[Senate Hearing 116-121]
[From the U.S. Government Publishing Office]




                                                        S. Hrg. 116-121

 
      THE REAUTHORIZATION OF THE TERRORISM RISK INSURANCE PROGRAM

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
                   BANKING,HOUSING,AND URBAN AFFAIRS
                          UNITED STATES SENATE

                     ONE HUNDRED SIXTEENTH CONGRESS

                             FIRST SESSION

                                   ON

 EXAMINING THE STRUCTURE AND OPERATION OF THE TERRORISM RISK INSURANCE 
   PROGRAM REAUTHORIZATION (TRIP), AND EXPLORING THE IMPACTS OF THE 
   LEGISLATIVE CHANGES INCLUDED IN THE 2015 TRIP REAUTHORIZATION AND 
          DEVELOPMENTS IN THE TERRORISM RISK INSURANCE MARKET

                               __________

                             JUNE 18, 2019

                               __________

  Printed for the use of the Committee on Banking, Housing, and Urban Affairs
  
  
  
  
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]         
 
 
 


                Available at: https: //www.govinfo.gov /
                
                
                
                          ______                      


             U.S. GOVERNMENT PUBLISHING OFFICE 
39-540 PDF            WASHINGTON : 2020 
                 


            COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS

                      MIKE CRAPO, Idaho, Chairman

RICHARD C. SHELBY, Alabama           SHERROD BROWN, Ohio
PATRICK J. TOOMEY, Pennsylvania      JACK REED, Rhode Island
TIM SCOTT, South Carolina            ROBERT MENENDEZ, New Jersey
BEN SASSE, Nebraska                  JON TESTER, Montana
TOM COTTON, Arkansas                 MARK R. WARNER, Virginia
MIKE ROUNDS, South Dakota            ELIZABETH WARREN, Massachusetts
DAVID PERDUE, Georgia                BRIAN SCHATZ, Hawaii
THOM TILLIS, North Carolina          CHRIS VAN HOLLEN, Maryland
JOHN KENNEDY, Louisiana              CATHERINE CORTEZ MASTO, Nevada
MARTHA McSALLY, Arizona              DOUG JONES, Alabama
JERRY MORAN, Kansas                  TINA SMITH, Minnesota
KEVIN CRAMER, North Dakota           KYRSTEN SINEMA, Arizona

                     Gregg Richard, Staff Director

                      Joe Carapiet, Chief Counsel

                Brandon Beall, Professional Staff Member

                Laura Swanson, Democratic Staff Director

           Corey Frayer, Democratic Professional Staff Member

                      Cameron Ricker, Chief Clerk

                      Shelvin Simmons, IT Director

                    Charles J. Moffat, Hearing Clerk

                          Jim Crowell, Editor

                                  (ii)


                            C O N T E N T S

                              ----------                              

                         TUESDAY, JUNE 18, 2019

                                                                   Page

Opening statement of Chairman Crapo..............................     1
    Prepared statement...........................................    20

Opening statements, comments, or prepared statements of:
    Senator Brown................................................     2
        Prepared statement.......................................    21

                               WITNESSES

Tarique Nageer, Terrorism Placement and Advisory Leader, Marsh...     3
    Prepared statement...........................................    22
    Responses to written questions of:
        Senator Menendez.........................................    96
        Senator Warren...........................................    99
        Senator Jones............................................   104
        Senator Sinema...........................................   106
Howard Kunreuther, Ph.D., Professor of Decision Sciences and 
  Public Policy and Co-Director of the Wharton Risk Management 
  and Decision Processes Center, The Wharton School, University 
  of Pennsylvania................................................     5
    Prepared statement...........................................    68
    Responses to written questions of:
        Senator Menendez.........................................   109
        Senator Warren...........................................   109
        Senator Jones............................................   111
        Senator Sinema...........................................   112
Baird Webel, Specialist in Financial Economics, Congressional 
  Research Service...............................................     7
    Prepared statement...........................................    79
    Responses to written questions of:
        Senator Menendez.........................................   113
        Senator Warren...........................................   113
        Senator Jones............................................   117
        Senator Sinema...........................................   118

              Additional Material Supplied for the Record

Letter submitted by the Mortgage Bankers Association.............   120
Prepared statement of the American Property Casualty Insurance 
  Association (APCIA)............................................   123
Letter submitted by the Coalition To Insure Against Terrorism 
  (CIAT).........................................................   131
Prepared statement of the National Association of Mutual 
  Insurance Companies (NAMIC)....................................   133
Prepared statement of the National Association of Professional 
  Insurance Agents...............................................   146
Prepared statement of the Reinsurance Association of America.....   148
Prepared statement of the Independent Insurance Agents & Brokers 
  of America.....................................................   150
Letter submitted by the Wholesale & Specialty Insurance 
  Association....................................................   153

                                 (iii)


      THE REAUTHORIZATION OF THE TERRORISM RISK INSURANCE PROGRAM

                              ----------                              


                         TUESDAY, JUNE 18, 2019

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.
    The Committee met at 10:39 a.m. in room SD-538, Dirksen 
Senate Office Building, Hon. Michael Crapo, Chairman of the 
Committee, presiding.

            OPENING STATEMENT OF CHAIRMAN MIKE CRAPO

    Chairman Crapo. The hearing will come to order.
    Today we are joined by three witnesses who have evaluated 
and written extensively on the Terrorism Risk Insurance 
Program, including Mr. Tarique Nageer, Terrorism Placement and 
Advisory Leader with Marsh; Dr. Howard Kunreuther, the Co-
Director of the Wharton Risk Management and Decision Processes 
Center; and Mr. Baird Webel, Specialist in Financial Economics 
with the Congressional Research Service.
    The terrorist attacks on September 11, 2001, devastated 
U.S. citizens, households, and businesses. In the wake of those 
attacks, Congress passed and the President signed into law the 
Terrorism Risk Insurance Act of 2002 to establish the Terrorism 
Risk Insurance Program, or TRIP, and to stabilize the market 
for terrorism risk insurance.
    Since then, Congress has reauthorized the program three 
different times in 2005, 2007, and 2015.
    My goal in each reauthorization was to build on existing 
data to find ways for the private insurance industry to absorb 
and cover the losses for all but the largest acts of terror, 
ones in which the Federal Government would likely be forced to 
step in were the program not there.
    Congress made several improvements to the program during 
the 2015 reauthorization. First, it increased the program 
trigger from $100 million to $200 million in increments of $20 
million each year. Second, it increased aggregate retention 
amount of $2 billion each year eventually to an amount that 
will be based on average insurer deductibles; and third, it 
decreased the coinsurance rate from 85 percent to 80 percent in 
1 percent increments each year.
    That bill garnered overwhelming bipartisan support in the 
Senate with a vote of 93 to 4.
    The Program is once again set to expire on December 31, 
2020. Well ahead of that expiration date, the Banking Committee 
has already started meeting with key stakeholders and is 
exploring whether there are additional balanced reforms to 
improve the program and reduce taxpayer exposure without having 
a material negative effect on the cost and take-up rates for 
terrorism coverage.
    In 2018, the Treasury Department issued a report on the 
program's effectiveness, which also discussed key developments 
in the marketplace for terrorism risk insurance.
    In addition to Treasury concluding in the report that the 
program has accomplished its principle goals identified in 
TRIA, Treasury also observed that private reinsurance of 
terrorism risk has significantly increased under the program, 
and there is now increased private reinsurance capacity for the 
exposures that remain wholly with the private market under 
TRIP.
    Each of today's witnesses have written extensively on the 
program's effectiveness, structure, and market developments.
    In 2018, Dr. Kunreuther coauthored a report on the program, 
which found that, overall, TRIA has worked well. It has 
stabilized a very disrupted market in the aftermath of 2001, 
making terrorism insurance widely available and affordable. 
Take-up rates among enterprises, small and large, are rather 
high, and premiums, a few percentage points of what firms pay 
for their property insurance, even though cost and take-up 
rates vary widely by size, industry, geography, and line of 
business.
    In its 2019 Terrorism Risk Insurance Report, Marsh 
discussed take-up rates as well as cost, geographic, and 
corporate trends in terrorism risk insurance in the United 
States as well as globally.
    Marsh emphasized in the report that the Federal backstop 
created by TRIA and reauthorized as TRIPRA, along with similar 
public-private mechanisms that exist in other countries, 
remains crucial to the continued stability and health of the 
property terrorism insurance market.
    Finally, the Congressional Research Service has published 
numerous reports, including one as recently as April 2019, 
providing a comprehensive overview of the program, its history, 
statutory changes in past reauthorizations, and key 
considerations for this Congress.
    During this hearing, I look forward to hearing more about 
specific considerations in evaluating the program's 
effectiveness, how the program has evolved over time, how the 
marketplace has responded to changes to the program made by 
Congress in previous reauthorizations, what additional room 
exists to further reduce taxpayer exposure, and how market 
participants may react to changes in different program levers.
    Again, I thank each of the witnesses for joining us today 
to share your perspectives and your research.
    Senator Brown.

           OPENING STATEMENT OF SENATOR SHERROD BROWN

    Senator Brown. Thank you, Mr. Chairman, for holding the 
Committee's first hearing on the reauthorization of the 
Terrorism Risk Insurance Program. It expires the end of next 
year, after the lapse at the end of 2014. We all understand we 
need to start early enough to make sure it does not happen 
again.
    TRIA is critical to keeping our economy healthy. It is not 
just a program that helps in the event of a terrorist attack. 
Businesses rely on this insurance in order to get access to 
credit, even in healthy economic times. Without Government 
assistance, the insurance market would be unable to provide 
affordable insurance to these businesses, including small 
businesses, across our country.
    While TRIA was initially designed to be temporary after 9/
11, both parties have agreed several times since then that 
there is value in keeping it. People may hear the word 
``terrorism'' and think this does not apply to their community, 
that only businesses in places like New York and Washington or 
big national landmarks would need to worry about insuring 
against terrorism.
    But, unfortunately, terrorism is not confined to big 
cities, and the groups perpetrating it do not only come from 
abroad. Ohio communities that have faced threats from white 
supremacist groups know all too well this is a risk we all 
contend with.
    That is why I am glad we have been able to work on it in a 
bipartisan way. We agree there are some issues that the free 
market just cannot solve on its own. This is one of them. It is 
an example of the kind of successful Government intervention 
that is only possible when we come together as a country.
    Some in Congress would prefer the United States not make 
these kind of guarantees, whether it is for worker pensions, 
whether it is for Social Security, whether it is for mortgages 
and affordable housing or for health care or food for low-
income families, or this issue for protections against economic 
destruction after terrorist attacks. Some politicians just are 
not interested in coming together on behalf of Americans that 
live in Mansfield or Cleveland or Boise or Idaho Falls.
    I disagree and think the Terrorism Risk Insurance Program 
is emblematic of our ability to use Government to make the 
economy work better for everybody, especially during difficult 
times. As we look at other issues on this Committee, I hope we 
will remember the success of this program and our capacity to 
use Government to solve tough problems when we decide that is 
what we want to do.
    In the last bipartisan authorization of TRIA, we worked to 
strike a balance, which seems to work well. By increasing the 
program trigger to $200 million, by gradually reducing the 
Government's share in the losses, we have made the program 
efficient without decreasing access to coverage. We have an 
opportunity to make the program even stronger by creating 
certainty in the marketplace through a long-term extension of 
the program, and I emphasize long term. I hope we can work 
together to do that.
    Chairman Crapo. Thank you, Senator Brown.
    We will now proceed to our witnesses, and I will ask you to 
please give your oral remarks in the order I introduced you and 
again ask you to remember to watch that clock so that we can 
stay to your 5 minutes allocated and get to the Senators' 
questions.
    With that, Mr. Nageer.

 STATEMENT OF TARIQUE NAGEER, TERRORISM PLACEMENT AND ADVISORY 
                         LEADER, MARSH

    Mr. Nageer. Good morning, Chairman Crapo, Ranking Member 
Brown, and Members of the Committee. My name is Tarique Nageer, 
and I am the Terrorism Placement Leader at Marsh. I do 
appreciate the opportunity to speak with you today about this 
topic.
    For our company, like many others, the impact of terrorism 
is deeply personal. Marsh & McLennan lost 295 colleagues and 
scores of business associates on 9/11.
    As a leading risk advisor in the insurance market, Marsh & 
McLennan has a unique perspective on the Terrorism Risk 
Insurance Program.
    Terrorism remains an evolving, expanding, and ever present 
risk, which underlies the importance of this program and 
ensuring the continued stability and health of the property and 
casualty terrorism insurance market.
    We have seen a decline in both the frequency and severity 
of terrorist incidents in the United States over the last 
several years, and there have been no certified terrorism 
losses in the United States since TRIA was originally passed in 
2002, but we cannot afford to be complacent. The Federal 
backstop created by TRIA restored insurance capacity during the 
critical post-9/11 period.
    We at Marsh strongly support its reauthorization and 
modernization, including enhancing the existing public-private 
partnership.
    Today my testimony will include four main areas. First, 
findings from the Marsh's 2019 Terrorism Risk Ins Report once 
again highlighted that terrorism risk is not only a big-
business or big-city issue. Education entities with the most 
frequent buyers of terrorism insurance in 2018, while companies 
in hospitality, gaming, health care, life sciences, and 
nonprofits all landed in the top 10 of buyers. These 
organizations can be found anywhere, from small college towns 
to urban city centers.
    The uptake for TRIA coverage and property policies averaged 
62 percent in 2018. Clearly, a wide array of industries depend 
on the program to thrive and protect their workforce as they 
continue to purchase terrorism coverage at a high rate.
    Second, I would like to provide an overview of the current 
state of the terrorism insurance market. While there have been 
no significant insured losses in recent years and the industry 
is well capitalized, the access to terrorism insurance is still 
dependent on insurer's preference, appetite, and aggregate 
constraints. There is a strong possibility that if the Federal 
backstop ceases to exist, we could see a dominant effect of 
increased pricing across multiple insurance lines, not just 
terrorism, with a likely result of a major marketplace 
disruption.
    Third, I will speak about how TRIA plays an integral role 
in the availability and affordability of workers' compensation 
insurance. The impact of TRIA on the workers' compensation 
market makes clear that as long as the Federal backstop remains 
in place, there should be adequate capacity for workers' 
compensation terrorism coverage. Because of its State-regulated 
nature, workers' compensation policies cannot limit or exclude 
coverage for perils such as terrorism or nuclear, biological, 
chemical, or radiological, commonly known as NBCR.
    NBCR events can lead to very large human life and economic 
losses, but coverage is not typically included in reinsurance 
contracts.
    In 2014, the uncertainty around TRIA led some insurers to 
step back from insuring industries with high employee 
concentrations in certain cities. As insurers began to review 
policies extending beyond 2020, their willingness to insure 
risks in high-profile areas will likely decrease again, thus, 
leaving large populations of employees vulnerable.
    Finally, we are already seeing an impact on policies that 
extend beyond 2020, with some insurers either seemingly 
unwilling to offer terrorism coverage beyond the expiration of 
TRIPRA or increase in prices to cover the additional risks to 
their portfolios.
    Without a decision to reauthorize or extend, we expect to 
see sunset provisions on policies and higher costs as we move 
closer to December 31, 2020.
    In Marsh's view, this legislation is a model public-private 
partnership that is instrumental in maintaining a vibrant 
marketplace by allowing insurers to provide adequate limits of 
terrorism insurance to the business community at affordable 
prices. A seamless
renewal process with a robust reauthorization will keep the 
marketplace sustainable.
    We encourage decisions to be made with a full understanding 
of the shifts and the nature of terrorism and how they can 
affect organizations and insureds alike.
    Finally, thank you again to the Committee for holding this 
hearing 18 months in advance of the program's scheduled 
expiration. Time is of the essence, and I look forward to your 
questions.
    Thank you.
    Chairman Crapo. Thank you.
    Dr. Kunreuther.

