Insurance Industry: Regulators Are Less Active in Encouraging and
Validating Year 2000 Preparedness (Statement/Record, 03/11/99,
GAO/T-GGD-99-56).

Pursuant to a congressional request, GAO discussed the banking,
securities, and insurance regulators' efforts to validate their year
2000 preparedness.

GAO noted that: (1) banking and securities regulators have supplied
guidance and direction regarding year 2000 problems, while state
insurance regulators GAO contacted have provided little guidance to
their regulated institutions; (2) within the banking industry, the
Federal Financial Institutions Examination Council (FFIEC), through its
member agencies, has taken actions to: (a) raise banking industry
awareness regarding the year 2000 problem; and (b) provide financial
depository institutions with year 2000 guidance; (3) within the
securities industry, the Securities Exchange Commission (SEC) has
engaged in similar efforts to promote and encourage year 2000 readiness,
primarily through the securities industry's self-regulatory
organizations (SRO); (4) but state insurance regulators GAO contacted
and the National Association of Insurance Commissioners have not been as
proactive in this area; (5) FFIEC has issued interagency guidance to
federally regulated depository institutions on year 2000 topics such as
testing, contingency planning, and business risk; (6) although SEC has
issued limited guidance on year 2000 problems, the Securities Industry
Association and other SROs have issued guidance to their members; (7)
with a few exceptions, state insurance regulators GAO contacted have not
provided insurance companies with formal guidance or regulatory
expectations regarding year 2000 readiness; (8) financial regulators
have two principal ways of verifying the year 2000 readiness of their
regulated institutions: (a) on-site examinations; and (b) broad scale
testing; (9) banking regulators rely primarily on examinations targeted
directly at issues related to year 2000 problems to validate the
progress and status of their regulated institutions; (10) this will
provide regulators with not only a snapshot of institutions' status now,
but a perspective of their progress over time; (11) the
interconnectedness of the securities industry lends itself to broad
scale testing to an even greater extent; (12) with the approval of SEC,
over 400 institutions are participating in street-wide testing; (13)
street-wide testing is the principal year 2000 validation vehicle in the
securities industry; and (14) validation by insurance regulators of the
year 2000 readiness of insurance companies began late, and, in most
states, lacks the vigor demonstrated by bank and securities regulators.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-GGD-99-56
     TITLE:  Insurance Industry: Regulators Are Less Active in 
             Encouraging and Validating Year 2000 Preparedness
      DATE:  03/11/99
   SUBJECT:  Y2K
             Securities regulation
             Insurance regulation
             Banking regulation
             Regulatory agencies
             Computer software verification and validation
             Systems conversions
             Strategic information systems planning
             Insurance companies
IDENTIFIER:  Y2K
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************
gg99056t INSURANCE INDUSTRY Regulators Are Less Active in
Encouraging and Validating Year 2000 Preparedness

Statement for the Record by Richard J. Hillman, Associate Director
Financial Institutions and Markets Issues General Government
Division

United States General Accounting Office

GAO Testimony Before the Special Committee on the

Year 2000 Technology Problem U. S. Senate

Not to be Released Before 9: 30 a. m., EST Thursday, March 11,
1999




GAO/T-GGD-99-56

  GAO/T-GGD-99-56

Statement

Page 1 GAO/T-GGD-99-56

Mr. Chairman and Members of the Special Committee: Financial
institutions are regulated for a variety of reasons, including
both safety and soundness and customer protection. This regulation
supplements market discipline, especially in cases where customers
have difficulty evaluating a company's financial soundness. This
is true for depository institutions, securities firms, and
insurance companies. The Year 2000 computer problem is an issue
that can affect the ability of an institution to continue to
provide services to its customers; that is, it can affect both
safety and soundness as well as customer protection. Therefore, it
is appropriate that financial regulators be actively involved in
making sure that (1) institutions know what is expected of them to
become prepared and (2) customers and others who depend on a
continued stream of services can be confident about the
operational viability of their financial institutions.

At the request of this Committee and the Ranking Member of the
House Committee on Commerce, we have reviewed the activities of
bank and securities regulators and have reported that, after a
slow start, they have generally made real progress in validating
the preparedness of their regulated institutions. We have recently
taken a similar look at the insurance industry and its regulators
and, unfortunately, have found that their regulatory presence
regarding the Year 2000 area is not as strong as that exhibited by
the banking and securities regulators. In this effort, we visited
and surveyed 17 state insurance departments. Those departments
regulated companies providing about 75 percent of insurance
written in the nation. At a future time, we will be happy to share
with you the detailed results of that work. However, at your
request, we would today like to present a few preliminary results
comparing some of the Year 2000 regulatory actions, both in
timeliness and scope, of regulators in all three of the major
financial industries banking, securities, and insurance.

