Year 2000: State Insurance Regulators Face Challenges in Determining
Industry Readiness (Letter Report, 04/30/99, GAO/GGD-99-87).

Pursuant to a congressional request, GAO reviewed the readiness of the
insurance industry to meet the year 2000 date change, focusing on: (1)
what state regulators were doing to oversee the year 2000 readiness of
the insurance industry; (2) how the regulatory oversight of the
insurance industry's year 2000 readiness compared with the oversight of
the banking and securities industries; (3) the status of the insurance
industry's year 2000 readiness; and (4) the nature and extent of year
2000 liability exposures that insurers face and the mitigation efforts
taken to address such exposures.

GAO noted that: (1) the 17 state insurance regulators GAO visited
differed in their approach and level of oversight activity directed to
the insurance industry's year 2000 readiness; (2) these state regulators
also differed in how they assessed and ranked insurance companies in
terms of year 2000 readiness; (3) such variations raise a question about
the extent to which states can rely on one another's judgments regarding
the preparedness of nondomiciled insurance companies doing business in
their states; (4) this question is especially applicable to those states
where the level of year 2000 oversight is relatively limited or the
criteria for assessing readiness may be considered lax; (5) variations
in oversight approaches among state regulators also made it difficult to
ascertain the overall status of the insurance industry's year 2000
readiness; (6) regulatory oversight of the insurance industry's year
2000 readiness began later than the oversight of the banking and
securities industries; (7) the state insurance regulators GAO visited
were less active in their efforts to promote year 2000 readiness and
efforts to validate information on the status of companies' readiness;
(8) they were also less active in planning for and pursuing formal
enforcement actions against companies identified as inadequately
preparing for 2000 and at a high risk of not being ready for the
millenium change; (9) regulatory information on the year 2000 readiness
of the nation's insurance industry, consisting primarily of
self-reported information obtained through surveys, does not provide the
necessary information to judge whether the industry will be ready for
2000; (10) insurance regulators and other observers GAO contacted
generally have a favorable view of the industry's year 2000 readiness;
(11) these regulators and industry observers expressed confidence that
companies were actively preparing for the year 2000 date change because
of competitive pressures and the business need to process date-sensitive
information before 2000; (12) the magnitude of insurers' year
2000-related liability exposures cannot be estimated at this time, and
the effectiveness of efforts to mitigate these exposures remains
uncertain; (13) costs associated with year 2000-related exposures could
be substantial for some property-casualty insurers, due to potential
claims and legal defense costs; and (14) despite efforts to mitigate
potential exposures, the year 2000-related costs that may be incurred by
insurers will remain uncertain until key legal issues and actions on
pending legislative initiatives are resolved.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  GGD-99-87
     TITLE:  Year 2000: State Insurance Regulators Face Challenges in
	     Determining Industry Readiness
      DATE:  04/30/99
   SUBJECT:  Insurance companies
	     Securities regulation
	     Insurance regulation
	     Comparative analysis
	     Lending institutions
	     Systems conversions
	     Y2K
	     Regulatory agencies
	     Liability (legal)
	     Computer software verification and validation
IDENTIFIER:  Y2K

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************
YEAR 2000: State Insurance Regulators Face Challenges in
Determining Industry Readiness (GAO/GGD-99-87) YEAR 2000 State
Insurance Regulators Face Challenges in Determining Industry
Readiness

United States General Accounting Office

GAO Report to the Ranking Minority Member, Committee on Commerce,
House of

Representatives

April 1999 

GAO/GGD-99-87

April 1999   GAO/GGD-99-87

United States General Accounting Office Washington, D. C. 20548

General Government Division

B-281368

Page 1 GAO/GGD-99-87 State Insurance Regulators Face Challenges

GAO April 30, 1999 The Honorable John D. Dingell Ranking Minority
Member Committee on Commerce House of Representatives

Dear Mr. Dingell: This report responds to your request that we
study the readiness of the insurance industry to meet the Year
2000 date change. Our objectives were to determine (1) what state
regulators were doing to oversee the Year 2000 readiness of the
insurance industry, (2) how the regulatory oversight of the
insurance industry's Year 2000 readiness compared with the
oversight of the banking and securities industries, 1 (3) the
current status of the insurance industry's Year 2000 readiness,
and (4) the nature and extent of Year 2000 liability exposures
that insurers face and the mitigation efforts taken to address
such exposures.

The 17 state insurance regulators we visited differed in their
approach and level of oversight activity directed to the insurance
industry's Year 2000 readiness. These state regulators also
differed in how they assessed and ranked insurance companies in
terms of Year 2000 readiness. Such variations raise a question
about the extent to which states can rely on one another's
judgments regarding the preparedness of nondomiciled insurance
companies doing business in their states. 2 This question is
especially applicable to those states where the level of Year 2000
oversight is relatively limited or the criteria for assessing
readiness may be considered lax. Variations in oversight
approaches among state regulators also made it difficult to
ascertain the overall status of the insurance industry's Year 2000
readiness.

Regulatory oversight of the insurance industry's Year 2000
readiness began later than the oversight of the banking and
securities industries. In general, the state insurance regulators
we visited were less active in their efforts to

1 Preliminary observations comparing the Year 2000 oversight of
the banking, securities, and insurance industries were first
reported in a statement for the record, Insurance Industry:
Regulators Are Less Active in Encouraging and Validating Year 2000
Preparedness (GAO/T-GGD-99-56, Mar. 11, 1999).

2 Although an insurer can be licensed and conduct business in
multiple states, the regulator in the state where the insurer is
chartered is its primary regulator. The chartering state is
referred to as the state of domicile. Other states where insurers
are licensed (but not chartered) generally rely on the supervisory
oversight of the company's primary regulator. Results in Brief

B-281368 Page 2 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

promote Year 2000 readiness and efforts to validate information on
the status of companies' readiness. They were also less active in
planning for and pursuing formal enforcement actions against
companies identified as inadequately preparing for 2000 and at a
high risk of not being ready for the millenium change. In
addition, the National Association of Insurance Commissioners
(NAIC), which is a key facilitator of states' oversight efforts,
was generally late in providing information and guidance to state
regulators about the appropriate Year 2000 regulatory activities
to undertake.

Regulatory information on the Year 2000 readiness of the nation's
insurance industry, consisting primarily of self- reported
information obtained through surveys, does not provide the
necessary information to judge whether the industry will be ready
for 2000. Nonetheless, insurance regulators and also other
observers we contacted generally have a favorable view of the
industry's Year 2000 readiness. These regulators and industry
observers expressed confidence that companies were actively
preparing for the Year 2000 date change because of competitive
pressures and the business need to process date- sensitive
information before 2000 (e. g., calculating annuity payments
extending beyond 2000).

The magnitude of insurers' Year 2000- related liability exposures
cannot be estimated at this time, and the effectiveness of efforts
to mitigate these exposures remains uncertain. While not yet
estimable, costs associated with Year 2000- related exposures
could be substantial for some propertycasualty insurers,
particularly those concentrated in commercial market sectors, due
to potential claims and legal defense costs. Despite efforts to
mitigate potential exposures, the Year 2000- related costs that
may be incurred by insurers will remain uncertain until key legal
issues and actions on pending legislative initiatives are
resolved.

The insurance industry, with policy reserves of approximately $2.5
trillion, is an important component of the financial system. These
reserves are held in trust for policyholders, much like bank
deposits are held for depositors. While there are important
similarities between insurance companies and other financial
intermediaries, there are important differences as well. One
difference is that policy reserves are paid out when policyholders
experience an insured loss. Thus, policyholders may get back more
or less than they paid the insurance company. This is unlike a
bank deposit, where bank depositors can expect to get their
deposits, plus interest. A similarity between insurance companies
and banks is that both use the money they receive to purchase
income- earning assets until the money is needed. Furthermore,
like banks and securities dealers, insurance Background

B-281368 Page 3 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

companies are regulated to ensure that the money they collect now
will be available to meet later obligations. To a large extent, it
is the delayed delivery of the contracted product that makes the
importance of addressing Year 2000 issues particularly acute in
the financial services industry in general and in the insurance
industry in particular.

The Year 2000 problem exists because the data that computers store
and process often use only the last two digits to designate the
year. On January 1, 2000, such systems may mistake data referring
to 2000 as meaning 1900, possibly leading to numerous errors and
disruptions in processing. Financial services institutions are
especially dependent upon the accurate transmission of electronic
information; thus, the systems they use must be readied to
correctly process 2000 dates.

To provide a standard gauge for assessing the progress of federal
agencies in becoming prepared for the Year 2000 date change, we
issued guidance in 1997. 3 While this Assessment Guide is directed
specifically at federal agencies, the stages of Year 2000
preparation and corresponding milestones can generally be applied
to all institutions, including private companies. The Assessment
Guide discusses issues that are common to nearly all companies, as
well as to the federal agencies, and can be used as a general
measure of whether a company is on track to being prepared for the
Year 2000 date change. Thus, a regulator of financial institutions
could use this, or other similar guidance, as general criteria for
assessing the state of preparedness of its regulated institutions.