 STATEMENT OF HOWARD KUNREUTHER, Ph.D., PROFESSOR OF DECISION 
                 SCIENCES AND PUBLIC POLICY AND
    CO-DIRECTOR OF THE WHARTON RISK MANAGEMENT AND DECISION 
      PROCESSES CENTER, THE WHARTON SCHOOL, UNIVERSITY OF 
                          PENNSYLVANIA

    Mr. Kunreuther. Chairman Crapo, Ranking Member Brown, and 
Members of the Committee, I very much appreciate the 
opportunity of testifying on the reauthorization of the 
Terrorism Risk Insurance Program. My name is Howard Kunreuther. 
I am the James G. Dinan Professor of Decision Sciences and 
Public Policy at the Wharton School, University of 
Pennsylvania, and Co-Director of the Wharton Risk Management 
and Decision Processes Center.
    The Center was founded in 1985, with a mission to examine 
alternative strategies for dealing with low-probability, high-
consequence events, based on an understanding of the decision 
processes of individuals, firms, and public-sector agencies.
    As Chairman Crapo pointed out, we have produced several 
studies on the 2015 renewal of TRIA undertaken in consultation 
with key interested parties from the public and private sectors 
and other academic research institutions that are cited in my 
written testimony.
    Given the limited time that I have available and the 
comments that Chairman Crapo has made and Representative Brown 
as well as my colleague here, Mr. Nageer, I want to focus on 
really a following question that was alluded to by Chairman 
Crapo: What modifications to the current public-private 
partnerships should be considered in the renewal of TRIA?
    In developing these proposals, it is useful, in our 
opinion--and I will speak for a number of us at the Wharton 
Risk Center--to focus on the individual decision processes and 
our systematic biases that have been well documented by 
psychologists and behavioral economists, are discussed in our 
book ``The Ostrich Paradox: Why We Underprepare for 
Disasters,'' written with my Co-Director, Robert Meyer.
    Let me highlight five of these biases and indicate where 
they could be used and addressed with respect to the renewal of 
TRIA: first, myopia, the tendency to focus on short-time 
horizons when appraising immediate costs and the potential 
benefits of protective investments; amnesia, the tendency to 
forget too quickly the lessons of past disasters; optimism, the 
tendency to underestimate the likelihood that losses will occur 
from future hazards; simplification, the tendency to 
selectively attend to only a subset of relevant facts when 
making choices involving risk; and finally, herding, the 
tendency to base our choices on the observed actions of others 
who may not know a great deal more than we know ourselves in 
dealing with these low-probability events.
    I will focus on four areas very briefly in the remaining 
time to highlight how they may play a role.
    First, incentivizing cost-effective mitigation measures by 
firms, something that TRIA does not do today. To overcome the 
myopia bias, one could consider long-term mitigation loans, the 
way FEMA has done with respect to the flood problem, and at the 
same time have insurers offer premium discounts if the claims 
are going to be lower by firms investing in these mitigation 
measures.
    Second, Federal protection against catastrophic losses. 
Now, in our view, in my view, it is important that the Federal 
Government cover NBCR, losses from future terrorist attacks, 
given the potential catastrophic losses and recoup their 
expenditures under TRIA. Currently, it is ambiguous as to 
exactly what will happen, although they have the intent to do 
that.
    Now, the point I want to make here is Congress and the 
stakeholders should not exhibit an optimism bias or an amnesia 
bias by feeling it will not happen to the United States because 
it has not occurred to day.
    Third, behavior of insurers and Congress after a terrorist 
attack. Will premiums significantly increase and future 
coverage decrease by insurers who might exhibit the 
simplification bias and focus on worst-case scenarios rather 
than thinking about likelihood as well? What will Congress do 
if insurers significantly raise their premium so that many 
commercial firms feel they cannot afford to purchase insurance 
protection?
    On that basis, there is a suggestion that insurers consider 
a multi-year policy, a 2- or 3-year policy, so they keep this 
for more than just the 1 year and for that reason actually are 
in a position to deal with this afterwards.
    Finally, dealing with interdependencies. There are a lot of 
events, like cyber, that are interdependent and have, can cause 
potentially catastrophic losses. Treasury and the private 
insurers should integrate and interact with each other on that 
issue.
    So, in conclusion, Congress and other key stakeholders 
should examine how countries cope with terrorism risk to 
determine whether these approaches merit consideration for the 
United States.
    And on that note, let me conclude my comments here and look 
forward to a dialogue with you afterwards.
    Thank you.
    Chairman Crapo. Thank you.
    Mr. Webel.