We wish to emphasize that we in no way intend to suggest that
there are likely to be major problems in any of the three sectors.
Indeed, regulators, as well as other available studies, suggest
that the financial sector is doing reasonably well in its
preparation for 2000. However, there are significant differences
in the extent of validation taking place in the banking and
securities industries compared to the insurance industry.
Consequently, it is difficult to know how much confidence to place
in reports about the readiness of the insurance industry, where
there is generally less validation. To illustrate differences
among the regulators, we will briefly focus on two broad areas of
regulatory activity guidance and verification.

Statement Page 2 GAO/T-GGD-99-56

Banking and securities regulators have supplied guidance and
direction regarding Year 2000 problems, while state insurance
regulators we contacted have provided little guidance to their
regulated institutions. Within the banking industry, the Federal
Financial Institutions Examination Council (FFIEC), 1 through its
member agencies, has taken actions to (1) raise banking industry
awareness regarding the Year 2000 problem and (2) provide
financial depository institutions with Year 2000 guidance,
including expectations for when certain phases of conversion
should be completed. Within the securities industry, the
Securities Exchange Commission (SEC) has engaged in similar
efforts to promote and encourage Year 2000 readiness, primarily
through the securities industry's self- regulatory organizations
(SROs). But, for the most part, as discussed below, state
insurance regulators we contacted and the National Association of
Insurance Commissioners (NAIC) 2 have not been as proactive in
this area.

In our assessment guide, 3 we state that Year 2000 awareness
efforts should be completed during 1996. In June 1996, FFIEC began
to raise industry awareness by disseminating letters to the boards
of directors and senior management of all federally supervised
banking institutions on key topics associated with Year 2000
readiness. Also starting in June 1996, SEC sent letters to the
industry trade associations and subsequently to individual firms
informing them of the threat posed by Year 2000 problems to their
operations and urging them to address these problems as one of
their highest priorities. In contrast, individual state regulatory
efforts to raise insurers' awareness generally did not begin until
1997 or, for a few of the states we visited, until late 1998.
These efforts typically took the form of questionnaires to
insurers inquiring about their state of preparedness. In addition,
the NAIC coordinated a national survey of insurance companies in
August 1997 to, among other things, serve as an impetus for them
to take appropriate action. 4 Because of state insurance
regulators' late start,

1 FFIEC was established in 1979 as a formal interagency body
empowered to prescribe uniform principals, standards, and report
forms for the federal examination of financial institutions, and
to make recommendations to promote uniformity in the supervision
of these institutions. The Council's membership is composed of the
federal bank regulators Federal Deposit Insurance Corporation, the
Federal Reserve System, and the Comptroller of the Currency plus
the regulators for credit unions and thrift institutions the
National Credit Union Administration and the Office of Thrift
Supervision, respectively.

2 NAIC is a membership organization of state insurance
commissioners. One of the NAIC's goals is to promote uniformity of
state regulation and legislation as it concerns the insurance
industry. 3 Year 2000 Computing Crisis: An Assessment Guide
(GAO/AIMD-10-1- 14, Sept. 1997).

4 NAIC summarized the survey results in a report, Year 2000
Insurance Industry Awareness, issued in December 1997. Regulatory

Approaches to Facilitate Financial Institutions' Efforts to Become
Year 2000 Ready

Raising Industry Awareness

Statement Page 3 GAO/T-GGD-99-56

less time is available to fully assess the Year 2000 preparedness
of insurers and to provide assurances to the public that the
insurance industry will continue to operate into the new
millenium.

FFIEC has issued interagency guidance to federally regulated
depository institutions on Year 2000 topics such as testing,
contingency planning, and business risk. It has also established,
and formally communicated to the banking industry, specific
deadlines for when companies were expected to have completed
certain phases of Year 2000 conversion (e. g., remediation,
testing of mission critical systems, and third- party testing).
Although SEC has issued limited guidance on Year 2000 problems,
the Securities Industry Association and other SROs have issued
guidance to their members. In particular, the National Association
of Securities Dealers issued guidance on such topics as investor
concerns and testing requirements, and it conducted workshops
around the country to raise awareness and provide assistance
regarding the Year 2000 problem. Moreover, similar to the banking
regulators, the SROs established milestone dates for their
respective member organizations.

With a few exceptions, state insurance regulators we contacted
have not provided insurance companies with formal guidance or
regulatory expectations regarding Year 2000 readiness. Some state
officials took the position that it was not their role to be
directive with companies regarding Year 2000 solutions, but rather
to monitor their progress. A few others noted that they did not
have the expertise and/ or resources to provide specific guidance
on preparing for 2000. In September 1998, NAIC issued a statement
of insurance regulatory expectations regarding due diligence in
preparing for 2000. 5 This statement was intended to provide
useful guidance to the industry as well as to state insurance
regulators. However, dissemination was left to the initiative of
the individual states, and it was not uniformly made available to
all insurers. A few states we visited as late as December 1998
were still unaware that NAIC had completed action on the
regulatory guidance.