The Assessment Guide divides the process by which an institution
could become Year 2000 compliant into five phases awareness,
assessment, renovation, validation, and implementation. Each of
these phases is described in appendix I. The final deadline for
becoming ready for 2000 is immovable. Furthermore, since the
phases of preparation are sequential, it is important to establish
intermediate milestones to help ensure that a company will be able
to complete all Year 2000 preparations in time. A schedule for
measuring progress toward Year 2000 readiness could allow
regulators a degree of comfort concerning the status of their
regulated companies. As shown in table 1, the Assessment Guide
provides a schedule of suggested completion dates for each of the
key phases of Year 2000 conversion.

3 Year 2000 Computing Crisis: An Assessment Guide (GAO/ AIMD- 10.
1. 14, Sept. 1997).

B-281368 Page 4 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Year 2000 conversion phase Suggested completion date

Awareness December 1996 Assessment August 1997 Renovation August
1998 Testing and implementation December 1999 Source: GAO/ AIMD-
10.1. 14.

Other parties have developed alternative sets of phases and
milestones. Subsequent to the issuance of our Assessment Guide,
the Office of Management and Budget (OMB) provided standards that
federal agencies are expected to follow. OMB's milestones begin
with the assessment phase, which was to be completed by June 30,
1997, followed by renovation, validation (internal testing), and
implementation. All entities are to have completed the
implementation phase by March 31, 1999. After that date, entities
are to be engaged in testing of business processes and planning
for contingencies. Throughout the remainder of this report,
actions by insurance regulators are compared to the guidance found
in our Assessment Guide.

Year 2000- related system malfunctions in an insurance company can
have serious business interruptions and even solvency
implications. Specifically, Year 2000 problems could result in
disruptions to processing policyholder payments and investments,
insurance claims and payments, annuity payments, and data queries
to verify insurance coverage. This means that some policyholders
may be unable to obtain policy service, or worse, may be unable to
collect on their policies at a time of need. It is also possible
that the delivery of health care services could be affected if
health insurers cannot readily process claims information.

Pursuant to the McCarran- Ferguson Act of 1945, 4 states exercise
primary regulatory jurisdiction over the insurance business. Each
state has a department of insurance that, among other things, is
responsible for monitoring insurance companies' solvency.
Solvency, in turn, can be affected by operational issues, such as
the failure to be ready for 2000.

Companies that operate and write insurance policies in multiple
states comprise much of the nation's insurance industry. Although
an insurance company can conduct business in multiple states, it
is incorporated, or chartered, under the laws of a single state,
which is referred to as its state of domicile. The regulator in an
insurer's state of domicile represents its primary regulator and
is to assume lead responsibility for oversight issues,

4 15 U. S. C. sections 1011- 1015.

Table 1: Year 2000 Conversion Phases and Suggested Completion
Dates

B-281368 Page 5 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

such as Year 2000 readiness. States where insurers are licensed to
operate (but not chartered) generally rely on the companies'
primary regulator to exercise due diligence in overseeing
domiciled companies and to voluntarily share information about
them.

NAIC is a voluntary association of the heads of each state
insurance department, the District of Columbia, and four U. S.
territories. It does not have any regulatory authority over the
state insurance departments. NAIC provides a national forum for
resolving major insurance issues and for allowing regulators to
develop consistent policy on the regulation of insurance when
consistency is deemed appropriate.

State insurance commissioners created NAIC, in part, to help
address problems that differing state- by- state authorities,
laws, and regulations can cause as state insurance regulators
oversee insurers that operate in more than one state. Although it
has no regulatory function, NAIC is responsible for (1) serving as
a clearinghouse for exchanges of information, (2) providing a
structure for interstate cooperation in examinations of multistate
insurers, (3) distributing model insurance laws and regulations
for consideration by state legislatures and insurance departments,
and (4) reviewing state insurance departments' regulatory
activities as part of a national accreditation program. Regarding
Year 2000 issues, NAIC has assumed a key role as facilitator of
states' efforts to oversee the industry's readiness. This role
includes acting as a coordinator of information pertaining to
state oversight efforts, the status of the industry's readiness,
and state regulators' actions to become internally prepared for
2000.

To determine what regulators were doing to oversee the Year 2000
readiness of the insurance industry, we interviewed officials of
NAIC and reviewed available information on the organization's
efforts to facilitate states' Year 2000 activities and summarize
information in the area. We also visited 17 state insurance
departments whose domiciliary companies collectively accounted for
75 percent of insurance sold nationally. 5 In late January 1999,
we surveyed these 17 state regulators to obtain an update on their
Year 2000 oversight activities, including their efforts to set
priorities for reviewing domiciled insurers. Unless otherwise
indicated, observations throughout this report regarding state
efforts and activities pertain specifically to the 17 states
included in our review. See appendix II for a

5 Market share information represents a percentage of total net
written premium (over $664 billion nationally) for all types of
insurance. It represents the percentage of nationwide sales
accounted for by all companies domiciled in a state. This
information, based on 1997 financial data, was provided by NAIC.
Role of the National

Association of Insurance Commissioners

Scope and Methodology

B-281368 Page 6 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

list of the states we visited and their respective domiciled
insurers' market shares.

To compare Year 2000 oversight of the insurance, banking, and
securities industries, we reviewed relevant documentation from
their respective financial regulators, including industry guidance
on Year 2000 readiness, related correspondence directed to
financial institutions, audit programs for conducting Year 2000
examinations, and proposed rules covering Year 2000 issues. We
also used information gathered and knowledge developed by our
other teams that had conducted reviews of the Year 2000
preparedness of the banking and securities industries. Finally, we
obtained updates on the status of various Year 2000 oversight
activities, including conducting examinations that focus
specifically on Year 2000 issues (referred to as Year 2000
targeted examinations) and monitoring companies' actions to test
their systems' readiness.

To determine the status of the insurance industry's Year 2000
readiness, we interviewed regulatory officials who were
responsible for Year 2000 oversight in the 17 states and reviewed
available documentation on the readiness of the industry. To
obtain additional insights regarding the readiness of the
insurance industry, we interviewed representatives of key rating
companies, including A. M. Best Company, Conning and Company,
Standard and Poor's, and Weiss Ratings, Inc., and reviewed their
pertinent studies and reports issued in the area. We also spoke
with representatives of and reviewed Year 2000- related documents
from a few consulting and research firms, including the Gartner
Group, which is a business and technology advisory company that
conducts research on the global state of Year 2000 readiness, and
Electronic Data Systems (EDS), which is a professional services
firm that, among other things, assists financial services
companies with becoming ready for 2000.

To obtain industry perspectives regarding Year 2000 issues,
particularly those involving potential liability exposures, we
spoke with several of the largest property- casualty insurers and
trade associations, including the Alliance of American Insurers,
American Insurance Association, National Association of
Independent Insurers, and National Association of Mutual Insurance
Companies. Among other things, we inquired about these entities'
efforts to determine the nature and scope of potential liability
exposures related to 2000. Finally, we reviewed available
literature on various aspects of the Year 2000 liability exposure
issue, reviewed relevant federal legislative proposals, and
obtained related opinions from officials of the American Bar
Association's Tort and Insurance Practice Section.

B-281368 Page 7 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

We did our work in accordance with generally accepted government
auditing standards between September 1998 and April 1999. We
requested comments on a draft of this report from the President
and other officials of NAIC. NAIC's written comments are included
in appendix III and discussed near the end of this letter. We also
discussed the contents of a draft of this report with officials
from the Office of the Comptroller of the Currency (OCC) and the
Securities and Exchange Commission (SEC). They provided technical
comments that we have incorporated as appropriate in the report.

Regulatory approaches and the level of oversight activity directed
to the insurance industry's Year 2000 readiness varied widely in
the states we visited. The 17 states also differed in how they
assessed and prioritized companies for regulatory attention in
terms of Year 2000 readiness. Such variations raise a question
about the extent to which states can rely on one another's
judgments regarding the preparedness of nondomiciled companies
doing business in their states. This would be especially
problematic when relying on states where the level of Year 2000
oversight activity is relatively limited or the criteria for
assessing readiness may be considered too lax. Variations in
oversight approaches among state regulators also make it difficult
to ascertain the status of the Year 2000 readiness of the
insurance industry on a national level.

State regulatory oversight of the insurance industry's Year 2000
readiness included several types of activities, such as surveying
companies, reviewing submitted company plans, requiring progress
reports, covering Year 2000 readiness during regular financial
examinations, and conducting examinations that focused
specifically on Year 2000 issues. Which of these activities each
state insurance regulator engaged in, and to what extent, varied.
The variation ranged from a few states that had actively promoted
insurers' Year 2000 readiness since mid- 1997 to a few states that
did little in the area until the latter part of 1998 when they
conducted their first surveys. A company identified as being
behind at this late date could have more difficulty completing all
of the necessary phases of its Year 2000 preparations in time.

Although they did not initiate Year 2000 oversight actions until
1997, after the time frame suggested in the Assessment Guide for
conducting awareness efforts, 6 2 of the 17 states we visited were
comparatively more active than the other 15 in their efforts to
ensure that insurance companies become Year 2000 ready. One state
regulator stated that it monitored the

6 According to the Assessment Guide, Year 2000 awareness should
have been completed during 1996. Regulatory

Approaches Varied Widely by State, Creating Year 2000 Oversight
Challenges

Year 2000 Oversight Varied Widely by State

B-281368 Page 8 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Year 2000 progress of companies it supervises primarily through
quarterly Year 2000 reports that were required since the beginning
of 1998 and through targeted Year 2000 examinations that have been
conducted since mid- 1998. According to state officials, these
efforts were conducted by state examiners who had drawn heavily
from the expertise, guidance, and training of federal banking
regulators.

