Compliance & Regulation

2021 Insurance Regulatory Outlook

How the industry looks forward on the heels of 2020

Excerpts from a new report from Deloitte looks at the key regulatory trends, now emerging, including it digital transformation, financial resiliency & climate risk. Read the full report here.

To call 2020 a difficult and challenging year is to state the obvious. However, it is often the less obvious ripple effects from a crisis that have the biggest, most enduring impacts.

In 2020, COVID-19 affected every person on the planet to some degree. But its full long-term impact on the global economy—and on how people in the future live and work—is still being determined. Similarly, after a contentious election season, the United States still finds itself with many more questions than answers.

Against this backdrop of ongoing uncertainty, we present the 2021 version of our annual report on key regulatory trends in the US insurance sector. This year’s report highlights five areas where important regulatory changes are emerging or accelerating in the wake of 2020 and beyond:

  • Accelerating digital transformation requires enhanced oversight
  • Ensuring resilience as operations transform
  • Managing financial resiliency through the pandemic
  • Evolution of state-based regulation
  • US regulators begin to focus on climate risk

Regulators continue to refine existing regulations and expand into new areas such as climate risk and insurance technology (InsurTech) supervision. Meanwhile, recent regulatory actions send a clear message that insurers can anticipate higher levels of accountability and enforcement moving forward and that state and federal regulators are not easing up on their expectations.

Data remains a key focus, with privacy laws and increases in pandemic-related digital customer engagement requiring insurers to increase focus on data governance. Also, there continues to be a heavy focus on the ability to operationalize core risk management and compliance frameworks, principles, and requirements within a firm’s operating model and culture.

All these regulatory trends are expected to have a major impact on the insurance industry over the next 12 months and require close monitoring and action from leadership.

Accelerating Digital Transformation Requires Enhanced Oversight

At the beginning of 2020, most insurers had already planned to continue evolving their digital interactions with their customers and sales force. Key drivers included both increased cost pressure and rising customer expectations. However, with the sudden emergence of COVID-19, insurers—like most businesses—were forced to quickly shift attention toward enabling their remote workforce. Also, cost pressure increased even further. These factors—amplified by the crisis’s depth and speed—created a sense of urgency that greatly accelerated insurers’ digital transformation efforts.

The need for additional data about customers is foundational to this transformation. While the goal is certainly greater insight, efficiency, and customer service, these goals can’t be achieved without a parallel focus on building a solid foundation of data management capabilities, including the secure capture, retention, and destruction of data. Proper transfer and handling of data are also essential to ensure the data is secure and capable of generating accurate results.
In parallel with the focus on data management, many insurers continue to experiment with advanced data analytics techniques, including machine learning (ML) and artificial Intelligence (AI). These data-driven technologies amplify the importance of having good data. Insurers recognize the commercial opportunities to leverage data regarding their customers, products, and operations to improve top- and bottom-line results.

The rollout and enforcement of privacy laws such as the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the data-related rules from the New York Department of Financial Services (NYDFS) add to the data challenge by giving most of the world’s population increased privacy rights. Coupled with the insurance industry’s accelerated efforts around digital transformation and data, this slew of new privacy laws heightens the risk of data loss and data error, thus prompting fundamental changes in how insurers handle data.

As insurers increase their focus on securing and managing data, there will likely be intensified efforts in the following areas:

  • Strengthening data governance models. Data governance includes the policies, organization, and resources that help ensure data is treated as an asset in alignment with the enterprise’s goals and objectives, as well as with relevant regulations. Given the pace of change in digital innovations and their associated regulations, insurers should act quickly to formalize their data governance structures (or verify that adequate data governance structures are already in place).
  • Consistent collection and the proliferation of personal and confidential data. During their normal business operations, insurers collect and use personal information that spans both transactional and analytical uses. Insurers should continue reviewing the cradle-to-grave lineage and controls related to this data, including where third parties are allowed to access the data as part of the company’s extended footprint.
  • Reviewing data classification policies and controls and performing data scans, and refreshing data inventories. With rising data volumes and the proliferation of data types, this is an opportune time for insurers to review their data classification policies to ensure they are still relevant, comprehensive, and followed. In addition to refreshing policies and conducting training, insurers can better handle data risks by leveraging technology
to scan and inventory their structured data (e.g., applications)
and unstructured data (e.g., email, spreadsheets, collaboration tools). Also, a growing number of companies use data rights tools to control what users are allowed to do with specific data by marking it with classification and related rights (e.g., internal only, confidential/do not print, or forward).

Ensuring Resilience As Operations Transform

The changes to insurance companies’ operations that arose from COVID-19 will likely continue and potentially accelerate during
 2021. Pressures on insurance sales and revenues, along with lower investment income, affect profitability and margins, thereby placing greater pressure on operating costs. This pressure is already being felt by insurance company compliance organizations and is expected to be a critical theme in 2021.

Key impacts that began in 2020 include:

  • Acceptance of work-from-home arrangements
  • Increased consideration of third-party providers with the potential to maintain or even improve achievement of compliance goals at lower cost
  • Migration of additional compliance activities to offshore operations
  • Increased integration of data analytics in compliance programs
Recent regulatory actions send a clear message that insurers can anticipate higher levels of accountability and enforcement moving forward and that state and federal regulators are not easing up on their expectations...

