given to the policy forms signed by consumers.) This is a very basic Bayesian problem identified famously by Donald Rumsfeld: sometimes, you just do not know what you do not know.

So while I am sympathetic to the industry’s concerns about duplicative data requests, and it’s something that certainly should be tracked as the office moves forward, I think it’s premature to assume that the very limited powers given to FIO under the Dodd-Frank Act present a costly, job-killing threat. Until shown otherwise, there’s just as much reason to suspect the federal office would be able to help coordinate national data collection in a more efficient and cost-effective manner than dozens of separate state inquiries as there is the converse.

But what’s truly troubling about Rep. Stivers’ bill is a little bit of language slipped into the text that serves the interest, not of the industry, but of the NAIC. One provision of the bill would apply strict confidentiality to “the sharing of any non-publicly available data with or by the office among other federal agencies, the state insurance regulators and their collective agents or any other entities.”

The key phrase there is “non-publicly available.” Proponents of the bill have described this section as ensuring that confidential information collected from insurers – such as trade secrets or information revealed during market conduct exams – would remain confidential even after it has been shared with FIO. But this is a red herring. Dodd-Frank already specifies that confidentiality agreements remain in-force for such sensitive information.

The bill’s language refers not to “confidential” information, but to non-public information. That’s a key distinction. The statutory financial reports that insurers file with their state regulators and the NAIC are not confidential. It’s obvious that such reports are not confidential because they can be purchased. Indeed, as I’ve laid out here previously, the NAIC expects to earn $18.9 million next year from selling insurance data. That data is not confidential. It just isn’t made available to the public.

And it very well should be. There is no good public policy justification for a single private organization – the NAIC – to be granted a lucrative monopoly over information collected with public resources by employees paid with taxpayer dollars. It would be akin to granting the Patrolmen’s Benevolent Association the right to keep public arrest records secret and to start a lucrative side business by selling those record to interested parties.

Insurers’ financial reports should be public information, and the FIO is in a unique position to make the reports it collects from the states available to the public online for free, much as the SEC does with filings by publicly traded companies through its EDGAR service.

The NAIC sees that, as well, as it’s an issue they have been tracking closely since former Rep. Paul Kanjorski, D-Pa. first proposed a federal insurance office back in 2008. It’s true that the regulators’ group has not taken a formal public position on Stivers’ bill, but make no mistake about it: this provision has their fingerprints all over it.

And as I said in the SNL Financial story linked above, since one of the major charges of FIO is to recommend changes to modernize and improve the state-based system of insurance regulation, how can it possibly be expected to to do that effectively if we are to leave it completely beholden to that same system to do its job?

Featured Publications