Another state regulator also more actively monitored insurers'
Year 2000 readiness, but used a different approach. In 1997, it
hired a contractor to assist with developing, administering, and
analyzing a comprehensive, technical survey of about 2,000
insurers (both domiciled and nondomiciled) regarding their Year
2000 preparations. State officials explained that companies were
assigned risk scores that were based on an analysis of their
survey responses along with various financial and operational
factors. This state's regulatory staff, subsequently supplemented
by an available pool of about 20 consultants, has been reviewing
hundreds of remediation plans for companies identified as having
problems with their Year 2000 efforts, working with these
companies to develop or refine their plans, and conducting Year
2000 targeted examinations. These consultants were also to be used
to assist company management in correcting system problems.

Other state regulators indicated that they focused primarily on
occasional surveys or more limited coverage of Year 2000 plans
during regular financial examinations, which are to be conducted
every 3 to 5 years. One state regulator said it attempted to
consistently inquire about Year 2000 issues during informal
conferences with company management. Another state regulator
indicated that it was focusing its Year 2000 oversight efforts
almost exclusively on conducting surveys of its regulated
companies. At the time of our review, this state had administered
two Year 2000 surveys that requested companies to generally
address a few broad areas, such as the estimated impact of the
potential Year 2000 problem on their operations, their conversion
plans, and their current status of readiness.

After experiencing some difficulty administering a survey in 1997,
another state regulator said it decided, in early 1998, to conduct
targeted Year 2000 examinations in lieu of administering
additional surveys or covering the area during regular financial
examinations. This state, however, was unable to start its
targeted examinations until September 1998. Five of the 17 states
we visited did not attempt to develop baseline information on the
readiness of their insurance companies until the latter part of
1998, when they conducted their first Year 2000 surveys.

B-281368 Page 9 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Because of the fast- approaching Year 2000 deadline and in an
attempt to make up for lost time, some state insurance regulators
were beginning to intensify their oversight efforts while there
was still a possibility of mitigating possible disruptions. In
addition to those state regulators that had recently conducted
surveys at the time of our review, several state regulators had
just contracted or were in the process of contracting for
consultant services to assist with Year 2000 targeted
examinations.

The state insurance regulators we visited attempted to prioritize
companies in terms of their Year 2000 readiness and the extent of
related supervisory attention that they may need. This
prioritization was generally done to determine how best to
allocate limited resources to the area. Responses to our survey
indicated that state regulators varied in how they assessed and
prioritized companies for Year 2000 purposes that is, they used
different sources of information, review criteria, and regulatory
actions to handle identified high- priority insurers.

The information that state insurance regulators obtained from
their diverse oversight activities can be characterized by varying
degrees of credibility. For example, information obtained from an
on- site targeted examination conducted by information specialists
would be more credible than information obtained from unverified,
self- reported insurer responses to a Year 2000 survey. At the
time of our review, the state regulators said they used the
following sources of information to prioritize companies in terms
of their Year 2000 readiness: survey responses; Year 2000 plans;
Year 2000 quarterly reports; regular financial examinations with
some questions directed to Year 2000 issues; and, in one case,
Year 2000 targeted examinations. Eight of the 17 states we visited
(representing 24.5 percent of the total market share) indicated
that they used survey responses as their primary means for
prioritizing companies. Two state regulators said that they had
not yet prioritized their companies for Year 2000 oversight
purposes when we conducted our survey in late January 1999, but
that they were waiting for additional Year 2000 information from
their contractors.

State regulators also used different criteria to assess and
prioritize companies for Year 2000 oversight purposes. The most
stringent criteria used by the regulators we visited to identify
priority 1 7 companies included those companies not expected to be
compliant by January 1999. The least stringent criteria used to
identify priority 1 companies included

7 The term priority 1 refers to companies whose Year 2000 efforts
were determined by the state regulators to need a high degree of
regulatory attention. How States Assessed and

Prioritized Companies for Year 2000 Oversight Purposes Varied

B-281368 Page 10 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

only those companies that were not expected to be Year 2000
compliant by December 1999 and that had not developed a
contingency plan. Other criteria were broad and vague, such as
criteria that simply described priority 1 companies as those that
did not adequately address or allocate resources to Year 2000
preparations. Over half of the states surveyed indicated that
priority 1 companies were those that would become compliant after
June 1999 or that were still in remediation (i. e., in the process
of making system changes to become Year 2000 ready) after December
1998. Some states said they identified as priority 1 companies
insurers that did not respond to Year 2000 surveys or that did not
have formal Year 2000 plans. A few state regulators noted that
they also considered the companies' market share and overall
financial condition when they prioritized companies for Year 2000
oversight purposes.

As shown in figure 1, 11 percent of the insurance companies
domiciled in the states that we surveyed were identified as
priority 1 companies for Year 2000 oversight purposes. Appendix IV
provides a breakdown, by type, of priority 1 companies relative to
total insurance companies. Appendix V provides a breakdown, by
size, of priority 1 companies relative to industrywide data.

Figure 1: States' Prioritization of Companies for Year 2000
Oversight Purposes

B-281368 Page 11 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Note 1: The number of insurance companies represented is 3,565.
Note 2: Priority 1 refers to companies whose Year 2000 efforts
were determined to need a high degree of regulatory attention;
priority 2 refers to companies determined to need a moderate
amount of regulatory attention; and priority 3 refers to companies
determined to need little or no regulatory attention.

Source: Summary of state insurance regulators' responses to GAO
survey.

Most of the state regulators indicated that they were in the
process of conducting targeted Year 2000 examinations for all
insurers identified as priority 1 companies. Others indicated that
they would require priority 1 companies to submit Year 2000
progress reports, would reassess these companies on the basis of
more current information before deciding to conduct any on- site
visits, or would confer with company management.

Variations in the Year 2000 oversight activities of state
insurance regulators raise a question about the reliability of
regulatory information on the Year 2000 readiness of insurers and
the validity of related assessments. For example, information
obtained through on- site examinations is generally more reliable
than survey information. This question of information reliability
can pose a challenge for state regulators that depend on one
another for supervisory information on the Year 2000 status of
their nondomiciled companies. Another related challenge to state
regulators involves industry concerns regarding the
confidentiality of information on insurers' Year 2000 readiness.
Finally, the regulators, and ultimately the public, lack a
comprehensive framework for fully assessing the status of the
insurance industry's Year 2000 readiness due, in part, to
different oversight approaches at the state level.

Most state regulators we surveyed indicated that they were
concerned about the Year 2000 readiness of nondomiciled insurance
companies, especially those that do a significant amount of
business in their states. The two more active states previously
noted said that they were attempting to oversee their nondomiciled
insurers in a manner similar to their domiciled insurers. A third
state, according to an official, was asking its nondomiciled
insurers to confirm whether their projected Year 2000 compliance
dates were being met. Most of the remaining states we surveyed
said they were relying on the oversight and due diligence of the
states of domicile to ensure that their regulated insurers would
be Year 2000 ready. For example, a few state regulators said they
sent letters to selected state regulators to inquire about the
readiness of specific insurers in which they were interested.
Other regulators noted that they would depend on informal contacts
with the other states, information sharing through NAIC, or the
initiative of the states of domicile to alert them about
Variations Among States

Create Year 2000 Oversight Challenges

B-281368 Page 12 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

any potential Year 2000 problems involving insurers that do
business in their states.

Industry concerns regarding confidentiality posed a challenge to
state regulators that are dependent upon one another for
supervisory information on Year 2000 readiness. During the past
several months, NAIC, state regulators, and the industry have
grappled with how to adequately safeguard potentially proprietary
information while facilitating information sharing among
regulators, which is critical to overseeing the readiness for the
Year 2000 date change within the industry. In February 1999, NAIC
finalized a standard form, to be used at the states' discretion,
to facilitate information sharing and protect confidentiality.
Although, according to NAIC, 39 states have adopted the agreement
to date, it is too soon to tell how widely used and effective this
form will be in promoting information sharing among the state
regulators.

Insurance, banking, and securities are different industries with
different regulatory structures. It may not always be appropriate
to make direct comparisons between either the industries or their
regulation. However, preparing for the Year 2000 date change is a
problem that is common to all three industries. Similarly, the
solutions to this problem both from a business and a regulatory
perspective are also common across all three industries.

Banking, securities, and insurance regulators have all taken steps
to oversee the Year 2000 preparedness of their respective
regulated entities. However, state insurance regulators were less
active than the other financial regulators in promoting readiness
and validating information on companies' status of compliance and
adequacy of efforts to achieve Year 2000 readiness. In general,
insurance regulators also were less active in planning for and
pursuing formal enforcement actions against companies identified
as remiss in their Year 2000 efforts or in danger of not being
ready for the date change. State Insurance

Regulators Started Their Year 2000 Oversight Efforts Later Than
the Banking and Securities Regulators

B-281368 Page 13 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

For the institutions that they regulate, banking and securities
regulators have provided guidance and direction regarding Year
2000 problems, while state insurance regulators we contacted
indicated they have provided little guidance. Within the banking
industry, the Federal Financial Institutions Examination Council
(FFIEC), 8 through its member agencies, has taken actions to raise
the banking industry's awareness of the Year 2000 problem and
provide depository institutions with Year 2000 guidance, including
expectations regarding when certain phases of their conversion
should be completed. Within the securities industry, SEC regulates
broker- dealers, investment advisors, investment companies,
transfer agents, and other securities firms. SEC has engaged in
similar efforts to promote Year 2000 readiness, both through its
own efforts and through the securities industry's self- regulatory
organizations. 9 But, for the most part, state insurance
regulators we contacted and NAIC were not as active in this area.