These impacts occur against a backdrop of important new regulatory changes, including the June 2020 Department of Justice (DOJ) Guidance Document on the Evaluation of Corporate Compliance Programs. Under the updated DOJ guidance, the effectiveness and adequacy of a corporation’s compliance program now factors into evaluating “whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal controls systems.” 
The competing priorities that result will continue to drive insurers, the governing bodies, and chief compliance officers (CCOs) and
chief risk officers (CROs) to consider alternatives to traditional compliance operations, even as they maintain their focus on ongoing investments and program improvements.

In 2021, we expect insurance company compliance organizations
to intensify evaluation of their operating and delivery models by employing strategies to drive compliance program effectiveness and efficiency.

This includes:

  • Third-party providers. Many insurers may increasingly shift some of their compliance functions—particularly those that enable CCOs to forgo ongoing systems investments or are specialized domains—to third-party providers in an effort to reduce costs while still achieving service-level agreement targets. Prime areas include sales, marketing, and ad reviews; AML; selected compliance testing activities on regulations such as the Securities and Exchange Commission’s (SEC) Regulation Best Interest (Reg BI) and AML annual testing; claims processing quality; and rate and forms policy accuracy.
  • Offshoring. When moving work offshore, many insurers are including compliance activities to capitalize on lower costs. However, this transformation is still in its early stages, as many companies are establishing offshore operations and staffing.
  • Data analytics. While there has been considerable debate about the benefits of data analytics in the insurance business, our experience with insurance company compliance organizations suggests many are still in an early stage of adopting robust data analytics capabilities, as noted above. That being said, there are many promising opportunities to transform compliance effectiveness through the smart deployment of analytics and reporting around key activities and risks, including sales conduct, supervisory dashboards, policy rate accuracy, the culture of compliance and ethics assessments, and state-driven COVID-19 requirements.

The next 12 months will present significant challenges, as well as opportunities, for insurance company leaders and CCOs. Rising regulatory expectations, continued rule-making, and increasing budgetary pressures will likely drive CCOs to explore innovative approaches and strategies to modernize compliance. As the number of third-party providers increases, careful due diligence, planning, and monitoring will be needed for firms to achieve the desired service levels and expected cost benefits.

Managing Financial Resiliency Through The Pandemic

Financial resiliency was a key regulatory focus that emerged from the financial crisis. Before the crisis, regulators had a few financial solvency tools to monitor insurance company health; however, these tools were limited and did not provide an insurance company group view of capital. Also, they did not provide a company’s perspective on the risks it faced, nor an internal view of the company’s capital position under stressed scenarios.

Industry and regulators responded quickly with reforms at both
 the international level (through the International Association of Insurance Supervisors (IAIS)), and the domestic level (through the National Association of Insurance Commissioners (NAIC)). Fast- forwarding 13 years to 2021, regulators now have additional financial resiliency tools at their disposal to understand and provide insight into the impact of major market shocks like the global pandemic, both from a company and industry perspective.


Internationally, the IAIS has been developing the first global group capital standard for insurance companies: The Insurance Capital Standard (ICS), targeted at insurance companies designated
as Internationally Active Insurance Groups (IAIGs). ICS 2.0 was approved by IAIS members following five years of field testing and
is now in a “through the business cycle” monitoring period, which began in 2020. The ICS provides a group view of solvency and is designed to address a variety of stressed scenarios, including a pandemic and economic downturn.

The ICS will continue to be reviewed through the monitoring period and, for the first time, will now be used by regulators during regulatory colleges. At the annual IAIS general meeting in December 2020, it was noted that regulators were currently reviewing company ICS submissions and that the IAIS hoped to provide insight into insurers’ resilience through the pandemic and global economic downturn once submissions had been reviewed.


Domestically, regulators already have the Own Risk and Solvency Assessment (ORSA) that insurance companies submit annually. The ORSA is not a static assessment, and insurance companies
that are required to file it should consider demonstrating their own financial resilience to new and emerging risks such as the pandemic, economic downturn, and climate risk. As for other domestic solvency–related tools, NAIC and state regulators have continued to work on improvements to risk-based capital (RBC) and, notably, have just approved the very first US Group Capital Calculation (GCC).8 This new tool should give regulators and insurance groups additional insight into financial resiliency across the group.

The critical challenges that arose from COVID-19 forced many regulators to pivot away from their planned agendas for 2020. However, in 2021, regulators will likely focus on maintaining their responses to COVID-19 while pivoting back to their original agenda (along with tackling some additional items).

From a financial resiliency perspective, expected focus areas include:

  • Implementation of the GCC
  • Continued focus on new and emerging risks (such as climate risk) and the impact these risks could have on an insurance company’s solvency position
  • Continued input into international regulatory developments

With high-impact, catastrophic risks such as the global pandemic and climate change seemingly becoming the norm, insurers should consider a team approach to capital and risk management so 
that all responsibility does not fall on just one C-suite executive. Understanding and addressing the complex impacts of “tail events” on capital, liquidity, profitability, and the overall business requires a broad team that, at minimum, includes the chief risk officer (CRO), chief actuary, and chief financial officer (CFO).

Access the full report here.