Financial regulators have two principal ways of verifying the Year
2000 readiness of their regulated institutions. These are on- site
examinations and broad scale testing. Examinations on Year 2000
issues focus primarily on the actions that institutions are taking
to prepare for 2000, in other words, on the process up to and
including a review of test results and contingency planning. In
contrast, successful broad scale tests

5 Insurance Regulatory Statement Regarding Industry Year 2000
Compliance and Remediation, approved by NAIC's Year 2000 Working
Group on 9/ 8/ 98. Providing Guidance and

Milestones Regulatory Verification of Financial Institutions' Year
2000 Readiness

Statement Page 4 GAO/T-GGD-99-56

demonstrate that, after all the preparations, each of the pieces
work, individually and together. Broad scale testing is more
meaningful in some industries than in others. To be meaningful,
such testing requires considerable interconnectedness among the
participants. The structure of the securities industry and, to a
lesser extent, of the banking industry lends itself to such
testing. In cases where this interconnectedness may be absent or
limited, as in the insurance industry, examinations become the
most effective means for regulators to verify the status of
financial institutions' Year 2000 preparedness.

Banking regulators rely primarily on examinations targeted
directly at issues related to Year 2000 problems to validate the
progress and status of their regulated institutions. The first
round of such examinations began in May 1997. Regulators are now
nearing completion of the second round of targeted examinations.
At its conclusion, every institution will have been examined
twice. This will provide regulators with not only a snapshot of
institutions' status now, but also a perspective of their progress
over time. Furthermore, time will still be available for
regulators to return to institutions where questions remain. In
addition to targeted examinations, at the encouragement of the
Federal Reserve System, depository institutions are expected to
participate in tests demonstrating their ability to successfully
interface with the Federal Reserve's wholesale payments system.
Such tests provide further assurances of the readiness of the
banking industry to meet Year 2000 challenges.

The interconnectedness of the securities industry lends itself to
broad scale testing to an even greater extent. With the approval
of the SEC, over 400 institutions are participating in street-
wide testing. A preliminary test was successfully held in June
1998, and another test is now ongoing. In addition, the SEC has
conducted some examinations of securities firms, and SROs have
conducted more extensive examinations, but the examination
coverage has not been as extensive as in the banking industry.
Street- wide testing is the principal Year 2000 validation vehicle
in the securities industry.

Validation by insurance regulators of the Year 2000 readiness of
insurance companies began late and, in most states, lacks the
vigor demonstrated by bank and securities regulators. The NAIC
added nine questions on Year 2000 preparations to the Examiners
Financial Handbook (used by all states) in late 1997. Most states
we contacted began coverage of their regulated companies during
regularly scheduled financial examinations beginning in early
1998. However, state insurance regulators routinely examine their
companies only once every 3 to 5 years. As a result, many

Statement Page 5 GAO/T-GGD-99-56

companies will not have had a regular financial examination
between 1998 and 2000. Recognizing this, some state regulators
have begun or are considering incorporating targeted Year 2000
examinations into their validation programs. One state began
conducting such examinations in mid- 1998. Several more began
targeted examinations late in 1998. Others have either begun or
plan to begin targeted examinations during 1999. Four of the 17
state insurance departments we visited told us that they did not
plan to conduct targeted examinations. In those states now
conducting targeted examinations, the stated goal, with a few
exceptions, is to examine only those companies thought to pose the
greatest risk.

Compared to standards presented in our assessment guide and to
other financial regulators, state insurance regulators we
contacted were late in raising industry awareness of potential
Year 2000 problems. They also provided little guidance to
regulated institutions and failed to convey clear regulatory
expectations to companies about Year 2000 preparations and
milestones. Nevertheless, we found that the insurance industry is
reported both by its regulators and by other outside observers to
be generally on track to being ready for 2000. However, most of
these reports are based on information that has been self-
reported by the insurance companies. Relative to other financial
regulators, insurance regulators' efforts to validate this self-
reported information generally began late and were too limited.
Conclusions

Page 6 GAO/T-GGD-99-56

Page 7 GAO/T-GGD-99-56

Page 8 GAO/T-GGD-99-56

Ordering Information The first copy of each GAO report and
testimony is free. Additional copies are $2 each. Orders should be
sent to the following address, accompanied by a check or money
order made out to the Superintendent of Documents, when necessary.
VISA and MasterCard credit cards are accepted, also. Orders for
100 or more copies to be mailed to a single address are discounted
25 percent.

Order by mail: U. S. General Accounting Office P. O. Box 37050
Washington, DC 20013

or visit: Room 1100 700 4 th St. NW (corner of 4 th and G Sts. NW)
U. S. General Accounting Office Washington, DC

Orders may also be placed by calling (202) 512- 6000 or by using
fax number (202) 512- 6061, or TDD (202) 512- 2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512- 6000 using a
touch- tone phone. A recorded menu will provide information on how
to obtain these lists.

For information on how to access GAO reports on the INTERNET, send
e- mail message with info in the body to:

info@ www. gao. gov or visit GAO's World Wide Web Home Page at:
http:// www. gao. gov

United States General Accounting Office Washington, D. C. 20548-
0001

Official Business Penalty for Private Use $300

Address Correction Requested Bulk Rate

Postage & Fees Paid GAO Permit No. G100

(233579)

*** End of document. ***