 STATEMENT OF BAIRD WEBEL, SPECIALIST IN FINANCIAL ECONOMICS, 
                 CONGRESSIONAL RESEARCH SERVICE

    Mr. Webel. Thank you.
    Mr. Chairman, Ranking Member, Members of the Committee, 
thank you for the opportunity to testify today. My name is 
Baird Webel. I am a Specialist in Financial Economics at the 
Congressional Research Service.
    As a note for members of the audience who may not be 
familiar with the CRS, we are a division of the Library of 
Congress. Our role is to provide objective, nonpartisan 
research and analysis. CRS takes no position on the 
desirability of any specific policy nor advocates for any 
specific policy outcome.
    I have been at CRS at this role since 2003, so I have seen 
the reauthorizations of TRIA since, and I would like to talk 
about three broad things that Congress has faced as we have 
done reauthorization in the past.
    The first question that it faced is, basically, is a 
Federal terrorism program needed? TRIA was passed a little more 
than a year after the terrorist attacks in September 11, 2001. 
It was passed as a specifically temporary 3-year program, and 
by temporary, I do not mean that there was an expiration date, 
just an expiration date of 2005. The statute itself in two 
places says this is a temporary program.
    As the end of previous reauthorizations have come up, 
Congress has successively seen the need to reauthorize the 
program to give the private market additional time to face the 
threat of terrorism losses, and I think a significant point in 
this is the difficulty in estimating terrorist events going 
forward and the losses from these events. The industry has been 
largely successful at rebuilding capital, but making estimates 
of future terrorism losses remains exceedingly difficult.
    What Congress has done in the TRIA reauthorizations is 
basically affect the second aspect that I would talk about, 
namely how private insurers should share in funding terrorism 
risk with the Federal Government.
    There are basically three different levers in the program 
that have been used in this sense. There is a deductible, and 
essentially, it is a two-stage deductible.
    There is a program trigger, which is an aggregate amount of 
losses that the entire industry will incur before Federal 
funding occurs.
    There is an individual insurer deductible which is set 
essentially based on the written premium for each insurer, a 
rough proximate size of its exposure to the terrorism market 
that must be cleared before Federal funding occurs.
    And then after this, after these deductibles, there is an 
insured loss share compensation, and this is essentially a 
copay. So that once you clear the deductibles, there is a 
varying amount--there has been a varying amount of the share 
that the Government will cover.
    Finally, there are terrorism loss spreading premiums. These 
are somewhat unusual in the insurance world in the sense that 
when we all purchase homeowners insurance or auto insurance, we 
pay our premiums upfront. In this case, the premiums are set to 
be after the fact, and so that depending on the exact loss 
levels, there will be a premium placed on insurance policies 
going forward to recoup the amount for the Government.
    All of these over the life of TRIA have been adjusted in 
various ways to increase the private-sector exposure to 
terrorism risk.
    And the third broad aspect that I would talk about is, What 
exactly should a Federal terrorism insurance program cover?
    Right now, TRIA basically works through the private 
insurance market. Private insurance policies that are covered 
under the lines that are specified in TRIA--the private 
insurers are required to make terrorism coverage available 
under essentially the same terms and conditions for other types 
of insurance. So if you are going to cover loss from a fire, 
for example, from an accident, the insurer has to offer 
coverage for a fire due to loss from terrorism, but the 
insureds are not required to purchase this policy.
    And the terms and conditions that apply to this are the 
same--it is the same for an accidental cause as it is for a 
terrorist cause, and this becomes particularly important in the 
realm of nuclear, chemical, biological, radiological, because 
most private insurance policies will exclude NCBR events, 
regardless of the source. So if a policy excludes a chemical 
spill from an accident from a train, it will exclude a chemical 
spill caused by a terrorist attack, and I think this is 
particularly significant because those are the terrorist 
attacks that could cause the most damage. And I am not certain 
that people realize to what degree these NCBR events would not 
be covered.
    So, with the end of the 5 minutes, I will be happy to take 
any future questions.
    Thank you.
    Chairman Crapo. Thank you, Mr. Webel, and I appreciate each 
of you. You all stayed within your 5 minutes. I appreciate 
that.
    Mr. Webel, I will start with you. It is very important to 
me that the two major objectives will be achieved. One is that 
TRIA continually benefit and stabilize the marketplace, and the 
other is that we minimize taxpayer exposure.
    What factors do you look at to indicate whether TRIA has 
been effective and to measure its potential future success in 
achieving these objectives?
    Mr. Webel. I think that the take-up rate for terrorism 
policies is really important because you can see, for example, 
in the flood insurance program that you get flood disasters 
where a lot of people have not purchased flood insurance 
policies. And it is not going to help to have an insurance-
providing program if you do not have the people purchasing the 
policies.
    I think as well, any aspects that you can have of overall 
private reinsurance capacity, the amount of private insurance 
that it offered outside of TRIA is a really important marker of 
how well the private market is responding and developing 
capacity to deal with terrorism.
    Chairman Crapo. All right. Thank you.
    I am going to move to you--is it ``Nageer'' or ``Nagger''?
    Mr. Nageer. Nageer.
    Chairman Crapo. OK. Nageer.
    In terms of the objective of assuring that we achieve the 
best possible protection of hitting a taxpayer bailout or a 
taxpayer cost here, we need to understand how changes that we 
make to the program can have an impact on both small and large 
participants, some insurers themselves.
    So I guess the question I am asking is, Can you provide an 
indication of how smaller and larger insurers may be affected 
by changes in the coinsurance rate and the program trigger, 
respectively, based on our historical evidence?
    Mr. Nageer. Thank you for the question, Chairman Crapo.
    As you know that in your original opening statement, there 
have been a few levers that have been adjusted during the 
course of the lifecycle of TRIPRA currently, and the insurers 
with adequate notice have been able to adjust to these 
incremental changes, either to the increased trigger levels or 
the increased coinsurance between a loss being shared between 
the Government as well as the private marketplace.
    So in terms of having the ability and the capacity in the 
marketplace to be able to respond and take up increases in 
these different levers, the capacity does exist because there 
is adequate capital within the insurance and reinsurance market 
base for these types of incremental changes, but I stress the 
word ``incremental,'' and I stress the word also with some good 
notice as well. So you have got to give them some time to sort 
of prep for these changes and make it incremental so they can 
adjust their buying of reinsurance for example, or being able 
to plan ahead and structure their--the book of business that 
they underwrite properly.
    In terms of policyholders and insurers, who could be 
impacted by this, the very large insurers, one of the triggers 
under TRIPRA is the 20 percent insurer deductible, and how that 
works is 20 percent of the insurer's prior year's direct TRIPRA 
premium is retained by them for any one loss, before the 
Government co-shares the risk, the loss with them.
    So for the very larger insurers, 20 percent is a big 
number, but my colleagues at Guy Carpenter have measured the 
policyholder surplus of insurers with less than $500 million of 
policyholder surplus, which is basically reserves. And there 
are about 662 insurers who fall within that category.
    And a subset of that 662 is about 240 insurers who fall 
between the $100 million and $500 million of policyholder 
surplus, and those are the insurers who could be more directly 
impacted negatively with abrupt increases in the trigger 
levels. And the trigger in 2020 is going to be $200 million. So 
if you increased that gradually over time, yes, they could 
adjust for that, but that bucket of insurers within that $1 to 
$500 million policyholder surplus range are the ones who will 
be more impacted.
    Chairman Crapo. All right. Thank you.
    Dr. Kunreuther, you in your testimony, I think, endorsed a 
notion of incentivizing mitigation, something which you 
indicated is not currently in TRIA; is that correct?
    Mr. Kunreuther. That is correct.
    Chairman Crapo. Could you describe that in a little more 
detail what you are talking about there?
    Mr. Kunreuther. I would be happy to.
    I think the reason that I think mitigation is not included, 
number one, is it is always a challenge to get measures, but I 
think there is work that has been done.
    I will highlight just at least the fact that Pool Re in the 
United Kingdom have actually had a number of ideas in terms and 
thoughts that they are working closely with the U.K. government 
to incentivize firms to actually invest in mitigation.
    The basic idea in terms of what we are proposing here is 
that if you can spread the cost of the mitigation measure over 
time, you will have a much better chance of getting a 
successful investment in these measures because of the fact 
that people will not say--firms will not say or consumers will 
not say, which is the case certainly in the flood area, that 
``This is too costly for us. It is going to affect our bottom 
line tomorrow.''
    And when you have the opportunity of actually spreading 
this with loans that could be made--and that has been done by 
FEMA, Federal Emergency Management Agency, for flood--it could 
be done by banks and financial institutions, but it could be 
also done by Treasury or by a Government agency to encourage 
those investments. You then have the opportunity of actually 
making this attractive in the short run because insurers 
hopefully would then--actually reduce their premiums because 
the claims that they are going to have to face would be lower 
than they would be before, and the actual premium reduction 
would be greater than the cost of the loan each year. So it 
would be viewed attractive financially for firms to want to do 
that, and this has been shown with consumers in investing in 
mitigation measures against natural hazards that they will want 
to do that.
    And that is the reason why we are suggesting it, to 
overcome a myopia bias.
    Chairman Crapo. All right. Well, thank you. That is very 
interesting. I appreciate that.
    Senator Brown.
    Senator Brown. Thank you, Mr. Chairman.
    Mr. Webel, I would like to start with you. Since the last 
reauthorization, there have been a number of tragic white 
supremacist attacks on synagogues and other places of worship 
in California, Florida, Minnesota, New York, Pennsylvania, 
South Carolina, and Texas. No amount, of course, of insurance 
money can make up for the lives lost and families torn apart.
    Recently, the Jewish Federation of Cleveland has raised an 
issue about protecting thousands of people whom they serve each 
week. As religiously affiliated nonprofit organizations try to 
take action to protect their communities, they often find that 
insurance for these kinds of threats is hard to come by and 
very, very expensive. TRIA was implemented to make sure this 
kind of insurance was available.
    My question is this: Do you think this situation, safety at 
houses of worship and other religious institutions, which we 
have been the target of threats and attacks, that that is the 
kind of problem TRIA was designed to address?
    Mr. Webel. TRIA is designed to address terrorism, and it is 
a broad swath. It does not specify.
    In one of the previous reauthorizations, they removed the 
requirement for it to be a foreign act of terrorism. So it does 
not make any distinction between the different types of 
terrorism. It just is terrorism as certified by the Secretary 
of the Treasury.
    Senator Brown. If insurance is available but priced so high 
that it is unaffordable, does that meet the spirit of Congress' 
intent?
    Mr. Webel. The law is basically silent on that. It has a 
``make available'' provision, but it does not include 
specifications on what that premium is supposed to cost.
    Senator Brown. Is not it sort of intuitive that if you 
cannot afford it, you really do not have access to it?
    Mr. Webel. This is certainly an issue, and basically, 
implicitly what the law provides is there are specifications in 
State insurance law that premiums are not supposed to be 
excessive and so essentially above the cost of the risk.
    So the TRIA essentially defaults to the State regulation of 
insurance. It does not do it directly from the Federal level.
    Senator Brown. So if congressional intent is all terrorism, 
as you suggest, and it is not affordable because State 
regulators have not given the priority to make it accessible 
and affordable, then perhaps it is our obligation on this 
Committee and in the House and Senate to pressure our State 
regulators to make it affordable?
    Mr. Webel. That would be the lever that TRIA provides, yes, 
essentially.
    Senator Brown. Treasury used its discretion under the law 
to issue guidance clarifying TRIA's applicability to cyber-
related risk. Do you think Treasury has the authority to make 
sure religious-affiliated institutions have real access to the 
Terrorism Risk Insurance Program?
    Mr. Webel. I do not see under the statute, as currently 
designed, where Treasury would have a direct lever to do that.
    Senator Brown. Should it?
    Mr. Webel. That is up to Congress.
    Senator Brown. Mr. Nageer, let me go through. Do you want 
to respond to that?
    Mr. Nageer. If I could, if you do not mind. So, just to 
add, the terrorism marketplace as we see it is quite 
competitive. There are lots of insurers, both on the property 
side, casualty side, and the terrorism side who have capacity 
to offer terrorism insurance for all ranges of motives, be it 
what you were just describing or what is conventionally known 
as acts of terrorism. So there is enough capacity within the 
marketplace, and I think to be able to--and TRIA served--in its 
initial creation of TRIA served to help create that vibrant 
marketplace.
    Senator Brown. Well, there is competition in the healthcare 
marketplace too, but to argue that it is always accessible----
    Mr. Nageer. Right.
    Senator Brown.----is another question. OK. Thank you for 
that.
    Let me ask the three of you and start with you, Mr. Nageer. 
I have a couple questions. As we look to move on a 
reauthorization bill, should we make the extension for a longer 
period, and how long should it actually be, Mr. Nageer?
    If each of you would give me a brief answer on that.
    Mr. Nageer. The last reauthorization was for 5 years. 
Before that, it was for 7 years. The 7 years worked quite well. 
So I think anywhere between 7 to 10 years would be a good 
outcome. It would allow the marketplace to adapt and grow, 
build capital, and be able to take on more of a trigger or a 
coinsurance mechanism, however you want to----
    Senator Brown. I like the way you negotiate. You say the 
last was 5, the one before was 7.
    Mr. Nageer. Correct.
    Senator Brown. So we should make it 7 to 10. I like that.
    Yes, go ahead. Your answer too. Do you want to answer too?
    Mr. Kunreuther. I would be happy to.
    I think a longer period is always desirable, but I think 
there are tradeoffs in doing that because when you have a 
longer period, the question is, are there going to be changes 
or things that would require one to review this and whatnot? So 
to the extent that there are opportunities at least to have 
studies done that would enable one to somehow say on the basis 
of possible changes, one would want to deal with this in a 
different way, I think cyber is a very good example of that, by 
the way, because there are some real challenges as to how one 
is going to deal with cyber. And that would not have been 
necessarily true 5 or 10 years ago.
    So I think I would favor, in general, a longer period of 
time. How long, I think is something that Congress and the 
stakeholders would have to discuss, because it gives people and 
gives firms the opportunity to plan more extensively than 
knowing that somehow things might be changed. And so I would 
move in that direction.
    There is a saying--and I think TRIA exhibits it in a very 
good way--that nothing is more permanent than the temporary, 
and so, in some sense, what was viewed as a temporary has 
become more permanent for very good reason. So that is one of 
the reasons why we support the renewal very strongly.
    Senator Brown. Thank you, Mr. Kunreuther.
    Mr. Webel?
    Mr. Webel. We obviously do not have a position on the 
length.
    I do think purely from the private-sector perspective, 
insurers certainly would be able to deal better with things the 
longer that it is, but I do think there is a very legitimate 
public policy perspective that Dr. Kunreuther said of taking a 
look at things more often to make sure that it is working.
    Senator Brown. Thank you.
    Chairman Crapo. Senator Tillis.
    Senator Tillis. Thank you, Mr. Chairman.
    Gentlemen, thank you for being here.
    Mr. Webel, I will not ask you this question because I know 
the answer. It has to do with supporting the reauthorization. 
Both of you all feel like we should reauthorize it, although, 
Professor Kunreuther, you have made some comments that I wanted 
to drill down on, and it really has to do--and I think, Mr. 
Nageer, you commented that the losses have been relatively low.
    So how instructive are the current incidences to any sort 
of downward trend on risk premiums right now? I mean, are we 
seeing a downward trend based on the losses, or how do they 
project out actuarially and determine how much they actually 
have to collect to provide insurance at a reasonable price?
    Mr. Nageer. In terms of the marketplace, yes, it is a bit 
of a downward trend for this because the insurers, like I said, 
have all capitalized, and they have not had to pay major claims 
recently, right?
    Senator Tillis. Yeah.
    Dr. Kunreuther, if we were going to look at--first, I do 
not believe we should have a permanent reauthorization because 
I do believe the world changes. The nature of the threats 
change, and it is Congress' role to update and reauthorize 
these programs.
    I do think that we should have a discussion about what a 
reasonable planning horizon is so that we can optimize the 
products that the private sector can offer.
    But if you take a look at the recoupment, the current 
recoupment policies, really the pyramid of how this program 
comes together, do you have any insights into specific areas 
that we should look at for any sort of modernization or 
reforms?
    Mr. Kunreuther. Thank you for the question, Senator Tillis.
    I think that one of the challenges with respect to 
terrorism and events that are very, very hard to estimate the 
risk is that when you have a recoupment, you are not pushing 
for a premium to be set on these very catastrophic losses that 
the Government would cover. And I think there are some real 
advantages to that in the sense that you are then saying you 
will have to pay it back with 140 percent in this particular 
case. So I would favor that aspect of it.
    I think a real interesting question that needs to be put on 
the table as a part of the discussion is, What kind of risk 
transfer mechanisms are available in the form of reinsurance 
and catastrophe bonds, which are being used in other cases?
    Senator Tillis. That was going to be my next question.
    Mr. Kunreuther. Oh, OK.
    Senator Tillis. No, that is a good one. Keep going.
    Mr. Kunreuther. And how can that play an important role in 
providing the kind of protection that firms would actually want 
to have, that insurers would want to have in terms of knowing 
that they can cover it, and the Government might want to have?
    I think Pool Re, as I mentioned earlier, in the United 
Kingdom has marketed a cat bond in order to be able to support 
very unusual losses that they might suffer in the United 
Kingdom, and that could be possibly considered by the Federal 
Government as well. And I think on that level, you could have a 
combination of the recoupment as well as these other forms of 
risk transfer, including private reinsurance.
    Senator Tillis. One of the questions, you brought up the 
point of mitigation, which has really been a thorn in my side 
on flood insurance program because we always talk about it, and 
we never do anything about it----
    Mr. Kunreuther. Challenge.
    Senator Tillis.----in terms of investing and for a lot of 
reasons, cost being one of them.
    But when you take a look at the nature of the threat, 
really the nature of the threat as it exists today versus 10 
years ago, it would seem like there is only so much that we 
could do with respect to mitigation. Can you enlighten me on 
some of the concepts that are being discussed now?
    Mr. Kunreuther. I think that is an excellent point in terms 
of saying that this is a real challenge with terrorism and on a 
couple of levels. That might not be the case with flood, where 
you can mitigate. You can elevate a structure.
    Senator Tillis. You know when the water is going to rise, 
and you can model that.
    Mr. Kunreuther. Right.
    Senator Tillis. But you cannot necessarily model the next 
attempt to take down a building.
    Mr. Kunreuther. I am not an expert at the moment but want 
to be more of an expert in the future. And I can comment that 
in the context of the United Kingdom, there are some 
suggestions for mitigation that they are now pursuing with the 
government, concrete structures, other ways to actually make 
these structures safer against terrorist attacks. And they are 
going to be working with insurers as well as with the 
government to try to deal with it.
    I think one of the reasons that this is so important is 
because we all want to reduce these losses, and to the extent 
that you can do that, I think it might help.
    Senator Tillis. Well, I think that the more we become 
hardened, the fewer targets a terrorist would have. So I think 
it has a public safety benefit as well. It maybe takes out an 
entire tranche of either domestic or foreign terrorist. So, to 
me, it is a very interesting discussion to have as we move 
forward through the reauthorization to see if there is 
something as a matter of public policy that we should incent 
State, local, and private-sector entities to invest in, because 
at the end of the day, I think it could also reduce the Federal 
Government's downside risk.
    Mr. Kunreuther. If I can make just one very quick point, it 
does also address the affordability issue.
    Senator Tillis. Yeah.
    Mr. Kunreuther. If you then can have mitigation in place, 
premiums could come down, and some of the comments that were 
raised earlier could----
    Senator Tillis. And ultimately the cost of the mitigation 
itself----
    Mr. Kunreuther. Yeah.
    Senator Tillis.----when you have a higher demand for it.
    Thank you, Mr. Chair, and I look forward to us moving 
forward and getting the plan maybe modernized, but certainly 
reauthorized.
    Mr. Nageer. Senator, if I could add something else to 
Howard.
    So, as we move from these hardened target, you get more 
better protected against those targets. Softer targets appear, 
and what we have been seeing is the act of terrorism impacts 
not only major cities, but it is also spread across the rest of 
the country, smaller cities, more softer targets, where a 
perpetrator can actually get in and do some serious damage 
because they cannot get into these hardened targets.
    The interest of terrorism, we see it as being a nationwide 
hard, soft, small-city, big-city issue well across the country.
    Senator Tillis. Thank you.
    Chairman Crapo. Thank you.
    Senator Menendez.
    Senator Menendez. Thank you, Mr. Chairman.
    As a general matter, insurance markets in our country are
private, and it is unusual to have any kind of Federal 
backstop, unless we have a public interest or a breakdown in 
the private market where a Government role is needed to restore 
functionality.
    In the case of Terrorism Risk Insurance, in my view, we 
have both. If terrorists attack our Country, the United States 
has a national interest in minimizing the economic harm they 
inflict, and in terms of market functionality, private actors 
are inherently limited in the things they can do to evaluate 
and reduce their risk in this regard.
    Insurance companies, for example, should not start their 
own intelligence agencies to improve their predictive models, 
and commercial real estate owners should not conduct 
counterterrorism operations to lower their premiums.
    So I would like to ask our witnesses, if you can, to 
elaborate on what makes terrorism different from other risks 
and why a Federal backstop is, in fact, needed.
    Mr. Kunreuther. I will be happy to start, and my colleagues 
will chime in.
    I think one of the real challenges with terrorism is that 
it is so very difficult to estimate what the likelihood of a 
terrorist attack will be in the future. We have been very 
fortunate not to have had anything since 9/11, but the fact of 
the matter is that prior to 9/11, the insurers were not worried 
about this, and after 9/11, they became very worried, as we all 
know. And that is one of the reasons why TRIA got passed, and I 
think it was very important that it did get passed for the 
reasons you were mentioning, Representative Menendez. So I 
appreciate your question.
    I think the fact that catastrophic losses and the potential 
for catastrophic losses will discover any private insurer from 
actually offering coverage, and TRIA does precisely that. It 
has the backstop of actually providing the protection, with a 
recoupment that I think is appropriate afterwards, for dealing 
with these large losses.
    And then the insurers have now found, as Tarique has 
indicated with respect to his comments on the Marsh report, 
that there are really a number of firms that are now willing to 
buy coverage and all insurers are forced to offer it.
    So I think this kind of partnership is the appropriate way. 
There are changes that we can discuss.
    Senator Menendez. The one thing about terrorism, as someone 
who offered all of the 9/11 Commission's recommendations into 
law when I was in the House of Representatives, is that we do 
not know what the next form of terrorism is going to be or its 
magnitude.
    We never thought that an airplane, something used for 
civilian travel, would become a weapon of mass destruction.
    We never thought that maybe cargo coming into a port could 
ultimately have a dirty bomb.
    We never thought that an envelope laced with anthrax could 
be a deadly weapon.
    So the iterations of what this is is always beyond even as 
we think ahead and try to prevent. It is a challenge. So I 
think it is a very unique one.
    I mean, in order to obtain a real estate or commercial 
loan, banks often generally require clients to obtain terrorism 
coverage. Without terrorism risk insurance, businesses lose out 
on essential financing options, and I think allowing TRIA to 
lapse or injecting uncertainty in the process can have serious 
economic consequences.
    Mr. Nageer, what happened to the commercial lending in real 
estate markets in 2014 when Congress allowed TRIA to expire for 
12 days?
    Mr. Nageer. Thank you for the question, Senator Menendez.
    So before I answer that question, I just want to add one 
thing to the modeling, your question before that.
    TRIA--an act of terrorism is not like an act of nature, 
right? Someone actually has to decide, ``I am going to 
perpetrate this act of terrorism.'' So that is very difficult 
for insurers to model, that uncertainty, that human element of 
it, and that is one of the issues.
    Obviously, we have got a ton of data points on the 
reinsurance side for natural disasters. For catastrophic 
terrorism events, 9/11 is the key data point on the model, and 
it does not help. You cannot be predictable with that. You can 
determine the impact of these events, but you cannot predict 
them. So this is why it is very difficult for insurers to model 
it.
    In terms of what happened in 2014, the uncertainty, it was 
very hectic. I was in the insurance market at that time, and 
insurers on property policies as well as workers' compensation 
policies, when they were considering policies which were going 
to go past December 31, 2014, started putting sunset provisions 
on policies, and a sunset clause is essentially a clause which 
says we elect--we reserve the right to change policies in terms 
of the limits, the coverages, and the prices for what we are 
offering you for terrorism insurance.
    So once you got into the window of the TRIPRA potentially 
not renewing at the end of 2014, we saw a preponderance of 
these sunset classes on clients buying insurance, starting in 
January 1st of 2013.
    As you go into the next renewal of 2020, any policy which 
renews comes into force on January 1, 2020, will expire January 
1, 2021, and those policies have a high possibility of having 
these sunset clauses being put on it.
    Senator Menendez. Mr. Chairman, a final note.
    I assume that if you are having a financial instrument, a 
loan, a mortgage, whatever, that has multiple years and your 
insurance is sunsetting within the context of that time period, 
that is going to make the lending institution far less desirous 
of making that a reality.
    Mr. Nageer. Absolutely.
    And the lender requirements on construction deals, long-
term construction deals, or clients with these lender 
requirements make it quote onerous because that client then has 
to go purchase insurance in an alternative market, which is 
going to be added cost to their construction project or 
whatever it may be. And that market is available, but maybe not 
to the extent to replace the limit the clients would have 
gotten on TRIA.
    Senator Menendez. Maybe so.
    Thank you, Mr. Chairman.
    Chairman Crapo. Thank you.
    Senator Reed.
    Senator Reed. Well, thank you very much, Mr. Chairman. 
Thank you, gentlemen.
    Mr. Webel, could you please briefly describe how nuclear, 
biological, chemical, radiological terrorism events are treated 
under TRIA?
    Mr. Webel. Sure. Thank you for the question.
    NBCR is treated essentially like any other mode of attack. 
That is to say, it all works through the private insurance 
policies.
    What is particular about NBCR is most private insurance 
policies would exclude this damage, regardless of whether it 
was an accidental event or whether it was a terrorist event, 
and if the private insurance policies exclude it, it is 
effectively excluded under TRIA.
    So, for example, Senator Menendez just mentioned a dirty 
bomb or an anthrax attack. In reality, if a catastrophic attack 
occurred along those lines, it is entirely possible, if not 
likely, that TRIA coverage would not actually kick in because 
the private insurance policies that essentially underlie the 
TRIA coverage would not cover it.
    Senator Reed. In that context, as we reauthorize TRIA, do 
you have any suggested changes with respect to these NBCR 
policies?
    Mr. Webel. It is difficult because the TRIA mechanism has 
worked really well through the private market and allowing the 
State regulators to do the things that they do, allowing the 
private insurance companies to do the things that they do.
    It would certainly be possible from a generic perspective 
to put aspects of TRIA directly affecting those. In the 
original TRIA, there were terrorism exclusions that were 
nullified. So it is certainly within Congress' authority to do 
something like that with regard to NBCR.
    It would also be possible to put more incentives, 
essentially, into it. There have been proposals in the past to 
lower the deductibles, lower the trigger, lower the co-shares 
for an NBCR event, essentially incentivizing insurers to make 
the coverage or perhaps a mixture of the two approaches.
    Mr. Kunreuther. Could I just make one comment following up 
on Mr. Webel's point?
    I think that TRIA always had the intent that if the private 
insurers were not covering NBCR, then there would be some 
coverage by the Federal Government, if there was an NBCR loss, 
but it was sort of ambiguous in the sense that it was not 
really explicitly stated.
    But after the passage of TRIPRA in 2015, there was a 
comment by Treasury that they would be doing that.
    I think if one explicitly had that in the legislation that 
the Federal Government would cover that, it would avoid any of 
the uncertainty as to what might happen if there was an NBCR 
attack.
    Senator Reed. Thank you.
    Mr. Webel. But I think the question is what the mechanism 
would be because the mechanism for covering losses all works 
through the private insurance policies. It is a reimbursement 
to private insurance companies that have sustained losses. If 
they are not effectively sustaining losses because of the 
exclusion, how that mechanism would work is very unclear.
    Mr. Kunreuther. And the only suggestion that I would make 
on that is that there would be a recoupment----
    Mr. Webel. Yes.
    Mr. Kunreuther.----afterwards with respect to that, and 
that would be explicitly stated.
    Senator Reed. The environment has obviously changed since 
we first passed the TRIA Act, Mr. Webel. What things should we 
do for this changing environment?
    I know, again, my colleague, Senator Menendez, was talking 
about who would have thought of an envelope with anthrax, et 
cetera. Certainly, in the realm of cyber, who would have 
thought that and name the possible catastrophes? Is there any 
advice about changes?
    Mr. Webel. I think that cyber is the thing that people are 
looking at as the new threat, and Treasury specifically came 
out in 2016 and said the newly created cyber liability line of 
insurance would be covered under TRIA.
    So to the extent the private policies are covering cyber, 
again, it would do so, but I think that there is certainly the 
possibility of using the TRIA model or incentivizing or 
encouraging the market for cyber by explicitly including it in 
TRIA in some way because I think it is also a little unclear in 
terms of the damages that are being incurred in a cyber attack 
and whether that would meet triggers, whether that would meet 
deductibles and the like. And that is, I think, a real issue.
    Senator Reed. Well, thank you all, gentlemen, for your 
testimony. I appreciate it very much.
    Thank you, Mr. Chairman.
    Chairman Crapo. Thank you, Senator Reed.
    And that concludes the questioning for today's hearing.
    For Senators who wish to submit questions for the record, 
those questions are due by Tuesday, June 25th.
    To our witnesses, I suspect you may get a fair number of 
those because, as you can see, there were a number of other 
hearings and other interruptions today that caused us to not 
even be able to get a quorum for our Executive Session. So I 
think a lot of the Senators are probably going to submit some 
questions to you. We ask that as you receive those questions 
that you respond as promptly as you can.
    Again, we want to thank you for your expertise and for 
sharing your wisdom as well as your research with us today, and 
this hearing is adjourned.
    [Whereupon, at 11:33 a.m., the hearing was adjourned.]
    [Prepared statements, responses to written questions, and 
additional material supplied for the record follow:]
               PREPARED STATEMENT OF CHAIRMAN MIKE CRAPO
    Today, we are joined by three witnesses who have evaluated and 
written extensively on the Terrorism Risk Insurance Program, including 
Mr. Tarique Nageer, Terrorism Placement and Advisory Leader with Marsh; 
Dr. Howard Kunreuther, Co-Director of the Wharton Risk Management and 
Decision Processes Center; and Mr. Baird Webel, Specialist in Financial 
Economics with the Congressional Research Service.
    The terrorist attacks on September 11, 2001, devastated U.S. 
citizens, households and businesses.
    In the wake of those attacks, Congress passed and the President 
signed into law the Terrorism Risk Insurance Act of 2002 to establish 
the Terrorism Risk Insurance Program, or TRIP, and to stabilize the 
market for terrorism risk insurance.
    Since then, Congress has reauthorized the Program three different 
times in 2005, 2007, and 2015.
    My goal in each reauthorization was to build on existing data to 
find ways for the private insurance industry to absorb and cover the 
losses for all but the largest acts of terror, ones in which the 
Federal Government would likely be forced to step in were the program 
not there.
    Congress made several improvements to the Program during the 2015 
reauthorization. It increased the program trigger from $100 million to 
$200 million in increments of $20 million each year; increased the 
level below which insurers are subject to mandatory recoupment $2 
billion each year to what is now a floating amount based on insurers' 
deductibles; and decreased the coinsurance rate from 85 percent to 80 
percent in 1 percent increments each year.
    That bill garnered overwhelming bipartisan support in the Senate 
with a vote of 93 to 4.
    The Program is once again set to expire on December 31, 2020.
    Well ahead of that expiration date, the Banking Committee has 
already started meeting with key stakeholders and is exploring whether 
there are additional balanced reforms to improve the Program and reduce 
taxpayer exposure without having a material negative effect on the cost 
and take-up rates for terrorism coverage.
    In 2018, the Treasury Department issued a report on the Program's 
effectiveness, which also discussed key developments in the marketplace 
for terrorism risk insurance.
    In addition to Treasury concluding in the report that ``The Program 
has accomplished its principle goals identified in TRIA,'' Treasury 
also observed that ``Private reinsurance of terrorism risk has 
significantly increased under the Program, and there is now increased 
private reinsurance capacity for the exposures that remain wholly with 
the private market under TRIP.''
    Each of today's witnesses has written extensively on the Program's 
effectiveness, structure and market developments.
    In 2018, Dr. Kunreuther co-authored a report on the Program, which 
found that ``Overall, TRIA has worked well. It has stabilized a very 
disrupted market in the aftermath of 2001, making terrorism insurance 
widely available and affordable. Take-up rates among enterprises small 
and large are rather high and premiums a few percentage points of what 
firms pay for their property insurance, even though cost and take-up 
rates vary widely by size, industry, geography, and line of business.''
    In its 2019 Terrorism Risk Insurance Report, Marsh discussed take-
up rates, as well as cost, geographic and corporate trends in terrorism 
risk insurance in the United States, as well as globally.
    Marsh emphasized in the report that `` . . . the Federal backstop 
created by TRIA and reauthorized as TRIPRA--along with similar public-
private mechanisms that exist in other countries--remains crucial to 
the continued stability and health of the property terrorism insurance 
market.''
    Finally, the Congressional Research Service has published numerous 
reports, including one as recently as April 2019, providing a 
comprehensive overview of the Program, its history, statutory changes 
in past reauthorizations and key considerations for this Congress.
    During this hearing, I look forward to hearing more about: specific 
considerations in evaluating the Program's effectiveness; how the 
Program has evolved over time; how the marketplace has responded to 
changes to the Program made by Congress in previous reauthorizations; 
what additional room exists to further reduce taxpayer exposure; and 
how different market participants may react to changes in different 
Program levers.
    Thank you all for joining us today to share your perspectives and 
research.
                                 ______
                                 