In our Assessment Guide, 10 we stated that Year 2000 awareness
efforts should have been completed during 1996. In June 1996,
FFIEC began to raise industry awareness by disseminating letters
to all federally supervised banking institutions on topics
associated with Year 2000 readiness. Also starting in June 1996,
SEC sent letters to industry trade associations, and subsequently
to firms, informing them of the threat posed by Year 2000 problems
and urging them to address these problems.

In contrast, individual state regulatory efforts to raise
insurers' Year 2000 awareness generally did not begin in the
states we visited until 1997 or, for some of the states, until
late 1998. These efforts typically took the form of questionnaires
to insurers inquiring about their state of preparedness. NAIC
began discussing Year 2000 issues in its quarterly national
meetings in early 1997. Since that time NAIC indicated that it has
used its quarterly meetings as a forum for raising regulator and
industry awareness and for

8 FFIEC was established in 1979 as a formal interagency body
empowered to prescribe uniform principles, standards, and report
forms for the federal examination of financial institutions, and
to make recommendations to promote uniformity in the supervision
of these institutions. The council's membership is made up of the
federal bank regulators the Federal Deposit Insurance Corporation,
the Federal Reserve System, and the Comptroller of the Currency
and the regulators for credit unions and thrift institutions the
National Credit Union Administration and the Office of Thrift
Supervision, respectively.

9 In addition to SEC oversight, broker- dealers in the United
States are subject to regulation by the various exchanges and the
National Association of Securities Dealers, which act as self-
regulatory organizations over their securities firm members. These
organizations adopt rules and conduct examinations to ensure that
these rules, as well as those of SEC and the securities laws in
general, are complied with by their members.

10 GAO/ AIMD- 10.1.14. Regulatory Approaches to

Facilitate Financial Institutions' Efforts to Become Year 2000
Ready

Raising Industry Awareness

B-281368 Page 14 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

sharing information on Year 2000 efforts. In August 1997, NAIC
coordinated a national survey of insurers to prompt them, among
other things, to take appropriate action to prepare for 2000. NAIC
summarized the survey results in a December 1997 report. 11

For some of the state regulators we visited, the NAIC survey was
their first regulatory communication with companies about Year
2000 issues. For unspecified reasons, 11 of the 50 states
requested that NAIC not send a survey to their domestic insurers.
NAIC's summary report speculated that these states might have been
conducting their own survey. Because of state insurance
regulators' late start, less time was available to assess fully
insurers' Year 2000 preparedness and to ensure the public that
insurers will continue to operate with minimal disruption into the
new millenium.

Since 1996, FFIEC has issued interagency guidance to federally
regulated depository institutions on Year 2000 topics, such as
testing, contingency planning, and business risk. It has also set
milestones and formally notified the banking industry of dates
when companies were expected to have completed critical phases of
Year 2000 conversion (e. g., renovation and validation). Both
guidance and milestones were provided to banking institutions as
the criteria that would subsequently be used by examiners looking
at year 2000 compliance.

SEC told us that it has provided some general guidance on Year
2000 problems, and that it has worked with the Securities Industry
Association and some of the self- regulatory organizations to
develop and issue explicit guidance to their members. In
particular, the National Association of Securities Dealers issued
guidance on topics such as investor concerns and testing
requirements, and the association conducted workshops around the
country to raise awareness and provide assistance regarding the
Year 2000 problem. Moreover, similar to the banking regulators,
the self- regulatory organizations established milestone dates for
their respective member organizations.

In contrast, state insurance regulators we contacted, with a few
exceptions, said that they had not provided insurance companies
with formal guidance or regulatory expectations regarding Year
2000 readiness. Some state officials believed that their
regulatory role precluded more active efforts in establishing what
companies should do to prepare for Year 2000. These officials said
that their role was to monitor Year 2000 progress, rather than to
be directive with companies regarding Year 2000 solutions.

11 Year 2000 Insurance Industry Awareness, NAIC, December 8, 1997.
Providing Guidance and

Milestones

B-281368 Page 15 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

A few other officials noted that they lacked the expertise or
resources to provide specific guidance on preparing for 2000.

In September 1998, NAIC issued guidance on insurance regulatory
expectations, regarding due diligence in preparing for 2000, 12
for use by the industry as well as by state insurance regulators.
Dissemination of this information to insurance companies was left
to the discretion of individual states. Regulators in a few states
we visited in late 1998 were still unaware that NAIC had issued
the regulatory guidance.

Financial regulators have generally focused their verification
efforts on the Year 2000 readiness of their regulated institutions
by (1) conducting onsite examinations and (2) requiring broadscale
testing. Special on- site (targeted) examinations are to focus
primarily on the actions that institutions are taking to prepare
for 2000, in other words, on the process up to and including a
review of test results and contingency planning. Broadscale tests
are to demonstrate whether, after all of the preparations, an
entire integrated segment of a financial sector could continue to
operate and interact together. Broadscale testing, however, does
not cover the potential impact of third- party systems (e. g.,
those of vendors or infrastructure industries, such as power and
communications) that are in some way linked to the institutions
nor does it provide information about contingency planning.

The structure of the securities industry and, to a lesser extent,
of the banking industry lends itself to broadscale testing because
there is a significant amount of interconnectedness among industry
participants (i. e., industry interdependence that is based on
extensive transactions and system links between and among
companies in a particular industry). This interconnectedness is
limited in the insurance industry. As a result, examinations
represent the primary means for insurance regulators to verify the
Year 2000 readiness of their companies.

To validate the progress and status of their regulated
institutions, banking regulators rely primarily on examinations
targeted directly at issues related to Year 2000 problems. The
first round of such examinations began in May 1997. As of April
1999, regulators had completed their second round of targeted
examinations. Bank regulators told us that every institution has
now been examined twice for Year 2000 progress. This effort has
provided regulators with not only snapshots of the current status
of institutions but

12 Insurance Regulatory Statement Regarding Industry Year 2000
Compliance and Remediation, approved by NAIC's Year 2000 Working
Group on September 8, 1998. Regulatory Verification of

Institutions' Year 2000 Readiness

B-281368 Page 16 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

also with an indication of their progress over time. Furthermore,
regulators plan to return to or contact institutions where
questions on the adequacy of their progress remain. Indeed, OCC
plans to complete, by July 1999, a third round of on- site
examinations of all institutions for which it has supervisory
responsibility.

The federal banking regulators have also encouraged depository
institutions to participate in broadscale testing efforts. The
Federal Reserve, for example, has encouraged banks to participate
in tests demonstrating their ability to successfully interface
with Federal Reserve supplied services (e. g., check clearing).
Also, according to an agency official, OCC has worked closely with
two bank trade associations in their efforts to coordinate Year
2000 testing among participating banks. Such tests are intended to
provide further assurances of the banking industry's readiness to
meet Year 2000 challenges.

The interconnectedness of the securities industry lends itself to
broadscale testing. With SEC's support, over 400 institutions were
participating in streetwide testing at the time of our review. A
preliminary test was conducted in July 1998, and a second round of
tests began in March 1999 and was scheduled to continue through
April 1999.

According to an agency official, SEC has an active examination
program. For example, during 1998, SEC conducted more than 4,400
on- site reviews of fund and investment advisers, approximately 60
percent of the registered adviser community. The reviews focused
on the firms' timetables for completing and testing their Year
2000 corrections. Similar reviews were conducted for selected
transfer agents and broker- dealers. Firms whose timetable lagged
significantly behind SEC's guidance (e. g., that all corrections
be completed by December 31, 1998, reserving 1999 for testing)
were given a deficiency letter regarding their delay.

In addition to SEC examinations, the self- regulatory
organizations have conducted ongoing monitoring of their members
through telephone contacts. However, unlike banking regulators who
said they had conducted examinations of every institution, SEC and
the self- regulatory organizations have not examined and do not
plan to examine every regulated entity. They are relying on the
disclosures mandated by SEC and broadscale tests, as well as
targeted examinations, to provide assurances of the readiness of
other institutions.

State regulators' efforts to validate the Year 2000 readiness of
insurance companies began later than those of the banking and
securities regulators.

