NY Insurance Regulator Imposes New Pandemic, Climate, Cyber Requirements for Enterprise Risk

New York-domiciled insurers should consider new risk-management requirements and related disclosure obligations concerning cyber, climate change and pandemic risks. On March 31, the New York Department of Financial Services (DFS) published in the state register  proposed amendments to an existing regulation (Second Amendment to 11 NYCRR 82, Insurance Reg. 203, Enterprise Risk Management and Own Risk and Solvency Assessment, Group-wide Supervision) that would require reporting entities to include measures within their enterprise risk management (ERM) functions to address “cybersecurity, climate change, epidemic and pandemic” risks, in addition to existing categories such as insurance, underwriting, credit, market and liquidity risks. Under the existing regulation, material risks must be disclosed to the DFS in the annual enterprise risk report required under New York Insurance Law (NYIL)

Reporting entities subject to New York’s ERM requirements include holding companies of New York-domiciled insurers as well as New York-domiciled insurers required to report subsidiaries under Article 16 or Article 17 of NYIL.

Please see our previous alert on the DFS guidance concerning cyber risks.