              PREPARED STATEMENT OF SENATOR SHERROD BROWN
    Thank you Senator Crapo for holding the Committee's first hearing 
on the reauthorization of the Terrorism Risk Insurance Program. While 
the Program expires at the end of next year, after the lapse at the end 
of 2014 we all understand that we need to start early to make sure that 
does not happen again.
    The Terrorism Risk Insurance Program is critical to keeping our 
economy healthy. TRIA isn't just a program that helps in the event of a 
terrorist attack. Many businesses rely on this insurance in order to 
get access to credit, even in healthy economic times. Without 
Government assistance, the insurance market would be unable to provide 
affordable insurance to these businesses, including small businesses, 
across the country.
    While TRIA was initially designed to be temporary after 9-11, 
Republicans and Democrats have agreed several times since then that 
there is value in keeping it. People may hear the word ``terrorism'' 
and think this doesn't apply to their community, that only businesses 
in places like New York and Washington or big national landmarks would 
need to worry about insuring against terrorism.
    But unfortunately, terrorism isn't confined to big cities and the 
groups perpetrating it don't only come from abroad. Ohio communities 
that have faced threats from white supremacists groups know all too 
well that this is a risk we all have to contend with.
    That's why I'm glad we've been able to work on it in a bipartisan 
way. We all agree there are some issues that the free market just can't 
solve on its own. This is one of them, and it's an example of the kind 
of successful Government intervention that is only possible when we 
come together as a country.
    There are some in Congress who would prefer the United States not 
make these kinds of guarantees--whether it's for workers' pensions and 
Social Security, for mortgages and affordable housing, for healthcare 
and food for low-income families, or for protections against economic 
destruction after terrorist attacks. Some politicians just aren't 
interested in coming together on behalf of Americans that live in 
Mansfield or Cleveland or Chillicothe in Ohio, or in Boise or Idaho 
Falls from the Chairman's State.
    I disagree, and I think the Terrorism Risk Insurance Program is 
emblematic of our ability to use Government to make the economy work 
better for everybody, especially during the most difficult of times. As 
we look at other issues on this Committee, I hope we will remember the 
success of this program, and our capacity to use Government to solve 
tough problems when we work together.
    In the last bipartisan authorization of the Program, we worked to 
strike a balance, which seems to work well. By increasing the program 
trigger to $200 million and gradually reducing the Government's share 
in the losses, we've made the program efficient without decreasing 
access to coverage. We have an opportunity to make the program even 
stronger by creating certainty in the marketplace through a long-term 
extension of the program. I hope we can work together to do that.
    I look forward to hearing the witnesses' testimony today.
    Thank you, Mr. Chairman.
    