B-281368 Page 17 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

In most states, such efforts have also lacked the vigor
demonstrated by banking and securities regulators. In December
1997, NAIC approved the addition of nine questions on Year 2000
preparations to the Financial Examiners Handbook, which is the
required audit guide used by insurance examiners in all states.
Most states we contacted said they began coverage of their
regulated insurance companies during regularly scheduled financial
examinations starting in early 1998. However, state insurance
regulators require routine financial examinations once every 3 to
5 years. By the beginning of 2000, many companies' last regular
examination would not have included questions on Year 2000
preparedness. Recognizing this Year 2000 oversight limitation,
some state regulators said they have begun or are considering
incorporating targeted Year 2000 examinations into their
validation programs. One state said it began conducting such
examinations in mid- 1998. Several more state regulators said they
began targeted examinations late in 1998, and others indicated
they had either just begun or plan to begin targeted examinations
during 1999. Three other states we visited were uncertain as to
whether targeted examinations were needed. Representatives of 4 of
the 17 state insurance departments we visited told us that they
did not plan to conduct targeted examinations. Eight states that
were conducting or planning to conduct targeted examinations had
no plans to examine all domiciled institutions. Instead, they said
their goal was to examine only companies believed to pose the
greatest risk. In general, limiting on- site regulatory
examination efforts pertaining to Year 2000 readiness would
provide correspondingly limited assurances that survey information
self- reported by insurers was reliable, especially when these
efforts were not supplemented by any other type of validation.

State insurance regulators have generally been less active than
the other financial regulators in planning for (e. g.,
establishing clear expectations that insurers can be held
accountable for meeting) and pursuing formal enforcement actions
against companies that are not responsive to regulatory
requirements regarding the Year 2000 date change. Two
circumstances, in particular, that may warrant enforcement
attention involve insurers' (1) lack of responsiveness to requests
for Year 2000- related information and (2) insufficient actions to
prepare for 2000. Most of the state regulators we visited had
addressed identified problems related to obtaining Year 2000
information from insurers. However, without having established
clear regulatory expectations for their companies, insurance
regulators were less prepared than the banking and securities
regulators to deal with potential readiness issues. Regulatory
Enforcement of

Year 2000 Readiness

B-281368 Page 18 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

While the banking regulators used on- site examinations as a
primary means of obtaining and reviewing Year 2000- related
information, most of the insurance regulators we visited used
surveys, which were usually administered under their examination
or regulatory access authority, as a key source of insurer
information. 13 State officials explained that administering
surveys under their examination authority provided them with a
greater assurance that they would receive high response rates and
with additional leverage to take action if an insurer did not
provide requested Year 2000 information.

In addition to conducting examinations, SEC required the entities
it oversees to provide reports on their Year 2000 efforts and
progress. Because SEC issued specific reporting requirements and
related guidance, it has been able to take action against
companies that failed to comply. For example, at the time of our
review SEC had undertaken formal proceedings, involving fines of
up to $25,000, against 46 companies for failure to file these
required Year 2000 reports in a timely manner.

Regarding Year 2000 readiness issues, the banking regulators have
taken measures to ensure that they are prepared to pursue
enforcement actions against companies identified as not adequately
preparing to become Year 2000 compliant. As previously mentioned,
banking regulators have set milestones and formally notified
banking institutions about when they were expected to have
completed certain phases of Year 2000 conversion. Banking
regulators have also developed a uniform examination rating system
for Year 2000 readiness that they used to help identify when
regulatory intervention was warranted. In addition, the banking
regulators have included enforcement actions in their Year 2000
supervision program to prompt remedial action by financial
institutions that are not making adequate progress. Using these
mechanisms, the banking regulators were able to initiate formal
actions against some institutions, as early as November 1997, for
failing to make adequate progress toward becoming Year 2000 ready.

SEC recently proposed actions that may be taken if securities
market participants are not deemed to be ready for 2000. In March
1999, SEC released for comment a proposed rule that would require
broker- dealers and transfer agents to complete certain actions
(e. g., verify remediation efforts through internal testing) to
become Year 2000 ready by no later

13 According to state officials, a regulatory survey administered
under examination authority places the surveyed companies under
the same legal obligation to provide true and complete information
as they would be under if examiners were physically present in the
company.

B-281368 Page 19 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

than August 1999. According to the proposal, if a broker- dealer
cannot ready its systems by October 15, 1999, it would be required
to cease conducting securities activities with customers and to
transfer its existing customer accounts to another firm.

The state insurance regulators tended to be less prepared than the
other regulators to institute enforcement actions against
companies that were identified to be at a high risk of not being
Year 2000 ready. With a few exceptions, the states we visited had
not provided insurance companies with specific regulatory
expectations (e. g., deadlines for selected phases of Year 2000
readiness) that could be used as a basis for determining when
regulatory actions should be taken. According to an NAIC survey of
all states, 14 two states had a formal plan that included specific
triggers for determining when a regulatory action should be taken
against a company, and a few additional states were in the process
of developing such a mechanism.

The majority of state regulators indicated that some form of
intervention could occur if a company's activities posed a threat
to its continued operations or financial solvency. However, some
state regulators held divergent views on the fundamental question
of whether they had the statutory authority to take action against
a company, prior to 2000, for not being prepared for the date
change. At the time of our review, 1 of 17 state insurance
regulators informed us about a Year 2000- related regulatory
intervention involving a company that did not have a remediation
plan.

Regulatory information on the Year 2000 readiness of the nation's
insurance industry does not provide the necessary information to
judge whether the industry will be ready for 2000. Although the
state insurance regulators we visited have relied primarily on
unverified company responses to Year 2000 surveys, the regulators
are generally confident about the ability of the industry to
become Year 2000 ready. They said that most insurers, particularly
the larger ones that are strongly influenced by competitive market
forces, are well under way in their efforts to become Year 2000
ready. Other nonregulatory sources are similarly optimistic about
the insurance industry's Year 2000 readiness relative to the
readiness of other U. S. industries. These other sources include
rating companies that have reported that the insurance industry
appears to be generally on track to Year 2000 readiness. These
views should be viewed with some caution, however, because many of
these observations are

14 Survey results are summarized in Year 2000 Industry Compliance
Status; NAIC; Year 2000 Working Group; Report to Commissioners;
December 6, 1998. Information on the

Year 2000 Readiness of the Insurance Industry Has Limitations, but
the Industry Is Viewed as Generally on Track

B-281368 Page 20 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

based primarily on information that has been self- reported by the
insurance companies and that, for the most part, has not been
validated.

Quarterly Year 2000 industry compliance status reports, which NAIC
prepares for the state insurance commissioners, represent the only
industrywide regulatory information in the area. To date, NAIC has
issued two such reports. These reports, intended to convey
information on insurance company readiness as reported by the
state regulators, provide insights on regulatory efforts and
industry readiness at the state level. They do not, however,
provide an effective gauge for the status of the industry as a
whole. Information in these reports comes from different sources
and represents different points of time, making it
methodologically inappropriate to link the information together as
a basis for determining the overall industry's Year 2000
readiness.

The latest industry status report, for example, attempts to
provide Year 2000 readiness information for insurance companies in
each state. The report presents information from 30 states on the
basis of surveys conducted at various periods between July 1997
and December 1998. Compliance information for the remaining 20
states was taken from an outdated industrywide survey that NAIC
conducted between August and October, 1997. In both cases,
information on Year 2000 compliance represented company responses
to surveys that, with a few exceptions, had not been verified.

State regulatory officials we interviewed did not identify any
major concerns related to the Year 2000 readiness of the insurance
industry in their respective states. In general, they were
confident that the industry has been actively preparing for 2000
and would, for the most part, be ready for the date change.
Officials explained that the insurance industry is a transaction-
driven business that is highly dependent on date- sensitive
information and processing. Thus, the Year 2000 issue is not a new
one for insurers, especially for the larger, more sophisticated
companies that recognize the potential impact it may have on their
business continuity and financial stability. Officials believed
that, assuming they have obtained the requisite commitment from
senior management, most large insurers have allocated sizable
resources to and are well under way in their conversion efforts.

State officials stated that, in general, the small and medium-
sized insurers do not have the same level of appreciation or
understanding of the Year 2000 problem as the larger companies.
They indicated, however, that they were not significantly
concerned. NAIC's December 1997 report suggests Regulatory
Information on

Industrywide Year 2000 Readiness Is Limited

State Regulatory Officials Are Generally Confident in the
Insurance Industry's Ability to Be Year 2000 Ready

B-281368 Page 21 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

this lesser understanding of the issue could stem from the fact
that many of the smaller insurers do not have complicated,
internally developed computer systems. To the extent that smaller
insurers use vendor software, and to the extent that software is
compliant, these insurers will generally have an easier time with
their conversion efforts. Some state officials also added that,
for smaller insurers, a reasonable and relatively easy way to
implement a contingency plan would be to revert to a manual system
on a temporary basis.

State officials noted that they were generally unconcerned that
Year 2000related problems involving individual insurers would
result in systemic disruptions to the industry as a whole. A few
officials explained that unaffiliated insurance companies
generally maintained stand- alone systems, and that the failure of
an individual insurer would have limited effects on other insurers
outside of those with which it may be jointly owned. Some
officials expressed greater concerns regarding, for example,
specific segments of the health insurance industry that may be
linked to systems associated with government programs, such as
Medicare.

Regulatory responses to our inquiry regarding the number of
individual insurers that may not be Year 2000 ready were generally
consistent with states' expressed optimism regarding the industry.
In our January survey of 17 state regulators, we asked the
following question: Based on your knowledge to date, how many
domiciled insurance companies does your state consider to be at a
high risk of not being Year 2000 ready? Five states were confident
that none of their domiciled insurers were at a high risk of not
being Year 2000 ready. These five states, however, used the less
stringent criteria for assessing readiness (e. g., companies not
expected to be compliant by December 1999 and without a
contingency plan) or relied almost exclusively on survey
information as the basis of their assessments. Seven states
attempted to estimate the number of insurers thought to be at a
high risk of not being ready. The proportion of high- risk
companies to the overall number of companies ranged from 4 to 25
percent, with the average being 10 percent. Over 80 percent of
these companies perceived to be high risk were categorized as
small companies that write policies representing less than $100
million in net premiums. The remaining five states did not respond
to the question; a few states noted that additional information
was needed.

B-281368 Page 22 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Independent sources, such as consulting firms and rating
companies, have not identified any major or systemic problems
relative to the Year 2000 readiness of the insurance industry.
Although their observations are based almost exclusively on
information self- reported by insurers, these sources, like the
state regulators, are generally confident in the ability of the
insurance industry to be Year 2000 ready.

The Gartner Group, for example, has stated that the financial
services industries, including the insurance industry, lead all
other industries in efforts to become Year 2000 ready. 15 It
explained that the insurance industry began having data failures
over 10 years ago when, for example, it was required to calculate
future payments on 10- or 15- year annuities. Because of such
time- driven products and because of the critical impact that
information technology systems have on insurers' business
operations, a Gartner Group official indicated that insurers began
their compliance efforts early and have since been able to make
great strides in the area. The Gartner Group's research regarding
Year 2000 information was largely gathered from interviews and
client inquiry meetings covering 27 industries and an estimated
15,000 companies in 87 countries.

Key rating companies have not identified any major or systemic
problems pertaining to the Year 2000 readiness efforts of the
insurance industry, and these companies have, in fact, provided
positive critiques of industry efforts in the area. A. M. Best
Company, in a February 1999 report, concluded that although most
insurers were still in the remediation and testing phases of
addressing their Year 2000 readiness efforts, all but a few
insurers will be fully operational in January 2000. 16 The company
based this conclusion on a Year 2000 survey of 1,709 insurance
entities that was conducted in November 1998. According to the
report, although only 45 percent of the companies responded to the
survey, these companies represented nearly three- quarters of the
industry volume.

Weiss Ratings, Inc., also addressed the insurance industry's
preparedness in a September 1998 report. 17 On the basis of a
survey of 5,096 insurers that resulted in a 22- percent response
rate, Weiss Ratings, Inc., reported that 93 percent of the survey
respondents indicated they have progressed

15 Year 2000 Global State of Readiness and Risks to the General
Business Community and Year 2000 International State of Readiness,
Gartner Group testimony before the U. S. Senate Special Committee
on the Year 2000 Technology Problem, October 7, 1998, and March 5,
1999, respectively.

16 Seeking Y2K Compliance: A. M. Best's Insurer Readiness Report,
A. M. Best Company, Inc., February 1999. 17 The Weiss Y2K Ratings
of Insurance Companies, Weiss Ratings, Inc., Fall 1998. Other
Sources Are Similarly

Confident and Have Not Identified Any Major or Systemic Problems
Related to the Insurance Industry's Year 2000 Readiness

B-281368 Page 23 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

adequately in their efforts to become Year 2000 ready. Conning and
Company also observed that the insurance industry is making good
progress in its internal systems efforts for Year 2000 compliance.
Standard and Poor's noted that Year 2000 system issues for most
insurers are approaching a resolution and that, as of March 1999,
no insurance company rating was downgraded because of Year 2000
problems.

Although independent sources have reported that insurers were
generally doing well with their internal efforts to become Year
2000 ready, some have also suggested that insurers may face
substantial threats from other related sources. Such sources
include the Year 2000 compliance problems of external parties with
which they do business (e. g., suppliers and government entities)
or potential liability exposures arising from Year 2000 problems.

Within the insurance industry, major concerns and preparations
related to the Year 2000 date change are not limited to readiness
issues, but also include liability exposure issues. Currently, the
magnitude of insurers' liability exposures cannot be estimated
primarily because a claims history for the event does not exist
and answers to key legal issues related to 2000 are unresolved.
While not estimable, Year 2000- related liability exposures could
be significant for some insurers, particularly those insurers
concentrated in commercial property- casualty market sectors.
Insurers' efforts to reduce these potential exposures include
writing exclusionary clauses in insurance policies, performing
more stringent underwriting, and educating policyholders to
properly prepare their systems and operations for 2000. The
effectiveness of these efforts, however, remains uncertain because
insurers face various potential marketplace and legal challenges.
Uncertainties also remain over the outcomes of several state and
federal legislative initiatives that were recently undertaken to
address Year 2000 liability exposure issues.

Industry professionals and observers acknowledge that the
magnitude of Year 2000- related exposures cannot be estimated at
this time. They also indicated that property- casualty insurers,
particularly those that write a significant amount of commercial
insurance (e. g., policies for directors and officers, errors and
omissions, commercial general liability, and business
interruptions), are more vulnerable to Year 2000- related
liability exposures than are other types of insurers. Moreover,
lawyers and industry professionals have said that insurers may
face significant legal costs to resolve Year 2000- related claims
and lawsuits. Some Insurers Face

Potentially Large Year 2000 Liability Costs; Effects of Related
Mitigation Efforts Are Uncertain

Year 2000- Related Liability Exposures and Legal Costs Are Not Yet
Estimable but May Be Significant for Some Insurers

B-281368 Page 24 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Because of the uniqueness of the Year 2000 event, the potential
magnitude and scope of impacts caused by related computer
malfunctions are largely unknown. Insurers have little to rely
upon in estimating their potential exposures since there is no
claims history for such an event and many key legal issues related
to coverage and the interpretation of various types of insurance
policies are unresolved. Among the many coverage- related issues
that may be raised by insurers to limit coverage are those
involving fortuity and triggers.

Insurance coverage generally applies to losses caused by
fortuitous events, that is, events that are unexpected, unusual,
and unforeseen. Insurers have generally asserted that because the
Year 2000 problem is widely known and timely remedial measures in
many cases have been available, Year 2000- related losses
sustained by computer users are not fortuitous and therefore would
not be covered by some types of policies (e. g., business
interruption insurance). Conversely, those seeking coverage for
losses are expected to argue that specific Year 2000- related
mishaps and their associated losses were unforeseen despite
reasonable efforts to prepare for the event, or their losses were
so unusual that they were not to be expected.

Insurance coverage also depends on what event triggers coverage.
Under some types of policies, coverage would depend on the point
in time that the covered event occurred. For instance, in disputes
concerning computer users, sellers, servicers, and manufacturers,
there may be questions as to whether the event causing Year 2000-
related damages occurred when a system was manufactured or
distributed, a system was installed, a Year 2000- related problem
was noticed, or damages were incurred. If disputes over insurance
coverage are based on trigger issues, the courts may have to
decide when coverage was activated for a particular policy. Until
these and other questions are addressed in the context of the Year
2000 event, insurers will continue to have difficulties estimating
related liabilities.

Estimating the magnitude of insurers' exposures due to the Year
2000 event is also difficult because of the variety of issues and
litigants that could be involved in potential lawsuits. As Year
2000 disputes emerge, insurance coverage issues will surface as
plantiffs and defendants alike try to recoup alleged losses from
insurers. Insurance industry observers frequently categorize
anticipated Year 2000- related lawsuits into three waves of
litigation over: (1) costs to become Year 2000 compliant, (2)
losses resulting from Year 2000 problems, and (3) coverage for
Year 2000- related losses. Many lawsuits involving disputes over
the responsibility for costs to upgrade systems for 2000 have
already been filed (e. g., disputes

B-281368 Page 25 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

between vendors and users to remediate software in noncompliant
systems).

Several legal experts predict another wave of lawsuits associated
with actual losses caused by Year 2000 mishaps, such as those
seeking compensation for losses arising from the alleged failure
of a firm and/ or its officers to adequately prepare for and
disclose Year 2000 problems. Insurers may be responsible for
paying claims on damages incurred by policyholders if coverage is
established. In addition, industry representatives and legal
experts agree that lawsuits between insurers and policyholders
could result from insurers denying coverage.

Further complicating the ability of insurers to estimate their
exposures for the Year 2000 event are the potential legal costs,
including those arising in connection with insurers' general duty
to defend policyholders against liability suits. Insurers expect
to incur significant legal costs to defend their general liability
policyholders against third- party lawsuits, even when coverage
may be questionable. Many industry representatives and observers
have indicated that legal costs could exceed claims costs
associated with Year 2000 problems.

Since insurers are unable to estimate their potential Year 2000-
related liabilities, they are also unable to reflect appropriately
all of their potential liabilities by modifying their reserve
posture. Generally speaking, reserves cannot be reasonably
established until the liabilities are both probable and reasonably
estimable. Year 2000- related liabilities continue to be
inestimable in the insurance industry.

In light of the uncertain but potentially significant Year 2000-
related liability exposures, many insurers have taken steps to
limit or reduce their exposures. These measures include the
insertion of exclusions into certain types of policies, more
stringent underwriting practices, and educational programs to
encourage policyholders to properly prepare themselves for 2000.
The effectiveness of insurers' efforts to mitigate their exposures
remains unclear as some mitigation measures face legal and
marketplace challenges.