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
   
    
     
RESPONSES TO WRITTEN QUESTIONS OF SENATOR MENENDEZ FROM TARIQUE 
                             NAGEER

Q.1. TRIA reauthorization is particularly important to my home 
State of New Jersey, where there is a high population density, 
important cultural centers and landmarks, and major 
infrastructure, including ports, rail, and highways.
    What are the consequences of letting TRIA expire for high 
target States like New Jersey?

A.1. If TRIA is allowed to expire or is substantially changed, 
and the mandatory make-available provision is removed, insurers 
would not be obliged to offer terrorism coverage. Additionally, 
the TRIA premium charged by insurers without the backstop in 
place is likely to be considerably higher. The United States is 
the world's largest buyer of terrorism insurance, and U.S.-
based organizations continue to purchase coverage at a high 
rate. In 2018, the take-up rate for TRIPRA coverage embedded in 
U.S. property policies was 62 percent (see Figure 4). Take-up 
rates have remained close to 60 percent over the last several 
years.
    Potentially, property reinsurance capacity and competition 
could positively influence the supply of terrorism capacity; 
however, available coverage and limits would not be as readily 
available in certain cities. In particular, this may impact 
companies that have substantial property exposures in central 
business districts and where reinsurance capacity would be 
diminished and insufficient to meet insurers' demands.
    Additionally, some industries are susceptible to certain 
insurance requirements, such as mortgage lender requirements 
with real estate companies. Within TRIA's current structure, 
the limits available for terrorism insurance are typically 
sufficient for real estate companies to meet their risk 
transfer and lender requirement needs. A change in the Act's 
structure could potentially cause a gap in demand and 
availability. This susceptibility is not limited to ``central 
business districts'' or major cities.
    The main alternative for a property terrorism risk transfer 
mechanism if TRIA is not reauthorized would be the standalone 
terrorism insurance market. As standalone capacity is finite, 
the cost of this capacity likely would be considerably higher 
in areas or cities where demand is high, such as major 
metropolitan areas, central business districts, iconic 
buildings, ports/airports and even ``soft targets'' such as 
shopping malls.
    This market dynamic varies considerably by location. In 
certain high-risk cities--such as New York, San Francisco, 
Chicago, Houston, Atlanta or Washington, D.C.--the cost of 
standalone terrorism insurance capacity can be multiples of the 
current pricing for TRIA embedded as part of property programs.
    Organizations that employ captives also are likely to be 
affected in the event TRIA is allowed to expire or is 
significantly changed. Captives are widely used to supplement 
what is available in the commercial market, and, in some cases 
captive insurers are the only available option for certain 
layers and/or perils. This is most common in areas of higher 
perceived risk, such as for property or employee-related 
coverages in major cities. Generally speaking, since captives 
are best suited to primary operating layers, or as a mechanism 
for accessing risk transfer solutions, it is very likely that, 
absent TRIA, captive utilization for terrorism coverage would 
change significantly.
    In addition to property insurance, other coverage lines 
likely will be impacted if TRIA expires or is significantly 
changed, particularly workers' compensation insurance, as 
workers' compensation insurers are not permitted to exclude 
terrorism from their policies. Insurers are concerned about 
potential aggregation of risk, which may impact the 
availability of workers' compensation insurance should TRIA 
materially change or expire. Where these insurers are also 
offering other lines of insurance, such as property, the 
combined aggregate exposure likely will further limit their 
ability or willingness to offer substantial property limits.
    Likely impacts that the absence of or a serious 
modification of TRIA could have on the workers' compensation 
market are in the areas of pricing and capacity. It is expected 
that the reinsurance market would likely increase pricing 
because of the increased potential exposure. This would, in 
turn, have a trickle-down effect on the primary workers' 
compensation marketplace. Further, the ability of insurers to 
use reinsurance capacity to manage their maximum tolerable 
losses could prove more difficult, especially for the terrorism 
perils of NBCR events. This could significantly alter carriers' 
risk appetites and their willingness to offer coverage to 
employers with large employee accumulations.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


Q.2. What are consequences of letting TRIA expire for 
communities around the country that are home to critical 
infrastructure such as rail lines, power plants, highways, 
airports, or pipelines? If these investments become more 
costly, doesn't that have a nationally adverse impact?

A.2. There is insufficient standalone terrorism capacity to 
cost effectively replace TRIA. This will result in increased 
terrorism insurance costs and insurance market dislocation for 
risks in the commercial real estate sector. This could result 
in negative economic impact for industries affected by this 
dislocation.
    The main alternative for a property terrorism risk transfer 
mechanism if TRIA is not reauthorized would be the standalone 
terrorism insurance market. Since standalone capacity is 
finite, the cost of this capacity likely would be considerably 
higher in areas or cities where demand is high, such as major 
metropolitan areas, central business districts, iconic 
buildings, ports/airports for example.
    The percentage of companies that purchased terrorism 
insurance--and the amount they spent on terrorism insurance as 
a portion of their overall premiums--varied significantly by 
industry in 2018. Education institutions, media organizations, 
financial institutions, and real estate companies were the most 
frequent buyers while transportation and hospitality and gaming 
companies spent the most on terrorism as a percentage of their 
total premium spend due to their perceived vulnerability (see 
Figure 5).

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Global dedicated reinsurance capital is estimated to be 
$440 billion; dedicated reinsurance capital in North America is 
estimated to be between $120 billion and $140 billion. 
Reinsurance capacity for terrorism, however, is dependent on a 
reinsurer's preference, appetite, expertise and aggregate 
constraints.
    It is not unforeseeable that changes to the backstop could 
result in a withdrawal of smaller carriers away from the 
terrorism segment, while larger carriers may or may not 
continue to write--and absorb more--risk throughout the cycle 
of market dislocation. This would have an impact on the 
marketplace with fewer options available for small businesses, 
potentially higher insurance expenses and less available for 
growth and investments.
                                ------                                


 RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARREN FROM TARIQUE 
                             NAGEER

Q.1. Certain mass shootings, such as those that occurred in Las 
Vegas, NV, Sutherland Springs, TX, and Newtown, CT, have not 
been certified by the Treasury Secretary as acts of terrorism. 
Therefore, these incidents have not been regarded as qualifying 
events for terrorism risk insurance, in part, because those 
attacks did not meet current law's requirement of being ``part 
of an effort to coerce the civilian population of the United 
States or to influence the policy or affect the conduct of the 
United States Government by coercion.'' Given the high 
frequency of mass shootings in the United States, is there a 
public policy interest in certifying certain mass shootings 
committed by individuals as qualifying events for terrorism 
risk insurance purposes, even if they are not demonstrably 
intended to coerce Americans or influence U.S. Government 
policy? Please explain why or why not.

A.1. Unfortunately, mass shootings are an important topic and, 
as such, there are policy initiatives underway to address them. 
The private insurance market has developed forms of coverage to
respond to active assailant threats--helping organizations and 
individuals victimized by such attacks to recover and mitigate 
their future risk. This insurance, active assailant coverage, 
complements the general liability and property coverage that 
most businesses already purchase, offering another layer of 
protection against the threat of assailants. Various active 
assailant insurance products available via commercial insurers 
typically offer affirmative coverage that is triggered by 
premediated malicious physical attacks by active assailants who 
are physically present and armed. These policies can typically 
offer:

  A.  Property damage, business interruption, and extra expense 
        coverage;

  B.  Legal liability coverage;

  C.  Nonphysical damage coverage;

  D.  Loss of revenue and denial of access coverage;

  E.  Reimbursement for costs for public relations consulting, 
        crisis management, medical services, counseling and/or 
        psychiatric care, hiring of additional staff and added 
        security.

Beyond purchasing insurance coverage, it's vital that 
businesses carefully consider their potential risk and actively 
engage in
prevention and response preparedness activities to help reduce 
the
potential loss of life, injuries, and damage to their and 
others'
property. The Department of Homeland Security offers various 
active shooter preparation guidance on its website: https://
www.dhs.gov/cisa/active-shooter-preparedness.
    Please see Addendum 1 for additional information on 
dedicated coverage for active assailant events.

Q.2. According to Congressional Research Service (CRS) 
specialist Baird Webel's written testimony, the current 
terrorism risk insurance program ``protect[s] consumers--by 
requiring insurers that offer [Terrorism Risk Insurance Act]-
covered lines of insurance to make terrorism insurance 
available prospectively to their commercial policyholders.'' 
Are there other actions that Congress or Federal agencies could 
take that would enhance protections for consumers in the 
terrorism risk insurance market?

A.2. Terrorism insurance pools should continue to evolve their 
scope and scale to provide the requisite response and stability 
for companies to operate securely.
    Certain market segments are required to provide coverage 
(e.g., workers' compensation, unlimited, and for all terror 
perils) versus having greater flexibility (e.g., property 
terrorism, particularly nuclear, biological, chemical and 
radiological terrorism coverage, where it can be excluded if 
the insured does not elect to purchase the coverage).
    It would be beneficial to investigate requiring elements of 
nuclear, biological, chemical and radiological terrorism 
coverage that would allow the Federal Government to reduce its 
exposure to uninsured losses resulting from a NBCR loss 
scenario and further develop the private market appetite.
    Any actions should be reviewed with due consideration to 
avoid insurers pulling out of specific coverage lines, which 
would thus have a negative effect on policyholders due to 
reduced availability.

Q.3. According to CRS specialist Baird Webel's written 
testimony, ``Federal law does not limit what insurers can 
charge for terrorism risk insurance, although State regulators 
typically have the authority under State law to modify 
excessive, inadequate, or unfairly discriminatory rates.'' 
While one of the original goals of the Terrorism Risk Insurance 
Program is to preserve State regulation of insurance, is there 
a public policy interest in developing a Federal limit on what 
insurers can charge for terrorism risk insurance, or is the 
current State-centric framework sufficient to prevent abusive 
practices in the market?

A.3. In the current marketplace, terrorism price competition 
among insurers is driven in part by modeling the exposure and 
reviewing correlated risks across multiple terrorism exposed 
lines of business (e.g., those insuring both property and 
workers' compensation for the same risk(s)).
    Insurers measure their accumulations of risk and price 
their business based on the physical address level of data and 
differentiates those insured(s) with different risk profiles 
within each covered line of business.
    The action to minimize the negative market impact arising 
from the uncertainty around TRIA's future and serve the 
marketplace well would be to provide clear guidance on how a 
reauthorization might look, as soon as possible. Subject 
policies with effective dates on (and after) January 1, 2020, 
that are issued with annual terms, are creating a potential 
(and unknown) increased net exposure to insurers post the 
scheduled December 31, 2020, expiration of TRIA.
    The uncertainty with TRIA will cause insurance carriers to 
consider issuing unilateral policy endorsement provisions that 
will allow them to increase the price for terrorism coverage 
mid-term once it is known how TRIA will look going forward 
(either materially changed or nonrenewed) post its expiration. 
This effectively pushes the uncertainty in the market to the 
commercial insurance buyers and employers of all sizes. 
Further, it leaves open for interpretation the definition of 
``materially changed'' and eliminates the ability for the 
insurance buyer to maintain coverage and cost certainty.

Q.4. On December 27, 2016, the Treasury Department issued 
``guidance regarding how insurance recently classified as 
`Cyber Liability' for purposes of reporting premiums and losses 
to State insurance regulators will be treated under TRIA and 
Treasury's regulations for the Program (Program regulations).'' 
That guidance ``confirms that stand-alone cyber insurance 
policies reported under the `Cyber Liability' line are included 
in the definition of `property and casualty insurance' under 
TRIA and are thus subject to the disclosure requirements and 
other requirements in TRIA and the Program regulations[.] 
Furthermore, that guidance noted, ``Cyber risk insurance 
remains an evolving insurance market, both in terms of product 
development and regulatory oversight.'' Similarly, cyberspace 
remains a consistently evolving threat environment. At this 
time, would you recommend any updates to the Treasury 
Department's guidance on cyber insurance policies? Please 
explain why or why not.

A.4. TRIA serves an essential role to the insurance market by 
injecting stability into several terrorism-related lines of 
insurance. With regard to cybersecurity, terrorism remains a 
present and growing threat vector. That risk is typically 
covered under cyber insurance policies, but may also impact 
other lines of coverage, including property or workers' 
compensation.
    One hurdle for using TRIA to address acts of cyberterrorism 
could be the challenge of attribution. ``Attribution of attacks 
can be difficult. This is usually dependent on technical means 
of attribution. In malicious cyber actions, spoofing or 
obfuscation of an identity most often occurs. It is not easy to 
know who conducts malicious cyber activity.''\1\
---------------------------------------------------------------------------
    \1\ ``Strategies for Resolving the Cyber Attribution Challenge,'' 
U.S. Air Force Research Institute (accessed at https://
media.defense.gov/2017/May/11/2001745613/-1/-1/0/CPP_0001_yanna
kogeorgos_cyber_ttribution_challenge.pdf).
---------------------------------------------------------------------------
    Congress should consider whether the Secretary of the 
Treasury can declare a certified act of terrorism without 
certain attribution. Potentially, the Secretary could have the 
flexibility to certify an act of terrorism based on factors 
such as the objective of the attack and the impact of the 
attack.
    Guidance on the Secretary's flexibility could potential be 
addressed in the report language that accompanies the passage 
of a reauthorization of TRIPRA.