Many insurers, particularly those writing commercial general
liability policies, are attempting to limit their exposures by
incorporating exclusions into their policies. The state insurance
regulators have generally approved of some form of Year 2000-
related exclusions developed by the Insurance Services Office for
commercial lines of Insurer Efforts to Mitigate

Potential Year 2000 Liability Exposures Face Challenges

B-281368 Page 26 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

insurance. 18 However, although exclusions are intended to limit
coverage for Year 2000- related mishaps, uncertainties remain as
to the effectiveness of such practices.

According to legal experts, the courts may be asked to decide
whether Year 2000 coverage exclusions are legitimate. Some experts
have expressed uncertainty over whether courts will uphold the
Year 2000 exclusions due to public policy concerns. Moreover,
where such exclusions are upheld, specific coverage questions
could remain as courts typically interpret exclusions narrowly.
Some insurance and legal professionals also have said that the use
of an exclusion could be viewed as evidence that a standard policy
without the exclusion was intended to cover losses from a Year
2000 failure. To avoid this risk, some insurers have opted not to
use exclusions, emphasizing that their policies have never covered
direct Year 2000 losses. Nevertheless, insurance professionals
explained that standard policies may cover losses arising in
connection with a Year 2000- related mishap that causes an insured
event resulting in a loss, such as a fire or an auto accident,
irrespective of whether the incident was caused by a Year 2000
glitch. For instance, a standard automobile policy may not cover
expenses to fix a car that failed because of a Year 2000 problem,
but the policy could cover damages for an accident caused by a
Year 2000- related vehicle malfunction.

Some insurers are also attempting to mitigate their liability
exposures through more stringent underwriting practices and
educational programs that encourage policyholders to prepare their
operations and contingency plans for the Year 2000 event.
Assessing their policyholders' Year 2000 preparation efforts,
writing policies that reflect each policyholder's Year 2000-
related risks, and sending policyholders guidance materials to
emphasize the importance of Year 2000 preparation efforts are
other techniques used by some insurers to mitigate their potential
liabilities. Such loss control efforts are aimed at reducing the
insurers' potential exposures due to Year 2000- related coverage
claims and lawsuits.

The extent to which mitigation measures can be effectively
employed also depends on the competitive marketplace and the
individual business relationship insurers have with their
policyholders. Industry professionals

18 The Insurance Services Office is an organization that assists
property- casualty insurers by collecting and generating data on
the loss experience of the industry as a whole. This organization
also prepares generalized policy forms to be used by insurers at
their discretion. For example, one Year 2000 exclusion form
developed for liability policies excludes liability damages
associated with computer system- related failures due to the
inability to correctly recognize, process, distinguish, interpret,
or accept the year 2000 and beyond.

B-281368 Page 27 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

and observers indicated that some policies covering Year 2000-
related damages may still be available and acknowledged that the
use of exclusions was not always practical in the marketplace. For
instance, one commercial property- casualty insurer indicated the
company had lost accounts to another insurer that was willing to
offer insurance without a Year 2000 exclusion.

We observed in the states we visited that state regulatory efforts
to help companies address and mitigate their potential liability
exposures have generally focused on the consideration and approval
of exclusionary forms that some companies want to place on their
policies. These states have generally approved the standard
exclusionary endorsements proposed by the Insurance Services
Office, or similarly worded forms, that identify coverage
exclusions for Year 2000- related losses. A spokesperson for the
Insurance Services Office indicated that all of the states had
approved of certain exclusions for commercial lines of insurance.
Beyond these exclusionary approvals, we found that the regulatory
efforts of the states we visited to address companies' potential
liability exposure problems have generally been limited. Some
state regulators included questions related to Year 2000 liability
exposures in the surveys that they sent companies to help raise
awareness about the issue. Most of the regulators we visited did
not indicate any specific efforts to identify potential liability
exposure issues among their regulated companies.

Other uncertainties remain over how several state and federal
legislative initiatives will affect insurers' potential Year 2000-
related liability exposures. Legislative actions to address the
resolution of Year 2000related disputes, thus far, have consisted
primarily of sovereign immunity laws passed by several states to
protect themselves from Year 2000- related lawsuits. Many other
state and federal legislative initiatives are currently being
considered, some of which propose alternative dispute resolution
methods to help resolve disputes involving Year 2000- related
mishaps. A number of pending legislative initiatives also seek to
limit Year 2000related liabilities in a variety of ways. Among
other things, proposed measures include special rules for
liability standards and class action lawsuits, liability caps,
prohibitions on punitive damage awards, and waiting periods to
give potential defendants an opportunity to remedy noncompliant
systems before lawsuits can be filed. Uncertainties continue as
numerous legislative initiatives addressing resolution methods and
damage awards for Year 2000- related disputes are still being
debated. Effects of Regulatory and

Legislative Efforts Are Uncertain

B-281368 Page 28 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Generally, state insurance regulators' responses to the Year 2000
challenge started late and, with a few exceptions, were limited in
scope. Also, the level of regulatory activity to promote and
assess insurance companies' Year 2000 readiness and to validate
self- reported information on readiness varied widely by state. As
a result, it is sometimes difficult, both for other regulators and
for the public, to know how much confidence they can have that
specific insurers or the overall insurance industry will be able
to continue operations with minimal disruptions into the new
millenium.

Generally, insurance regulators have not been as active in
encouraging, validating, and enforcing Year 2000 preparation
efforts as the banking and securities regulators. NAIC, which
assumed the role of facilitator of state regulators' Year 2000
oversight efforts, has also been late in many of its actions.
Among those actions were NAIC's August 1997 survey, which was its
first attempt to formally notify insurance companies about the
Year 2000 problem and to encourage state regulators to take
action. Similar actions were taken by banking and securities
regulators beginning in 1996. Furthermore, NAIC did not
incorporate Year 2000 questions into the Financial Examiners
Handbook until prior to examinations done in 1998, despite a
normal examination cycle in the states of 3 to 5 years for
insurance companies. NAIC also did not issue Year 2000 guidance,
including recommended regulatory and industry expectations, until
September 1998. At that time, the guidance was disseminated to the
state regulators but not necessarily to all insurance companies.
Finally, state insurance regulators were generally less prepared
than the other financial regulators to pursue formal enforcement
actions against identified problem companies due, in part, to the
lack of clearly established and wellcommunicated expectations (e.
g., milestone dates for specific phases of the Year 2000
conversion) for insurers.

State regulators and industry observers report that the insurance
industry is in reasonably good condition with respect to Year 2000
readiness. However, this assertion is based primarily on self-
reported information that has not yet been verified. Furthermore,
the state regulatory data available through NAIC do not provide an
effective gauge to assess the status of the industry as a whole
because of large differences in the dates that information was
collected by the states. Moreover, these data on industry
compliance were based almost exclusively on survey responses.

At present, the magnitude of costs associated with claims and
legal defenses for Year 2000- related mishaps is not yet estimable
but has the potential to be substantial for some property-
casualty insurers. Although many insurers have taken actions to
reduce their potential liability Conclusions

B-281368 Page 29 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

exposures, the effectiveness of these mitigation efforts remains
uncertain. Ultimately, insurers' Year 2000- related liability
exposures will depend on decisions made to resolve key legal
questions and numerous pending legislative initiatives. Until
then, insurers will continue to face challenges in estimating
their Year 2000- related liabilities and modifying their reserve
posture, as warranted.

NAIC provided written comments on a draft of this report. A
reprint of NAIC's letter can be found in appendix III.

NAIC stated that its members have been proactively addressing Year
2000 issues since 1997, and it provided a Year 2000 chronology of
NAIC activities. However, based on the suggested milestones in our
Assessment Guide, as well as our comparison of insurance
regulators to other financial regulators, we continue to believe
that regulatory efforts to oversee the insurance industry's Year
2000 readiness began late and have generally been limited.
Specifically, the state insurance regulators we visited were less
active in their efforts to promote Year 2000 readiness and efforts
to validate information on the status of companies' readiness.
They were also less active in planning for and pursuing formal
enforcement actions against companies identified as inadequately
preparing for Year 2000 and at a high risk of not being ready for
the millenium change. In addition, NAIC was generally late in
providing information and guidance to state regulators about the
appropriate Year 2000 regulatory activities to undertake. Our
concern is that, given the time- consuming process of becoming
Year 2000 ready, any company identified by regulators at this late
date as being behind could have difficulty completing all of the
necessary phases of its Year 2000 preparations in time.

NAIC also stated that much of the data used to develop the draft
report was out of date, citing, for example, NAIC's recent
initiative to coordinate a focused review of nationally
significant companies. As discussed in the scope and methodology
of this report, our noted observations are based on actions taken
by state insurance regulators through January 1999. As the Year
2000 deadline approaches, NAIC's most recent initiatives, such as
the focused review of nationally significant companies, may offer
a practical approach to ensuring the readiness of the nation's
largest insurance companies. NAIC projected that the first phase
of this initiative will be completed by mid- May, with preliminary
results to follow. We plan to address the results of this
initiative as well as other NAIC and state regulatory actions when
we provide you with updated information on the insurance
industry's Year 2000 readiness as requested in your March 11,
1999, letter. NAIC Comments and

Our Evaluation

B-281368 Page 30 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

In addition, NAIC noted that our draft report reflected dates when
policies were adopted by NAIC, but did not recognize the many
meetings and discussions among regulators, industry, and trade
associations that led to the adoption of a policy. In this report,
we acknowledged that preliminary meetings to discuss and develop
policies provided a mechanism among regulators and the companies
involved for raising awareness and promoting a dialogue about
important issues, such as preparing for 2000. However, we focused
on the date that a policy was formally adopted by NAIC, rather
than on the beginning of discussion. Formal adoption of a policy
is a more relevant date because it signifies when agreement is
reached and actions are expected to commence.