                               Addendum 1

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                                ------                                


 RESPONSES TO WRITTEN QUESTIONS OF SENATOR JONES FROM TARIQUE 
                             NAGEER

Q.1. Cyber attacks are gaining traction as a preferred method 
to terrorize individuals and organizations. In 2016, the 
Treasury Department issued guidance that clarified 
cyberterrorism is included in TRIA.

    Some believe that Russia interference in the 2016 
        Presidential election by manipulating voters with fake 
        social media accounts is considered cyberterrorism. 
        This type of cyber-
        terrorism has immeasurable consequences and affects 
        Americans that would not even participate in TRIA.

    Additionally, the Port of Mobile keeps track of 
        containers that are to be shipped across the country. 
        The Port of Mobile is an important part of Alabama's 
        economy. If an organization decided to pressure Alabama 
        into particular policy positions by attacking their 
        computer system it would have dramatic effects on 
        business owners dependent on the Port to ship their 
        merchandise.

    What cyberterrorism looks like and the effects on 
        people is very different from physical terrorist 
        attacks. How should TRIA adapt to the growing 
        prevalence of cyber attacks that gives private 
        insurance a backstop but also provides policy holders 
        with protection?

A.1. In 2016, the U.S. Department of the Treasury responded to 
the growing risk of cyberterrorism by clarifying that losses 
incurred under cyber insurance policies would be eligible under 
TRIA.
Accordingly, TRIA may already serve as a backstop for cyber 
insurance carriers in the event of a certified act of 
cyberterrorism. Moreover, acts of terrorism, including acts of 
cyberterrorism, may not qualify for TRIA because the impacts of 
those attacks fail to meet the statutory loss thresholds.
    At this time, there is no basis to believe that TRIA should 
be altered to provide further support to the cyber insurance 
industry, or to support other covered lines of insurance for 
cyber perils. However, Congress may consider how systemic risks 
may arise from cyber attacks that do not qualify as acts of 
cyberterrorism, and how well the Nation is prepared to respond 
to such systemic attacks.

Q.2. Often TRIA is discussed with large cities in mind, but 
many smaller communities can be targets of terrorist 
activities. This is shown with the Charleston, South Carolina, 
church shooting when a white supremacist murdered nine people. 
Small communities like this are likely to receive insurance 
from local agents.

    Also, Alabama is home to two extremely popular 
        football teams, University of Alabama and Auburn 
        University. The Iron Bowl is an annual game between 
        Alabama and Auburn and draws large crowds from each 
        school. This could easily be a target for terrorist 
        organizations.

    How would reforms to TRIA affect smaller 
        communities, particularly their premiums and the extent 
        of their coverage?

A.2. A change in the $200m industry loss may have an outsized 
impact on small carriers if:

  A.  A loss occurs in a region/facility with few other insured 
        structures or employees in close proximity;

  B.  The carrier in question is liable for the majority 
        insured loss, i.e., this is not a subscription risk and 
        is placed almost entirely with one market;

  C.  In a year with a ``swarm'' of small attacks, the insurer 
        in question takes a loss from one or two small-to-
        moderate size losses, but the total damage to the U.S. 
        property/casualty industry is not significant and fails 
        to qualify for certification.

Small carriers could surmount this challenge by managing 
deployed limits and diversifying their footprints away from 
regions/locations of peak exposures. This could come at the 
cost of competitiveness or availability of capacity for 
policyholders and have a negative short-term impact on the 
carrier.
    One way to mitigate the impact of these changes would be to 
phase in the aggregate increase over a defined period of time, 
e.g., $25m increase per year for a decade. This would allow for 
more manageable budgeting and business planning, and mitigate 
market disruption.
    Changing the company deductible, however, would likely have 
an even more pronounced impact, especially on the small 
insurers. For example, if the company deductible were to 
increase by 10 points to 30 percent, a majority of small-to-
medium sized carriers who rely more on TRIA's existence, and 
whose program deductible represents the largest percentage of 
policyholder surplus, will have to re-strategize regarding the 
company's:

  A.  Defined per occurrence risk tolerance;

  B.  Reinsurance buying strategy;

  C.  Aggregate amount of limit deployed in the marketplace;

  D.  Pricing for terrorism risk;

  E.  Ratings agency scrutiny.

    Ratings agency scrutiny is particularly important for small 
and mutual carriers. Carriers must submit annual assessments of 
their net-of-TRIPRA and reinsurance accumulations. An increase 
in the deductible mid-term could potentially lead to a gap in 
terrorism reinsurance coverage, and consequently, could lead to 
a failed stress test. If this were to occur, it may damage the 
firm's financial strength rating, and impede its ability to 
secure new business.
    In 2017, nearly 800 U.S.-based carriers wrote $215 billion 
in TRIPRA-eligible premium, with a combined policyholder 
surplus (PHS) of $733 billion.
    Considering the current 20 percent deductible requirement 
and PHS as a filter, Guy Carpenter's analysis concludes that 
small- to mid-size insurers could be substantially more 
vulnerable to the annual increases in the TRIPRA industry 
trigger and their overall net retentions as a percentage of PHS 
(see Table 1).

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Insurers with $1 billion in surplus and relatively larger 
TRIPRA deductibles (over $200 million) tend to manage their 
conventional terrorism exposures and accumulations rather than 
be dependent on TRIPRA recoveries.
    Insurers with less than $500 million in surplus and 
relatively more exposure to terrorism losses are more likely to 
fall under the widening ``TRIPRA coverage gap'' that exposes 
them to a loss scenario where TRIPRA may not be industry 
triggered, leaving private reinsurance as their only source of 
surplus protection.
    It is not unforeseeable that changes to the backstop could 
result in a withdrawal of smaller carriers away from the 
terrorism segment, while larger carriers may or may not 
continue to write--and absorb more--risk throughout the cycle 
of market dislocation. This would have an impact on the 
marketplace with fewer options available for small businesses, 
potentially higher insurance expenses and less capital 
available for growth and investments.
    If changes are considered, we would recommend gradually 
phasing in any increases in the deductible over a planned time 
horizon. This would mitigate short-term market disruptions and 
allow smaller companies time to adequately capitalize 
themselves to take on an increased share within the private 
market.
                                ------                                


 RESPONSES TO WRITTEN QUESTIONS OF SENATOR SINEMA FROM TARIQUE 
                             NAGEER

Q.1. What types of uncertainty will the insurance market and 
insured entities experience if Congress waits too long to 
consider reauthorization of the Terrorism Risk Insurance Act 
(TRIA)? How will that timing affect entities seeking coverage 
or renewal of coverage?

A.1. The uncertainty around the future of the Terrorism Risk 
Insurance Program Reauthorization Act (TRIPRA)--scheduled to 
expire on December 31, 2020--can significantly affect the 
property/casualty insurance industry.
    If TRIPRA is not renewed by Congress, the property 
insurance industry will be left with no Federal backstop for 
losses from certified acts of terrorism. As policies with 
effective dates after December 31, 2019, may extend beyond the 
expiration date of the legislation, insurers must determine in 
advance how to deal with their terrorism exposures as of that 
date.
    Property insurers may either accept the terrorism liability 
on all in-force policies on a fully net basis or place sunset 
clauses on policies written after December 31, 2020. Such a 
clause would cancel the terrorism coverage effective December 
31, 2020, if legislation extending TRIPRA is not passed by 
Congress and signed by the President.
    In addition to property insurance, other coverage lines 
likely will be impacted if TRIA expires or is significantly 
changed, particularly workers' compensation insurance, as 
workers' compensation insurers are not permitted to exclude 
terrorism from their policies. Insurers are concerned about 
potential aggregation of risk, which may impact the 
availability of workers' compensation insurance should TRIA 
materially change or expire. Where these insurers are also 
offering other lines of insurance, such as property, the 
combined aggregate exposure likely will further limit their 
ability or willingness to offer substantial property limits.
    Likely impacts that the absence of or a serious 
modification of TRIA could have on the workers' compensation 
market are in the areas of pricing and capacity. It is expected 
that the reinsurance market would likely increase pricing 
because of the increased potential exposure. This would, in 
turn, have a trickle-down effect on the primary workers' 
compensation marketplace. Further, the ability of insurers to 
use reinsurance capacity to manage their maximum tolerable 
losses could prove more difficult, especially for the terrorism 
perils of NBCR events. This could significantly alter carriers' 
risk appetites and their willingness to offer coverage to 
employers with large employee accumulations.

Q.2. Should a lapse in terrorism coverage provided by TRIA 
occur, what effects do you foresee on the availability and 
pricing of said coverage?

A.2. If Congress does not extend or renew TRIPRA, the market 
dynamics for terrorism insurance will be further disrupted and 
may result in increased pricing as capacity shrinks.
    In the absence of a federally mandated offer of TRIA 
terrorism coverage, there remains the strong likelihood that 
insurance and capital markets will choose not to offer 
terrorism coverage--using the premise that there is a higher 
certainty of returns elsewhere.
    TRIA's expiration or substantial modification at extension 
will
almost certainly affect embedded TRIA coverage, standalone 
terrorism pricing/demand for capacity and TRIA captive 
programs. Terrorism insurance capacity may be difficult to 
acquire at reasonable cost for insureds with significant 
exposures in a central business district of a major (Tier 1) 
city, or if the properties are
perceived as potential targets for terrorism attacks, and/or 
where there have been instances of foiled plots.
    The main alternative for a property terrorism risk transfer 
mechanism if TRIA is not reauthorized would be the standalone 
terrorism insurance market. As standalone capacity is finite, 
the cost of this capacity likely would be considerably higher 
in areas or cities where demand is high, such as major 
metropolitan areas,
central business districts, iconic buildings, ports/airports, 
and even ``soft targets'' such as shopping malls.
    This market dynamic varies considerably by location. In 
certain high-risk cities--such as New York, San Francisco, 
Chicago, Houston, Atlanta or Washington, D.C.--the cost of 
standalone terrorism insurance capacity can be multiples of the 
current pricing for TRIA embedded as part of property programs.
    Organizations that employ captives also are likely to be 
affected in the event TRIA is allowed to expire or is 
significantly changed. Captives are widely used to supplement 
what is available in the commercial market, and, in some cases 
captive insurers are the only available option for certain 
layers and/or perils. This is most common in areas of higher 
perceived risk, such as for property or employee-related 
coverages in major cities. Generally speaking, since captives 
are best suited to primary operating layers, or as a mechanism 
for accessing risk transfer solutions, it is very likely that, 
absent TRIA, captive utilization for terrorism coverage would 
change significantly.

Q.3. In December 2016, the Department of the Treasury issued 
guidance which clarified that losses from cyber-terrorist 
attacks were to be treated the same as commercial property and 
casualty losses. Do you think this guidance sufficiently covers 
all forms of cyber attacks?

A.3. The December 2016 guidance from the U.S. Department of the 
Treasury addressed a unique issue related to TRIA's coverage of 
cyber perils.
    A core insuring agreement for cyber insurance is data asset 
restoration. When malware encrypts, corrupts or destroys data, 
a cyber insurance policy can reimburse the cost to restore or 
recreate that data. This coverage may also include 
reimbursement for the cost of replacing servers, devices or 
other components that have been corrupted beyond repair, often 
referred to as ``bricking.'' In addition to this coverage being 
available in the cyber insurance market, some property carriers 
may also offer this coverage. Other carriers, however, may 
exclude this coverage because the loss does not result from a 
physical event, such as fire or explosion.
    Prior to December 2016, Treasury was silent on whether 
cyber insurance should be included or excluded from TRIA. As a 
result, if a quickly replicating, data destroying malware 
created a widespread data corruption event and corresponding 
loss of revenue from business interruption, such as NotPetya, 
TRIA may have responded differently to losses under property 
insurance policies and cyber insurance policies, even though 
they responded to the same losses from the same peril.
    Accordingly, Treasury's guidance clarified that losses from 
cyber-terrorist attacks that were subject to the coverage of 
cyber insurance policies were to be treated the same as 
commercial property and casualty losses.

Q.4. How do insurers effectively measure and quantify loss from 
cyber attacks?

A.4. One of Marsh's services as a trusted cyber-risk adviser is 
to help quantify the potential impact of a cyber attack and to 
help clients establish controls for ongoing assessment of cyber 
risk. In some instances, such as data breaches, this can be 
based on modeling from prior claims activity. In other 
instances, such as losses from loss of revenues and extra 
expense from malware events, the lack of claims history may 
require alternative means of quantification that involves 
assessment of clients' cyber assets, review of the client's 
process and procedures for protecting assets and proposing 
scenarios that could lead to large loss. With collaborative 
engagements by Marsh brokers and consultants, Marsh offers 
clients the opportunity to dispel the uncertainty of their 
cyber exposures and devote adequate resources with optimal 
results.
                                ------                                


RESPONSES TO WRITTEN QUESTIONS OF SENATOR MENENDEZ FROM HOWARD 
                           KUNREUTHER

Q.1. TRIA reauthorization is particularly important to my home 
State of New Jersey, where there is a high population density, 
important cultural centers and landmarks, and major 
infrastructure, including ports, rail, and highways.
    What are the consequences of letting TRIA expire for high 
target States like New Jersey?

A.1. The consequences of letting TRIA expire for high target 
States like New Jersey could be highly significant because many 
private insurers will likely refuse to offer coverage against 
terrorism losses to commercial firms because of a concern with 
the consequences of a catastrophic loss to their operations. 
Those insurers considering offering coverage will very likely 
charge much higher premiums than if they are protected by TRIA. 
The likelihood of a cyber-terrorist attack and its consequences 
are highly ambiguous so they will focus on worst case scenarios 
in specifying the price of terrorism coverage.

Q.2. What are consequences of letting TRIA expire for 
communities around the country that are home to critical 
infrastructure such as rail lines, power plants, highways, 
airports, or pipelines? If these investments become more 
costly, doesn't that have a nationally adverse impact?

A.2. If TRIA expires and critical infrastructure is uninsured 
and suffers a severe loss from a terrorist attack, this would 
have a
nationally adverse impact. The President might issue a disaster 
declaration so that Federal assistance could be provided. 
Including infrastructure losses as part of TRIA could encourage 
investments now in mitigating future losses through long-term 
loans and premium reductions, as noted in my testimony.
                                ------                                


 RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARREN FROM HOWARD 
                           KUNREUTHER

Q.1. Certain mass shootings, such as those that occurred in Las 
Vegas, NV, Sutherland Springs, TX, and Newtown, CT, have not 
been certified by the Treasury Secretary as acts of terrorism. 
Therefore, these incidents have not been regarded as qualifying 
events for terrorism risk insurance, in part, because those 
attacks did not meet current law's requirement of being ``part 
of an effort to coerce the civilian population of the United 
States or to influence the policy or affect the conduct of the 
United States Government by coercion.'' Given the high 
frequency of mass shootings in the United States, is there a 
public policy interest in certifying certain mass shootings 
committed by individuals as qualifying events for terrorism 
risk insurance purposes, even if they are not demonstrably 
intended to coerce Americans or influence U.S. Government 
policy? Please explain why or why not.

A.1. To address this important issue, the Department of the 
Treasury needs to interact with private insurers to determine 
whether insurers now provide protection against mass shootings 
that may not be caused by terrorists. If there is sufficient 
private insurance coverage then it may not be necessary to 
include these events under TRIA. If there is limited coverage 
against mass shootings, then it will be important to determine 
who pays for the losses from these events and whether a case 
can be made to consider including these events under TRIA when 
it is considered for renewal in 2020.

Q.2. According to Congressional Research Service (CRS) 
specialist Baird Webel's written testimony, the current 
terrorism risk insurance program ``protect[s] consumers--by 
requiring insurers that offer [Terrorism Risk Insurance Act]-
covered lines of insurance to make terrorism insurance 
available prospectively to their commercial policyholders.'' 
Are there other actions that Congress or Federal agencies could 
take that would enhance protections for consumers in the 
terrorism risk insurance market?

A.2. No response provided.

Q.3. According to CRS specialist Baird Webel's written 
testimony, ``Federal law does not limit what insurers can 
charge for terrorism risk insurance, although State regulators 
typically have the authority under State law to modify 
excessive, inadequate, or unfairly discriminatory rates.'' 
While one of the original goals of the Terrorism Risk Insurance 
Program is to preserve State regulation of insurance, is there 
a public policy interest in developing a Federal limit on what 
insurers can charge for terrorism risk insurance, or is the 
current State-centric framework sufficient to prevent abusive 
practices in the market?

A.3. I feel that insurers should be able to charge premiums 
that reflect their risks, so State regulators should not 
restrict the premiums insurers can charge. It will be important 
for State regulators to make sure that the premiums are high 
enough so that the insurers has a low chance of insolvency if 
it suffers a catastrophic loss. One of the important reasons 
for renewing TRIA is to provide a Federal backstop if insurers' 
total losses exceed a certain amount. In my testimony I 
indicated that the Wharton Risk Center's study revealed that 
total insured losses from a terrorist attack would have to 
exceed $60 billion before the Federal Government would be 
responsible for covering any insured losses.

Q.4. On December 27, 2016, the Treasury Department issued 
``guidance regarding how insurance recently classified as 
`Cyber Liability' for purposes of reporting premiums and losses 
to State insurance regulators will be treated under TRIA and 
Treasury's regulations for the Program (Program regulations).'' 
That guidance ``confirms that stand-alone cyber insurance 
policies reported under the `Cyber Liability' line are included 
in the definition of `property and casualty insurance' under 
TRIA and are thus subject to the disclosure requirements and 
other requirements in TRIA and the Program regulations[.] 
Furthermore, that guidance noted, ``Cyber risk insurance 
remains an evolving insurance market, both in terms of product 
development and regulatory oversight.'' Similarly, cyberspace 
remains a consistently evolving threat environment. At this 
time, would you recommend any updates to the Treasury 
Department's guidance on cyber insurance policies? Please 
explain why or why not.

A.4. In my testimony I noted that cyberterrorism is an 
interdependent risk where compromising one computer network can 
cause losses to many others in the interconnected system. The 
existence of such interdependencies provides challenges to 
insurers in determining whether to offer protection against 
this risk in their terrorism coverage and if so what premium to 
charge. For this reason I feel that it is important that the 
Department of the Treasury interact with private insurers to 
determine whether cyberterrorism should be included under the 
TRIA backstop. By including it in TRIA both private insurers 
and the Federal Government would form a private-public 
partnership to deal with a risk where the likelihood of a 
cyber-terrorist attack and its consequences are highly 
ambiguous. With a backstop from the Federal Government if the 
losses from a cyber terrorist were extremely large, insurers 
would feel more comfortable insuring this risk and would 
consider charging a lower premium than if they were fully 
responsible for a catastrophic loss.
                                ------                                


  RESPONSES TO WRITTEN QUESTIONS OF SENATOR JONES FROM HOWARD 
                           KUNREUTHER

Q.1. Cyber attacks are gaining traction as a preferred method 
to terrorize individuals and organizations. In 2016, the 
Treasury Department issued guidance that clarified 
cyberterrorism is included in TRIA.
    Some believe that Russia interference in the 2016 
Presidential election by manipulating voters with fake social 
media accounts is considered cyberterrorism. This type of 
cyberterrorism has immeasurable consequences and effects 
Americans that would not even participate in TRIA.
    Additionally, the Port of Mobile keeps track of containers 
that are to be shipped across the country. The Port of Mobile 
is an important part of Alabama's economy. If an organization 
decided to pressure Alabama into particular policy positions by 
attacking their computer system it would have dramatic effects 
on business owners dependent on the Port to ship their 
merchandise.
    What cyberterrorism looks like and the effects on people is 
very different from physical terrorist attacks. How should TRIA 
adapt to the growing prevalence of cyber attacks that gives 
private insurance a backstop but also provides policy holders 
with protection?

A.1. In my testimony I noted that cyberterrorism is an 
interdependent risk, where compromising one computer network 
can cause losses to many others in the interconnected system. 
The existence of such interdependencies provides challenges to 
insurers in determining whether to offer protection against 
this risk in their terrorism coverage and, if so, what premium 
to charge. For this reason I feel that it is important that the 
Department of the
Treasury interact with private insurers to determine whether 
cyberterrorism should be included under the TRIA backstop. By
including it in TRIA, both private insurers and the Federal 
Government would form a private-public partnership to deal with 
a risk where the likelihood of a cyber-terrorist attack and its 
consequences are highly ambiguous. With a backstop from the 
Federal Government, if the losses from a cyber terrorist were 
extremely large, insurers would feel more comfortable insuring 
this risk and would consider charging a lower premium than if 
they were fully responsible for a catastrophic loss.

Q.2. Often TRIA is discussed with large cities in mind, but 
many smaller communities can be targets of terrorist 
activities. This is shown with the Charleston, South Carolina, 
church shooting when a white supremacist murdered nine people. 
Small communities like this are likely to receive insurance 
from local agents.
    Also, Alabama is home to two extremely popular football 
teams, University of Alabama and Auburn University. The Iron 
Bowl is an annual game between Alabama and Auburn and draws 
large crowds from each school. This could easily be a target 
for terrorist organizations.
    How would reforms to TRIA affect smaller communities, 
particularly their premiums and the extent of their coverage?

A.2. In setting premiums for terrorist coverage, insurers are 
concerned with the size of the program trigger for TRIA. In 
2020 if a terrorist attack creates insured losses less than 
$200 million, then TRIA will not be triggered. In this case 
there will be no Federal backstop. If insurers are concerned 
with having to be responsible for the total losses from mass 
shootings or a terrorist attack in a small community, they are 
likely to charge higher premiums and reduce their coverage. 
Some insurers may decide not to provide protection against mass 
shootings or to firms in smaller communities from losses from a 
terrorist attack. In considering the
renewal of TRIA, consideration should be given to the size of 
the program trigger and whether losses from mass shootings from 
terrorists should be covered by TRIA even if the total insured 
losses were lower than the TRIA program trigger. If losses from 
mass shootings would be covered by TRIA, insurers are likely to 
charge lower premiums and provide more coverage against these 
terrorist-related disasters.
                                ------                                


  RESPONSE TO WRITTEN QUESTION OF SENATOR SINEMA FROM HOWARD 
                           KUNREUTHER

Q.1. In December 2016, the Department of the Treasury issued 
guidance which clarified that losses from cyber-terrorist 
attacks were to be treated the same as commercial property and 
casualty losses. Do you think this guidance sufficiently covers 
all forms of cyber attacks? How do insurers effectively measure 
and quantify loss from cyber attacks?

A.1. In my testimony I noted that cyberterrorism is an 
interdependent risk where compromising one computer network can 
cause losses to many others in the interconnected system. The 
existence of such interdependencies provides challenges to 
insurers in determining whether to offer protection against 
this risk in their terrorism coverage and if so what premium to 
charge. For this
reason I feel that it is important that the Department of the 
Treasury interact with private insurers to determine whether 
cyberterrorism should be included under the TRIA backstop. By 
including it in TRIA both private insurers and the Federal 
Government would form a private-public partnership to deal with 
a risk where the likelihood of a cyber-terrorist attack and its 
consequences are highly ambiguous. With a backstop from the 
Federal Government if the losses from a cyber terrorist were 
extremely large, insurers would feel more comfortable insuring 
this risk and would consider charging a lower premium than if 
they were fully responsible for a catastrophic loss.
                                ------                                


  RESPONSE TO WRITTEN QUESTION OF SENATOR MENENDEZ FROM BAIRD 
                             WEBEL

Q.1. TRIA reauthorization is particularly important to my home 
State of New Jersey, where there is a high population density, 
important cultural centers and landmarks, and major 
infrastructure, including ports, rail, and highways.
    What are the consequences of letting TRIA expire for high 
target States like New Jersey?
    What are consequences of letting TRIA expire for 
communities around the country that are home to critical 
infrastructure such as rail lines, power plants, highways, 
airports, or pipelines? If these investments become more 
costly, doesn't that have a nationally adverse impact?

A.1. TRIA acts to lower the cost of terrorism insurance in two 
primary ways. (1) It directly subsidizes terrorism insurance by 
providing reinsurance coverage for no upfront premiums; and (2) 
it expands the supply of terrorism insurance through the 
requirement that companies offer terrorism insurance to 
commercial policyholders. TRIA expiration would remove both the 
direct subsidy and the extra supply from the market and thus 
would likely raise the cost of terrorism insurance. The impact 
of this would be felt to the greatest extent in high target 
States as insurers would likely seek to reduce their overall 
exposure to such States. In addition, it would be in such 
States that lenders would be most likely to require terrorism 
coverage before providing loans for large commercial real 
estate projects. A similar dynamic would also come into play 
with critical infrastructure, thus raising costs for such 
projects and potentially having a nationally adverse impact as 
critical infrastructure is necessary for the economy 
nationwide. If TRIA were to expire, however, Congress might 
also consider redirecting the resources that are devoted to 
TRIA to some other use that could support critical 
infrastructure.
                                ------                                


  RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARREN FROM BAIRD 
                             WEBEL

Q.1. Certain mass shootings, such as those that occurred in Las 
Vegas, NV, Sutherland Springs, TX, and Newtown, CT, have not 
been certified by the Treasury Secretary as acts of terrorism. 
Therefore, these incidents have not been regarded as qualifying 
events for terrorism risk insurance, in part, because those 
attacks did not meet current law's requirement of being ``part 
of an effort to coerce the civilian population of the United 
States or to influence the policy or affect the conduct of the 
U.S. Government by coercion.'' Given the high frequency of mass 
shootings in the United States, is there a public policy 
interest in certifying certain mass shootings committed by 
individuals as qualifying events for terrorism risk insurance 
purposes, even if they are not demonstrably intended to coerce 
Americans or influence U.S. Government policy? Please explain 
why or why not.

A.1. TRIA requires the following for certification of a 
terrorist attack under the statute. An act must:

  (i)   to be an act of terrorism;

  (ii)  to be a violent act or an act that is dangerous to----

      (I)    human life;

      (II)   property; or

      (III)   infrastructure;

  (iii)  to have resulted in damage within the United States, 
        or outside of the United States in the case of----

      (I)   an air carrier or vessel described in paragraph 
        (5)(B); or

      (II)   the premises of a United States mission; and

  (iv)  to have been committed by an individual or individuals, 
        as part of an effort to coerce the civilian population 
        of the United States or to influence the policy or 
        affect the conduct of the U.S. Government by coercion.

In addition, the statute requires that the act of terrorism 
cause more than $5 million in aggregate property casualty 
insurance losses in order to be certified. Losses incurred for 
in health or life insurance are not covered under TRIA.
    The certification of an event as an act of terrorism under 
TRIA serves a relatively narrow statutory purpose. It solely 
relates to potential sharing of insured losses by the Federal 
Government and is not referenced in other national security or 
judicial statutes. In past experience, particularly following 
the 2013 Boston Marathon bombing, the President in a statement 
identified an attack as an act of terror, but the relatively 
low level of insured property casualty losses meant that, under 
the TRIA criteria, it could not be certified regardless of the 
motives involved. Due to the precise nature of terrorism 
exclusions in insurance policies covering some of the Boston 
businesses who suffered losses due to the bombing, TRIA 
certification in that case would likely have resulted in 
coverage gaps and less payments to insureds.\1\
---------------------------------------------------------------------------
    \1\ See, for example, ``Mass. Regulator on Boston Bombing Claims, 
TRIA Reauthorization Effort,'' Insurance Journal, April 23, 2014, at 
https://www.insurancejournal.com/news/east/2014/04/23/327033.htm; and 
``Insurance Payout May Depend on Whether Boston Bombing Was `Terrorist 
Act,' '' ABC News, at https://abcnews.go.com/Business/boston-firms-
wait-terrorism-certification-insurance-payout/story?id=19043385.
---------------------------------------------------------------------------
    Many mass shooting events may fall into a similar category 
as the Marathon bombing. While they may inflict a tragic toll 
on the life and health of those involved, mass shootings may 
not cause losses in commercial property casualty insurance 
sufficient to meet the TRIA criteria for certification. In such 
cases, only addressing the TRIA criteria with regard to motives 
may have relatively little effect on potential certification of 
mass shootings as terrorist events under TRIA. In addition, 
certification is only the first threshold that must be crossed 
before the Government would share losses under TRIA. The 
combination of the program trigger and the insurer deductible 
make it unlikely that the certification of most mass shootings 
as eligible for coverage under TRIA would result in any actual 
loss sharing.\2\
---------------------------------------------------------------------------
    \2\ For example, recent press reports suggest approximately $750 
million in insured damages for the Las Vegas shooting (``MGM Sees $800 
Million Las Vegas Shooting Settlement; $751 Million Covered by 
Insurance,'' Insurance Journal, May 20, 2019). The primary insurer 
reported was Zurich American Insurance (``MGM Resorts Sues Zurich 
American Insurance for Las Vegas Shooting Defense Costs,'' Insurance 
Journal, June 24, 2019). According to data supplied to CRS by the 
Treasury Department, Zurich's TRIA insurer deductible would be 
approximately $1.4 billion. Thus, if the press reports are accurate, 
even if the Las Vegas shooting were certified, no Federal loss sharing 
would occur.