Finally, NAIC acknowledged that the state insurance regulators
have developed different approaches to addressing Year 2000
problems, but NAIC viewed these oversight variations to be a
significant advantage for state regulators. In our view, variation
in the regulatory oversight of Year 2000 preparations across
states is a concern because of the high degree of interdependency
required by the state- by- state regulatory system. We found that
state regulators depend on each other for the regulation of
nondomiciled companies. In fact, in May 1998, NAIC recommended
that states concentrate their evaluation efforts on domestic
insurance entities. We also found that the level of Year 2000
oversight is substantially weaker in some states than in other
states. In our view, this raises questions about the extent to
which states can rely on other states regarding the preparedness
of nondomiciled insurance companies doing business in their
states. Moreover, variations in oversight approaches among state
regulators also made it difficult to ascertain the overall status
of the insurance industry's Year 2000 preparedness.

As agreed with your office, unless you publicly announce its
contents earlier, we plan no further distribution of this report
until 10 days from its issue date. At that time we will provide
copies to Representative Thomas Bliley, Chairman, House Committee
on Commerce, and Senator Robert Bennett, Chairman, and Senator
Christopher Dodd, Vice Chairman, Senate Special Committee on the
Year 2000 Technology Problem. We will also provide copies of this
report to other interested parties and will make copies available
to others on request.

B-281368 Page 31 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Major contributors to this report are listed in appendix VI.
Please call me on (202) 512- 8678 if you or your staff have any
questions.

Sincerely yours, Richard J. Hillman Associate Director, Financial
Institutions

and Markets Issues

Page 32 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Contents 1 Letter 34 Appendix I Phases of Year 2000 Preparation

35 Appendix II States Visited and Market Share of Their
Domiciliary Insurance Companies

36 Appendix III Comments From the National Association of
Insurance Commissioners

47 Appendix IV Priority 1 Companies Relative to Total Insurance
Companies, by Type

48 Appendix V Priority 1 Companies Relative to Industrywide Data,
by Size

Contents Page 33 GAO/GGD-99-87 State Insurance Regulators Face
Challenges

Appendix VI Major Contributors to This Report

49 Table 1: Year 2000 Conversion Phases and Suggested

Completion Dates 4

Table I. 1: Description of Key Phases of Year 2000 Preparation

34 Table II. 1: States We Visited and Market Share of Their

Domiciliary Insurance Companies 35 Tables

Figure 1: States' Prioritization of Companies for Year 2000
Oversight Purposes

10 Figure IV. 1: Priority 1 Companies Relative to Total

Companies, by Type 47

Figure V. 1: Priority 1 Companies Relative to Industrywide Data,
by Size

48 Figures

Abbreviations

EDS Electronic Data Systems FFIEC Federal Financial Institutions
Examination Council NAIC National Association of Insurance
Commissioners OCC Office of the Comptroller of the Currency SEC
Securities and Exchange Commission OMB Office of Management and
Budget

Appendix I Phases of Year 2000 Preparation

Page 34 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Key phases Description of activities conducted

Awareness Define the Year 2000 problem and gain executive level
support and sponsorship. Establish Year 2000 program team and
develop an overall strategy. Ensure that everyone in the
organization is fully aware of the issue. Assessment Assess the
Year 2000 impact on the enterprise. Identify core business areas
and

processes, inventory and analyze systems supporting the core
business areas, and prioritize their conversion or replacement.
Develop contingency plans to handle data exchange issues, lack of
data, and bad data. Identify and secure the necessary resources.
Renovation Convert, replace, or eliminate selected platforms,
applications, databases, and utilities.

Modify interfaces. Validation Test, verify, and validate converted
or replaced platforms, applications, databases, and

utilities. Test the performance, functionality, and integration of
converted or replaced platforms, applications, databases,
utilities, and interfaces in an operational environment.
Implementation Implement converted or replaced platforms,
applications, databases, utilities, and

interfaces. Implement data- exchange contingency plans, if
necessary. Source: Year 2000 Computing Crisis: An Assessment Guide
(GAO/ AIMD- 10.1. 14, Sept. 1997).

Table I. 1: Description of Key Phases of Year 2000 Preparation

Appendix II States Visited and Market Share of Their Domiciliary
Insurance Companies

Page 35 GAO/GGD-99-87 State Insurance Regulators Face Challenges

We conducted site visits of 17 state insurance departments whose
domiciliary insurance companies collectively accounted for 75
percent of insurance sold nationally. This included the top 12
states, each having domiciled companies with a combined market
share of more than 3.0 percent, plus 5 states with relatively
smaller market shares ranging from 0.3 to 2.6 percent.

States Percentage of total market share

Illinois 14.3 New York 11.2 Connecticut 6.5 Pennsylvania 5.1
California 4.3 Wisconsin 4.3 Texas 4.2 Ohio 4.0 Massachusetts 3.9
New Jersey 3.8 Michigan 3.5 Delaware 3.4 Indiana 2.6 Iowa 2.0
Arizona 1.0 Oregon 0.9 Utah 0.3

Total market share 75.3

Note: Market share information of each state's domiciliary
insurance companies represents the percentage of net premium
volume written nationwide (over $664 billion) for all types of
insurance. A domiciliary insurance company is one incorporated
under the laws of the state in which it is doing business.

Source: Extracted from information provided by NAIC, based on its
1997 financial database.

Table II. 1: States We Visited and Market Share of Their
Domiciliary Insurance Companies

Appendix III Comments From the National Association of Insurance
Commissioners

Page 36 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 37 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 38 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 39 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 40 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 41 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 42 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 43 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 44 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 45 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix III Comments From the National Association of Insurance
Commissioners

Page 46 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Appendix IV Priority 1 Companies Relative to Total Insurance
Companies, by Type

Page 47 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Priority 1 companies represent those companies whose Year 2000
efforts were determined by state insurance regulators to need a
high degree of regulatory attention. Thirteen of the 17 states we
visited identified priority 1 companies, 2 states did not identify
any priority 1 companies, and the remaining 2 had not completed
their ranking process. The following figure presents a breakdown,
by insurer type, of priority 1 companies, identified by the 13
states, relative to a similar breakdown of the total number of
domiciled insurance companies in those states.

Note: Other may include such entities as fraternals, employee
welfare funds, and title companies regulated by the state
insurance departments.

Source: GAO summary of state survey responses.

Figure IV. 1: Priority 1 Companies Relative to Total Companies, by
Type

Appendix V Priority 1 Companies Relative to Industrywide Data, by
Size

Page 48 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Priority 1 companies represent those companies whose Year 2000
efforts were determined by state insurance regulators to need a
high degree of regulatory attention. Thirteen of the 17 states we
visited identified priority 1 companies, 2 states did not identify
any priority 1 companies, and the remaining 2 had not completed
their ranking process. The following figure presents a breakdown,
by size, of priority 1 companies, identified by the 13 states,
relative to a similar breakdown using available industrywide data.
Size is based on estimated net premiums written nationwide, with
large companies writing more than $1 billion, medium companies
writing $100 million to $1 billion, and small companies writing
less than $100 million.

Source: GAO summary of state survey responses. Industrywide data
by size was taken from an NAIC report, Year 2000 Insurance
Industry Awareness, December 8, 1997.

Figure V. 1: Priority 1 Companies Relative to Industrywide Data,
by Size

Appendix VI Major Contributors to This Report

Page 49 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Lawrence D. Cluff, Assistant Director, Financial Institutions and
Markets Issues

Paul G. Thompson, Senior Attorney Barry A. Kirby, Senior Evaluator
Evelyn E. Aquino, Evaluator- in- Charge Alexandra Martin-
Arseneau, Senior Evaluator May M. Lee, Computer Specialist General
Government

Division, Washington, D. C.

Office of the General Counsel, Washington, D. C.

Chicago Field Office San Francisco Field Office

Page 50 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Page 51 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Page 52 GAO/GGD-99-87 State Insurance Regulators Face Challenges

Ordering Information The first copy of each GAO report and
testimony is free. Additional copies are $2 each. Orders should be
sent to the following address, accompanied by a check or money
order made out to the Superintendent of Documents, when necessary.
VISA and MasterCard credit cards are accepted, also. Orders for
100 or more copies to be mailed to a single address are discounted
25 percent.

Order by mail: U. S. General Accounting Office P. O. Box 37050
Washington, DC 20013

or visit: Room 1100 700 4 th St. NW (corner of 4 th and G Sts. NW)
U. S. General Accounting Office Washington, DC

Orders may also be placed by calling (202) 512- 6000 or by using
fax number (202) 512- 6061, or TDD (202) 512- 2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512- 6000 using a
touch- tone phone. A recorded menu will provide information on how
to obtain these lists.

For information on how to access GAO reports on the INTERNET, send
e- mail message with info in the body to:

info@ www. gao. gov or visit GAO's World Wide Web Home Page at:
http:// www. gao. gov

*** End of document. ***