Q.2. According to Congressional Research Service (CRS) 
specialist Baird Webel's written testimony, the current 
terrorism risk insurance program ``protect[s] consumers--by 
requiring insurers that offer [Terrorism Risk Insurance Act]-
covered lines of insurance to make terrorism insurance 
available prospectively to their commercial policyholders.'' 
Are there other actions that Congress or Federal agencies could 
take that would enhance protections for consumers in the 
---------------------------------------------------------------------------
terrorism risk insurance market?

A.2. Beyond the ``make available'' provisions TRIA effectively 
leaves terrorism insurance consumer protection issues (such as 
affordability of terrorism insurance or the precise details of 
terrorism insurance policies) to the State insurance regulators 
as is the case in commercial insurance generally. This primacy 
of State insurance regulation is codified in the 1945 McCarran-
Ferguson Act.\3\ It is possible for Congress to revisit this 
aspect of McCarran-Ferguson with regard to terrorism insurance, 
as was done to a degree in the original 2002 TRIA, which also 
nullified terrorism exclusions that previously had been 
approved by State insurance regulators at the time. Such 
increased Federal oversight of terrorism insurance, however, 
would require specific statutory change as the Federal agencies 
who might provide such oversight, including the Department of 
the Treasury, the Consumer Financial Protection Bureau, and the 
Federal Trade Commission, currently have little or no authority 
to oversee insurance.
---------------------------------------------------------------------------
    \3\ Codified at 15 U.S.C. Sec. Sec.  1011-1015.

Q.3. According to CRS specialist Baird Webel's written 
testimony, ``Federal law does not limit what insurers can 
charge for terrorism risk insurance, although State regulators 
typically have the authority under State law to modify 
excessive, inadequate, or unfairly discriminatory rates.'' 
While one of the original goals of the Terrorism Risk Insurance 
Program is to preserve State regulation of insurance, is there 
a public policy interest in developing a Federal limit on what 
insurers can charge for terrorism risk insurance, or is the 
current State-centric framework sufficient to prevent abusive 
---------------------------------------------------------------------------
practices in the market?

A.3. The State regulatory system generally treats commercial 
insurance lines, such as those covered under TRIA, to less 
direct oversight on consumer protection grounds than personal 
lines, such as homeowners insurance or automobile insurance. 
This is typically justified on the grounds that the businesses 
purchasing commercial lines are seen as sophisticated consumers 
who are better able to understand insurance contracts and seek 
out the best prices.\4\ Thus, for example, there is little 
direct rate regulation in commercial insurance compared to 
personal insurance where some States require prior approval of 
rate changes, or have after-the-fact approval processes.
---------------------------------------------------------------------------
    \4\ Similar theories are present in financial regulation under 
Federal law, such as the concept of an ``accredited investor'' used by 
the Securities and Exchange Commission. See CRS Report IF11278, 
``Accredited Investor Definition and Private Securities Markets,'' by 
Eva Su.
---------------------------------------------------------------------------
    Recent Treasury and private data on terrorism insurance 
pricing has generally been interpreted as signaling no 
significant problems in the market; and CRS is unaware of any 
State departments of insurance taking public action against 
insurers for excessive rates on terrorism insurance. Overall 
average rates can, however, mask individual markets that may be 
facing difficulties. It is within Congress' purview to 
investigate complaints of excessive rates and enact changes 
addressing any issues found. Since Congress has found the 
availability of terrorism insurance important enough on public 
policy grounds to create and extend the TRIA program, this 
might also be sufficient grounds to justify additional Federal 
attention to the affordability of terrorism insurance.

Q.4. On December 27, 2016, the Treasury Department issued 
``guidance regarding how insurance recently classified as 
`Cyber Liability' for purposes of reporting premiums and losses 
to State insurance regulators will be treated under TRIA and 
Treasury's regulations for the Program (Program regulations).'' 
That guidance ``confirms that stand-alone cyber insurance 
policies reported under the `Cyber Liability' line are included 
in the definition of `property and casualty insurance' under 
TRIA and are thus subject to the disclosure requirements and 
other requirements in TRIA and the Program regulations[.] 
Furthermore, that guidance noted, ``Cyber risk insurance 
remains an evolving insurance market, both in terms of product 
development and regulatory oversight.'' Similarly, cyberspace 
remains a consistently evolving threat environment. At this 
time, would you recommend any updates to the Treasury 
Department's guidance on cyber insurance policies? Please 
explain why or why not.

A.4. The years since the Treasury guidance have not 
substantially altered the evolving and uncertain nature of 
cyber insurance. The combined public-private nature of TRIA, 
however, provides significant space for private insurers to 
innovate in the coverages offered for cyber risk while still 
remaining under the reinsurance backstop provided by TRIA. 
Treasury's guidance seems clear that policies in the new cyber 
liability line of insurance are eligible for TRIA coverage. 
This does not mean, however, that there might not be future 
issues relating to TRIA coverage in the case of a cyber-
terrorist attack. For example, if the exact perpetrators are 
unknown, it may be difficult for Treasury to certify the attack 
under the criteria contained in the TRIA statute. It is also 
possible that a substantial attack might occur but be under the 
various thresholds in the law that limit Federal sharing of 
terrorism losses. Addressing such issues, however, would be 
beyond Treasury's authority to address in guidance and would 
instead require amendments by Congress to the underlying 
statute.
                                ------                                


  RESPONSES TO WRITTEN QUESTIONS OF SENATOR JONES FROM BAIRD 
                             WEBEL

Q.1. Cyber attacks are gaining traction as a preferred method 
to terrorize individuals and organizations. In 2016, the 
Treasury Department issued guidance that clarified 
cyberterrorism is included in TRIA.
    Some believe that Russia interference in the 2016 
Presidential election by manipulating voters with fake social 
media accounts is considered cyberterrorism. This type of 
cyberterrorism has immeasurable consequences and effects 
Americans that would not even participate in TRIA.
    Additionally, the Port of Mobile keeps track of containers 
that are to be shipped across the country. The Port of Mobile 
is an important part of Alabama's economy. If an organization 
decided to pressure Alabama into particular policy positions by 
attacking their computer system it would have dramatic effects 
on business owners dependent on the Port to ship their 
merchandise.
    What cyberterrorism looks like and the effects on people is 
very different from physical terrorist attacks. How should TRIA 
adapt to the growing prevalence of cyber attacks that gives 
private insurance a backstop but also provides policy holders 
with protection?

A.1. While TRIA does not directly address cyberterrorism, the 
flexibility inherent in the combined public/private nature of 
the program has allowed cyberterrorism to be covered by TRIA 
without specific statutory changes. As long as private 
insurance policies are covering cyberterrorism, TRIA will as 
well even if the effects of a cyber-terrorist attack may be 
substantially different than other forms of terrorism. The 
purchase of cyber insurance by businesses is growing, however 
it may not be reaching coverage levels that would be considered 
optimal from a public policy perspective. For example, higher 
coverage levels could be desired since insurance often serves 
to mitigate damage through mechanisms like information sharing 
on best practices.
    There are some aspects of the TRIA design that may not be 
optimal if the desire is to promote the purchase of cyber 
insurance and ensure that TRIA provides coverage for a 
terrorist attack via cyberspace. For example, the program 
trigger, currently at $180 million and set to go to $200 
million, and the 20 percent insurer deductible are high enough 
that the insured loss levels from many cyber attacks may not 
cross the thresholds and result in TRIA loss sharing. In 
addition, the definition of an act of terrorism in the statute 
requires than an act be ``committed by an individual or 
individuals, as part of an effort to coerce the civilian 
population of the United States or to influence the policy or 
affect the conduct of the U.S. Government by coercion.'' In the 
case of a cyber attack, however, it may be difficult to even 
identify perpetrators, let alone define what their intent might 
be.

Q.2. Often TRIA is discussed with large cities in mind, but 
many smaller communities can be targets of terrorist 
activities. This is shown with the Charleston, South Carolina, 
church shooting when a white supremacist murdered nine people. 
Small communities like this are likely to receive insurance 
from local agents.
    Also, Alabama is home to two extremely popular football 
teams, University of Alabama and Auburn University. The Iron 
Bowl is an annual game between Alabama and Auburn and draws 
large crowds from each school. This could easily be a target 
for terrorist organizations.
    How would reforms to TRIA affect smaller communities, 
particularly their premiums and the extent of their coverage?

A.2. The TRIA program does not contain differential application 
processes or metrics for different-sized communities. However, 
the thresholds in the Act (i.e., the program trigger, the 
insurer deductible, and the $5 million loss threshold for 
certification) may have a differential effect simply due to the 
cost differences between larger and smaller cities. For 
example, an identical building is much more expensive to build 
in Manhattan than Mobile, thus, an otherwise identical 
terrorist attack will likely cause lower insured damages and be 
less likely to clear the thresholds for TRIA coverage. Thus, if 
the TRIA dollar thresholds are raised, this would have in 
relative terms, a larger effect on these less expensive 
communities as TRIA coverage would be less likely to be 
triggered. In practical terms, however, the impact on premiums 
will be somewhat reduced as the overall cost of insurance in 
such communities is lower and the risk of a terrorist attack, 
and thus the premiums for terrorism insurance, is seen as 
lower.
                                ------                                


  RESPONSES TO WRITTEN QUESTIONS OF SENATOR SINEMA FROM BAIRD 
                             WEBEL

Q.1. In December 2016, the Department of the Treasury issued 
guidance which clarified that losses from cyber-terrorist 
attacks were to be treated the same as commercial property and 
casualty losses. Do you think this guidance sufficiently covers 
all forms of cyber attacks?

A.1. The Treasury guidance does not overrule the statutory 
language that is in place, particularly the exemption of 
specific lines of insurance from the TRIA program. In 2016, the 
State insurance regulators introduced a new cyber liability 
line of insurance for regulatory purposes. Prior to this, 
policies covering cyber risk were reported in different lines 
of insurance, including in some cases lines of insurance that 
were specifically exempted from TRIA. This new cyber liability 
line of insurance largely prompted the Treasury guidance. It is 
not clear whether some of the coverage for cyber risk is still 
being covered under an exempted line, but to the extent that 
damage from a cyber attack still is covered under these 
exempted lines, TRIA would not cover such an attack. This may 
very well have less of an impact over time as more future cyber 
coverage likely will be provided under the cyber-specific line 
of insurance that is being covered under TRIA.
    The guidance also does not affect all of the other 
statutory aspects of the program, such as the certification 
requirements and the various monetary thresholds. To the extent 
that a cyber-terrorist attack might interact differently with 
these statutory requirements compared to a noncyber attack,\1\ 
Treasury would be limited in its ability to provide coverage 
under TRIA for such an attack as any guidance cannot contradict 
the statute upon which it is based.
---------------------------------------------------------------------------
    \1\ For example, it seems more likely that a cyber attack might be 
carried out without immediate attribution to the perpetrating party, 
thus making it difficult to discern the motive that is necessary for 
certification.

Q.2. How do insurers effectively measure and quantify loss from 
---------------------------------------------------------------------------
cyber attacks?

A.2. Measuring and quantifying loss from cyber attacks is 
difficult and the insurance coverage for such attacks is still 
immature compared to more established lines of insurance where 
the industry might have decades, or even centuries, of data to 
draw upon. The insurance rating agency AM Best describes the 
situation as follows:

        Cyber risk modeling is still in its infancy, as events 
        and threat vectors are still evolving. To simulate the 
        event sets and fit them into traditional statistical 
        distribution forms is the first challenge. Cataloging 
        the exposure in an insurer's portfolio to these events 
        and how the losses vary depending on the severity of 
        the attack and estimating the financial damage are all 
        complicated problems that cyber modeling firms are 
        tackling. These models are improving and may provide 
        directional input into relative rankings of risk but 
        need to be complimented with stress testing and 
        analytical, experience-based judgment for pricing, 
        capital consumption, and allocation.\2\
---------------------------------------------------------------------------
    \2\ AM Best, ``Cyber Insurers Are Profitable Today, but Wary of 
Tomorrow's Risks,'' June 17, 2019, p. 11.

A frequent insurer response to the uncertainty reportedly has 
been to use certain policy provisions, such as exclusions and 
limits as well as reinsurance purchases to reduce exposure to 
large losses.\3\ Policy provisions such as exclusions and 
limits tend to reduce the utility of cyber insurance to 
consumers and may lead to consumer confusion.\4\
---------------------------------------------------------------------------
    \3\ See ``Data Deficit Remains Key Challenge for Cyber Insurance 
Underwriters,'' Insurance Journal, June 18, 2019, at https://
www.insurancejournal.com/news/national/2019/06/18/529663.htm.
    \4\ See ``Businesses Believe Cyber Insurance Covers More Than It 
Does: Survey,'' Insurance Journal, July 31, 2019, at https://
www.insurancejournal.com/news/national/2019/07/31/534394.htm.
---------------------------------------------------------------------------

              Additional Material Supplied for the Record

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]